Home / Cybersecurity
Managed Security · Australian-owned since 2017 · 46 five-star reviews

We've spent nine years doing the boring security work.
That's why the AI Governance claim is real.

Cybersecurity is the foundation underneath everything else we do. Essential Eight Maturity Level 2+ aligned across our client base. The full Microsoft Security stack deeply deployed. ISO 27001 audit in progress. Available as part of our Managed IT or standalone for businesses that want enterprise-grade security at SMB-friendly economics.

Take the AI Readiness Quiz Book a security review
Security operations workspace
ESSENTIAL EIGHT ML2+ · ISO 27001 IN PROGRESS
"AI Governance is the next layer on the same operating standard — not a new business in a different building."
The Microsoft Security stack we run

Four core platforms. Deeply deployed across the client base.

We don't run a "security toolkit" — we run a Microsoft-aligned security stack with nine years of operating depth. The same controls that protect your business today extend naturally to govern your AI environment tomorrow.

Microsoft Defender

ENDPOINT + 365 SECURITY

Endpoint detection & response, M365 phishing & malware protection, attack surface reduction across all client environments.

Microsoft Sentinel

SIEM + SECURITY MONITORING

Cloud-native SIEM correlating signals across identity, endpoint, M365 and Azure. 24/7 monitoring with same-day triage for high-severity events.

Microsoft Purview

DLP + DATA GOVERNANCE

Sensitivity labels, DLP rules, Copilot guardrails, AI Acceptable Use Policy enforcement. The bridge between security and AI Governance.

Microsoft Intune

DEVICE MANAGEMENT

Conditional access, device compliance, endpoint hardening, mobile device management. Windows and MacOS endpoints both fully supported.

Essential Eight · Maturity Level 2+ aligned

The ACSC's eight strategies. Operated to a defensible standard.

The Australian Cyber Security Centre's Essential Eight is the de facto baseline for any regulated or regulated-adjacent Australian business. We operate every client environment to Maturity Level 2+ as a default — the level that satisfies most APRA, ASIC, and government-tender requirements.

01
Application control

Approved-application whitelisting via Defender + Intune.

02
Patch applications

Critical patches within 48h; rest within 2 weeks.

03
Configure Office macros

Macros blocked from the internet; signed-only where needed.

04
Application hardening

Browser, M365, PDF reader hardened to ASD baselines.

05
Restrict administrative privileges

Just-in-time admin via Entra PIM; privileged access workstations.

06
Patch operating systems

Critical patches within 48h; all systems within 2 weeks.

07
Multi-factor authentication

MFA mandatory for all users; phishing-resistant where licence permits.

08
Regular backups

Immutable backups; tested recovery quarterly; 30-day retention minimum.

ESSENTIAL EIGHT MATURITY LEVEL 3 ATTESTATION IS PART OF THE 2026 CERTIFICATIONS ROADMAP · SEE OUR ROADMAP DOCUMENT FOR DETAIL

What managed security includes

Eight services. One operating standard.

The list below is the standard managed-security envelope we run for every client. It's inclusive — not a "starter tier" with optional add-ons. Some clients add specialist services (penetration testing, third-party SOC integration, advanced threat hunting) but the base envelope is fixed.

1

24/7 monitoring & alerting

Microsoft Sentinel SIEM running continuously. High-severity alerts triaged same-day; same-business-hour response for critical events.

2

Endpoint protection

Microsoft Defender for Endpoint deployed and tuned. EDR signals correlated with M365 + identity data for higher-fidelity detection.

3

Identity protection

Entra ID Conditional Access policies, MFA enforcement, risky sign-in detection, privileged access management via PIM.

4

Vulnerability management

Continuous vulnerability scanning of endpoints and cloud assets; patch deployment within Essential Eight tolerances; quarterly executive report.

5

Security awareness training

Quarterly phishing simulations and education modules. Reported per-user and per-department. Builds the "human firewall" most security platforms can't.

6

Email security

Microsoft Defender for Office 365 with advanced threat protection. Phishing, BEC, malware filtering; safe links and safe attachments.

7

Backup & disaster recovery

Immutable backups for M365, Azure workloads, and endpoint data. Tested recovery quarterly. RPO and RTO documented per workload.

8

Incident response

Documented IR plan, runbooks per scenario, executive briefings during incidents, post-incident review and learning capture.

Compliance content other MSPs treat as marketing fluff

We wrote the compliance pages other MSPs don't.

Australian SMBs in regulated industries deal with overlapping obligations from multiple regulators. We've published deep content on every one of them — not because it's good for SEO, but because we operate against each in delivery. Click any of these to read the detailed guidance.

ESSENTIAL EIGHT

ACSC alignment

PRIVACY ACT

OAIC + ADM rules

APRA CPS 230

Operational risk

ASIC RG 234

Cyber resilience

TPB

Tax practitioner duties

ATO DIGITAL

Digital service standards

LAW SOCIETY

Legal professional

OT SECURITY

Industrial systems

The bridge from security to AI

The reason you can trust us with AI Governance is what's underneath it.

