Cyber Security · South Africa
Cyber Security for South African business — zero-trust access, real SOC, measurable SLAs.
Stop real attacks without slowing users. We deliver NGFW/IPS, EDR/XDR, email & identity protection, and ZTNA/SASE, operated 24/7 by a South African SOC/NOC. Get runbooks, service credits and SLA-driven response.
Attackers automate. Your defence should, too.
Cut risk without killing speed: automate detection, response and reporting — and prove it with monthly KPIs and real SLAs.
Stop the top threats
Ransomware, BEC, account takeover and exfiltration — shut down with EDR isolation, safe-links, DMARC alignment and least-privilege ZTNA.
Make it measurable
Track MTTR, blocked events, patch compliance, phishing risk and identity posture. Get monthly actions — miss the SLA and service credits apply.
Keep people fast
Per-app access, path QoS and smart caching keep users flying — fewer roadblocks, less shadow IT and safer, snappier workdays.
End-to-end Cyber Security that actually lowers risk
Stack built for South African businesses: next-gen network security, identity-first controls, modern endpoint defence and 24/7 SOC playbooks.
NGFW · IPS/IDS · Secure DNS
- App-aware rules, TLS inspection, geo/IP reputation & curated threat feeds
- Segmentation (staff/guest/IoT/OT) using VLAN & VPN fabric
- URL/DNS filtering for malware, phishing, C2 & typosquatting
Endpoint Security (EDR/XDR)
- Behavioural detections, rollback, isolation & ring-based patching
- Windows/Mac/Linux + MDM; USB/device control & posture checks
- Threat hunting, IOC sweeps & attack-surface reduction
Email Security & DMARC
- SPF/DKIM/DMARC with brand impersonation & look-alike domain blocking
- Attachment/URL sandboxing, BEC/VIP protection & spoof controls
- Archiving, journaling, retention & legal hold
Identity, SSO & Conditional Access
- Entra ID / Google Identity SSO with phishing-resistant MFA
- Risk- & device-based access, JIT elevation, PIM/PAM approvals
- Audit trails for compliance & investigations
ZTNA & SASE
- Per-app access (no flat network exposure)
- SWG + CASB controls, cloud DLP & SaaS visibility
- One policy for office, branch, home & mobile
Vulnerability & Patch Management
- Continuous scanning with exploitability & asset-criticality scoring
- Ring deployments, maintenance windows & safe deferrals
- Exception workflow with business owner sign-off
SIEM/SOC & Incident Response
- Log ingestion, correlation rules, UEBA & automated playbooks
- 24/7 triage → contain → eradicate → recover
- Post-incident review, evidence handling & lessons learned
DLP, CASB & Data Protection
- Content & context policies (PII, source code, finance)
- OAuth app controls, token audits & session policies
- Immutable backups with quarterly restore tests
Awareness, Policies & Audits
- Phishing simulations, micro-training & culture metrics
- POPIA policy pack, ISO/NIST mappings & risk register
- Supplier & shadow-IT discovery; joiner-mover-leaver hygiene
Harden Microsoft 365 & Google Workspace — identity-first, breach-ready
Lock down mail, files and identities with proven controls across M365 (Entra/Defender) and Google Workspace — without slowing users.
M365 (Entra · Defender)
- Defender for Office safe-links/attachments, priority accounts & impersonation protection
- Conditional Access: device compliance, named locations, sign-in risk & session controls
- SharePoint/OneDrive hygiene, external sharing guardrails & sensitivity labels
Google Workspace
- Advanced phishing/malware, account protection & context-aware access
- Drive DLP & classification, OAuth app restrictions & token reviews
- Gmail routing, quarantine workflows & S/MIME options
Identity & SSO
- FIDO2/passkeys, number-matching MFA & step-up authentication
- PIM/PAM with JIT elevation, break-glass accounts & emergency access
- Access reviews, group lifecycle & orphaned resource cleanup
Secure IoT & Light OT — segment, enforce, stay online
Contain device risk without breaking operations. Segment by intent, enforce least-privilege egress and get eyes on unmanaged edges.
Micro-segmentation
Isolate CCTV, printers, POS, handhelds and sensors with VLANs/VPN fabric and explicit egress rules.
Allow-list & posture
Known-good protocols/ports, device fingerprints and rapid quarantine on anomalous behaviour.
Edge visibility
Flow analytics and threat intel for “unmanaged” devices to shrink blind spots and dwell time.
Reference architecture — layered, identity-first, proven
Three clean layers that scale: secure the edge, enforce identity-aware access, and automate response with real telemetry.
Access edge
NGFW/IPS, Secure DNS, SD-WAN edges and Wi-Fi with identity-based access, plus ZTNA clients for roaming users.
Identity & apps
SSO with phishing-resistant MFA, per-app policies, device-compliance signals and SaaS session control via CASB.
