Contact Us Contact Us
Contact Us Contact Us
Homeβ€Ί Solutionsβ€Ί Security Services
Security Services

Defend every layer.
Trust nothing.
Verify everything.

Modern threats don't knock β€” they walk through gaps your team didn't know existed. Onel designs and implements layered security across your network, systems, applications, cloud, and data β€” so when an attack comes, your business keeps running.

Book a security assessment β†’ See all services
Security domains we cover
πŸ”₯

Network & Perimeter Security

NGFW, SD-WAN security, cloud firewalls, and network segmentation

Network
πŸ“§

Email & Collaboration Security

Anti-phishing, Safe Links, DMARC, and mail gateway protection

Email
🌐

Web Application Firewall

WAF protecting web apps from OWASP Top 10 and DDoS attacks

WAF
πŸ”€

Microsegmentation

Zero Trust network segmentation β€” limit lateral movement

Zero Trust
πŸ“‹

DLP & Data Security

Prevent sensitive data leaving β€” Purview, Defender, and DLP policies

DLP
πŸ”­

SIEM & Threat Detection

Microsoft Sentinel β€” visibility and response across your entire environment

SIEM
Layered
Defence-in-depth across every security domain
Zero Trust
Architecture principle across all security engagements
Essential Eight
All services aligned to ASD Essential Eight framework
24/7
Managed security monitoring available
🎯 The threats your organisation faces every day
🎣
Phishing
Credential harvesting via email and fake login pages
πŸ”
Ransomware
Encrypt-and-extort attacks targeting backups and file servers
πŸ‘€
Identity Attack
Compromised credentials and privilege escalation
πŸ•·οΈ
Web App Attacks
SQL injection, XSS, API abuse targeting public applications
πŸ”€
Lateral Movement
Attackers pivoting through flat networks after initial breach
πŸ“€
Data Exfiltration
Sensitive data leaving via email, cloud apps, or removable media
01
Network & Perimeter Security
πŸ”₯
Network Security

Secure the perimeter. Control what comes in and out.

Your network perimeter is the first line of defence. Onel designs and deploys next-generation firewall architectures that inspect all traffic β€” not just at the edge, but between internal zones β€” so threats can't move freely once inside.

Next-generation firewall design, deployment, and managed operations (PaloAlto, Fortinet, Cisco)
SD-WAN security integration β€” secure branch connectivity with consistent policy enforcement
Internet edge security β€” IPS, URL filtering, TLS inspection, and DNS security
VPN and secure remote access β€” IPsec, SSL VPN with MFA and device posture checks
Firewall policy review and audit β€” identify over-permissive rules and security gaps
BGP and routing security β€” prefix filtering, route validation, and peering security
πŸ”₯

Next-Generation Firewall (NGFW)

Perimeter
Application-layer inspection β€” identifies and controls apps regardless of port or protocol
Intrusion Prevention System (IPS) β€” blocks known exploits and vulnerability scans in real time
TLS/SSL inspection β€” decrypts and inspects encrypted traffic without creating blind spots
URL and web filtering β€” block malicious, adult, and high-risk web categories by policy
DNS security β€” block malware C2 domains and DNS-based exfiltration at the resolver level
Threat intelligence feeds β€” auto-block known malicious IPs, domains, and file hashes
Palo Alto NGFWFortinet FortiGateCisco FirepowerCisco Umbrella
☁️

Cloud Firewall & SASE

Cloud-native
FortiSASE and Zscaler β€” cloud-delivered security enforced at the user, not just the edge
Azure Firewall Premium β€” inspection and threat intelligence for cloud workloads
Consistent policy enforcement across office, remote, and cloud β€” regardless of location
CASB capabilities β€” control SaaS app access and data movement from any device
FortiSASEZscaler ZIA/ZPAAzure FirewallCisco Meraki
02
Microsegmentation
πŸ”€
Microsegmentation

Stop attackers from moving through your network freely.

