Swiss cybersecurity · since 2021
Security that starts with what is actually happening — not a checklist.
Anomaly Aegis is a detection-led security firm for teams without a full in-house function. We explain risk and compliance in plain language, and the senior people you meet are the ones who do the work.
A client or regulator wants ISO 27001 or NIS2
You do not need a binder first. You need to know which controls change your real exposure, and which ones only need evidence you can show. We map the requirement to your actual setup, then close the gaps in a sensible order.
You have no real visibility into threats
If nobody can say what normal looks like on your network, you cannot tell when something is wrong. Managed detection and response gives you continuous anomaly detection and a team that triages what it finds — so alerts become decisions, not noise.
Something happened and you are not sure what
The priority is structure, not speed for its own sake. We help you scope what is affected, contain it, preserve what forensics will need, and keep a clear record — then turn the lessons into controls so the same gap does not reopen.
You are building a security program from scratch
A new or inherited environment does not need every control at once. It needs the right first three. We start with a plain assessment, give you a short prioritised roadmap, and stay on as a virtual CISO for as long as it is useful — not a day longer.
What continuous coverage looks like
Four phases. One team across all of them.
We do not hand you off between a sales team, a junior analyst, and a stranger during an incident. The people who set up your detection are the people who pick up the phone.
We learn what normal traffic, access, and behaviour look like for you, so anomaly detection has something honest to measure against.
Tools surface signals; senior analysts decide which ones matter. You get decisions, not a dashboard full of unread alerts.
When something is real, there is a written plan and a named person. Incident response is structured from the first hour.
Clients and auditors ask for proof. We keep the records ISO 27001, GDPR, FADP, and NIS2 expect — in language you can read.
What we do
Four capabilities, picked to fit — not bundled to fill an invoice.
Managed Detection & Response
Continuous monitoring and anomaly detection across your logs and endpoints, with senior analysts triaging what matters and containing what is real.
Security Assessments & Penetration Testing
A clear read of where you actually stand: configuration review, vulnerability assessment, and penetration testing scoped to your environment — with a report you can act on.
Incident Response
Structured help when something has gone wrong — scope, contain, preserve evidence, recover, and turn the lessons into controls so the same gap does not reopen.
Virtual CISO & Compliance
Senior security leadership at a fractional cost, plus practical work toward ISO 27001, GDPR, FADP, and NIS2 — ordered by what reduces risk first.
Reasonable questions
The objections we hear most — answered plainly.
Most of the incidents we handle are not targeted at a specific company — they are opportunistic, hitting whatever is exposed. Smaller teams are often easier to reach precisely because nobody is watching. The fix is not fear; it is basic visibility and a written plan.
Detection runs alongside your systems, not in the way of them. We tune to your environment before we turn anything up, and we agree the response steps with you in advance so nothing happens by surprise.
With us, the senior people who scope your work are the people who do it. There is no junior hand-off and no account manager between you and the analyst. For a team without its own security function, that continuity is usually worth more than scale.
We are based in Switzerland and work to the Swiss FADP and the EU GDPR. We keep data handling and residency explicit in the engagement, and we will tell you plainly what we collect and why.
Engagements are scoped and documentation stays with you. If you build an internal team and no longer need us, the handover is part of the plan — not a renegotiation.
Field Notes
What we are seeing, written down.
Short write-ups from real engagements — the signal, the context, what it meant, and what we would do about it. Anonymised, no theatre.
What a NIS2 readiness gap actually looks like
We walked into a manufacturer that thought NIS2 meant new paperwork. The real gap was that nobody could say what ‘normal’ looked like on their network.
The first 72 hours: how a small team should structure incident response
Most damage in the cases we see is not the breach itself — it is the unstructured scramble that follows. Here is the order we work in.
ISO 27001 without the theatre: the controls that actually reduce risk
Certification can become a documentation exercise. We sort the controls that change your real exposure from the ones that only fill a binder.