Frequently asked questions
Practical answers about our managed security, SIEM, SOAR, SOC and PAM, managed IT, POPIA and how to get started.
Managed Security
A managed Security Operations Centre is a team and technology stack that continuously monitors your IT environment for threats, investigates alerts and coordinates response so that suspicious activity is caught and contained quickly. Building an in-house SOC requires recruiting scarce security analysts, running a 24/7 shift roster and licensing expensive tooling, which is rarely cost-effective for most South African organisations. By partnering with Virtueda's managed SOC you gain access to trained analysts, established processes and enterprise-grade tooling for a predictable monthly cost, while your internal team stays focused on running the business.
Continuous monitoring is central to how a managed SOC operates, because attacks do not keep office hours and the gap between detection and response is what determines how much damage occurs. When a credible threat is confirmed, analysts follow agreed response procedures to contain it, communicate with your nominated contacts and guide remediation, with the specific actions and escalation paths defined in your service agreement. The exact response times and coverage are documented up front so you know precisely what to expect.
SIEM/SOAR/SOC/PAM
These are four related but distinct parts of a modern security programme. A SIEM (Security Information and Event Management) platform collects and correlates logs from across your systems to surface suspicious patterns; SOAR (Security Orchestration, Automation and Response) sits on top of that to automate repetitive investigation and response steps so analysts work faster; the SOC (Security Operations Centre) is the people and processes that watch those tools and act on what they find; and PAM (Privileged Access Management) controls and records the powerful administrator accounts that attackers most want to compromise. Used together they give you detection, automated response, human oversight and tight control of high-risk access.
A SIEM ingests log and event data from sources such as firewalls, servers, endpoints, cloud services and identity systems, then normalises and correlates that data to spot patterns no single system would reveal on its own. For example, a failed login in one place followed by a successful login from an unusual location and then a large data transfer can be linked into a single high-priority alert. Virtueda configures detection rules and tuning aligned to your environment so that genuine threats rise to the top and analysts are not buried in noise.
Privileged accounts such as domain administrators, database owners and service accounts hold the keys to your most sensitive systems, which makes them the primary target in serious breaches and ransomware attacks. PAM reduces that risk by vaulting and rotating privileged credentials, enforcing approval workflows for access, limiting how long elevated rights last and recording privileged sessions for accountability. This means that even if a credential is exposed, an attacker cannot freely reuse it, and you retain a clear audit trail of who did what with administrative access.
SOAR automates the repetitive, time-consuming parts of security operations using predefined playbooks, so that common alerts trigger consistent first-response actions without waiting for manual intervention. Typical examples include automatically enriching an alert with threat intelligence, isolating a suspicious endpoint, disabling a compromised account or opening and routing a ticket. The result is faster, more consistent containment and analysts who can spend their time on genuine investigation and decision-making rather than routine clicks.
Getting Started
Yes. Smaller organisations are frequently targeted precisely because attackers assume their defences are weaker, yet they rarely have the budget to staff a full security team. A managed service lets you share the cost of analysts, tooling and processes across many clients, so you receive enterprise-grade monitoring and response scaled and priced to your needs. Virtueda can start with the controls that give the greatest protection for your budget and expand coverage as your business grows.
Engagements usually start with a discovery conversation to understand your business, your systems, your regulatory obligations and the risks that concern you most. From there we assess your current environment, identify gaps and propose a prioritised plan rather than an off-the-shelf bundle, so spend is directed where it reduces the most risk. Once you approve the scope we onboard in defined phases, connecting log sources, deploying agents and tuning detections so the service delivers value without disrupting your operations.
Timelines depend on the size and complexity of your environment, the number of log sources and the services you select, so we set realistic expectations during planning rather than promising a single fixed figure. In practice, core monitoring can often be stood up relatively quickly, with detection rules then tuned over the following weeks as we learn the normal patterns of your environment. We work in phases so that high-value protections come online early while the more detailed configuration continues in the background.
Managed security is most commonly delivered as a predictable recurring subscription rather than a large upfront capital outlay, which makes budgeting easier and aligns cost with ongoing protection. Pricing is shaped by factors such as the number of users, devices and log sources monitored, the services you select (for example SIEM, SOAR, SOC and PAM), the level of response coverage and the complexity of your environment. We scope this transparently during planning so you understand exactly what is included before you commit, and you can speak to our team on 021 879 1544 or info@virtuedasys.co.za to discuss your specific requirements.
Compliance (POPIA)
POPIA, South Africa's Protection of Personal Information Act, requires organisations to put appropriate, reasonable technical and organisational measures in place to safeguard personal information, and to be able to detect and respond to security compromises. Virtueda helps you meet these obligations by improving how you monitor for and detect breaches, control access to systems holding personal data, and maintain the audit trails needed to demonstrate accountability. We do not act as your legal adviser, but our services are designed to support the security measures POPIA expects and to help you respond appropriately if a compromise occurs.
Yes. We can map your controls and monitoring to widely recognised frameworks so that your security efforts are structured, measurable and defensible rather than ad hoc. This gives you a clear baseline, helps prioritise improvements and makes it easier to demonstrate due diligence to auditors, partners and regulators. We frame this work as helping you align to and meet the requirements of these frameworks, working alongside your own compliance and legal teams.
Managed IT
Virtueda is a comprehensive IT and cybersecurity partner, so in addition to security we cover managed services, connectivity and networking, communications, cloud and data centre, infrastructure and business continuity. This means a single partner can look after your day-to-day IT operations, your network and connectivity, your hosting and your resilience planning, with security woven through rather than bolted on afterwards. Consolidating these services tends to reduce finger-pointing between vendors and gives you one accountable team that understands your environment end to end.
Business continuity is about ensuring that, when something goes wrong, whether a hardware failure, a cyber-attack or a regional outage, your critical systems and data can be recovered and your operations can keep going. Our managed services include proactive monitoring and maintenance to prevent many incidents in the first place, while our continuity and recovery planning ensures you have tested backups and clear procedures for restoring service. The aim is to minimise downtime and data loss so that an incident becomes a manageable interruption rather than an existential threat to the business.
Still have questions?
Our team is happy to talk through your environment and what good security looks like for your business.