About Us - Penetration Testing & Cyber Security

OVERVIEW

• Company Name: Fanan Limited
• Industry: Cyber Security
• Headquarters: Nairobi, Kenya
• Presence: Kenya, Uganda, Tanzania, Rwanda
• Core Mission: To empower organizations across Africa with robust cyber security capabilities, enabling secure digital transformation through comprehensive assessment, governance, implementation, and protection.

MARKET POSITION

• Recognized as a leading cyber security company in East Africa.
• Extensive regional footprint with localized delivery teams and domain-expert consultants.
• Serves a broad spectrum of sectors including financial services, public sector, manufacturing, healthcare, and large enterprises.
• Commitment to adhering to international standards while tailoring solutions to local regulatory and business contexts.

SERVICE PORTFOLIO

Fanan Limited offers a holistic suite of cyber security services designed to cover governance, risk, compliance, technical security, and incident response. The services are organized into primary practice areas:

1) Compliance Services

• Gap and Maturity Assessments: Provide clear insight into an organization’s information security strength by benchmarking current controls against best practices and standards, highlighting gaps and maturity levels.
• Internal Audit (Standards Coverage): Independent evaluation to improve governance, risk management, and controls. Standards include:
  • ISO 27001 – Information Security Management System
  • ISO 22301 – Business Continuity
  • ISO 20000 – Service Delivery Management
  • ISO 9001 – Quality Management
• Standards Implementation & Certification: Customized support to establish, implement, manage, and maintain standards such as:
  • ISO 27001 – Information Security Management System
  • ISO 22301 – Business Continuity
  • ISO 20000 – Service Delivery Management
  • ISO 9001 – Quality Management
  • ISO 27701 – Privacy Information Management System
  • ISO 27032 – Security Techniques
• Physical Security Review: Assessment of physical security controls with actionable recommendations to mitigate risks.

2) Information Security Governance & Risk

• Information Security Governance: Framework development to ensure accountability, oversight, and alignment with business objectives.
• Cyber Security Risk Assessment & Management: Holistic assessment, evaluation, and mitigation of cyber risks; definition of risk tolerance and mitigation roadmaps.
• Cyber Security Policies & Procedures: Development of policy framework and procedures that establish governance and accountability for information security.
• Information Security Organization: Designing and instituting the cybersecurity organizational structure, roles, and responsibilities.

3) Technical Security & Assurance

• Technical Security Assessment: In-depth evaluation of technical controls to identify weaknesses and remediation paths.

Kenya-Focused Practical Testing & Assessments

• Vulnerability Assessment in Africa: Identify and remediate vulnerabilities across the environment.
• External Penetration Testing in Africa: Simulated external attacks to test defenses.
• Internal Penetration Testing in Africa: Assessment of internal network vulnerabilities.
• Web Application Penetration Testing in Africa: Discovery of vulnerabilities in web apps.
• Mobile Application Penetration Testing in Africa: Testing across client, network, and server components.
• Wireless Penetration Testing in Africa: Evaluation of wireless security controls.
• Secure Code Review in Africa: Manual and/or automated code review to find security flaws.
• Security Analysis of Industrial Systems (APCS, SCADA) in Africa: Protection assessment for industrial control systems.
• DDoS Simulation Testing in Africa: Realistic attack simulations to validate resilience.
• Threat Hunting & Compromise Assessment in Africa: Proactive detection of potential breaches.
• Social Engineering in Africa: Testing human factors to prevent unauthorized access.
• Red Teaming Services in Africa: Simulated real-world attacker scenarios to test defenses.
• Forensic Investigations in Africa: Rapid incident response to contain and determine root causes.
• Secure Configuration Review in Africa: Security audits of network devices (switches, servers, routers).
• SOC Assessment in Africa: Review of security operations center components.
• Secure Architecture Review in Africa: Security-focused network architecture assessment.
• SOC Services in Africa: Comprehensive security operations services to protect data.

4) Core Security Tools & Solutions

Security Information and Event Management (SIEM)

• Splunk Enterprise Security
• IBM Security QRadar
• SentinelOne SIEM
• Elastic Security (Elastic SIEM)
• Sumo Logic Cloud SIEM

Next-Generation Firewalls (NGFW)

• Palo Alto Networks Next-Generation Firewall
• Fortinet FortiGate
• Cisco Firepower NGFW
• Check Point NGFW
• Forcepoint NGFW

Data Loss Prevention (DLP)

• Symantec DLP (Broadcom)
• Microsoft Purview Data Loss Prevention
• Forcepoint DLP
• McAfee Total Protection for DLP
• Digital Guardian DLP

Endpoint Detection & Response (EDR)

• CrowdStrike Falcon
• Microsoft Defender for Endpoint
• SentinelOne Singularity XDR
• VMware Carbon Black
• Palo Alto Networks Cortex XDR (EDR component)

Web Application Firewalls (WAF)

