CrowdStrike SecOps Deal With Grant Thornton Shows ‘Power Of The Platform’ For MSSPs: Execs

With MSSPs such as Grant Thornton Advisors standardizing on CrowdStrike’s AI-powered Falcon platform, it’s clear that ‘no other vendor has this going on in the market,’ CrowdStrike’s Daniel Bernard tells CRN.

As global professional services firm Grant Thornton Advisors standardizes its security operations (SecOps) and managed detection and response (MDR) services on CrowdStrike, the deal showcases the advantages of the AI-powered Falcon platform for MSSPs looking to modernize their tools for improved security outcomes, according to executives from the two companies.

In exclusive interviews with CRN, the executives said that the newly announced deal—which is seeing Grant Thornton Advisors replace several legacy Security Operations Center (SOC) technologies with CrowdStrike—will enable the firm to scale its MSSP business while delivering greater real-time insights to clients around security and risk.

“Grant Thornton’s decision to go all-in with CrowdStrike—and focus on delivering services on our platform—is a huge moment here for us, but also for them,” Bernard said. “[It’s] accelerating their growth and delivering better cybersecurity outcomes for this next chapter of where cybersecurity is going.”

Ultimately, the move is a sign of how MSSPs are increasingly building their managed security services around CrowdStrike and its offerings including Falcon Complete and Falcon Next-Gen SIEM, he said. In December 2025, Kroll likewise migrated its security services to CrowdStrike Falcon, Bernard noted.

“No other vendor has this going on in the market,” he said. “You see other vendors announce partnerships. But I don’t see anybody else where the platform becomes how they go to market in everything that they do.”

Grant Thornton Advisors—a century-old firm best known for its audit, tax and advisory services—has been expanding its MSSP footprint in recent years amid strong demand from clients, according to Tony Buffomante, national managing partner for cyber and risk at Grant Thornton Advisors.

Formerly a veteran executive at companies including Wipro and KPMG, Buffomante joined Grant Thornton in March to head up its growing cyber and risk practice. Grant Thornton’s broader advisory footprint gives the firm a major opportunity to connect SecOps directly to business risk—and CrowdStrike is now a key enabler of that strategy, he said.

As Grant Thornton has engaged with clients around cyber and risk, it has become increasingly clear that many organizations are looking for more than just periodic assessments, Buffomante said.

“What they were looking for was, ‘How do I not only understand all the broad risks that you all are helping me manage every day—but I also need some more day-to-day coverage as it relates to detection and response on the cyber side,’” he told CRN. “And so, for me, it was a no-brainer to look at CrowdStrike.”

Bringing together CrowdStrike’s Falcon Complete offering with Grant Thornton capabilities to provide further insights and analysis is a “powerful combination,” Buffomante said.

The Falcon platform will now underpin Grant Thornton’s SOC and MSSP operations across the U.S. and U.K. as well as other sites worldwide, he said. CrowdStrike will play a key role in delivering initial monitoring and triage, while Grant Thornton will add context and analytics as well as root cause analysis and incident response capabilities, Buffomante said.

“What we’re really going after is, how do I take all of that data that’s being generated in a client’s environment through ingest into Next-Gen SIEM, exposure management, identity, cloud, etc.—and then do analytics on that data, leveraging some AI models that we bring in to the table?” he said.

Grant Thornton can then determine root causes and go back to the client with the insight, for instance, that “this was not a breach activity—but these are some things we noticed in your environment that we need to proactively go and address,” Buffomante said.

Ultimately, Grant Thornton’s goal is to help customers move from standard cyber risk assessments that are theoretical in nature, to a more practical view of risk, he said.

Such a shift is not fully possible without a comprehensive, AI-powered platform like CrowdStrike Falcon, executives said.

In particular, Charlotte AI and CrowdStrike’s rapid pace of development are major factors for Grant Thornton, Buffomante said.

Given “how fast things are moving, it is difficult for any practitioner in this space to keep up,” he said. “If I were to try to do this on my own—with a bunch of either homegrown tools or legacy type of tools—my monitoring and response capabilities would be out of date in three months.”

Without a doubt, the reason MSSPs are standardizing on CrowdStrike is “the power of the platform,” Bernard told CRN. And first and foremost, that is about “being able to have a single operating system to run cybersecurity for the enterprise,” he said.

In addition to Next-Gen SIEM and MDR, CrowdStrike’s capabilities in endpoint, identity, data, cloud and AI security provide MSSP partners such as Grant Thornton an extremely broad platform for delivering their managed security services, he said.

All in all, “I don’t think anybody else is doing this under one roof, with a new technology set that’s native,” Bernard said. “This is all built by security practitioners for security practitioners.”