Security

Multi-cloud threat detection across ~300 AWS accounts and ~1,000 GCP projects

Architected and rolled out AWS GuardDuty and AWS Security Hub at organisation scale, and supported Google Security Command Center across the full GCP estate, with unified case management via TheHive.

Challenge

Threat detection was inconsistent across a sprawling multi-cloud estate. Findings landed in disconnected consoles, with no central case management or automation hooks.

Approach

Deployed AWS GuardDuty and AWS Security Hub across approximately 300 AWS accounts, and supported implementation of Google Security Command Center across approximately 1,000 GCP projects. Stood up StrangeBee TheHive as the central Detection & Response platform, integrating AWS GuardDuty, AWS Security Hub, Google Security Command Center, and SentinelOne for unified case management and selected automated response workflows.

Results

Centralised findings, prioritisation, and case management across AWS and GCP
Faster triage with automated enrichment and selected response workflows
Auditable evidence trail for security reviewers and stakeholders

Stack

AWS GuardDutyAWS Security HubGCP SCCTheHiveSentinelOne

Next case study

SentinelOne EDR migration across ~10,000 endpoints →