Cybersecurity

Regional Centre of Excellence for best-in-class 5G connectivity needs and turnkey technology solutions supporting digital transformation and automation on a secure and reliable network infrastructure.

The Axiata Cyber Fusion Centre (ACFC) leads the charge as our cybersecurity centre of excellence, delivering world-class capabilities to combat emerging threats and drive cyber resilience. Established in 2022, ACFC serves as Axiata’s nerve centre for cybersecurity through its unified platform that combines active monitoring, threat intelligence, incident response, and offensive security, ensuring confident operations in an increasingly complex digital environment.

Highlights

>11,000

assets monitored

>2,000

IPs scanned for security weaknesses

200+

keywords monitored across open, deep, and dark web

115+

automated operational reports distributed weekly

55

team members across Malaysia and Sri Lanka

12

clients served across 5 countries

100%

in-house operation powered by local talent

Security assurance services ensure that your organisation’s systems, data, and digital assets remain safe against an ever-changing landscape of threats and vulnerabilities.

Web App Penetration Testing
Penetration testing (pentesting) finds security gaps in your business’ systems by assessing it against OWASP Top 10 vulnerabilities, input validation, SQL injection, XSS and business logic errors.
Vulnerability Management
Risk-based vulnerability management involves a dynamic cycle of assessment, mitigation and monitoring. This prioritises the most critical cybersecurity risks in your business, ensuring resource efficiency and an improved defence strategy.
Red Team Exercise
Red Teaming simulates real-world attacks, mirroring the tactics of sophisticated threat actors. Ethical hackers will test your system to uncover digital, social and physical vulnerabilities, and assess your team’s response.
Mobile Application Penetration Testing
If your business has a mobile app, pentesting is carried out via source code analysis, vulnerable library detection, misconfiguration checks and risk reporting for mobile platforms such as iOS and Android.
Vulnerability Assessment
Identifying potential vulnerabilities and security gaps is crucial to the early detection of threats. Use the insights gained through a cost-effective vulnerability assessment to address weaknesses before they can be exploited.
Cyber Threat Simulation
By modelling how an adversary will attack your system, you can identify cyberattack vectors and uncover security gaps in your system. This is done through Cyber Kill Chain scenarios which simulate real-world attempts.
Infrastructure Penetration Testing
IT infrastructure pentesting involves testing of network devices, protocols, misconfigurations and OWASP vulnerabilities, including session management and validation.
Cybersecurity Maturity Assessment
Evaluate your business’ current cybersecurity posture, benchmarked against international standards and best practices like MITRE and NIST.
Social Engineering Simulation
Social engineering attempts target ordinary employees in order to launch attacks. Train your employees to recognise and avoid phishing and other manipulation tactics, reducing the risk of human error in cyberattacks.
Cloud Security Assessment
Our evaluation of your cloud environment focuses on OWASP framework-based testing, cloud misconfiguration detection and CIS compliance verification.
Cyber Drill & War Games
Cyber wargaming tests your security team in a large-scale, hands-on cybersecurity exercise. This ensures a coordinated, rehearsed response across the during major cybersecurity incidents.

Daily Average

>2,000

IPs scanned for security weaknesses

300+

external nodes assessed for risks

5+

high sensitivity vulnerabilities identified

Threat intelligence empowers your organisation to stay one step ahead of attackers by turning raw data into actionable insights, transforming defence from reactive to proactive.

Smart Threat Intelligence and Brand Protection
Cyber Threat Intelligence (CTI) monitors your brand across the open, deep and dark web to detect and prevent external threats such as social engineering, brand impersonation and reputation attacks.
Take Down Services
Rapid removal of harmful content targeting your brand, including fake websites, misleading posts and impersonating social media accounts, safeguards both your reputation and customers.

Daily Average

200+

keywords monitored across open, deep, and dark web

Solutions to support customer experience improvement and drive operational efficiency at airports.

