Skip to content
  • Case Studies
  • Cybersecurity Readiness Assessment
simply data logo
  • About
    • About Us
    • Innovation
      • SD Platform Overview
    • Certifications & Awards
  • Our Services
    • CyberSecurity Services
      • DFIR (Digital Forensics and Incident Response)
      • Compromise Assessment
      • Security Operations Center (SOC) Managed Service
        • SD-Cyber Deception
        • Threat Intelligence
        • Managed Detection and Response (MDR)
        • Cloud Security Posture Management (CSPM)
        • Web Defacement Monitoring
        • In-house Automation Script Development
        • Advanced Malware Analysis & Threat Intelligence
        • Office 365 Monitoring
        • SaaS Monitoring
      • Extended Threat Intelligence
        • Dark Web Monitoring
        • Attack Surface Management
        • Cyber Risk Management
        • Supply Chain Intelligence
      • Security Posture Assessment (SPA)
      • VAPT & Penetration Testing
      • Network & Security Configuration Audit & Hardening
      • Phishing Email Simulation
      • SOAR Security Services
      • OT Cybersecurity Services
      • Managed Security Service Provider (MSSP)
    • Managed Network & Security Services
    • Application Performance Monitoring (APM)
      • APM as a Service (APMaaS)
      • Cloud Monitoring
      • Database Performance Monitoring
      • Web Application Monitoring
      • Synthetic Testing Monitoring
      • Real User Monitoring (RUM)
      • Application Stress Test / Load Test Services
    • Consultancy Services
      • NCSB Risk Assessment
      • Security BluePrint™ Consultancy Services
    • Agentic AI & Automation
      • SD Unified Platform (SDP)
      • Agentic AI SOC
      • AI Automation
      • SD Monitoring — 100% Data Ingestion Visibility | SD Unified Platform
      • SDP-Portal — Customer-Facing SOC Visibility | SD Unified Platform
      • AI Threat Hunting — Chat-Driven Investigation by SD Unified Platform
    • Supported Platform
      • TrendAI Vision One
    CyberSecurity Services
    • VAPT & Penetration Testing
    • Cyber - 911 - DFIR Services
    • Compromise Assessment
    • Security Operations Center (SOC)
    • Extended Threat Intelligence
    • Security Posture Assessment (SPA) Services
    • Network & Security Configuration Audit & Hardening
    • Phishing Email Simulation
    • AI Automation
    • OT Cyber Security
    • SOAR Security
    • MSSP (Managed Security Service Provider)
    Managed Network & Security Services
    • Managed Network & Security Services
    Consultancy Services
    • NCSB Risk Assessment
    • Security BluePrint™ Consultancy Services
    Agentic AI & Automation
    • SD Unified Platform
    • Agentic AI SOC
    • AI Automation
    • SD Monitoring
    • SDP-Portal
    • AI Threat Hunting
    Application Performance Monitoring
    • APM as a Service (APMaaS)
    • Cloud Monitoring
    • Database Performance Monitoring
    • Web Application Monitoring
    • Synthetic Testing Monitoring
    • Real User Monitoring (RUM)
    • Stress Test / Load Test – Performance Assessment
    Supported Platform
    • TrendAI Vision One

    Not Sure What Security Threats Your Organization is Facing?

    We can help. Contact us now for a free consultation and protect your business from potential risks.

    Contact Us
  • Technology Vendor Partners
  • Blog & News
  • Contact
    • Contact Us
    • Become a Simply Data Partner

Under Attack?

Submit your message through our contact form or call us at +603 5886 2714.

    Cybersecurity Tips

    What a Real DDoS Attack Looks Like: Lessons From a Live Incident

    July 8, 2026
    DDoS attack flooding a Malaysia web hosting network while the origin server stays healthy

    Home – What a Real DDoS Attack Looks Like: Lessons From a Live Incident

    Over a weekend in early July 2026, a DDoS attack on our Malaysia web hosting provider knocked the Simply Data website into intermittent failure. Visitors saw a Cloudflare Error 525 “SSL handshake failed” on some page loads and Error 522 “connection timed out” on others. Pages that normally appear instantly took around 20 seconds to load, or failed outright. Strangest of all, it was inconsistent: the site worked perfectly for one person and broke for the next, with roughly one in three requests failing at the peak.

    As a NACSA-licensed cybersecurity company, we treat our own infrastructure the way we treat a client’s. So we investigated it as an incident, gathered evidence, and traced it to root cause — and the failure was not where most people would first look. Here is what happened, why the site “looked fine” to some people while monitoring tools screamed, and what actually stops this kind of attack.

