02 · Managed cybersecurity

Cybersecurity as a mission-critical discipline

As cyber threats evolve, AlsaTech delivers continuous monitoring, threat detection and incident response that protect critical assets and build organizational resilience.

Cybersecurity operations
SOC Services
24/7 monitoring & response
Vulnerability Management
Continuous identification
Compliance Audits
Regulatory alignment
Identity & Access
Least-privilege control
Data Protection & Privacy
Compliance-grade handling
Disaster Recovery
Cyber resilience & continuity
Incident Response
Plans & runbooks
Threat Intelligence
Risk-ranked feeds
Partner spotlightTrustSphere Technologies · 4sight Platform

4sight — cyber risk intelligence for Kenya's regulated enterprises

AlsaTech delivers 4sight, the FAIR-based cyber risk intelligence platform from our partner TrustSphere — quantifying, monitoring and governing cyber risk across banks, government entities, SEZ tenants and sovereign cloud estates, in the language of the board and the Treasury.

Sovereign Tier III data centre
The asset to be protected

A national-scale attack surface, not a single building

Tier III
Uptime-certified sovereign cloud & national data-centre estates
70+
Critical services across government, utilities and finance
100+
Multi-tenant environments — public and private sector
IoT/OT
Sensor, surveillance and operational technology — a top regulator concern

A SOC tells you what happened. It can't tell you what it's worth.

Detection and response answer the wrong question for an authority that must justify security investment, prove tenant isolation and report upward. 4sight adds the intelligence layer above the SOC.

Monitoring alone
"We detected an event."
  • Alerts, not exposure in business terms
  • No view of what an incident would cost
  • Spend is hard to justify to the Treasury
  • Each tenant's risk is invisible to the board
  • Compliance evidence assembled by hand
With 4sight on top
"Here is what it's worth — and what to fix first."
  • Risk expressed in Kenyan Shillings
  • Loss scenarios with honest confidence ranges
  • Investment prioritised by risk reduced per shilling
  • Per-tenant and technopolis-wide risk posture
  • Audit-ready compliance evidence, continuously
The platform

One platform, three reinforcing capabilities

Each pillar feeds the others — an exposure found by monitoring becomes a quantified risk, and a quantified risk becomes a governed, board-reportable decision.

MEASURE

Cyber Risk Quantification

FAIR-based modelling that translates cyber risk into financial exposure — with confidence intervals, not false precision.

SEE

Attack Surface Monitoring

Continuous discovery of exposed assets across e-government portals, tenant apps, cloud and IoT/OT before attackers find them.

GOVERN

Integrated GRC Suite

Governance, control frameworks, evidence and audit-readiness — the compliance spine mapped to Kenyan law.

Pillar 1 · CRQ

Risk in Shillings — the language the board already speaks

Using the FAIR standard, 4sight models the financial loss from cyber scenarios as a range of probable outcomes — a defensible distribution, not a single false-precision figure.

  • Aggregate annual loss exposure as a probability range
  • Scenario library: ransomware, breach, OT/IoT, insider
  • 'What reduces the most risk per shilling?' prioritisation
  • Board- and Treasury-ready reporting, refreshed continuously
Illustrative — Annual loss exposure
Probable range, not a point estimate
KES (illustrative)
Ransomware0.9M · 2.1M · 3.9M
Data breach1.4M · 2.8M · 5.2M
OT / IoT0.6M · 1.7M · 3.4M
Insider0.4M · 1.4M · 2.1M
10th Likely 90th
Pillar 2 · ASM

A perimeter that never stops moving

Every new tenant, public-sector portal, partner integration and IoT sensor adds exposure.

Continuous discovery
Finds shadow assets and misconfigured services
IoT / OT aware
Extends visibility to operational-technology blind spots
Risk-ranked findings
Scored and fed into CRQ — highest-value fixes first
Tenant-aware
Maps exposure to the responsible tenant
Pillar 3 · GRC

The compliance spine — evidence ready before the auditor asks

Pre-mapped control libraries for the standards a regulated Kenyan enterprise is expected to meet — and to Kenyan law.

Control frameworks
ISO/IEC 27001, NIST CSF, CIS — cross-referenced
Data-protection workflows
DPIAs, processing records, breach register with statutory clocks
Audit-ready evidence
Living trail — no last-minute ODPC or regulator scramble
Inside 4sight

A command centre for Kenyan cyber risk

4sight dashboard preview
Regulatory mapping

Kenyan law doesn't just permit this — in places it requires it

Kenya's 2024 critical-infrastructure rules mandate cyber risk assessment, incident-response planning and rapid breach reporting. 4sight operationalises each obligation.

Kenyan instrument
Core obligation
How 4sight delivers it
CII Regulations 2024 (CMCA)
Mandatory risk assessment, IR planning, 24-hr breach reporting
CRQ engine; GRC IR plans & breach clock; ASM live exposure
Data Protection Act 2019 (ODPC)
Safeguards, DPIAs, registration, 72-hr breach notice
GRC workflows & evidence; CRQ quantifies penalty exposure
Computer Misuse & Cybercrimes Act 2018 (NC4)
Report attacks; protect systems from offences
ASM shrinks exposure; GRC structures NC4 reporting
KICA (CA / KE-CIRT/CC)
National cybersecurity framework & incident coordination
GRC aligns to CA framework; structures KE-CIRT/CC reporting
Special Economic Zones Act 2015
SEZ governance & compliance obligations
GRC maintains a live SEZ compliance register
ISO 27001 · NIST CSF · CIS
Expected control frameworks for Tier III
Pre-mapped libraries; TrustSphere training for in-house capability

Sovereign by design

4sight is engineered to run inside Kenyan sovereign cloud and Tier III data-centre estates. The platform that secures critical infrastructure runs on the very infrastructure it protects.

  • Risk data never leaves the sovereign boundary
  • Deployed in-country, operated by local teams
  • Proof, not promise — 4sight secured from inside

Why 4sight fits Kenya's regulated estate

  • Per-tenant + aggregate risk
    Tenants see their own posture; the operator sees one rolled-up figure
  • A defensible spend case
    For Treasury-funded entities, every shilling becomes a justifiable decision
  • Independent assurance
    Vendor-neutral visibility over the sovereign cloud
  • Closes the IoT/OT gap
    Brings the sensor estate into monitoring AND quantification
A low-risk way to begin

Start with a baseline — prove value in weeks, not years

A scoped pilot turns the conversation into evidence. Each step earns the next.

1

Baseline & scan

ASM maps perimeter; CRQ produces first loss-exposure picture

2

Quantify & prioritise

Translate findings into KES exposure & ranked action list

3

Govern

Stand up GRC spine — controls mapped to Kenyan law

4

Scale across tenants

Extend per-tenant dashboards across 120+ estate

Engagement options: pilot · managed service · platform licence — deployable in sovereign cloud, operable by local teams.

See the risk. Quantify it. Govern it.

An independent, board-ready view of cyber risk across Kenya's regulated enterprises — delivered locally by AlsaTech.

Scope a pilot All services