Telemetry & response
SIEM/SOC ingests firewall, EDR, IdP and SaaS logs; playbooks isolate endpoints, revoke tokens, block domains and rotate secrets.
Cyber Security Onboarding — go-live in 30 days, with zero drama
A proven, four-step rollout that fixes risks first, ships policies safely, and lands measurable protection fast.
Week 0 Kickoff & quick wins
- Project kickoff, RACI and comms paths.
- Asset & identity discovery (AD/Entra, endpoints, mail, DNS).
- Urgent remediations: revoke risky tokens, block known bad domains, patch critical CVEs.
Week 1 Policy & pilot
- Policies & runbooks finalised (MFA, ZTNA, EDR, email, DNS).
- Lab validation; change windows agreed.
- Pilot ring rollout with rollback plan signed off.
Weeks 2–3 Rollout rings
- Phased deployment: EDR/XDR, MFA/SSO, ZTNA, Secure DNS, email security.
- Awareness launch: bite-sized tips & simulated phish.
- Health checks & telemetry baselines per site.
Week 4 Operate & improve
- 24/7 monitoring active; KPIs & MTTR baseline locked.
- CAB cadence; monthly reports & exec summary.
- Handover pack: diagrams, access, runbooks, escalation matrix.
Security RACI — exactly who owns what, no finger-pointing
A crisp accountability matrix so projects move faster, audits pass first time, and escalations stay clean.
| Capability | We own | You own | Shared |
|---|---|---|---|
| NGFW/IPS, DNS, ZTNA | Policy, monitoring, change control | Business exceptions | Planned change windows |
| EDR/XDR & patching | Policy, isolation, ring planning | App compatibility testing | Maintenance windows |
| Identity & SSO/MFA | Conditional Access, reviews | Role design, approvals | Joiner–mover–leaver |
| Email security & DMARC | Routing, sandboxing, enforcement | Brand/legal DNS records | Exception handling |
Security coverage that actually stops attacks — all from one provider
From the edge to the inbox: policy, protection and 24/7 monitoring with measurable SLAs.
Firewall / NGFW
Deep visibility, geo/IP and reputation policies, IDS/IPS and app-aware rules. Managed upgrades, change control and auditable records.
Wireless
AP health, client analytics and policy-separated SSIDs for staff, guest and IoT. Rogue AP and misuse alerts included.
Email security
Sandboxing, safe-links and anti-spoofing with DMARC/DKIM. Optional encryption and retention/DLP for compliance.
Web security (SWG)
Category controls, TLS inspection and safe search that stays fast. Auditable browsing reports for reviews and audits.
Encryption
Device, file/folder and mail encryption with recovery keys, key rotation policies and compliance-ready reporting.
Mobile (MDM/UEM)
Secure enrolment, posture checks, app controls and remote wipe across iOS, Android and Windows.
Server & cloud
Harden on-prem and cloud with CIS baselines, patch cadence, least-privilege access and verified backups.
Endpoint (EDR/XDR)
Behavioural detection, isolation and rollback with SOC playbooks to contain, eradicate and recover fast.
What we measure — and improve every month
Exposure
Top vulns by exploitability, asset criticality & time-to-patch; identity hygiene & risky tokens.
Controls
EDR coverage, DNS/URL blocks, MFA adoption, Conditional Access match rate, ZTNA usage vs VPN.
Outcomes
Mean time to detect/respond, incident counts & severities, training click-through trending the right way.
Service Level Agreement (SLA)
Uptime
99.9–99.95% (service dependent). Credits on breach.
Response
15–30 min P1, ≤60 min P2. 24/7 acknowledgement.
Restore
≤4 hrs P1 (workaround/failover first). P2 in business day.
Reporting
Monthly KPIs, posture score, CAB actions & credits (if any).
Works with your stack
Tie security into the tools you already run — identity, email, endpoints, firewalls and logs.
Identity & SaaS
Microsoft Entra ID, Google Workspace, Okta, Azure AD B2B/B2C, Microsoft 365/SharePoint, Google Drive, Salesforce, Slack, Zoom, Teams.
- Entra ID
- Okta
- Teams
- Slack
Security
Microsoft Defender suite, CrowdStrike / Carbon Black / SentinelOne EDR, Fortinet / Palo Alto / Check Point firewalls, Cloudflare & secure DNS providers.
- Defender
- CrowdStrike
- Palo Alto
- Fortinet
- Cloudflare
Observability
Syslog, Microsoft 365 / Google audit logs, endpoint telemetry, SD-WAN flow analytics, SIEM ingestion (Azure, Splunk-style).
- Syslog
- Azure
- Splunk
- Flow
- O365/Google
Security plans built for SA businesses — from R299/user
Simple tiers that cover the real attack paths. Add sites and users without surprises.
