Expert delivery
Services delivered
by specialists.
Hands-on security work from Australian-based specialists. Deep technical rigour, clear communication, and outcomes you can measure.
Fortify.
Managed cyber security.
Fortify is our continuous security service built for Australian SMEs. It protects your environment with 24/7 monitoring, fast incident response, and monthly improvement cycles. All aligned to the ACSC Essential Eight.
“They manage IT. We manage security.”
What's included
24/7 SOC monitoring
Round-the-clock detection across endpoints, identities, and cloud environments.
Incident response
Rapid containment and neutralisation when threats are detected. We act, not just alert.
Endpoint detection & response
EDR deployed across all managed devices. Behavioural threat detection and automated response.
Identity protection
Monitor for compromised credentials, suspicious logins, and privilege escalation in real time.
DNS filtering
Block malicious domains before they reach your users. On-network and remote.
Phishing simulations
Regular simulated attacks with targeted training to build a security-aware workforce.
Monthly reporting
Clear reports for executives and engineers. Threat summary, posture score, and next steps.
Essential Eight alignment
All activity mapped to ACSC Essential Eight controls. Measurable maturity improvement each cycle.
Find the gaps before
someone else does.
CREST-aligned methodology. Australian-based testers. Real exploit research. Not automated scan reports passed off as a pentest.
Our testers think like attackers and write like consultants. So your team gets findings they can actually act on. Every engagement follows a transparent workflow. You always know what we're doing, why, and what we found.
48hr
Critical issue alert
30 day
Free retest
100%
Manual validation
What we test
01
Scope
We define exactly what gets tested, timelines, and rules of engagement. A clear plan and quote within a week.
02
Reconnaissance
We map your attack surface the same way a real adversary would. OSINT, network discovery, asset enumeration.
03
Exploit
100% manual testing using real attack techniques. We chain vulnerabilities together like a real attacker would. No scan dumps.
04
Report
Risk-rated findings, remediation guidance, executive summary for the board, and technical reproduction steps for your engineers.
What you walk away with
Know exactly
where you stand.
We assess your security posture against the frameworks that matter most to Australian businesses and give you a clear, prioritised path forward.
Essential Eight
ACSC Maturity Levels 1–3
The Australian government's baseline cyber security framework. We assess your maturity against all eight controls and provide a prioritised uplift roadmap.
ISO 27001
Information Security Baseline
A structured baseline assessment against ISO/IEC 27001:2022 controls. Ideal for organisations preparing for certification or demonstrating security posture to clients.
NIST CSF
Cybersecurity Framework
Identify, Protect, Detect, Respond, Recover. Mapped to your environment. Used by organisations with US-linked clients or those seeking a globally recognised framework.
SMB1001
ASD Small Business Cyber Standard
Australia's purpose-built cyber standard for small businesses. We assess against all four tiers and help you achieve certification through CSCAU or equivalent bodies.
Every audit includes
- Current-state assessment against chosen framework
- Gap analysis with risk rating for each finding
- Prioritised remediation roadmap
- Executive summary and board-ready narrative
- Technical remediation guidance for IT teams
- Evidence pack suitable for cyber insurance
- Follow-up validation engagement available
Good for
Boards and executives seeking a clear view of cyber risk. Businesses applying for cyber insurance or responding to insurer requests. Organisations preparing for Essential Eight certification, ISO 27001 audit, or government contract requirements. SMEs looking to achieve SMB1001 certification.
CCTV and door access.
Licensed. Professional.
IronSights holds NSW Master Security Licence 000109187. We design, supply, install, and support enterprise-grade CCTV and door access systems for Australian businesses.
Unlike a generic IT provider bolting on a camera, we treat physical security as part of your overall security posture. Integrated with your network, managed through a single pane of glass.
NSW Master Security Licence
Licence No. 000109187
CCTV surveillance
Door access control
When something breaks,
we stop the bleeding.
Ransomware. Business email compromise. Data breach. When you're under attack, you need a team that moves fast, communicates clearly, and knows exactly what to do next.
01
Contain
Immediate isolation of affected systems to stop the spread. We act fast. Every minute matters in an active incident.
02
Investigate
Forensic analysis to determine how the attacker got in, what they accessed, and whether they are still present.
03
Eradicate
Complete removal of the threat. Malware, backdoors, compromised accounts. From your environment.
04
Recover
Restore operations safely. We verify clean state before systems go back online and brief your team throughout.
05
Report
Incident timeline, root cause analysis, and a hardening roadmap to prevent recurrence. Suitable for regulatory reporting.
We respond to
Retainer clients get priority
Fortify managed security clients receive immediate incident response as part of their service. For all other businesses, retainer agreements guarantee a defined response SLA.
Post-incident hardening
Every engagement ends with a hardening review. We identify what allowed the incident to occur and ensure your defences are stronger before we leave.
Not sure where to start?
We'll tell you exactly
what you need.
Book a free security review. We'll assess your posture, identify your biggest risks, and recommend the right service. No obligation.
Free security review
Understand your risk in 30 minutes
We assess your current posture, identify your highest-priority gaps, and walk you through the right options. No sales pitch. No pressure.