Security operations · São Paulo

Defense for the connected enterprise.

We watch the perimeter so your teams can keep working. Continuous monitoring, measured response and clear reporting for companies that cannot afford a quiet breach.

Request a quote See how we work →

2014Operating since 24/7Monitoring coverage LGPDAligned governance

What we do

Four disciplines, one operations centre.

Most incidents are not exotic. They start with an unwatched login, a delayed patch, a vendor with weak controls. We cover the ground where breaches actually begin.

Managed detection

Round-the-clock monitoring of your endpoints, cloud and network. Analysts review every alert that matters and dismiss the noise before it reaches you.

SIEM tuning
Endpoint telemetry
Threat hunting

Incident response

When something gets through, we contain it. A named responder leads the work, keeps a timeline, and tells you in plain language what happened and what comes next.

Containment
Forensics
Recovery

Offensive testing

Controlled penetration tests and red-team exercises that show you how an attacker would move, before one does. Every finding comes with a fix and a priority.

Web & API testing
Red team
Cloud review

Compliance & governance

Practical alignment with the LGPD and ISO 27001. We turn the standards into controls your operation can actually run and your auditors can verify.

LGPD readiness
Policy design
Audit support

Recent engagements

Work we can talk about.

Client names stay confidential. The outcomes do not. A short selection of the kind of problems that arrive at our operations centre.

Abstract dark data stream representing a fintech monitoring rollout

Regional fintech

Detection

Stood up a monitoring centre across three regions and cut the time to confirm an alert from hours to under nine minutes.

Logistics operator

Response

Contained a ransomware attempt over a weekend, restored operations from clean backups and rebuilt the access model that let it in.

Abstract 3D shapes representing a healthcare compliance programme

Healthcare network

Governance

Carried a hospital group through LGPD readiness in two quarters, with controls the clinical staff would actually keep using.

Dark red lit server hardware representing an e-commerce penetration test

E-commerce platform

Testing

A pre-season penetration test surfaced a payment flaw that would have exposed checkout. Fixed and re-tested before peak traffic.

“

A breach is rarely a failure of technology. It is a failure of attention — and attention is something you can choose to keep.

The principle behind everything we run

How we engage

From first call to steady watch.

Assess

We map your assets, your exposure and the controls already in place. No tooling sold before we understand what you are protecting.

Prioritise

You receive a ranked plan: what to fix this week, this quarter, this year. Cost and effort against the risk each item carries.

Operate

Detection goes live, responders are on call, and reporting reaches your leadership in language they can act on.

Review

Every quarter we sit down with the metrics, retire what no longer serves you, and adjust to how the threat landscape has moved.

9 minMedian alert triage

180+Engagements delivered

11Years in operation

24/7Operations centre

Questions, answered

Before you reach out.

How quickly can monitoring start?+

For most environments, detection is live within two to three weeks. The first week is discovery; the rest is onboarding your sources and tuning so the alerts you see are the ones worth seeing.

How does this compare to hiring an in-house team?+

A capable internal team is excellent and expensive — analysts, tooling, and the rota to cover nights and weekends. We give you that coverage from day one, and many clients use us to carry the load while they build their own team over time.

Are you registered to operate across Brazil?+

Yes. We are headquartered in São Paulo (CNPJ 38.214.905/0001-47) and serve clients nationwide. Our governance practice is built around the LGPD, and our engagements account for sector rules in finance and healthcare.

What happens during an active incident?+

A named responder takes the lead within the response window agreed in your contract. They contain the threat, preserve evidence, keep a written timeline, and brief your stakeholders. Afterwards you receive a report you can give to auditors or regulators.

Do you work with smaller companies?+

We do. Scope and pricing scale with your size and risk. A growing online retailer needs a different watch than a hospital group, and we shape the engagement so you are not paying for coverage you will never use.

How is pricing structured?+

Monitoring is a fixed monthly engagement based on the sources and assets covered. Testing and response retainers are quoted per scope. You will always see what drives the figure before you commit.

Begin

Tell us what keeps you up at night.

A short, direct conversation. We will tell you honestly whether we are the right fit before anything is signed.

Operations centreAv. Brigadeiro Faria Lima, 3477 — Itaim Bibi, São Paulo / SP

Email[email protected]

Telephone+55 11 4003-7820