Auxis & Grant Thornton join forces to set a new standard for modern advisory.

Case Study

Managed Cybersecurity Services in High-Risk  Environment

Client Profile

Our client is an $11 billion Fortune 500 public company and one of the world’s leading producers of potash and phosphate crop nutrients. With more than 13,000 employees and operations spanning nine countries across North and South America, the organization operates in a highly regulated environment subject to direct oversight by the U.S. Department of Homeland Security (DHS).

Business Challenge

Reactive managed cybersecurity services fall short amid rising risk

Given its strict regulatory environment, the mining company needed a security program capable of protecting critical operations while meeting stringent requirements and maintaining compliance.

However, the client’s offshore managed cybersecurity services provider struggled to support the complexity of its environment. The security service provider’s operating model was largely focused on standardized processes and contractual scope, limiting its ability to adapt to evolving security challenges and drive broader security outcomes.

As a result, critical alerts were missed, reporting and visibility were limited, there was inconsistency in the overall process, and security operations remained largely reactive – focused on ticket resolution rather than proactive threat detection, innovation, and continuous improvement.

At the same time, the client faced increasing cyber risk. As AI accelerates the sophistication, scale, and speed of cyberattacks, cyber threats continue to rank as the no. 1 business concern worldwide.

For mining organizations, cyber incidents can have far-reaching consequences – from operational disruptions and supply chain delays to environmental hazards and financial losses. More than 70% of mining companies say they have witnessed an increase in disruptive attacks, and more than half are concerned about their ability to manage a significant cyber threat (EY’s latest Global Information Security Survey).

As a producer of critical minerals essential to national and economic security, the client needed a stronger cybersecurity posture aligned with National Institute of Standards and Technology (NIST) guidelines and other industry standards.

The company sought a new managed security service provider (MSSP) that could:

  • Elevate security beyond reactive ticket “processing” to proactive risk management
  • Improve threat detection and response capabilities
  • Increase visibility into security operations and risk exposure
  • Strengthen regulatory compliance
  • Access specialized cybersecurity talent and best practices
  • Drive continuous improvement through automation, reporting, and innovation

To achieve these goals, the company partnered with Auxis Grant Thornton to build a more strategic and proactive managed cybersecurity services model powered by AI, best practices, and nearshore security expertise.

Solution & Approach

Strengthening cyber defenses with an AI-powered managed SOC, proactive vulnerability management, & advanced threat intelligence

Leveraging nearly 30 years of IT modernization and shared services experience, Auxis Grant Thornton took a highly collaborative and consultative approach to strengthen the client’s cybersecurity posture. By replacing the previous managed security services provider’s one-size-fits-all security program with solutions tailored to the client’s unique requirements, Auxis Grant Thornton’s cybersecurity professionals delivered greater visibility, proactive threat management, and a more strategic security partnership.

The new managed cybersecurity services operation is built on three critical service towers and AI-powered automation:

Building 3 critical cybersecurity service towers

1. Security Operations Center (SOC)

Auxis Grant Thornton established a dedicated managed SOC team in Latin America to provide continuous threat monitoring, detection, and response across the client’s IT infrastructure. With the client’s security tools and systems generating over 3,000 alerts each month, a key priority was ensuring critical threats could be quickly identified, investigated, contained, and remediated without overwhelming internal teams.

To improve efficiency and reduce alert fatigue, Auxis Grant Thornton implemented structured alert classification playbooks that provide a consistent cybersecurity framework for prioritizing, investigating, and responding to security events. This enabled the SOC team to rapidly distinguish routine notifications from genuine threats, focus resources on the highest-risk incidents, and accelerate response times.

When incidents require escalation, Auxis Grant Thornton works side-by-side with the client’s internal team to ensure swift resolution, providing a more collaborative and proactive managed security services experience than the client had previously received.

Lastly, Auxis Grant Thornton implemented intelligent automation and alert tuning that reduced security alerts by over 50%, creating additional analyst capacity to manage the continued growth in security events driven by today’s evolving cyber threat landscape.

2. Vulnerability management

When Auxis Grant Thornton took over security operations, the client faced a significant backlog of unresolved vulnerabilities that negatively impacted security scores and increased exposure to both internal and external threats.

To address these security gaps, Auxis partnered closely with departmental stakeholders across the organization to prioritize remediation efforts, improve awareness of security risks, and accelerate patching activities. Through a combination of proactive vulnerability management, ongoing communication, and clear accountability, the team rapidly eliminated the backlog and strengthened the client’s overall cybersecurity posture.

