Managed Security Services for NZ SMEs

Cybersecurity isn't a project you finish — it's a job that doesn't sleep. For most NZ small and medium businesses, hiring even a single full-time security person isn't realistic. That's where managed security services come in: we run the day-to-day security operations of your business for a predictable monthly fee, using the same enterprise-grade tools the big NZ corporates use.

Tryzee is based in Matamata, Waikato. We protect businesses from 5 staff to 150+ across the North Island and remotely throughout New Zealand.

What "Managed Security" Actually Means

Strip away the marketing. A managed security service is someone who, on your behalf, takes responsibility for:

  • Keeping endpoint protection deployed, updated, and watching every device
  • Running backups (and restore-testing them) for email, files, and SharePoint
  • Patching Windows, macOS, browsers, and third-party apps automatically
  • Monitoring sign-ins and alerting on anything suspicious — failed MFA, impossible-travel logins, off-hours access
  • Triaging and responding to alerts so your team isn't drowning in noise
  • Running phishing simulations and user training on a schedule
  • Producing a monthly report you'll actually read
  • Picking up the phone when something goes wrong

What's Included in Every Plan

Endpoint Protection (EDR)

Modern endpoint detection and response on every laptop, desktop, and server — usually Microsoft Defender for Business or a partner EDR depending on your environment. Centrally managed, centrally monitored.

Backup & Recovery

Independent third-party backup for Microsoft 365 / Google Workspace (email, files, calendars, SharePoint, Teams, Drive). Quarterly restore tests. 90-day to 7-year retention depending on plan.

Patch Management

Automated Windows, macOS, browser, and third-party app patching across your fleet. We schedule, deploy, and verify — and we hold patches that have known issues.

Identity Monitoring

Continuous monitoring of Microsoft 365 / Google sign-in activity. Failed MFA, impossible travel, unusual access patterns, and credential-leak detection on dark-web monitoring services.

Security Training

Monthly 5-minute training modules, quarterly phishing simulations. Tracked per user. Failed simulations get private coaching — no public shaming.

Monthly Security Report

One page. Plain English. What we blocked, what we patched, who passed/failed training, where the risk concentrations are, what we recommend next month.

Tools & Platforms We Run

We're vendor-neutral but we standardise where it makes sense to keep your costs and our response times sharp:

  • Microsoft Defender for Business / Defender XDR — most common for Microsoft 365 environments
  • Microsoft Intune — device management and policy enforcement
  • Entra ID Conditional Access — sign-in controls and MFA enforcement
  • Third-party backup platforms — Microsoft 365 and Google Workspace backup (e.g. AvePoint, Veeam, Datto)
  • Phishing simulation & training platforms — depending on what suits your team
  • Patch management & RMM — for automated maintenance across your devices

If you've already invested in different tools, we'll often manage those instead of forcing a replacement. We tell you straight if a tool is below the line we'd be willing to defend.

Tiered Plans for NZ SMEs

Essential

The baseline every NZ business should be running. Endpoint protection, backup, patching, MFA enforcement, monthly report. Suits businesses 5–20 staff. From $40 per user / month.

Standard

Adds identity monitoring, dark-web credential monitoring, phishing simulations, and monthly user training. Suits businesses 15–50 staff or anyone with compliance / cyber-insurance pressure. From $60 per user / month.

Advanced

Adds priority response SLAs (1 business-hour first response, on-call after hours), quarterly threat-hunting reviews, deeper audit logging, and NZISM / Essential Eight alignment reporting. Suits businesses 30–150 staff or those handling sensitive data. From $85 per user / month.

All plans include the actual licensing for the security tools — no separate vendor bills to track. We'll quote you exactly based on your environment.

Monthly Reporting You'll Actually Read

Most managed security reports are 40 pages of charts no-one looks at. Ours is one page, written for the owner — not the CISO. What happened this month, what we did about it, where the risk sits now, and what's on the to-do list for next month. We walk through it with you quarterly.

Incident Response — What Happens When Something Hits

When a real incident triggers (compromised account, ransomware attempt, data exposure), the playbook kicks in:

  1. Within minutes — affected account locked, suspect devices isolated, you get a phone call
  2. Within hours — scope of incident determined, evidence preserved, customer/staff impact assessed
  3. Within 24 hours — incident report drafted, regulator notification prepared if required, insurance notified
  4. Following days — clean restore from backup, root-cause analysis, controls hardened
  5. Within 2 weeks — written post-incident review, lessons captured, plan updated

We don't disappear during an incident. The same person you've been talking to every month is on the call.

Frequently Asked Questions

Are you a "SOC" with people watching screens 24/7?

No, and we'll be straight with you about that. We're a Matamata-based team. Our platforms (Defender XDR, Intune, Entra ID, our backup and patching stack) run continuously and surface alerts the moment something happens — that monitoring really is 24/7. The human response is business hours plus on-call for high-severity incidents. If you genuinely need a fully staffed 24/7 SOC, that's a larger MSSP and we'll happily point you at one. For most NZ SMEs our size, what actually matters is the controls being configured properly and a real person reachable when something hits.

Do we need this on top of Microsoft 365 Business Premium?

Microsoft 365 Business Premium gives you the licences for many of the controls. What it doesn't give you is someone to configure them properly, monitor them, respond to alerts, run training, and pick up the phone. That's what managed security adds.

Can we cancel if it's not working?

Yes. Plans are month-to-month after the first 90 days. We hold ourselves to the standard that you should never feel locked in.

Will this satisfy our cyber insurance questionnaire?

For most NZ insurers' standard SME questionnaires, yes — Standard or Advanced plans cover the controls insurers now require. We'll fill in the questionnaire alongside you and provide the evidence pack.

What if we already have an IT provider?

Common situation. We work alongside your existing IT provider as the security specialist — they handle support, we handle security. We've done many of these joint arrangements.

Get a Free Security Posture Review

If you'd like to know where your business currently sits — without commitment — we'll do a free 60-minute security posture review. You'll walk away with a clear list of what's solid, what's missing, and what's worth doing first.