Network & Infrastructure — Flagship Service

Security Architecture Review

A broad review of your enterprise security architecture — network zones, identity, remote access, DMZ, cloud / on-prem boundaries, segmentation, logging, and monitoring. Current-state map, target-state design, and an implementable migration roadmap.

AED 15,000 – 35,000 CCNP · Security+ · Fortinet 2 – 3 weeks
Book a 30-min Scoping Call →
Book a 30-min Scoping Call →
Jump to FAQ

What it is

A senior consulting engagement that takes a whole-enterprise view of how your security design works today — and produces a target-state architecture and migration roadmap your team can actually implement.

We look at network zoning and segmentation, identity and access architecture (Active Directory / Entra ID / federation), remote access models (VPN, ZTNA, jump hosts), DMZ and internet-edge design, cloud-on-prem boundaries, east-west traffic controls, logging and monitoring architecture, backup and DR paths, and the administrative controls around all of it.

The deliverable is a current-state architecture diagram, a target-state architecture diagram, a gap analysis, and a prioritised migration roadmap — 90-day quick wins, 6-month program, 12-month full target state.

What this is not

Not a firewall audit. Broader scope — whole-stack architecture. Firewall review is a companion service.
Not an implementation engagement. We design; your team (or ours, separately) implements.
Not a penetration test. Design review, not active exploitation.
Not aspirational. Target states are implementable with your budget and team — not fantasy architectures.

Who this is for

1
You grew fast and the security architecture was inherited from earlier stages — nobody sat down and designed it.
2
You're planning a significant IT investment (new cloud, Zero Trust pilot, identity re-platform) and want architecture guidance first.
3
Your auditor flagged segmentation or design issues as a systemic finding.
4
You acquired or merged and need to integrate two different security architectures.
5
A CISO or Head of IT transition has put the architecture on the agenda and needs a defensible baseline.

What you get

  • Current-state architecture diagram — network zones, identity, remote access, DMZ, cloud / on-prem boundaries, data flows, admin paths.
  • Design review findings — every issue with risk rating, root cause, and remediation direction.
  • Target-state architecture diagram — the design your organisation should move toward, implementable within your budget and team.
  • Gap analysis — every delta between current and target state, with effort estimates.
  • Migration roadmap — 90-day quick wins, 6-month program, 12-month full roll-out.
  • Executive summary — 2-page board-consumable version.
  • Workshop delivery — 2-hour architecture walkthrough with IT / security leadership.

How we deliver

01
Scoping & discovery
2 – 3 days
Architecture scope, stakeholder interviews, document gathering (diagrams, policies), access provisioning.
02
Current-state mapping
3 – 5 days
Interview-led architecture reconstruction, technical validation, data-flow mapping, admin-path tracing.
03
Design review & findings
2 – 4 days
Risk-rated findings, design pattern analysis, compliance-framework alignment (ISO / NESA).
04
Target-state design
3 – 4 days
Target architecture authoring, gap analysis, effort estimation, roadmap sequencing.
05
Workshop & handover
2 hours
Live architecture walkthrough with IT and security leadership covering design rationale and roadmap sequencing.

Pricing

Published range

AED 15k – 35k

Per engagement. Written quote within 48 hours.

What drives the price:

  • Architecture scope (single-site vs. multi-site / hybrid-cloud)
  • Number of stakeholder interviews
  • Compliance-framework alignment workload (ISO / NESA / PCI)
  • Existing documentation maturity
  • Add-on: implementation-support days

Commercial terms

  • Deposit: 50% at signing
  • Net terms: Net-30
  • Quote validity: 30 days
  • Firewall Review combined: 10% discount when bought together

Your cert-backed team

Lead Architect

Vinoth Samiyappa

CCNP · Fortinet · Azure · Six Sigma

Focus: Network architecture, segmentation design, VPN / ZTNA, hub-spoke, target-state design.

Supervising Practitioner

Manoj Prabhakaran

CPTS · CDSA · ISO 27001 Lead Auditor · Azure Cloud Security

Focus: Identity architecture, cloud-on-prem boundaries, compliance-framework alignment.

Frequently asked questions

What's the difference vs. Firewall & Network Security Review?

The Firewall Review focuses on one device class — firewall configuration, rule base, segmentation. Security Architecture Review is broader: it covers the whole enterprise security design — network zones, identity and access architecture, remote access (VPN / ZTNA), DMZ, data flows, cloud-on-prem boundaries, segmentation model, logging and monitoring architecture. Often they're bought together.

Do you produce a target-state architecture?

Yes — that's the core deliverable. Current-state architecture diagram + target-state architecture diagram + gap analysis + prioritised migration roadmap. The target state is implementable, not aspirational.

How long does it take?

2 – 3 weeks for a typical single-site mid-market organisation. Multi-site / hybrid-cloud environments extend to 4 – 5 weeks. Complexity-driven, not size-driven.

Do you include implementation support?

Not in the base engagement. Implementation is offered as a follow-on at a pre-agreed day rate. Many clients execute their own implementation using the roadmap we produce — we designed it so your team can.

What do you need from us?

Current-state network diagrams (if available), interviews with network / infra / security / IT-ops leads, read-only access to key devices and cloud tenants for validation, and one executive sponsor who can answer 'why do we do it this way?' questions.

Is this useful as ISO 27001 / NESA audit evidence?

Yes. A documented security architecture with current / target / roadmap is a standing auditor request for Annex A.8 / A.13 controls and NESA technical governance.

Can you review Zero Trust / ZTNA readiness?

Yes — we assess your current architecture against ZTNA principles (identity-first, least-privilege, segmentation, no-implicit-trust). Full Zero Trust Architecture Design is a separate 2027 service; this Review positions you to start that program.

You might also need

Firewall & Network Security Review

Deep dive into FortiGate / firewall rule base — combine for 10% discount.

Read full details

Network Penetration Testing

Validate the architecture findings by having an attacker try to exploit them.

Read full details

Azure Cloud Security Assessment

If the architecture has significant cloud footprint — review the cloud side too.

Read full details

ISO 27001 Implementation

Architecture review feeds directly into ISO 27001 Annex A.8 / A.13 control implementation.

Read full details

Does anyone have the current architecture diagram? Does anyone believe it's accurate?

Book a 30-minute scoping call. Written quote in 48 hours. 2 – 3 weeks to a defensible architecture and a roadmap your team can implement.

Book a Scoping Call →
Book a Scoping Call →