Auxis also introduced enhanced visibility and governance through comprehensive security reporting and performance reviews. Monthly and quarterly meetings provide leadership with a clear view of risk exposure, remediation progress, and overall security health through key performance indicators, including cloud security posture, external security risk, cyber exposure levels, and mean time to remediate vulnerabilities.

These regular reviews track progress and demonstrate measurable improvement while also creating a forum for continuous improvement – enabling Auxis Grant Thornton to provide strategic recommendations and help the client proactively address emerging risks.

3. Threat intelligence

Auxis established a managed threat intelligence team to help the client proactively identify and defend against emerging cyber risks. Through continuous and proactive monitoring of the global threat landscape, the team analyzes current attack trends, threat actors, and newly identified vulnerabilities that could impact the client’s environment.

Given the mining company’s large and complex IT footprint – generating more than 7,400 vulnerability findings each month – Auxis Grant Thornton recognized the need to move beyond reactive security and build a more proactive defense strategy. To accomplish this, the team developed a detailed, continuously updated threat profile based on factors such as the client’s industry, geographic footprint, technology environment, and risk exposure.

Using this profile, the managed detection team continuously identifies relevant Common Vulnerabilities and Exposures (CVEs) and emerging threats that could affect the organization. These insights are shared with the SOC, enabling the team to prioritize continuous monitoring, strengthen detection capabilities, and proactively address risks before they can be exploited.

Implementing AI security automations and best practices

Across all three managed security services towers, Auxis Grant Thornton is working closely with the client to advance strategic initiatives that strengthen and mature its overall security stance. A key focus area is security automation and AI.

While the client was eager to implement AI and automation in its security function, it lacked a formal strategy and clear framework for identifying and prioritizing opportunities. Leveraging deep expertise in AI, automation, and security services, Auxis Grant Thornton helped strategize a comprehensive automation roadmap building a pipeline of high-impact use cases aligned with the client’s security objectives and business priorities.

To maximize value, Auxis is focused on optimizing and standardizing underlying security processes before automating them, removing inefficiencies to ensure automations deliver consistent, high-quality outcomes and long-term scalability.

Leveraging its extensive cross-platform capabilities, Auxis deployed Torq, the client’s preferred security automation platform, along with other advanced tools to implement high-value security automations, including:

Near real-time threat blocking with automated threat intelligence

Challenge:

Endpoint Detection and Response (EDR) tools like Microsoft Defender for Endpoint play a critical role in an organization’s cybersecurity posture, continuously monitoring and analyzing endpoints like laptops and servers to detect, investigate, and respond to cyber threats. To maximize the effectiveness of these security devices, SOC analysts must continuously review and update the platform with new Indicators of Compromise (IOCs) such as malicious IPs, domains, or file hashes identified through intelligence feeds.

However, with thousands of IoCs identified each month, the manual process of reviewing and updating Defender could not keep pace with the volume and speed of emerging threats. This created delays in protection and increased the client’s potential exposure to known malicious activity.

Auxis Grant Thornton solution:

Auxis Grant Thornton’s managed security services team automated the integration of real-time threat intelligence into Microsoft Defender for Endpoint, leveraging API-based integrations and scheduled automation workflows to continuously ingest and apply validated threat indicators.

By eliminating manual updates, the solution achieved near real-time threat blocking – ensuring endpoint protections remain aligned with the latest threat intelligence.

Key benefits:

  • Near real-time blocking of malicious IPs, domains, URLs, and file hashes, with EDR policies automatically updated within minutes of receiving new threat intelligence
  • Proactive defense against known threats and command-and-control activity
  • Consistent protection across the entire endpoint environment
  • Improved scalability without increasing analyst workload
  • Greater efficiency, freeing SOC analysts to focus on higher-value detection and response activities
  • Stronger cybersecurity posture that adapts continuously to evolving threats

Building on this success, Auxis Grant Thornton is expanding the automation framework to integrate validated threat indicators directly into the client’s Check Point firewall environment, enabling known malicious activity to be blocked within minutes of receiving new intelligence.

Remediation of compromised user accounts in under 5 minutes

Challenge:

Compromised user accounts remain one of the most common entry points for cyberattacks, often resulting from inadvertent employee actions like clicking phishing links or creating weak passwords. Once an account is compromised, immediate containment is key to cutting off unauthorized access, protecting sensitive data, and stopping attackers from moving laterally across the environment.

