Azure Sentinel

CSP Lighthouse

CSP Lighthouse is our 24/7 Managed Detection and Response (MDR) service and our most comprehensive security offering for Australian and international clients. CSP Lighthouse leverages the power of cloud AI and automation from Azure Sentinel. The corporate perimeter is becoming obsolete as remote work increasingly becomes the new normal and the threat landscape more sophisticated than ever. Our mission is to provide full threat monitoring and response to protect and detect cyberattacks. This modern SOC combined with AI integrated automation will help your organization build resilience while allowing your culture to remain agile in a mobile and remote-working world.

One crucial component of this service is that your data never leaves your environment, unlike other MSSP’s that ship your data elsewhere to analyze and monitor, CSP manage our partners through very tight RBAC role delegation and by leveraging Azure Lighthouse. This maintains data sovereignty and strong compliance.

Retaining security alerts long-term is crucial as the average hacker can remain obscure and undetected for around four months. We provide a 24/7 security team that can respond to, and hunt for, emerging threats as well as implementing custom playbooks, automation rules, and important dashboards/reports. Automatic remediation and alert enrichment are vital for combating cyberattacks.

See our full datasheet here or contact us to find out more at lighthouse@cspa.com.au

We work with experts from around the world and actively participate in a global security community called the Microsoft 365 Threat Protection Customer Connection Program.

Defender XDR

Depending on the context we can provision and manage your entire Microsoft XDR platform as well as provide 24/7 support for Sentinel. Microsoft Extended Detection and Response or XDR covers a host of integrated security products starting with Microsoft 365 Defender; this includes, Microsoft Cloud App Security (MCAS), Microsoft Defender for Endpoint (MDE), Defender for Office 365 (MDO) & Defender for Identities (MDI). Adjacent to this, Azure Defender; provides extended detection and response for workloads hosted and running throughout Azure.

Cloud Access Security Brokers like Microsoft Cloud App Security (MCAS) are cloud-based security solutions that provide a new layer of security to enable oversight and control of activities and information across public and custom cloud SaaS apps and IaaS services. MCAS is broken into four key capability areas including, Shadow IT Discovery, Information Protection, Threat Protection and Compliance, and provides a central control plane for governance and policy enforcement across all your cloud apps and services.

We can set MCAS governance actions for automated response across your entire environment. We can help protect apps like SharePoint or hundreds of other SaaS business apps with real-time policies or create application control by sanctioning and unsanctioning Shadow IT. CSP can provide management across all these key areas and review policies and controls continuously based on our With-XDR plan. The below image shows how these different products protect a company from a practical standpoint across the cyberattack “kill-chain”.

Azure Sentinel

See and stop threats before they cause harm, with a Security Information & Events Management (SIEM) reinvented for the modern world. Azure Sentinel is your birds-eye view across the enterprise. Put the cloud and large-scale intelligence from decades of Microsoft security experience to work. Make your threat detection and response smarter and faster with artificial intelligence (AI) and Automation. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing costs by as much as 48 percent compared to traditional SIEMs. We provide a 24/7 Lighthouse service that will continually guard against emerging threats as well as respond to any detections that arise.

In the world of Azure Sentinel there are two main roles it plays – Security Information and Events Management (SIEM) – as this is a cloud based system it scales much better than a traditional on-premise SIEM and can retain 2+ years of security logs from almost 100 source connectors. The other part of this equation is Security Orchestration Automation & Response (SOAR); this is where the wonders of modern automation/AI really start to show their value. CSP Lighthouse leverages custom ‘playbooks’ that will automatically respond to emerging threats as well as provide key information when it comes to triaging incidents.