Zero-trust architecture aligned to NCA ECC and SAMA CSF, NDMO-classified data protection, and a 24×7 sovereign SOC. Threat detection that speaks Arabic and reports to the right regulator the first time.
Strategy, architecture, operations — and the unglamorous compliance plumbing in between.
Gap assessments, control implementation, and audit readiness for the National Cybersecurity Authority's frameworks. We've taken organizations from "behind" to "audited and clean".
Banking-grade cybersecurity for SAMA-regulated entities. Maturity uplift, third-party risk, and the regulator submissions that keep the license valid.
Identity-first network design, micro-segmentation, and policy enforcement at every layer. Adapted to NDMO data classification — public to top secret.
24×7 sovereign SOC operating from Riyadh. SIEM, XDR, SOAR, and threat intel tuned to Saudi-context threats — including Arabic phishing and regional adversary TTPs.
IR retainer with hourly response. Forensics, containment, eradication, and the regulator and SAMA notifications that need to be made within hours, not days.
Red-team, purple-team, and continuous attack-surface monitoring. Adversary simulation that mirrors real Saudi-targeting groups, not generic kill-chain demos.
Best-of-breed, vendor-honest. The right tool for the regulator, the threat, and the cost ceiling.
Map current state against NCA ECC, SAMA CSF, ISO 27001, or whatever frameworks apply. Output: a gap register and a prioritized remediation roadmap.
Zero-trust design, control implementation, identity hardening. Delivered against the gap register from phase 01 with measurable closure rates.
Telemetry sources connected, use cases tuned, playbooks documented. Three months of co-managed before fully managed transition.
24×7 monitoring, incident response with 1-hour SLA, monthly threat briefings, and quarterly purple-team exercises. SLA-backed.
Saudi-first, with international standards layered for export-ready engagements.
SAMA CSF compliance, fraud detection, and managed SOC for SAMA-licensed entities.
PHI protection, medical-device security, and CCHI/MoH-aligned controls for hospital operators.
Critical-event security for state-scale ICT systems handling millions of pilgrims.
In-kingdom, Riyadh. All analysts cleared to handle classified data per NDMO. We do not offshore tier-1 monitoring or incident handling — sovereignty is the point.
We run our own threat intel function focused on regional adversary groups. Arabic phishing, sector-targeted campaigns, and Saudi-specific TTPs are tracked in our own corpus, not just Mandiant or Recorded Future feeds.
One hour to a senior responder during a P1 incident. Containment within four hours for known TTPs. Forensics and regulator notifications handled by our compliance team in parallel.
Yes. We've drafted, defended, and revised SAMA self-assessments and remediation plans. Our compliance team includes ex-regulator practitioners.
Yes. Real-world adversary simulation — credentialed access, Arabic phishing, physical, and OT where in scope. Reports written to NCA's standards.
Mean time to detect, mean time to respond, false positive rate, and analyst-tuned use-case coverage — all reported monthly. Use-case library is co-owned, never proprietary.
Thirty-minute working session with our Cybersecurity lead. We'll triangulate your current posture against NCA / SAMA / PDPL and give you the three things to fix this quarter.