A flat network is an attacker's best friend β€” one compromised device can reach everything. Microsegmentation divides your network into isolated zones with enforced access controls between them. Even if an attacker gets in, they can't go anywhere.

Network segmentation design β€” logical separation of users, servers, IoT, and management traffic
VLAN and zone-based architecture aligned to business function and security risk
SD-Access microsegmentation β€” Cisco ISE-driven dynamic policy enforcement at the access layer
East-west traffic control β€” enforce policy between internal zones, not just north-south at the perimeter
IoT and OT segmentation β€” isolate operational technology and devices from corporate networks
Kubernetes network policies β€” pod-to-pod segmentation within container environments
πŸ—ΊοΈ

Segmentation Architecture

Design
Zone-based architecture: Users, Servers, DMZ, Management, IoT β€” each with defined trust levels and inter-zone policies
Micro-perimeters around critical assets β€” finance systems, HR data, critical infrastructure β€” with granular access control
Traffic flow analysis before segmentation β€” identify actual communication patterns to avoid breaking legitimate traffic
Phased rollout approach β€” implement segmentation in stages without disrupting operations
Cisco SD-AccessCisco ISEAruba ClearPassVMware NSX
🌐

East-West Traffic Security

Internal
Internal firewall rules enforced between network zones β€” lateral movement blocked at the network layer
Dynamic Security Group Tags (SGT) via Cisco TrustSec β€” policy follows the user, not the IP address
802.1X port-based access control β€” only authenticated, compliant devices can connect to the network
Guest and contractor network isolation β€” complete separation from corporate resources by policy
Cisco TrustSec / SGT802.1X / NACPalo AltoOPA / Cilium
03
Web Application Firewall (WAF)
🌐
WAF

Protect your web applications from the attacks targeting them daily.

Web applications are the most attacked surface in most organisations β€” exposed to the public internet, often storing sensitive data, and directly accessible to unauthenticated users. A WAF sits in front of your applications and blocks attacks before they reach your code.

OWASP Top 10 protection β€” SQL injection, XSS, CSRF, insecure deserialisation, and more
DDoS mitigation β€” volumetric, protocol, and application-layer attack protection
Bot management β€” block malicious bots, scrapers, and credential stuffing attacks
API security β€” protect REST and GraphQL APIs from abuse and injection attacks
Custom rule development β€” WAF rules tuned to your application's specific behaviour
WAF monitoring and alert management β€” continuous tuning to reduce false positives
πŸ›‘οΈ

Azure WAF / Application Gateway

Azure
Azure Application Gateway WAF β€” OWASP CRS 3.2 protection for web apps hosted in Azure
Azure Front Door WAF β€” global CDN-layer protection with DDoS mitigation at the edge
Custom rules for specific attack patterns unique to your application
Integration with Microsoft Defender for Cloud and Sentinel for centralised alerting
Azure App Gateway WAFAzure Front DoorMicrosoft Defender
πŸ”΄

Palo Alto Prisma & Fortinet WAF

On-prem / Cloud
Palo Alto Prisma Cloud WAF β€” cloud-native application protection with contextual detection
Fortinet FortiWeb β€” hardware or cloud WAF with ML-based anomaly detection and bot protection
API discovery and protection β€” automatically detect and protect undocumented API endpoints
Virtual patching β€” block exploitation of known CVEs while permanent fixes are applied
Palo Alto PrismaFortinet FortiWebCloudflare WAFNGINX WAF
04
Email & Collaboration Security
πŸ“§
Email Security

Email is the number one attack vector. Treat it that way.

Over 90% of cyberattacks start with an email. Phishing, spear-phishing, business email compromise, and malicious attachments are constant threats. Onel implements layered email security that blocks attacks before they reach your users' inboxes.

