Azure Sentinel

CSP Lighthouse

CSP Lighthouse is a Managed Detection and Response (MDR) service and one of our most comprehensive security offerings for Australian and international clients.

CSP Lighthouse leverages the power of cloud AI and automation from Azure Sentinel and/or Microsoft Defender 365.

Our CSP Lighthouse service comprises three unique offerings;

  • Lighthouse for SMB – which includes E5 Security and Modern Workplace IT support. Our agile and expert team can help with any IT issues no matter how small, and monitor important alerts. This also includes pro-active Cloud Security Posture Management (CSPM) to ensure the confidentially, integrity and availability of your data; securing email, endpoints, workloads and more.
  • Lighthouse for Enterprise- 24/7 Managed Detection and Response – datasheet can be downloaded here
  • Lighthouse for Threat Hunting – see our new datasheet which outlines the three phases of pro-active threat hunting. To defend against this increased frequency of cyber attacks organizations have to take a layered approach. Once protection and detection solutions are in place such as Defender 365 and Azure Sentinel – large amounts of signals will be readily available and a focus on pro-active detection and response will become necessary.

Future of security

The corporate perimeter is becoming obsolete as remote work increasingly becomes the new normal and the threat landscape more sophisticated than ever.

Our mission is to provide full threat monitoring and response to protect and detect cyberattacks. This modern SOC combined with AI integrated automation will help your organization build resilience while allowing your culture to remain agile in a mobile and remote-working world.

One crucial component of this service is that your data never leaves your environment, unlike other MSSP’s that ship your data elsewhere to analyze and monitor, CSP manages our partners through very tight role delegation and by leveraging Azure Lighthouse. This ensures data sovereignty, compliance and integrity.

Retaining security alerts long-term is crucial as the average hacker can remain obscure and undetected for around four months. We provide a pro-active threat hunting security team that can respond to, and hunt for, emerging threats as well as implementing custom playbooks, automation rules, and important dashboards/reports. Automatic remediation and alert enrichment are vital for combating cyberattacks.

See our full datasheet here or contact us to find out more at lighthouse@cspa.com.au

Defender XDR

Depending on the context we can provision and manage your entire Microsoft XDR platform as well as provide 24/7 support for Sentinel. Microsoft Extended Detection and Response or XDR covers a host of integrated security products starting with Microsoft 365 Defender; this includes, Microsoft Cloud App Security (MCAS), Microsoft Defender for Endpoint (MDE), Defender for Office 365 (MDO) & Defender for Identities (MDI). Adjacent to this, Azure Defender; provides extended detection and response for workloads hosted and running throughout Azure.

Cloud Access Security Brokers like Microsoft Cloud App Security (MCAS) are cloud-based security solutions that provide a new layer of security to enable oversight and control of activities and information across public and custom cloud SaaS apps and IaaS services. MCAS is broken into four key capability areas including, Shadow IT Discovery, Information Protection, Threat Protection and Compliance, and provides a central control plane for governance and policy enforcement across all your cloud apps and services.

We can set MCAS governance actions for automated response across your entire environment. We can help protect apps like SharePoint or hundreds of other SaaS business apps with real-time policies or create application control by sanctioning and unsanctioning Shadow IT. CSP can provide management across all these key areas and review policies and controls continuously based on our With-XDR plan. The below image shows how these different products protect a company from a practical standpoint across the cyberattack “kill-chain”.

Azure Sentinel

See and stop threats before they cause harm, with a Security Information & Events Management (SIEM) reinvented for the modern world. Azure Sentinel is your birds-eye view across the enterprise. Put the cloud and large-scale intelligence from decades of Microsoft security experience to work. Make your threat detection and response smarter and faster with artificial intelligence (AI) and Automation. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing costs by as much as 48 percent compared to traditional SIEMs. We provide a 24/7 Lighthouse service that will continually guard against emerging threats as well as respond to any detections that arise.

In the world of Azure Sentinel there are two main roles it plays – Security Information and Events Management (SIEM) – as this is a cloud based system it scales much better than a traditional on-premise SIEM and can retain 2+ years of security logs from almost 100 source connectors. The other part of this equation is Security Orchestration Automation & Response (SOAR); this is where the wonders of modern automation/AI really start to show their value. CSP Lighthouse leverages custom ‘playbooks’ that will automatically respond to emerging threats as well as provide key information when it comes to triaging incidents.