Active Monitoring and Detection
24/7 monitoring of your systems identifies potential intrusions through continuous alert qualification, security event triage, and event analysis.
Cyber Incident Management and Response
24/7 incident coordination rapidly investigates threats through forensics, malware analysis and threat hunting—quickly identifying and eliminating cyber attacks to protect your business.
Cyber Drill and War Games
Cyber wargaming tests your security team in a large-scale, hands-on cybersecurity exercise. This ensures a coordinated, rehearsed response across the during major cybersecurity incidents.
Compromise Assessment
By scanning your entire system, any current or past attacker activity in your network as well as security gaps can be identified and investigated, helping you respond effectively and strengthen your security.
Cyber Threat Hunting
Human expertise and data analytics work hand-in-hand to proactively spot and stop hidden cyber threats that standard defences might miss, enabling swift, effective responses when needed.

Daily Average

~25,000

average MPS

>11,000

assets monitored

1,500+

alarms triggered

Advisory services provide expert guidance to strengthen your organisation’s security defenses, protect against evolving cyber threats, and support your business growth.

Cybersecurity Maturity Assessment
Evaluate your business’ current cybersecurity posture, benchmarked against international standards and best practices like MITRE and NIST.
Security Architecture Assessment
By analysing your organisation’s security infrastructure design and implementation, vulnerabilities can be identified and critical systems safeguarded.
Governance, Risk, and Compliance Advisory
Building and maintaining strong governance systems can help your organisation manage risks and meet compliance requirements without compromising growth opportunities.
Security Technology and Architecture Planning
Design and implement robust security systems, policies, and controls to safeguard your business’s critical data, applications, and digital infrastructure.

HELIOS (Heuristic Engine for Leveraging Intelligence, Attribution, & Operational Security) is a groundbreaking cybersecurity platform that provides comprehensive protection for critical infrastructure and key industries such as finance, manufacturing, energy, telecommunications, and healthcare.

br Powered by multi-source intelligence and advanced heuristic methods, it delivers precise threat attribution and ironclad protection of digital assets while enabling swift response to emerging cyber threats.

Reveal Sensitive API Information
Through discovery of exposed Postman collections and API documentation, sensitive endpoints and data leaks are identified to protect critical access points.
Attack Surface Discovery with Precision
Creates advanced cyber-attack simulations to identify and assess exposed services and devices within an organization’s attack surface.
Phishing Domain Generation and Validation
Using target keywords, potential deceptive domains are checked for availability, revealing which could be weaponised against your organisation and customers.
Unearth Hidden Credentials
Your compromised organisational credentials are tracked across deep and dark web sources, helping prevent potential access vulnerabilities before exploitation.
Dark Web Monitoring
Monitors the dark web for organisational mentions, leaked data, and emerging threats that could impact security posture and reputation.
Advanced Threat Detection
By leveraging AI and machine learning, emerging threats are identified and addressed in real-time, while multiple data sources are analysed to detect vulnerabilities before exploitation.
Enumerate Exposed Secrets
By searching code repositories for visible credentials, potential backdoors into system security as seen by attackers can be revealed.

Helios Features

  • IP Asset Discovery
  • Service Enumeration
  • Subdomain Discovery
  • Port Scanning
  • Phishing Domain Discovery
  • Threat Intel Data Enumeration
  • GitHub Leaks Discovery
  • Web Application Vulnerability Scanning
  • API Leaks Discovery
  • Vulnerable Host Discovery
  • Email Discovery
  • Threat Intelligence Through DarkWeb Crawling
  • Leaked Credentials Discovery

Key Impact Statistics

2

days to discover attack surface, down from 2 weeks via automation

700+

threat actor profiles identified

100+

Telegram channels monitored

7 billion

leaked data records detected

Our Accreditations

Strengthening global cyber incident response through worldwide security team collaboration

Internationally accredited provider of professional cyber security services

Monitoring & Incident Response

Offensive Security

Penetration Testing

Threat Intelligence

Penetration Testing

Aligned with International Standards and Best Practices

Our Award

Malaysia Cybersecurity Award 2023

Cybersecurity Project of the Year (Axiata CFC)

Tech Excellence Award 2024

Cybersecurity in Telecommunications (AGB)

Cybersecurity
Award

Innovation (Product) of the Year – HELIOS

Cybersecurity
Award

Innovation (Product) of the Year – HELIOS

Axiata Cyber Fusion Center (CFC) Assessment Tool

Our free comprehensive assessment tool helps you easily validate your website security and ensure compliance with Malaysia’s new Cyber Security Act 2024.

Enquiries? Talk to us.

Please complete all fields.

Our Core Products and Solutions

Download CFC Assessment Tool