05 / 07
Case file
Next-generation firewalls, segmentation, NAC, EDR, SIEM and backup — Fortinet, Palo Alto, Sophos, Check Point — designed to how breaches actually unfold, not how vendors describe them.
/ The discipline, in detail
How we approach network security.
Most network-security stacks fail not at detection but at recovery. We design with the assumption that the bad day will arrive and the question will be how quickly the organisation is back online. Segmentation that contains lateral movement, EDR on every endpoint that matters, immutable backups stored offline, and a runbook that names the human who picks up the phone at three in the morning. The firewall is necessary but not sufficient.
On record
Every network security engagement is documented end-to-end — design, programming, commissioning, calibration — and handed over with the files our successors would need if we were never to return.
/ Where we deploy this
Active across 5 sectors.
Network Security is rarely a standalone brief — it sits inside a wider sector practice with its own codes, expectations and operating rhythm.
/ Sister services
The rest of it.
A serious brief usually crosses two or three of these. Read across the discipline — we deliver them as one contract.
- 01
EPABX & IP-PBX
Voice, routed cleanly.
Enterprise voice — IP-PBX, SIP trunking, hosted UC and hospitality PMS integrations — Grandstream, NEC, Cisco and Yeastar.0 - 02
IT & Networking
Wires the building's nervous system.
Structured cabling, Wi-Fi 7, switching, SD-WAN and data-centre networking — Cisco, HPE Aruba, Juniper, Netgear, CommScope.1 - 03
Structured Cabling
Backbones rated for the next quarter-century.
Cat6A, OS2 and OM4/OM5 structured cabling — designed to TIA-568, terminated to manufacturer warranty and labelled to a documented patch schedule.2 - 04
Enterprise Wi-Fi
Coverage you can measure, not just claim.
Wi-Fi 7 and Wi-Fi 6E enterprise wireless — Cisco, Aruba, Juniper Mist, Netgear — site-surveyed to the building's actual cell-edge SNR.3 - 06
Servers, Storage & Data Centre
On-prem, hybrid and edge — sized for actual workload.
Server and storage architecture — Dell, HPE, Lenovo, Pure, NetApp — for on-prem and hybrid workloads, including precision cooling, rack design and DR.4 - 07
Video Conferencing Infrastructure
Reliability beats features.
Cloud, on-prem and hybrid VC — Microsoft Teams, Zoom, Google Meet, Cisco Webex — with bridges, gateways, recording and transcription infrastructure.5
/ Frequently asked
Network Security — what buyers ask first.
MDR or SIEM in-house?
Under 500 employees, choose managed detection-and-response (MDR); above 500, hybrid MDR-plus-internal-SOC begins to pay back. Recommend managed detection-and-response (MDR) — the talent cost of running a 24/7 SOC in-house rarely makes sense at that size. Above 500 employees, hybrid MDR-plus-internal-SOC begins to pay back.
What's the right firewall for a typical SMB?
FortiGate, Palo Alto Networks PA-series, or Cisco. For small branch sites, a cloud-managed Cisco appliance is excellent (simple, low ops overhead). For headquarters, FortiGate offers the best price-performance with strong threat intelligence. Palo Alto is the premium tier with the deepest application-aware controls.
What does zero-trust architecture mean in practice?
Every request is authenticated regardless of network location — there is no 'inside the firewall' implicitly trusted zone. Practical implementation: identity-driven access (single sign-on with MFA), device-posture checks before network admission, and micro-segmentation that contains lateral movement. We design to zero-trust principles for any new deployment in 2026.
How do we approach endpoint protection?
EDR or XDR (CrowdStrike Falcon, SentinelOne, Microsoft Defender for Endpoint) on every endpoint that matters. Anti-virus alone is no longer sufficient; behaviour-based detection catches modern malware that signature-based scanners miss. We deploy and integrate with the SIEM for centralised visibility.
What about backup and ransomware recovery?
Immutable, offline-capable backups stored on infrastructure that cannot be modified by a compromised primary network. Veeam, Rubrik or Cohesity to a Wasabi or backblaze cold-storage tier with documented recovery testing. The most important security investment many organisations have not yet made.
How often should we run penetration testing?
Annually at minimum; semi-annually for regulated and high-value organisations. We coordinate with independent penetration-test firms (we don't audit our own work) and the findings flow into a remediation plan with documented closure dates. This is part of the AMC programme for premium clients.
· Begin
Begin a
network security
brief.
Tell us about the building, the timeline, and what success looks like a year after handover. We will reply within two working days with a written response, not a sales pitch.