Microsoft Defender for Office 365 β€” Safe Links, Safe Attachments, anti-phishing, and impersonation protection
DMARC, DKIM, and SPF configuration β€” prevent domain spoofing and email impersonation
Secure Email Gateway β€” additional filtering layer for advanced threats and zero-day attachments
Business Email Compromise (BEC) detection β€” identify financial fraud attempts and executive impersonation
Mail flow analysis and anomaly detection β€” baseline normal patterns and alert on deviations
User awareness training integration β€” track who clicks on phishing simulations and remediate
πŸ›‘οΈ

Defender for Office 365 (Plan 2)

Microsoft
Safe Links β€” real-time URL detonation at click-time, not just at delivery β€” blocks URLs weaponised after delivery
Safe Attachments β€” detonates attachments in an isolated sandbox before they reach the user's mailbox
Anti-phishing β€” ML-based impersonation detection protecting against spoofed executives and domains
Attack Simulator β€” run realistic phishing simulations to measure and train user awareness
Threat Explorer β€” full investigation capability into email threats with kill chain visualisation
Defender for O365 P2Attack SimulatorThreat Explorer
βœ‰οΈ

DMARC / DKIM / SPF + Email Auth

Anti-Spoofing
SPF records β€” define which mail servers are authorised to send email from your domain
DKIM signing β€” cryptographic signature verifying email origin and integrity
DMARC policy β€” tell receiving mail servers what to do with unauthenticated email (reject/quarantine)
DMARC reporting β€” visibility into who is sending email using your domain, including shadow IT
BIMI β€” Brand Indicators for Message Identification β€” display your logo in Gmail and Apple Mail for verified senders
DMARC AnalyserProofpointMimecastMicrosoft EOP
05
Data Loss Prevention & Data Security
πŸ“‹
DLP & Data Security

Know where your sensitive data is. Control where it goes.

Data breaches don't always come from external attackers β€” sometimes it's an employee accidentally emailing a customer list, or sharing a file containing health records to a personal account. DLP policies automatically detect and block sensitive data from leaving your organisation through any channel.

Sensitive data discovery β€” automatically identify PII, health records, financial data, and IP across M365 and on-prem
Microsoft Purview DLP β€” policy-based controls preventing sensitive data movement via email, Teams, and SharePoint
Sensitivity labelling β€” classify documents and emails automatically or prompt users to label manually
Endpoint DLP β€” prevent copying sensitive data to USB drives, personal cloud, or printers
Cloud app DLP β€” monitor and control data movement in third-party SaaS applications via MCAS
DLP policy tuning β€” reduce false positives that frustrate users while maintaining effective protection
πŸ”

Microsoft Purview DLP

M365
Over 200 built-in sensitive information types β€” PII, credit cards, TFN, Medicare numbers, passports β€” auto-detected in content
Policy scopes: Exchange email, Teams messages, SharePoint, OneDrive, Endpoint, and third-party apps
Policy actions: Block, warn, require business justification, notify security team, or apply encryption
Adaptive protection β€” automatically tighten policies for users flagged as insider risks by Purview IRM
DLP alerts and activity explorer β€” full audit trail of every DLP policy match and action taken
Microsoft PurviewSensitivity LabelsEndpoint DLPMCAS
🏷️

Information Protection & Classification

Classification
Sensitivity label taxonomy design β€” Official, Protected, Sensitive, Confidential β€” aligned to your classification policy
Auto-labelling policies β€” content scanned and labelled automatically based on sensitive content detected
Label-based encryption β€” documents remain encrypted and access-controlled regardless of where they are saved or forwarded
Content marking β€” headers, footers, and watermarks applied automatically based on classification level
Azure Information ProtectionPurview MIPForcepoint DLP
06
Endpoint & Systems Security
πŸ’»
Endpoint Security

Protect every device. Detect every threat. Respond fast.

Endpoints are the most common initial access point for attackers. Modern endpoint protection goes far beyond antivirus β€” it detects suspicious behaviour, investigates the full attack chain, and responds automatically to contain threats before they spread.