• F5 BIG-IP ASM
• Imperva Web Application Firewall
• Akamai Kona Site Defender
• Citrix Web App Firewall
• AWS WAF (with managed rules)

Web Email Security

• Proofpoint Email Security
• Microsoft Defender for Office 365
• Barracuda Email Security
• Mimecast Secure Email Gateway
• FireEye Email Security

Endpoint Security

• Microsoft Defender for Endpoint (EPP/EDR)
• CrowdStrike Falcon Prevent/Impact
• Symantec Endpoint Security (Broadcom)
• McAfee Endpoint Security
• Trend Micro Apex One

Social Network Security

• Palo Alto Networks Cortex XSOAR with social media monitoring integrations
• Lookout Social/Threat Intelligence integrations
• Proofpoint Social Media Security (for branding and phishing protection)
• BrandShield (brand protection including social channels)
• ZeroFox (external social threat protection)

Threat Intelligence Platforms

• Anomali Threat Platform
• Recorded Future
• ThreatConnect
• IBM X-Force Exchange
• MISP (Malware Information Sharing Platform & Threat共享)

Social Engineering Défense

• Cofense Phish Awareness (PhishMe)
• KnowBe4 Security Awareness Training
• Proofpoint Security Awareness Training
• Duo Security (phishing resistance training via context)
• Terranova Security Phishing Awareness

Vulnerability Management

• Tenable.sc/Ten able.io (Nessus)
• Rapid7 InsightVM
• Qualys VM
• InsightDB (formerly BeyondTrust or similar—note: ensure mapping to vulnerability management)
• Acunetix (web vulnerability management)

HOW WE DELIVER

• Regional Delivery Model: Strong presence in Kenya, Uganda, Tanzania, and Rwanda with multi-country account management and local compliance expertise.
• Industry Certifications & Standards: Guided by international standards (ISO family, NIST-inspired practices) while tailoring to East African regulatory landscapes.
• Customer-Centric Engagements: Short discovery cycles, risk-based prioritization, and measurable outcomes with clear KPIs and milestones.
• Security by Design: Embedding security governance and controls into the client’s existing processes and IT landscape from the outset.

VALUE PROPOSITION

• Comprehensive Coverage: From governance and policy development to hands-on technical testing and incident response.
• Risk-Focused Approach: Aligns security activities with business risk appetite and regulatory requirements.
• Local Presence with Global Best Practices: Combines regional understanding with globally recognized security frameworks.
• Actionable Deliverables: Practical roadmaps, remediation guidance, and well-documented evidence for audits and certifications.

INDUSTRY SECTORS SERVED

KENYA CLIENTELE

UGANDA CLIENTELE

TANZANIA CLIENTELE

CLIENT OUTCOMES

• Strengthened regulatory compliance posture and successful ISO/IEC certifications.
• Reduced attack surfaces through proactive vulnerability management and penetration testing.
• Improved resilience with Business Continuity planning and robust disaster recovery strategies.
• Enhanced detection, response, and recovery capabilities via advanced SIEM, EDR, and SOC services.
• Greater executive confidence through governance structures and risk management frameworks.

PARTNERSHIPS AND ECOSYSTEM

• Collaborates with leading security technology vendors to deliver integrated solutions.
• Ongoing training and capability-building programs for client teams.
• Active participation in local industry forums to advance cyber security maturity in East Africa.

LEADERSHIP AND TEAM

• Experienced security professionals with regional expertise across Kenya, Uganda, Tanzania, and Rwanda. Multidisciplinary teams spanning governance, risk, compliance, and technical testing disciplines. Commitment to continuous learning, threat intelligence sharing, and adopting evolving security paradigms.

EXECUTIVE & LEADERSHIP

1. Chief Executive Officer (CEO)
2. Chief Information Security Officer (CISO)
3. Director of Threat Intelligence
4. Cybersecurity Program Manager
5. Security Governance Lead

SECURITY STRATEGY & RISK

1. Security Risk Analyst
2. Compliance & Audit Specialist
3. Security Policy Analyst
4. GRC (Governance, Risk, Compliance) Consultant
5. Third-Party Risk Manager

SECURITY OPERATIONS & MONITORING

1. Security Operations Center (SOC) Analyst – Level 1
2. SOC Analyst – Level 2
3. SOC Manager
4. Incident Response Analyst
5. Threat Hunter

TESTING & ASSESSMENT

1. Penetration Tester (Ethical Hacker)
2. Red Team Operator
3. Blue Team Analyst
4. Vulnerability Assessment Specialist
5. Application Security Tester

ENGINEERING & ARCHITECTURE

1. Security Engineer
2. Cloud Security Architect
3. Network Security Engineer
4. DevSecOps Engineer
5. Identity & Access Management (IAM) Engineer

INTELLIGENCE & RESEARCH

1. Cyber Threat Intelligence Analyst
2. Malware Analyst / Reverse Engineer
3. Digital Forensics Investigator
4. Security Researcher
5. Data Privacy Analyst