Every claim we make about AI Governance is credible because the security work underneath it is already running. Identity, M365 hardening, DLP, Essential Eight, vCIO oversight. AI Governance is the next layer on the same operating standard — using the same Microsoft Purview controls, the same Defender stack, the same audit discipline. One team. One contract. One standard.

See the AI Governance Bundle

How security extends to AI Governance

  • Purview DLP rules become AI data-leakage controls
  • Defender for Cloud Apps detects shadow AI from any vendor
  • Entra Conditional Access applies to AI service access
  • Sentinel SIEM ingests Copilot & AI service signals
  • Essential Eight discipline becomes ISO 42001 alignment
Two ways to engage

Bundled with Managed IT, or standalone.

Most clients take cybersecurity as part of our Managed IT service — same team running both, one contract, one monthly fee. For clients who want to keep their existing IT provider but upgrade their security, we run a standalone managed-security engagement with the same operating standard.

BUNDLED · WITH MANAGED IT
From $185/user/mo
+ GST · 10-user minimum · from 1 July 2026 · security included
  • All Managed IT services included
  • Microsoft Defender + Sentinel + Purview + Intune
  • 24/7 monitoring + same-day triage
  • Quarterly phishing simulations
  • Essential Eight ML2+ delivered as standard
  • Backup & DR for M365 + endpoints
  • vCIO oversight + quarterly security review
See Managed IT details
STANDALONE · SECURITY ONLY
Custom
+ GST · quoted to your environment · scope-dependent
  • For clients with existing IT provider
  • Microsoft Security stack deployment + management
  • Essential Eight uplift program
  • 24/7 monitoring + incident response
  • Vulnerability management
  • Security awareness training program
  • Quarterly security review + reporting
Discuss standalone security
Framework alignment & certifications

What we're aligned to today. What we're certifying for next.

We don't claim certifications we don't hold. "Aligned to" means we map our delivery against the framework. "Certified to" only appears when an external audit has confirmed it. Two ISO certifications are in active progress through 2026.

  • ESSENTIAL EIGHT Maturity Level 2+ aligned across our client base; ML3 attestation on the 2026 roadmap
  • ISO 27001 Information Security Management certification audit in progress · expected H2 2026
  • ISO 42001 AI Management System certification to follow ISO 27001 · expected late 2026 / early 2027
  • PRIVACY ACT ADM transparency obligations covered ahead of 10 Dec 2026
  • APRA CPS 230 Material supplier checks for regulated client supply chains
  • MICROSOFT PARTNER Microsoft Solutions Partner designations in progress (Security, Modern Work, Infrastructure)
★★★★★
46 five-star reviews.
Real Australian businesses.
"Evisent's security work just runs. We don't think about it day-to-day — which is the best compliment you can pay a managed-security provider. The monthly reports are clean, the patches happen, the alerts are triaged before we know about them."
— IT Manager, Mid-market accounting firm (sample testimonial)
Common questions

What people ask before they engage.

Included. Every Managed IT engagement includes the full managed-security envelope — Defender, Sentinel, Purview, Intune, Essential Eight ML2+ alignment, monitoring, incident response, security awareness training, backup and DR. From 1 July 2026 the price is from $185/user/month with a 10-user minimum. We don't sell stripped-down "starter" tiers with security as a paid upgrade.

Yes. We offer a standalone managed-security service for clients who want enterprise-grade security but already have an IT support arrangement they're happy with. We quote to your environment because standalone-security scope varies more than bundled. Most standalone engagements include an Essential Eight uplift program if your current posture is below ML2.

The ACSC's Essential Eight has four maturity levels (0–3). ML2 means the controls are implemented to a standard that satisfies most APRA and ASIC supervisory expectations and many government supplier requirements. ML3 is the highest civilian maturity (think government-aligned). We operate to ML2+ as a baseline; clients with specific regulatory needs can be uplifted to ML3 as part of a roadmap engagement. Independent ML3 attestation is on our 2026 certifications roadmap.

We run our own monitoring and triage tier 1/2 in-house using Microsoft Sentinel. For tier 3 (deep forensic investigation, threat hunting at scale) we partner with specialist providers where the scope justifies. The split keeps our pricing reasonable while giving clients access to specialist capability when an incident genuinely needs it.

Cyber insurance applications and renewals are getting harder every year. Most insurers now require evidence of MFA, EDR, regular backups, and (increasingly) Essential Eight alignment. Our standard delivery satisfies most insurer questionnaires at the "preferred" or "best available" rating tier. We help with insurer questionnaires as part of vCIO oversight — usually saves clients meaningful premium.

Documented IR plan kicks in. Same-business-hour executive briefing if the incident is material. Pre-written runbooks for the common scenarios (ransomware, BEC, account compromise, data exfiltration). We work alongside your insurer and any external IR specialists they require. Post-incident review and learning capture is included — every incident makes the next defence stronger.

Two starting points

Run a free security review. Or just have a chat.

For new prospects we run a free initial security review — a 90-minute look across your current posture, Essential Eight alignment, and quick wins. No obligation. Or just call us — the number's at the top of every page.

Book a security review Or take the AI Readiness Quiz