Microsoft Defender for Endpoint β€” EDR with behavioural detection, threat hunting, and automated response
Vulnerability management β€” continuous assessment of missing patches and exploitable configurations
Attack surface reduction (ASR) β€” rules that block common attack techniques like macros, LSASS dumping, and LOLBin abuse
Device compliance enforcement via Intune β€” non-compliant devices blocked from accessing corporate resources
Privileged access management β€” protect admin credentials with just-in-time access and PAW environments
Essential Eight β€” patch applications, patch OS, application control, and restrict admin privilege implementation
πŸ›‘οΈ

Microsoft Defender for Endpoint (MDE)

EDR
Behavioural detection β€” identifies malicious activity patterns, not just known malware signatures
Automated Investigation and Response (AIR) β€” auto-triages alerts and takes containment actions without human intervention
Threat hunting β€” proactively search for indicators of compromise across your entire endpoint estate
Device isolation β€” quarantine a compromised machine from the network with a single click, without physically touching it
Cross-platform coverage β€” Windows, macOS, Linux, iOS, and Android all managed and monitored from a single console
MDE P2Microsoft IntuneDefender XDRCrowdStrike
πŸ”’

Privileged Access & Application Control

Essential Eight
Application allowlisting β€” only approved applications can execute; everything else is blocked by default
Local admin removal β€” standard users run without local admin rights; privilege requested via PIM when needed
Privileged Access Workstations (PAW) β€” hardened, dedicated devices for administrative tasks only
Macro control policies β€” Office macros restricted to signed, approved sources only
AppLockerWDACEntra PIMCyberArk
07
SIEM, XDR & Threat Detection
πŸ”­
SIEM & XDR

See everything. Respond before it becomes a breach.

Individual security tools generate alerts in isolation. A SIEM correlates signals from across your entire environment β€” network, endpoints, identity, email, and cloud β€” to surface real threats and give your team the context to respond fast and effectively.

Microsoft Sentinel deployment and configuration β€” cloud-native SIEM/SOAR with AI-driven detection
Log source onboarding β€” M365, Entra ID, Defender, Azure, on-premises firewalls, switches, and servers
Detection rule development β€” custom analytics rules tuned to your environment and threat model
SOAR playbook automation β€” auto-respond to common incidents (isolate device, disable account, block IP)
Microsoft Defender XDR β€” unified investigation across Defender for Endpoint, Identity, Office 365, and Cloud Apps
Managed security monitoring β€” Onel can operate Sentinel as a managed service with 24/7 alert triage
πŸ”­

Microsoft Sentinel SIEM

SIEM / SOAR
Ingests 200+ data connectors β€” every Microsoft product, AWS, GCP, on-prem firewalls, Linux, Windows, and more
MITRE ATT&CK mapped detection rules β€” coverage across Initial Access, Persistence, Lateral Movement, and Exfiltration tactics
Fusion AI β€” automatically correlates low-fidelity signals into high-confidence multi-stage attack alerts
Playbooks via Logic Apps β€” automated response workflows that execute in seconds, not minutes
Workbooks and dashboards β€” executive security posture reporting and operational SOC dashboards
Microsoft SentinelDefender XDRLogic AppsKQL
🎯

Threat Intelligence & Hunting

Proactive
Threat intelligence feeds integrated into Sentinel β€” automatically enrich alerts with IOC context
Proactive threat hunting β€” Onel engineers search for evidence of compromise that automated rules miss
Incident response support β€” rapid investigation and containment when an alert fires or a breach is suspected
Regular threat landscape briefings β€” monthly review of emerging threats relevant to your sector and environment
Microsoft TIMISPRecorded FutureOpenCTI
Security Architecture

Zero Trust β€” the architecture that ties it all together.

Zero Trust is not a product β€” it is an architecture principle. Onel designs all security engagements around Zero Trust: verify explicitly, use least privilege access, and always assume breach.

πŸ”

Identity

Every access request is authenticated and authorised β€” MFA, Conditional Access, and PIM for all users and admins.

