Hexafusion
Get a Quote

Managed Security · MSSP

The threats are real. Your defence should match them.

Ransomware, phishing, and business email compromise are not just enterprise problems. Canadian small and mid-sized businesses are targeted every day, and most are not prepared. We build security into every engagement so your protection is not an afterthought.

Get a security assessment See what's included by plan

The threat landscape

BC businesses are a target

Attackers have shifted focus to small and mid-sized organizations. They are easier to compromise, less likely to have incident response plans, and often hold data worth targeting.

74% of ransomware victims are organizations with fewer than 1,000 employees
$6.75M average cost of a data breach in Canada in 2024 (IBM)
91% of cyberattacks start with a phishing email
21 days average downtime after a ransomware attack on an SMB

Our security model

Built on a recognized maturity progression

We use an industry-standard endpoint security maturity model to match your protection level to your risk profile. Every plan includes at least EP. Higher tiers upgrade to EDR and full MDR.

Foundation EP

Endpoint Protection. Signature-based antivirus, threat prevention, and basic policy controls on all managed devices.

Included: Basic, Essential
Advanced EDR

Endpoint Detection and Response. Behavioural monitoring, automated response, and threat investigation capabilities that catch what antivirus misses.

Included: Professional
Full Coverage MDR

Managed Detection and Response. 24/7 SOC coverage, active threat hunting, and a dedicated response team that contains incidents before they spread.

Included: Enterprise

MDR is also available as a standalone add-on for Essential and Professional clients.

Security services

What is included in managed security

Endpoint Protection (EP / EDR / MDR)

Every managed device is enrolled in our endpoint security platform. Protection level matches your plan tier, from basic threat prevention to full MDR with 24/7 SOC response.

Email Security and Anti-Phishing

Layered inbox protection with anti-spam, anti-phishing, impersonation detection, and safe link analysis. Stops most attacks before your users see them.

Multi-Factor Authentication (MFA)

MFA is configured and enforced across Microsoft 365, remote access, and critical applications. This single control stops the majority of credential-based attacks.

Firewall and Network Security

Managed firewall policies, network segmentation, DNS filtering, and intrusion detection. Your perimeter is monitored and maintained, not set up once and forgotten.

Security Awareness Training

Regular phishing simulations and self-paced training through our online portal. Available at Professional and Enterprise tiers, with portal access for all enrolled users.

Vulnerability Scanning

External attack surface scanning identifies exposed ports, outdated software, and misconfigured services before an attacker does. Included at Professional and Enterprise tiers.

Dark Web Monitoring

Continuous monitoring for your domain and employee credentials appearing in breach databases and dark web markets. You are notified immediately if compromised credentials surface.

24/7 SOC and Threat Hunting

Enterprise clients are covered by a Security Operations Centre that monitors your environment around the clock, proactively hunts for threats, and responds before an incident escalates.

Incident Response

When something goes wrong, we respond fast. Enterprise clients have a dedicated response team. All clients have access to our incident response service at the applicable rate. We document everything and help you communicate with affected parties.

Microsoft Entra ID & Identity Security

Entra ID (formerly Azure Active Directory) is the identity backbone of every Microsoft 365 and Azure environment. We configure Conditional Access policies, enforce phishing-resistant MFA, deploy Privileged Identity Management (PIM) for admin accounts, monitor sign-in risk, and manage hybrid identity via Entra Connect — ensuring your identities are the strongest layer in your security posture, not the weakest.

Zero Trust & Least-Privilege Access

We design and implement Zero Trust network access (ZTNA) architectures — where no user or device is trusted by default, access is verified continuously, and permissions are scoped to the minimum required. This includes Entra ID Conditional Access, Microsoft Intune device compliance enforcement, network micro-segmentation, and just-in-time privileged access for administrative tasks.

Compliance support

We understand BC's regulatory and compliance landscape

We are not compliance lawyers. But we are deeply familiar with the technical controls that BC, Canadian, and international frameworks require — and we build them into your environment by default. We have hands-on experience delivering compliance-ready IT environments across privacy law, payment security, financial regulations, and public company reporting requirements.

PIPEDA

Canada's federal private sector privacy law. We implement the technical controls PIPEDA requires: access management, encryption, audit logging, and breach detection.

BC PIPA

British Columbia's Personal Information Protection Act applies to most BC private sector organizations. Our security stack aligns with its technical safeguard requirements.

PHIPA-Adjacent

Healthcare-adjacent organizations handling personal health information need specific controls. We support clinics and related offices with appropriate access restrictions, encryption, and audit trails.

PCI-DSS

Any business accepting credit or debit card payments must meet PCI-DSS requirements. We have hands-on experience scoping cardholder data environments (CDE), implementing network segmentation, running mandatory ASV vulnerability scans, supporting SAQ completion, and helping businesses achieve and maintain PCI compliance — for both physical retail and online merchants.

SOX (Sarbanes-Oxley)

Publicly listed companies — including those traded on the TSX, NYSE, or NASDAQ, and their Canadian subsidiaries — face SOX requirements for IT general controls (ITGCs): access controls, change management, audit logging, separation of duties, and backup integrity. We deliver SOX-ready IT environments and provide the technical documentation and evidence packages your auditors require. Our team has direct, hands-on experience bringing public companies into SOX compliance for the first time.

FINTRAC / CIRO

Financial services firms and investment dealers face AML data security obligations under FINTRAC and sector-specific requirements from CIRO (formerly IIROC and MFDA). We implement the technical controls these frameworks require and document them for your compliance team.

Cyber Insurance

Insurers increasingly require MFA, EDR, documented backups, and security training. We help you meet those requirements and can provide written confirmation of the controls we manage.

For formal compliance audits or legal compliance advice, we work alongside your legal counsel or compliance consultant.

Security by plan

What is included at each tier

Basic

  • Endpoint Protection (EP)
  • MFA setup and enforcement
  • Basic email filtering
  • Training portal (self-service)
  • 24/7 monitoring alerts

Essential

  • Endpoint Protection (EP)
  • MFA setup and enforcement
  • Advanced email security
  • Dark web monitoring
  • Training portal (self-service)

Professional

  • EDR on all endpoints
  • Vulnerability scanning
  • Advanced email + anti-phishing
  • Dark web monitoring
  • Bi-annual security training

Enterprise

  • Full MDR with 24/7 SOC
  • Active threat hunting
  • Incident response included
  • Penetration test (annual)
  • Quarterly security training

Get a security assessment   Compare all plan features