Grant Thornton Advisors standardises on CrowdStrike Falcon

Grant Thornton Advisors has standardised its managed security services on the CrowdStrike Falcon platform, centring the move on Falcon Complete through CrowdStrike's service provider programme.

The shift will replace legacy managed detection and response arrangements within Grant Thornton Advisors' managed security service provider operations and bring those activities under a single operating model. The firm is also expanding its global security managed services as part of the change.

Grant Thornton Advisors is introducing a new managed security portfolio that includes tiered managed detection and response services and managed engineering services. These offerings will sit on top of Falcon Complete and combine threat hunting, automated response and platform optimisation.

The agreement is part of a broader effort to align Grant Thornton Advisors' cyber advisory and operational services across multiple markets. Its multinational platform now spans nearly 20 markets and includes almost 25,000 professionals.

At the centre of the arrangement is CrowdStrike's Agentic MDR service, which uses software agents alongside security analysts to automate parts of detection and response work. CrowdStrike says the model is designed to handle routine or high-friction workflows while analysts focus on more complex incidents.

Tony Buffomante, National Managing Partner of Cyber and Risk Services at Grant Thornton Advisors, outlined the firm's rationale for the move.

"Our clients don't need more tools - they need security that actually works," said Tony Buffomante, National Managing Partner of Cyber and Risk Services at Grant Thornton Advisors. "With Falcon Complete at the core of our managed security operations, we're pairing CrowdStrike's detection and response capabilities with our advisory, incident response, and managed engineering expertise to help clients move from reactive security postures to proactive, measurable protection wherever our clients are located. That's what outcome-driven security looks like - and it's what our clients are asking for."

Service shift

The change marks a reorganisation of how Grant Thornton Advisors delivers cyber services to clients operating across jurisdictions. By using a single vendor platform for its managed security offering, the firm aims to reduce the patchwork of tools and workflows that often sit within outsourced security operations.

That approach is becoming more common as advisory and consulting groups build larger managed security practices through acquisitions and service expansion. Grant Thornton Advisors has been growing its advisory operations through deals including Auxis, Stax and an agreement to acquire MCA Connect.

The security services market has been moving towards bundled offerings that combine technology, monitoring and incident support. Buyers are under growing pressure to simplify security operations as attacks become more frequent and corporate technology estates become harder to manage across cloud systems, endpoints, identities and data.

CrowdStrike framed the decision as part of a wider shift away from fragmented security operations. Organisations are increasingly looking for managed services that can act directly on threats rather than simply generate alerts for internal teams to review.

Daniel Bernard, Chief Business Officer at CrowdStrike, linked the partnership to that trend.

"Organisations are done stitching together point solutions that simply cannot deliver desired results," said Daniel Bernard, Chief Business Officer at CrowdStrike. "The next generation of MDR is moving from tools to services that actually execute. Grant Thornton Advisors' choice to standardise on Falcon Complete is about bringing a new class of managed security services to market - combining our Agentic MDR with their advisory, engineering, and operational expertise to deliver security outcomes at scale. This is where the market is going."

Global reach

For Grant Thornton Advisors, the decision also supports a broader push to serve clients operating in several countries through a more consistent service structure. The expansion of its global security managed services builds on the wider development of its multinational platform.

Managed detection and response has become a key segment of the cybersecurity market as companies seek outside help to monitor systems around the clock and respond to attacks. The addition of engineering services suggests Grant Thornton Advisors wants to offer not only monitoring and response, but also ongoing tuning and management of security systems for customers using the Falcon platform.

The services are intended to give customers more insight from their own telemetry data through a single operating path. Grant Thornton Advisors is positioning that model as a unified service rather than a collection of separate security products.

The deal gives CrowdStrike another advisory-led partner standardising on its Falcon platform as competition intensifies among cybersecurity vendors for managed service provider relationships. Grant Thornton Advisors' new service stack combines advisory, incident response and managed engineering work with CrowdStrike's detection and response service.