    What we saw

    The symptoms were textbook “something is wrong at the network edge,” not “the application is broken”:

    • Intermittent 525 and 522 errors from Cloudflare, our CDN and web application firewall (WAF).
    • Load times spiking to around 20 seconds, then timing out.
    • Success and failure varying request-by-request — no clean pattern a normal user could reproduce on demand.
    • Static content (logos, stylesheets, scripts) still appearing, while fresh dynamic pages stalled.

    Two different error codes both pointing at the connection between the CDN and the origin server was the first clue. This was not a broken plugin or an expired certificate — something was interrupting the network path itself.

    What actually happened

    The root cause was a high-volume, adaptive DDoS (Distributed Denial-of-Service) attack against the network of our hosting provider, Shinjiru — not against the Simply Data website specifically. Shinjiru is a well-established Malaysian web hosting company, and like our own site, thousands of other Malaysian businesses run on its network. Shinjiru confirmed the attack publicly. On its status page and official LinkedIn, the company described a roughly 36-hour “Dynamic Multi-Vector DDoS attack” — combining UDP floods, TCP state-exhaustion, IP carpet bombing, and direct BGP-routing and Layer-3 attacks against ports including 80, 443 and 22 — and said the attackers “continuously shifted their strategy” to exploit the timing gaps between its filter-rule deployments.

    We proved the distinction with evidence. Our own server was completely healthy the entire time: CPU sat near 0%, memory around 3%, and no resource limit was ever hit. The application was fine. What was broken was reachability — packets could not reliably travel across Shinjiru’s network edge, where we measured roughly 10% packet loss. And because every HTTPS connection needs several network round-trips to complete, even 10% packet loss cascades into a far higher request-failure rate — which is why, at the peak, roughly one in three page requests failed outright. The website was not overwhelmed; the road leading to it was flooded.

    To understand why that produces a 525 or 522, picture a modern site as two parts: the CDN / WAF (Cloudflare) is the public “front door” that terminates HTTPS, filters bad traffic and serves cached content; the origin server is where the live website actually runs, inside Shinjiru’s hosting network.

    Cloudflare has to reach back to the origin for anything not already cached. When the origin’s entire network is flooded, those requests are dropped or delayed on the way there. If the encrypted connection cannot complete, you get 525 (SSL handshake failed); if the origin cannot be reached in time, you get 522 (connection timed out). The front door was healthy and doing its job — it just could not get through to the house behind it.

    This is the crucial nuance: a CDN protects you from attacks aimed at your website, but it cannot save you if the attack floods the whole network your origin server lives on. The origin was healthy; the network around it was not.

    How the attack unfolded

    Because we monitored the incident end to end and cross-checked it against Shinjiru’s public status updates, we can reconstruct the sequence — a useful anatomy of what a real, sustained DDoS looks like from the receiving end.

    • Onset (a Saturday afternoon). Our error rate went from effectively zero to a steady stream of Cloudflare 525 and 522 errors within an hour. Cloudflare’s edge analytics later showed the failure rate climbing past 40%, and at its worst more than half of all requests to the site were failing.
    • Provider confirmation. Shinjiru posted a status notice acknowledging “a network issue affecting connectivity across our subnets,” which it went on to describe as a complex, atypical “network anomaly” — an attack that “kept adapting” with new traffic signatures, targeting ports 80, 443 and 22.
    • Partial recovery, then escalation. Shinjiru stabilised local (domestic Malaysia) routes first while international routes stayed degraded — and because Cloudflare reaches our origin over international paths, our site kept flapping even after local visitors saw improvement. The incident then escalated to what Shinjiru itself labelled a “Critical Infrastructure Disruption” affecting both local and international routing.
    • What we measured. Throughout the event we recorded roughly 10% packet loss on the path to our origin, page loads stalling to around 20 seconds, and an error rate swinging between about 15% and 67% as the attack mutated and mitigations were re-tuned. Our own server never flinched: CPU near 0%, memory around 3%, no resource limit hit.
    • Resolution — not in a straight line. After deploying layered filtering with its upstream network partners, Shinjiru moved the status to “Traffic Mitigated” and then “Resolved.” But the recovery was bumpy: the status page later flipped back to “Escalated Mitigation & Shifting Vectors” as the attack resurged, before connectivity finally held and our error rate returned to zero. Credit where it is due — Shinjiru communicated openly throughout, service was restored, and no customer data was ever at risk. This was an availability event, not a breach.