Essentials
Best for 20–100 users · single site
- NGFW/IPS, Secure DNS, EDR with isolation
- MFA/SSO baseline, email security + DMARC
- Monthly report · business-hours change control
From R299 / user / month (min. commit)
Business Most popular
Best for 100–500 users · multi-site
- Everything in Essentials + ZTNA/SASE
- SIEM rules & alerts · vuln & patch management
- 24/7 triage with P1 15–30 min response
From R449 / user / month (tiered)
Enterprise
High-risk data · complex estates
- Everything in Business + DLP/CASB, SOAR playbooks, PIM/PAM
- Advanced audit packs & attack-surface reduction
- Quarterly tabletop & executive risk reviews
Custom / user & site-based
Add-ons
Phishing simulations & awareness · Shadow-IT discovery · App pen testing · Email archiving.
What’s included
Runbooks, 24/7 monitoring, monthly KPIs, CAB cadence & clear SLAs. Service credits on measured breach.
Flexible terms
Per-user pricing with site minimums. Scale up or down as the business changes.
Additional Business Services — Connectivity, SD-WAN & Voice
Keep branches online and teams connected with carrier-grade Internet, smart WAN and modern telephony — backed by SLAs.
Business Fibre (FTTB / DIA)
Symmetrical bandwidth, low jitter and static IP for VoIP, SaaS, CCTV and POS. 1:1 contention with assured uptime.
Explore Business FibreBusiness Wireless (Microwave)
Rapid deployment where trenching stalls. Carrier-grade LOS links and resilient last-mile for business-critical sites.
Explore Business WirelessBusiness LTE / 5G
Day-one connectivity and SD-WAN failover. Private APN and static IP options for secure branch access.
Explore Business LTESD-WAN & Managed WAN
Application-aware routing, link bonding & healing, zero-touch rollout and measured performance with local support.
See SD-WANVoice & Cloud PBX
VoIP, SIP trunks, Teams integration, call recording and number porting — designed for crystal-clear calls.
Explore VoiceCyber Security — Frequently Asked Questions
Short, practical answers for South African businesses. Built to win rich results.
What is cyber security for a South African business?
It’s how you protect identities, devices, networks and data from attacks — with policies, controls and 24/7 monitoring.
In practice: MFA/SSO, EDR/XDR, NGFW/IPS, email/DMARC, Secure DNS, ZTNA/SASE, backups and an on-call SOC with response targets.
EDR vs XDR — what’s the difference?
EDR protects endpoints; XDR joins signals from endpoints, identity, email and network for better detections.
We deploy EDR/XDR, isolate infected hosts, roll back changes and correlate alerts in the SOC for faster MTTR.
ZTNA vs VPN — which should we use?
ZTNA grants access to specific apps after user/device checks; VPN exposes a whole network.
Most teams move to ZTNA for least-privilege access and better user experience, keeping VPN for legacy needs.
What is DMARC and why do we need it?
DMARC stops spoofing by enforcing SPF/DKIM alignment and gives you reporting on abuse.
We implement SPF/DKIM/DMARC with safe-links/sandboxing to cut phishing and brand impersonation.
Does this help with POPIA/ISO/NIST?
Yes — controls map to POPIA principles and ISO/NIST frameworks, with evidence and reports.
We provide audit-ready logs, access reviews, backup tests and policies that match your risk profile.
Can you actually stop ransomware?
We reduce risk with EDR/XDR, email filtering, DNS blocking and least-privilege access.
If it lands, we isolate hosts, revoke tokens, block C2, restore from immutable backups, and do post-incident review.
How much does business cyber security cost in SA?
Plans start at R299 per user per month with site minimums.
Pricing scales by controls (e.g., ZTNA/SASE, SIEM, DLP) and user count. Get an exact quote on our contact page.
How long does implementation take?
Discovery to go-live is typically weeks — not quarters.
We begin with quick wins (tokens, phishing blocks, patches), then ring-deploy EDR/MFA/ZTNA/DNS under change control.
Do we really need a 24/7 SOC?
If you have Internet-facing systems, yes — attacks don’t keep office hours.
Our SA SOC/NOC provides 24/7 triage and SLA-backed response/restore with service credits on breach.
Is MFA still worth it if users hate it?
Yes — MFA stops most account takeovers, especially with phishing-resistant methods.
We use passkeys/number matching and Conditional Access to keep friction low but risk-aware.
Do you handle backup and disaster recovery?
Yes — immutable backups, tested restores and documented RPO/RTO runbooks.
We run quarterly recovery tests and report evidence for compliance.
Where do you support on-site?
Nationwide remote, with rapid on-site in major metros.
Johannesburg, Pretoria, Midrand, Cape Town, Durban, Gqeberha, Bloemfontein and surrounds.
Slash Cyber Risk — Without Slowing Your Business
We’ll assess your estate, fix the quick wins and run the rest under clear SLAs.