B BROCENT

The Security Starter Bundle

Four services, one accountable APAC team, fixed pricing by team size — from US$399/mo. Piecing this together from Qualys, KnowBe4, Automox and a standalone audit typically runs US$250–420/mo plus a multi-thousand-dollar audit fee, often with a hidden support fee on top — and leaves you running four separate tools yourself.

What's included

Four services that are usually sold — and priced — separately. In the Bundle, they run as one coordinated programme.

01

Quick Security Check (M365 audit)

Secure Score + ScubaGear baseline, top-20 findings, 1-hour walkthrough. Re-run yearly inside the Bundle.

Standalone: from US$800, fixed by team size — see bands below

02

Vulnerability Scanning

Essential-tier external scan, managed and re-run monthly with a CVSS-scored findings report.

Standalone: from US$150/mo

03

Security Awareness Starter

Quarterly managed phishing simulation campaign with a per-department results report.

Standalone: from US$2.50/user/mo

04

Patch Management Essentials

Continuous OS + third-party patching with a monthly compliance report.

Standalone: from US$3.00/endpoint/mo

Fixed price by team size — no scoping call needed to see a number

One user/endpoint count covers all four services. Pick your band; the price is the price.

Team size Security Starter Bundle Quick Security Check (one-time audit only)
Up to 25 users US$399/mo US$800
26–75 users Most common US$749/mo US$1,400
76–150 users US$1,290/mo US$2,200
151+ users Custom — scales into our full CIS Benchmark Audit & Enterprise managed tiers. Talk to us →

Same bands price both products, so moving from a one-time Quick Security Check into the full Bundle later is a straight upgrade, not a re-scope. "Users" = distinct employees needing M365 access, awareness training and endpoint coverage combined — endpoints beyond a 1:1 ratio (e.g. shared workstations) are scoped at signup, not estimated upfront.

Pick your band above, then start — no quote needed.

The CTA below routes straight to signup; mention your band and we'll confirm on the kickoff call.

Start with the Bundle →

From "start" to your first report

No self-checkout — a real APAC team gets on a call with you first. Here's exactly what happens and when.

Day 0

Kickoff call

You submit the form, we call within 1 business day to confirm scope (seats / endpoints).

Day 3–5

Order signed

One-page Order Form under our standard MSA, e-signed. No bespoke legal review.

Day 5–7

Access granted

You grant M365 read consent (~15 min), share an endpoint list, and an employee list for training.

Week 2–3

Programme goes live

First audit report, first scan, patch agents deployed, phishing campaign built.

Ongoing

Monthly report

One consolidated report each month; NET 30 billing from signing.

How the Bundle compares to buying it piece by piece

Every one of these is a US or EU tool you'd have to run yourself. None has a regional support team — and one bundles in a hidden fee.

Vendor / tool What you get Typical price
Qualys VMDR Per-asset platform, self-run US$199–250/asset/yr
KnowBe4 Phishing platform, self-run campaigns US$1.63–3.75/seat/mo
Automox / Action1 Patch platform, self-run (Action1 adds a mandatory support fee) US$1–4/endpoint/mo (+fee)
Standalone M365 audit (EU comparable) One-time engagement from €7,000
Brocent Security Starter Bundle All four, managed, one APAC team, no hidden fee from US$399/mo

Third-party list prices as of July 2026; several vendors bundle an additional, separately-charged support fee on top of the headline rate. Brocent's price is genuinely all-in.

Service scope — what's included, what isn't

Read this before you buy. No surprises later.

Included

  • Fully remote delivery — audit, scanning, training and patching all run without a site visit
  • Standard-format online report, PDF and Excel export for every audit/scan
  • Prioritised remediation roadmap and a debrief call after each audit
  • Business-hours email/ticket support from a named engineer, per our standard SLA tiers
  • Sample report available before you buy — see below

Not included

  • No onsite visits. Remote-delivered service — the same model Action1, Qualys and KnowBe4 use. Physical/onsite work is our separate on-site IT dispatch service, quoted separately.
  • No refunds once work has started. These are professional-services engagements, not a software trial.
  • No hands-on remediation in the price. You get the roadmap; executing the fixes — yours or ours — is scoped and quoted separately.
  • No custom report formats. Every report uses our standard structure (below) — not white-labelled or restructured per client.
  • No 24×7 emergency response. That level of support is part of our Managed IT plans, not this standalone package.

Sample report

Every audit uses the same standard structure

Risk-score gauge and executive summary → per-module findings (Identity, Conditional Access, Endpoint, Defender) → prioritised remediation → trend line across scans. Delivered online, as PDF, and as Excel — same structure every time, not customized per client.

View a redacted sample report →

Bundle FAQ

Do we pay upfront?

No. There's no charge to talk to us. Once the Order Form is signed, the first invoice is issued on NET 30 terms, same as our existing managed-IT contracts.

What do we need to do to get started?

Grant read-only M365 access (~15 minutes), share an endpoint list, and an employee list for the phishing programme. That's materially less setup than running Qualys, KnowBe4 and Automox yourself.

What's the contract length?

Monthly, auto-renewing, one month's notice to change — under our standard Master Service Agreement, the same terms as our managed-IT plans.

What if we outgrow 150 users?

You move to a tailored quote under our CIS Benchmark Audit and Enterprise managed tiers — same one-team, one-bill relationship, no re-negotiating four separate vendor contracts.

Ready to start?

One call, one form, one team running your whole security stack.