    The single most important detail runs through every line above: at no point was the Simply Data website or server the problem. Every symptom traced to the network path into the hosting environment — which is exactly why the defensive lessons below focus on the network, not the application.

    Why the site looked fine to some people

    This is the part most business owners find surprising, so it is worth being honest about.

    While our monitoring flagged a serious problem, plenty of people browsing the site barely noticed. Three things explain that gap:

    • Caching. Cached static assets (CSS, JavaScript, images) kept loading straight from the CDN edge, which was never under attack. Pages looked “mostly there.”
    • Partial success. Roughly 65% of requests still got through. If your first click landed in that majority, the site felt normal.
    • Silent browser retries. Browsers automatically retry a failed or slow connection. A request that quietly succeeded on the second attempt just felt like “a bit slow today,” not an outage.

    Meanwhile, a fresh crawler — in our case an Ahrefs Site Audit run — hit a large batch of uncached, dynamic URLs in quick succession. With no cache to fall back on and no human patience to absorb retries, it recorded the timeouts faithfully and reported the site as broken.

    Both observations were correct. Casual browsing understated the problem; automated monitoring caught the truth. That is exactly why you cannot rely on “it looks fine when I check it” as your monitoring strategy.

    Why manual defences struggle — and the key lesson

    Like most providers facing a fast-moving flood, Shinjiru’s first line of defence was rule-based blocking — access-control lists (ACLs) that drop traffic from offending sources as they are identified, deployed together with its upstream network partners. This is the standard industry response, and it did eventually bring the attack under control. But the incident illustrates a structural challenge that applies to everyone, not to any one provider: when an attack keeps mutating — new sources, new signatures, new vectors — each manually written block is already out of date by the time it is applied. That is why the disruption arrived in waves rather than ending cleanly.

    The lesson is blunt, and it drives everything below: static, manual blocklists lose to an adaptive, multi-vector DDoS. By the time a human writes a rule, the attack has changed shape. What wins is automated, behavioural or machine-learning-based mitigation, backed by large upstream scrubbing capacity and fast detection.

    Why shared hosting spreads the damage

    Here is the detail that turns this from a hosting outage into a lesson: on shared, multi-tenant hosting, you do not have to be the target to become a victim. A DDoS attack is often aimed at one specific customer or a narrow block of IP addresses — but the defences a provider throws up to stop it are blunt by necessity. Null-routing, rate-limiting and broad traffic filters are applied at the network or transit layer, so they land on everyone sharing that infrastructure, not just the intended target. When attackers deliberately spread traffic across a whole subnet — a technique known as “carpet bombing” — the provider ends up filtering an entire range of addresses, and every site on it feels the hit.

    That is the trade-off baked into cost-efficient shared hosting: density over isolation. Packing many tenants onto the same IP ranges and network paths keeps prices low, but it also means one neighbour’s bad day becomes yours. Our own site was never the target of this attack — yet it flickered for the better part of two days because it sat on the same network that was under fire and being defended.

    The takeaway is not “shared hosting is bad” — it is the right fit for plenty of workloads. The takeaway is that if a website is business-critical, its blast radius matters. A site that cannot afford a weekend of intermittent downtime should not share its fate with thousands of unknown neighbours.

    How often do DDoS attacks happen?

    Often, and it is accelerating.

    Globally, Cloudflare reported mitigating 47.1 million DDoS attacks in 2025, up 121% year-over-year (Cloudflare 2025 Q4 DDoS Threat Report). Network-layer attacks — the kind that hit our provider — tripled from 11.4 million in 2024 to 34.4 million in 2025 (Cloudflare 2025 Q4). The largest single attack ever recorded reached 31.4 Tbps and lasted just 35 seconds (Cloudflare 2025 Q4).

    That speed matters. According to NETSCOUT (2025), around 70% of DDoS attacks last under 15 minutes, and only about 10.7% last longer than an hour. An attack that is over in minutes is an attack a human team cannot realistically block by hand — the entire event can begin and end before someone finishes writing a firewall rule. Automation is not a luxury here; it is the only response fast enough.