Traditionally, account remediation is a slow, manual process requiring SOC analysts to work across platforms – revoking active sessions, resetting passwords, notifying users, and documenting incident details. The process typically takes 30-45 minutes per account and is prone to inconsistencies, introducing dangerous delays and operational bottlenecks when multiple incidents happen at once.

Auxis Grant Thornton solution:

To accelerate response and reduce risk, Auxis Grant Thornton created an intelligent automation workflow that executes the full remediation sequence with zero human intervention.

Here’s how the automation works:

  • Triggered by a confirmed compromise alert from the client’s Identity and Access Management (IAM) system
  • Instantly revokes all active sessions across mobile, web, VPN, and other access points
  • Resets user credentials using secure identity platform integrations
  • Notifies users and managers of actions taken
  • Creates a detailed incident ticket in the client’s ServiceNow IT support platform and generates a complete, timestamped audit trail for regulatory compliance and incident review

Key benefits:

  • Reduced account remediation time by 90+%, from 30-45 minutes to less than 5
  • Minimized attackers’ window of opportunity and potential data loss
  • Always-on protection, ensuring 24/7 rapid response without analyst intervention
  • Reduced business disruption by restoring secure account access more quickly
  • Improved scalability and consistency when managing multiple account compromises at once

By automating a previously manual process, Auxis Grant Thornton helped the client significantly improve response speed, strengthen security controls, and reduce operational burden on the SOC team.

Workstation isolation in under 1 minute to stop fast-moving cyber attacks

Challenge:

When a workstation is compromised, every minute matters. Rapid isolation is essential to prevent ransomware, malware, and other threats from spreading across the environment – triggering operational disruption and data loss.

Traditionally, workstation isolation requires SOC analysts to manually identify affected endpoints by querying multiple systems, executing isolation commands across many security tools, and notifying impacted users. The process often takes 20-30 minutes per incident – introducing dangerous delays and potential notification failures during active security breaches and large-scale compromise events.

Auxis Grant Thornton solution:

To accelerate containment and improve response consistency, Auxis Grant Thornton innovated a fully automated workstation isolation workflow capable of securing multiple compromised endpoints simultaneously in less than one minute during widespread compromise events, with complete documentation for compliance management and post-incident review.

Here’s how the automation works:

  • Triggered manually by SOC analysts or automatically by alerts from EDR/XDR (extended detection and response) tools
  • Validates workstation names or user IDs, with an option to use lists for bulk isolations
  • Executes isolation commands via endpoint management tools
  • Uses customizable email templates to ensure immediate, consistent notifications to affected users and managers with context and next steps
  • Logs isolation actions for complete audit trails, post-incident review, and compliance documentation

Key benefits:

  • Reduced workstation isolation time from 20-30 minutes to less than 60 seconds
  • Drastically reduced the window for ransomware or other malware spread
  • Minimized potential financial, operational, and reputational impact from security incidents
  • Enabled rapid containment of multiple compromised devices simultaneously
  • Improved operational efficiency and reduced help desk call volumes through automated notifications, tracking, and documentation
  • Improved consistency, auditability, and compliance readiness

By automating a critical containment process, Auxis Grant Thornton helped the client dramatically improve incident response speed while strengthening the ability to defend against fast-moving cyber threats.

Accelerating insider risk investigations by 85+%

Challenge

Investigating potential insider threats and security policy violations is typically a slow, labor-intensive process. Security analysts must manually access suspicious devices, locate and extract evidence across complex file systems, and prepare findings for review – taking 45-90 minutes per case.

These delays increase the risk of deleted evidence and prolong potential exposure.

Auxis Grant Thornton solution

To streamline the process, Auxis Grant Thornton developed an automated investigation workflow that leverages Microsoft Defender Live Response to securely collect and deliver evidence directly to the assigned SOC analyst. The solution also automatically triggers alerts to the Insider Risk Management team if any step fails, ensuring immediate manual follow-up.

Key benefits

  • Evidence collection time reduced by more than 85%, from 45-90 minutes to just 5-10
  • Strengthened cybersecurity posture through faster investigations and quicker containment of potential risks while reducing burden on internal teams
  • Reduced risk of evidence loss
  • Full audit logging for compliance support and legal review

Results

Achieving record security scores in a DHS-regulated environment

As a producer of critical minerals subject to heightened regulatory compliance, the client required a partner that could elevate cybersecurity management beyond reactive ticket resolution toward proactive risk management, visibility, and continuous improvement.

