The Security Starter Bundle
Four services, one accountable APAC team, fixed pricing by team size — from US$399/mo. Piecing this together from Qualys, KnowBe4, Automox and a standalone audit typically runs US$250–420/mo plus a multi-thousand-dollar audit fee, often with a hidden support fee on top — and leaves you running four separate tools yourself.
What's included
Four services that are usually sold — and priced — separately. In the Bundle, they run as one coordinated programme.
Quick Security Check (M365 audit)
Secure Score + ScubaGear baseline, top-20 findings, 1-hour walkthrough. Re-run yearly inside the Bundle.
Standalone: from US$800, fixed by team size — see bands below
Vulnerability Scanning
Essential-tier external scan, managed and re-run monthly with a CVSS-scored findings report.
Standalone: from US$150/mo
Security Awareness Starter
Quarterly managed phishing simulation campaign with a per-department results report.
Standalone: from US$2.50/user/mo
Patch Management Essentials
Continuous OS + third-party patching with a monthly compliance report.
Standalone: from US$3.00/endpoint/mo
Fixed price by team size — no scoping call needed to see a number
One user/endpoint count covers all four services. Pick your band; the price is the price.
| Team size | Security Starter Bundle | Quick Security Check (one-time audit only) |
|---|---|---|
| Up to 25 users | US$399/mo | US$800 |
| 26–75 users Most common | US$749/mo | US$1,400 |
| 76–150 users | US$1,290/mo | US$2,200 |
| 151+ users | Custom — scales into our full CIS Benchmark Audit & Enterprise managed tiers. Talk to us → | |
Same bands price both products, so moving from a one-time Quick Security Check into the full Bundle later is a straight upgrade, not a re-scope. "Users" = distinct employees needing M365 access, awareness training and endpoint coverage combined — endpoints beyond a 1:1 ratio (e.g. shared workstations) are scoped at signup, not estimated upfront.
Pick your band above, then start — no quote needed.
The CTA below routes straight to signup; mention your band and we'll confirm on the kickoff call.
From "start" to your first report
No self-checkout — a real APAC team gets on a call with you first. Here's exactly what happens and when.
Day 0
Kickoff call
You submit the form, we call within 1 business day to confirm scope (seats / endpoints).
Day 3–5
Order signed
One-page Order Form under our standard MSA, e-signed. No bespoke legal review.
Day 5–7
Access granted
You grant M365 read consent (~15 min), share an endpoint list, and an employee list for training.
Week 2–3
Programme goes live
First audit report, first scan, patch agents deployed, phishing campaign built.
Ongoing
Monthly report
One consolidated report each month; NET 30 billing from signing.
How the Bundle compares to buying it piece by piece
Every one of these is a US or EU tool you'd have to run yourself. None has a regional support team — and one bundles in a hidden fee.
| Vendor / tool | What you get | Typical price |
|---|---|---|
| Qualys VMDR | Per-asset platform, self-run | US$199–250/asset/yr |
| KnowBe4 | Phishing platform, self-run campaigns | US$1.63–3.75/seat/mo |
| Automox / Action1 | Patch platform, self-run (Action1 adds a mandatory support fee) | US$1–4/endpoint/mo (+fee) |
| Standalone M365 audit (EU comparable) | One-time engagement | from €7,000 |
| Brocent Security Starter Bundle | All four, managed, one APAC team, no hidden fee | from US$399/mo |
Third-party list prices as of July 2026; several vendors bundle an additional, separately-charged support fee on top of the headline rate. Brocent's price is genuinely all-in.
Service scope — what's included, what isn't
Read this before you buy. No surprises later.
Included
- Fully remote delivery — audit, scanning, training and patching all run without a site visit
- Standard-format online report, PDF and Excel export for every audit/scan
- Prioritised remediation roadmap and a debrief call after each audit
- Business-hours email/ticket support from a named engineer, per our standard SLA tiers
- Sample report available before you buy — see below
Not included
- No onsite visits. Remote-delivered service — the same model Action1, Qualys and KnowBe4 use. Physical/onsite work is our separate on-site IT dispatch service, quoted separately.
- No refunds once work has started. These are professional-services engagements, not a software trial.
- No hands-on remediation in the price. You get the roadmap; executing the fixes — yours or ours — is scoped and quoted separately.
- No custom report formats. Every report uses our standard structure (below) — not white-labelled or restructured per client.
- No 24×7 emergency response. That level of support is part of our Managed IT plans, not this standalone package.
Sample report
Every audit uses the same standard structure
Risk-score gauge and executive summary → per-module findings (Identity, Conditional Access, Endpoint, Defender) → prioritised remediation → trend line across scans. Delivered online, as PDF, and as Excel — same structure every time, not customized per client.
View a redacted sample report →Bundle FAQ
Do we pay upfront?
No. There's no charge to talk to us. Once the Order Form is signed, the first invoice is issued on NET 30 terms, same as our existing managed-IT contracts.
What do we need to do to get started?
Grant read-only M365 access (~15 minutes), share an endpoint list, and an employee list for the phishing programme. That's materially less setup than running Qualys, KnowBe4 and Automox yourself.
What's the contract length?
Monthly, auto-renewing, one month's notice to change — under our standard Master Service Agreement, the same terms as our managed-IT plans.
What if we outgrow 150 users?
You move to a tailored quote under our CIS Benchmark Audit and Enterprise managed tiers — same one-team, one-bill relationship, no re-negotiating four separate vendor contracts.
Ready to start?
One call, one form, one team running your whole security stack.