Entra IDMFAPIMConditional Access
πŸ’»

Endpoints

Only compliant, managed devices gain access β€” posture checked at every connection attempt via Intune and MDE.

MDEIntuneAutopilot
🌐

Network

Segmented, policy-enforced network β€” least-privilege access between zones, encrypted traffic, no implicit trust.

NGFWMicrosegmentationSASE
πŸ—οΈ

Applications

Applications protected by WAF, API security, and access proxies β€” never exposed directly to the internet.

WAFApp ProxyMCAS
πŸ“‹

Data

Sensitive data classified, labelled, encrypted, and governed β€” DLP prevents exfiltration across every channel.

PurviewDLPAIPEncryption
πŸ”­

Across all five pillars, Microsoft Sentinel and Defender XDR provide unified visibility β€” correlating signals from identity, endpoints, network, applications, and data into a single security operations platform. Onel can deploy, configure, tune, and operate this platform as a fully managed security service β€” giving your organisation enterprise-grade security operations without building an in-house SOC.

Compliance & Frameworks

Security built to meet your compliance obligations.

Onel's security engagements are designed to support your compliance requirements β€” not just your technical security posture. Every control we implement is mapped to the relevant framework.

ASD Essential Eight β€” Maturity Coverage

ASD E8
Application Control
ML3
Patch Applications
ML3
Configure Microsoft Office Macro Settings
ML3
User Application Hardening
ML2
Restrict Administrative Privileges
ML3
Patch Operating Systems
ML3
Multi-Factor Authentication
ML3
Regular Backups
ML3
Onel conducts Essential Eight gap assessments and implements controls to achieve target maturity levels β€” typically ML2 or ML3 for government and regulated organisations.

ISO 27001 / 27002

Information security management system β€” controls mapped across all Onel security services

Privacy Act 2024

Australian Privacy Principles and the notifiable data breach scheme β€” DLP and Purview controls aligned

PSPF

Protective Security Policy Framework β€” relevant for federal government and their suppliers

APRA CPS 234

Information security for APRA-regulated entities β€” financial services security controls and testing

IRAP

Information Security Registered Assessors Program β€” assessment support for Australian Government cloud

SOC 2 Type II

Security, availability, and confidentiality controls for service organisations and cloud providers

ISM

Australian Government Information Security Manual β€” technical controls and system hardening guidance

GDPR

Data protection compliance for organisations handling EU personal data β€” DLP and governance aligned

Technology Partners

Authorised security partners. Independent advice.

Onel holds authorised partner status across the leading security vendors β€” so we recommend and implement what's right for your threat model, not what's easiest to sell.

πŸ”΄
Palo Alto Networks
NGFW Β· Prisma Β· Cortex XDR Β· DNS Security
🟒
Fortinet
FortiGate Β· FortiSASE Β· FortiWeb WAF Β· FortiAnalyzer
πŸ”΅
Cisco
Firepower Β· ISE Β· Umbrella Β· AnyConnect Β· SecureX
🟣
Microsoft Security
Defender XDR Β· Sentinel Β· Purview Β· Entra ID Β· Intune
🟑
Zscaler
ZIA Β· ZPA Β· Zero Trust Exchange Β· CASB
⚫
CrowdStrike
Falcon EDR Β· Threat Intelligence Β· Incident Response
πŸ”΅
Rubrik
Zero Trust Data Security Β· Radar Β· Cyber Recovery
🟠
Proofpoint
Email Security Β· DMARC Β· Security Awareness Training
πŸ”΄
Mimecast
Secure Email Gateway Β· Impersonation Protect Β· Archive
🟀
Snyk / SonarQube
Application security Β· SAST Β· DAST Β· Dependency scanning

Know your security gaps before attackers do.

Onel offers a structured security assessment covering your network, endpoints, identity, email, cloud, and data protection posture β€” with a clear, prioritised remediation plan.

Book a security assessment β†’ Email us

Or call us: 1300 609 101

Cookie Policy
We use cookies to give you the best experience. Cookie Policy