The impact of Auxis Grant Thornton’s approach was evident almost immediately. Acting as an extension of the client’s internal security team, Auxis Grant Thornton brought a highly collaborative and flexible managed cybersecurity model focused on delivering security outcomes rather than simply meeting contractual obligations.

The result was faster decision-making, stronger alignment, and more effective responses to an evolving threat landscape.

Auxis Grant Thornton operates as a true extension of our security team. They moved us from reacting to alerts to staying ahead of risk – and the gains in our security scores and response times speak for themselves.

CISO, Fortune 500 mining company

Key results include:

Thousands of threat indicators blocked every month

The Auxis Grant Thornton managed threat intelligence team successfully blocks 2,500-4,000+ potential attack vectors each month, preventing malicious activity and security data breaches across the client’s IT infrastructure.

97% service quality rating

The nearshore Auxis Grant Thornton SOC consistently delivers high-quality security services, maintaining an average Quality Assurance score of 97% through timely response, effective incident prioritization, strong documentation, and adherence to service-level commitments.

Located in Latin America – the #1 up-and-coming market for hiring tech talent on CBRE’s 2025 Scoring Tech Talent report – the SOC leverages nearshore advantages that drive success in urgent and time-sensitive processes, including highly skilled security talent, real-time collaboration, cultural alignment, strong English proficiency, and optimized costs.

Record security scores

Through proactive vulnerability management and continuous remediation efforts, Auxis Grant Thornton significantly strengthened the client’s security posture and reduced overall risk:

  • Bitsight Score increased 40% to 800 points (highest possible is 900), indicating substantial external security posture improvement and significantly lower risk of data breach and other security incidents
  • WIZ Score reached a perfect 100%, indicating the issue resolution rate is consistently outpacing discovery of new security issues
  • Tenable Cyber Exposure Score decreased 51% to 215 – placing the client in a low-risk category through effective threat mitigation and vulnerability management
  • Mean Time to Remediate (MTTR) significantly dropped to less than 40 days, down from 100-plus days at the start of the engagement, due to elimination of significant remediation backlogs

Consistently exceeding critical security response targets

Auxis has consistently met or exceeded key performance targets from the first month of the engagement, including:

  • 100% compliance with 15-minute escalation target for critical security incidents
  • 99.8% compliance with one-business-day vulnerability triage and assignment targets
  • 97.5% compliance with four-hour containment targets for high-severity incidents

Zero critical alerts missed

By implementing structured alert classification playbooks, Auxis Grant Thornton improved alert prioritization and incident response workflows, enabling the managed SOC team to efficiently manage thousands of monthly alerts while ensuring critical threats are identified, investigated, and addressed without delay.

50+% reduction in security alert noise increases analyst effectiveness

Through intelligent automation and alert tuning, Auxis Grant Thornton reduced security alert volumes by more than 50%, significantly reducing alert fatigue and allowing SOC analysts to focus on higher-priority threats. The increased efficiency created additional analyst capacity to support the organization’s growing security environment without increasing headcount.

Scaling security operations through AI and automation

Auxis Grant Thornton helped the client move beyond reactive manual security efforts by building a strategic automation roadmap focused on accelerating threat detection and incident response, automating repetitive tasks, and improving operational consistency. By embedding AI and automation into core security workflows, the managed security provider is delivering a more scalable, resilient, and proactive security operation while enabling analysts to focus on higher-value risk management and strategic initiatives.

Building on these early wins, additional AI-driven detection, response, and reporting use cases are in active development to further reduce manual effort and accelerate time-to-resolution.

Strengthening compliance and operational resilience in a highly regulated environment

Through 24/7 continuous monitoring, advanced threat detection, and proactive risk management, Auxis Grant Thornton helped the client meet stringent cybersecurity and reporting requirements – including DHS mandates – while strengthening its overall defense capabilities.

Growing trust leads to expanded IT engagement

The strong results achieved across cybersecurity operations have led the client to expand its relationship with Auxis Grant Thornton into other critical IT functions.

In addition to cybersecurity, Auxis Grant Thornton now manages the client’s multilingual help desk operations, has supported a major desktop migration initiative, and is being engaged on additional infrastructure projects – demonstrating the client’s confidence in Auxis Grant Thornton as a trusted IT managed security service provider.

Want to strengthen your cybersecurity stance with expert-driven protection? Schedule a consultation with our managed cybersecurity specialists today! You can also visit our resource center for more IT security tips, strategies, actionable insights, and success stories.

Download the Case Study

Managed Cybersecurity Services in High-Risk  Environment

Related Content

Search