    The regional picture is worse. StormWall’s State of DDoS Attacks in APAC 2025 recorded APAC attacks up 106% year-over-year — 4.2 million in 2025 versus 2.04 million in 2024 — with adaptive, multi-vector attacks up 83% year-over-year in the region. Notably, StormWall’s data also indicates Malaysia’s share of APAC attack volume rose sharply in 2025 — a signal, if not a precise figure, that local exposure is climbing. And the single most-targeted sector? Telecommunications, service providers and carriers (Cloudflare 2025 Q4) — the infrastructure and hosting layer itself. In other words, exactly what happened to us is exactly what the data says to expect: the hosting layer is the target.

    One honest caveat for local context. Malaysia’s MyCERT logged only 2 “Denial of Service” incidents to Cyber999 in Q4 2025, out of 1,881 total (MyCERT Cyber Incident Quarterly Summary, Q4 2025). That is not because DDoS is rare here — the global and APAC numbers make that clear. It is because DDoS is absorbed at the ISP and hosting layer and rarely gets formally reported by the end business. The attacks are happening; they just do not usually reach a national incident tally.

    Other attacks you should know about

    DDoS is a disruption attack — it is loud but usually does not steal data. It helps to see where it sits among the threats Malaysian organisations actually face. For scale, MyCERT’s Q4 2025 breakdown of reported incidents was:

    • Fraud — 78.2% (phishing, scams, business email compromise / BEC)
    • Data Breach — 9.1% (exposed or stolen data)
    • Intrusion — 5.4% (unauthorised access, often via web application flaws)
    • Malicious Code — 2.1% (ransomware and other malware)

    (MyCERT Cyber Incident Quarterly Summary, Q4 2025.)

    The practical takeaway: fraud and phishing dominate by volume, ransomware and intrusions do the most direct damage, and web application attacks are a constant background risk. DDoS is the one that takes you offline. A serious defence has to account for all of them, not just the noisy one.

    How to defend against a DDoS attack

    Defence-in-depth layers to defend against a DDoS attack: detect, volumetric, protocol, application, architecture, respond

    Defence against DDoS — and against downtime generally — is defence-in-depth. No single product is enough. Here is how the layers fit together, mapped to what our incident actually taught us.

    Detect. You cannot respond to what you cannot see. 24/7 SOC monitoring with anomaly and behavioural detection is what turns “the site feels slow” into “we are under a network-layer attack, here is the packet loss.” Fast, accurate detection is the difference between a minutes-long blip and a weekend-long outage.

    Volumetric attacks (Layer 3/4). Flood traffic has to be soaked up upstream, before it reaches your network, using large-capacity Anycast scrubbing that spreads and absorbs the load across many locations before it can saturate any single network edge.

    Protocol attacks (Layer 4). SYN cookies and connection rate-limiting defend against attacks that exhaust connection state rather than raw bandwidth.

    Application attacks (Layer 7). A WAF, request rate-limiting, bot management, and — most importantly — adaptive, behavioural mitigation that learns normal traffic and reacts automatically. This is the direct answer to the “mutating” attack that beat manual ACLs: the defence has to adapt as fast as the attacker.

    Architecture. Design for resilience: hide your origin behind the CDN (never expose its IP), lock the origin firewall to accept traffic only from the CDN’s IP ranges, choose hosting with genuine network-layer DDoS protection, and lean on edge caching and “always-online” features so cached content keeps serving even when the origin is briefly unreachable. Good architecture is what kept most of our pages partially available.

    Respond. Have a written DDoS incident-response runbook before you need it: who declares the incident, how you confirm origin health versus network health, who talks to the hosting provider, and what “recovered” looks like. Having a clear method to separate a healthy origin from a flooded network is what let us find the true cause in minutes instead of chasing the wrong fixes.

    If you take one thing from the layers above: automated and adaptive beats manual every time. An attack that mutates by the minute and is often over within 15 will always outrun a human editing blocklists.

    If you are on shared hosting, protect yourself

    You cannot fix your provider’s network — but you can shrink your exposure to the next incident. Practical steps for any Malaysian business on shared or multi-tenant hosting:

    • Front your site with an independent CDN/WAF (such as Cloudflare) so cached content keeps serving and attack traffic is absorbed at the edge — and confirm caching is actually configured, not merely switched on.
    • Monitor your provider’s health independently. Do not learn about an outage from a customer. External uptime and network monitoring tells you within minutes whether the fault is your site or the network beneath it.
    • Isolate what is critical. For revenue- or reputation-critical sites, consider a dedicated IP, a dedicated or isolated hosting tier, or a cloud host with genuine network-layer DDoS protection — so you are not sharing a blast radius with unknown neighbours.
    • Be cautious around your provider’s promotions. New-signup surges can cluster fresh accounts onto the same IP ranges; ask where your site sits and whether higher-tier protection is available.
    • Demand transparency and SLAs. Choose providers that publish incident status openly and offer tiered DDoS protection with explicit guarantees — then read what those guarantees actually cover.

    Knowing whether your hosting would survive an attack like this — and having a plan for when it does not — is exactly what a 24/7 SOC and a tested incident-response process are built for.

    The takeaway for Malaysian businesses

    Our site came back, our data was never at risk, and our origin server never so much as broke a sweat. But the episode was a clean, real reminder that in 2026 your uptime depends on the network your site lives on — not just your site — and that the winning defences are the automated, always-on ones.

    This is the work Simply Data does for clients every day: detection through a 24/7 SOC, adaptive mitigation rather than manual firefighting, and a tested incident-response process for when something does slip through. We are a NACSA-licensed Managed SOC and MDR provider, we also run penetration testing to find weaknesses before attackers do, and our SOC work was recognised as “Cyber Security Project of the Year” at the Malaysia Cyber Security Awards 2025 — credibility we earned by handling exactly these situations, including our own.

    If your business has never asked “what actually happens if our website’s hosting network gets attacked?”, now is a good time to find out — before an attacker asks it for you.

    Frequently asked questions

    Was Shinjiru hit by a DDoS attack?

    Yes. In early July 2026, the Malaysian web hosting provider Shinjiru confirmed on its status page and official LinkedIn that its network was hit by a roughly 36-hour “Dynamic Multi-Vector DDoS attack.” The attack targeted Shinjiru’s network rather than individual customer websites — but because many sites share that infrastructure, hosted sites (including our own) saw intermittent Cloudflare 525 and 522 errors until the traffic was mitigated.

    Is a 525 error a hack?

    Not usually. A 525 (“SSL handshake failed”) means your CDN could not complete a secure connection to your origin server. It often points to a certificate or configuration issue — but as our incident showed, it can also mean the origin’s network is flooded or unreachable. It signals a connectivity problem to investigate, not automatically a breach of your data.

    Can a small business be hit by a DDoS attack?

    Yes. Attackers frequently target the shared hosting and network infrastructure that many small businesses sit on, so you can suffer downtime even when you were never the intended target. With APAC DDoS attacks up 106% year-over-year (StormWall, 2025), no business is too small to be caught in the blast radius.

    Does Cloudflare (or any CDN) alone stop every DDoS?

    No. A CDN/WAF is excellent at protecting your website from attacks aimed at it, and it should be part of your defence. But if the attack floods the entire network your origin server lives on, the CDN can no longer reach the origin — producing exactly the 522/525 errors we experienced. You also need network-layer protection and capable hosting behind it.

    How long do DDoS attacks last?

    Most are short and sharp. NETSCOUT (2025) found around 70% of DDoS attacks last under 15 minutes, and only about 10.7% run longer than an hour. That brevity is precisely why automated mitigation matters — a human cannot write blocking rules faster than a minutes-long attack can end and change shape.

    What should I do if my website goes down like this?

    First, separate application health from network health: check whether your server itself is healthy (CPU, memory, error logs) versus whether the network path to it is failing. Contact your hosting provider and check its status page for an active incident. Confirm your CDN is configured to keep serving cached content. Then log everything and review your DDoS incident-response plan — and if you do not have one, that is the real fix to prioritise afterwards.

    Talk to us

    If you would like a straightforward assessment of how your website and hosting would hold up under an attack like this — and what 24/7 SOC monitoring, adaptive mitigation, and a proper incident-response runbook would look like for your organisation — contact Simply Data for a free consultation. We are happy to walk you through it.

    Sources

    • Cloudflare 2025 Q4 DDoS Threat Report
    • NETSCOUT DDoS Threat Intelligence Report (2025)
    • StormWall — State of DDoS Attacks in APAC 2025
    • MyCERT Cyber Incident Quarterly Summary, Q4 2025
    • Shinjiru — Dynamic Network Disruption incident status updates, July 2026 (status page · archived copy)
    • DDoS
    • Incident Response
    • Malaysia
    • Managed SOC
    • Network Security

    Post navigation

    Previous

    Search

    Categories

    • Announcements (9)
    • Cybersecurity Tips (46)
    • Industry Insights & Trends (16)
    • Regulatory & Compliance (6)
    • Service Spotlight (10)

    Recent posts

    • DDoS attack flooding a Malaysia web hosting network while the origin server stays healthy
      What a Real DDoS Attack Looks Like: Lessons From a Live Incident
    • cybersecurity framework malaysia 1 1024x683
      Cybersecurity Framework Malaysia: NIST vs ISO 27001 vs CIS Controls Compared
    • ai cyber threats malaysia 2026 1 1024x683
      AI-Powered Cyber Attacks Malaysia 2026: How Criminals Are Using AI Against Your Business

    Tags

    2026 Trends AI Cybersecurity AI Threats Anthropic apm Bank Negara RMiT Certification Company News Compliance Cost-Benefit Analysis CVE cyber-security-act cybersecurity-malaysia Cybersecurity Malaysia Cyber Threats DDoS DFIR Dwell Time Incident Response iso27001 Malaysia Malaysia Cybersecurity Malaysia Cybersecurity 2025 Managed Services Managed SOC MDR nacsa Network Security Patch Management PDPA penetration-testing Proactive Cybersecurity Ransomware ROI SIEM SME Budget SME Security soc SOC Malaysia threat-intelligence Threat Hunting Threat Report vapt Vulnerability Web Application Security

    Related posts

    Proactive SOC vs Agentic SOC
    Industry Insights & Trends

    Proactive SOC vs Agentic SOC: Why Malaysian Businesses Should Ask a Different Question

    June 7, 2026

    Home – Proactive SOC vs Agentic SOC: Why Malaysian Businesses Should Ask a Different Question A proactive SOC eliminates attacker dwell time before an alert is ever generated — by hunting for threats continuously, running compromise assessments, and closing exposure windows before they are exploited. An agentic SOC automates response after detection. Both matter, but […]

    what does a dfir report contain 1 1024x683
    Cybersecurity Tips

    What Does a DFIR Report Contain? Inside a Simply Data Digital Forensics Investigation

    May 28, 2026

    Home – What Does a DFIR Report Contain? Inside a Simply Data Digital Forensics Investigation What Is a DFIR Report? A DFIR report is the final deliverable from a Digital Forensics and Incident Response engagement. Unlike a standard IT incident report, a DFIR report is structured as forensic evidence — meaning every finding is tied […]

    what does a compromise assessment report contain 1 1024x683
    Service Spotlight

    What Does a Compromise Assessment Report Contain? A Complete Guide for Malaysian Organisations

    May 28, 2026

    Home – What Does a Compromise Assessment Report Contain? A Complete Guide for Malaysian Organisations What Is a Compromise Assessment Report? A compromise assessment report is the formal deliverable produced at the end of a Compromise Assessment engagement. It documents every suspicious activity detected across your environment during a defined observation window, the analyst’s investigation […]

    simply data logo

    Started in 2022, Simply Data is a CREST certified and NACSA Licensed (No. 20007-01 & 20007-02) Cyber Security company in Malaysia that provides cyber security services including Network & Security IT Managed Service, Security Operation Centre (SOC), Cyber Threat Intelligence, Vulnerability Assessment & Penetration Testing (VAPT) service, Application Performance Monitoring (APM) services, and more.

    • B-03A-03, 3RD Floor, Block B Setiawalk, Persiaran Wawasan, Pusat Bandar Puchong, 47100 Puchong, Selangor
    • +603 5886 2714
    • contactus@simplydata.com.my
    Quick Links
    • Home
    • About Us
    • Innovation
    • Technology Vendor Partners
    • Blog / News
    • Career Opportunities
      Hiring
    • Become a Simply Data Partner
    • Cybersecurity Readiness Assessment
    • Malaysia CyberSecurity Act 854
    CyberSecurity Services
    • Cyber - 911 - DFIR Services
    • Compromise Assessment
    • Security Operations Center (SOC)
    • Extended Threat Intelligence
    • Security Posture Assessment (SPA) Services
    • Network & Security Configuration Audit & Hardening
    • Phishing Email Simulation
    Managed Network & Security Services
    • Managed Network & Security Services
    Observability Application Performance Monitoring
    • Observability APM as a Service
    • Cloud Monitoring
    • Database Performance Monitoring
    • Web Application Monitoring
    • Synthetic Testing Monitoring
    • Real User Monitoring
    • Stress Test / Load Test – Performance Assessment
    Consultancy Services
    • NCSB Risk Assessment
    • Security BluePrint™ Consultancy Services

    © 2025 Simply Data Sdn Bhd. All rights reserved.

    • Terms & Conditions
    • Data Protection & User Privacy
    • Privacy Policy
    • Cookie Policy