Integrity360 acquires Redshift in South Africa, boosting cybersecurity services, expertise, and regional expansion

Integrity360, continuing its global growth strategy and dedication to Africa, has acquired Redshift, a respected Johannesburg-based cybersecurity services firm. Financial details of the deal were not disclosed

This move follows Integrity360’s earlier regional investments, including the 2024 and early 2025 acquisitions of the Grove Group and Nclose.

The acquisition expands Integrity360’s South African presence to a team of over 230 employees serving clients across the continent. Its Johannesburg and Cape Town operations also function as key hubs for the group’s integrated global Security Operations Centre (SOC), delivering a full suite of managed services, including EDR (Endpoint Detection and Response), XDR (Extended Detection and Response), and MDR (Managed Detection and Response) solutions to both local and international clients.

Founded in 2015, Redshift has earned a strong reputation for excellence in cybersecurity testing and other specialized services, such as cybercrime investigations, anti-fraud advisory, scammer group takedowns, cyber intelligence, and managed services. Redshift adds approximately 50 customers, including leading South African finance, banking, and telecommunications organisations, and around 40 additional employees to the Integrity360 group.

Redshift will serve as a regional centre of excellence for cybersecurity testing and integrate closely with Integrity360’s existing advisory and managed services teams. Integrity360 plans to invest in expanding the business by leveraging the group’s extensive resources.

Redshift clients will gain access to Integrity360’s comprehensive cybersecurity portfolio, encompassing cyber risk and assurance, 24/7 incident response and forensics, infrastructure and technology services, PCI compliance, operational technology consulting, and a full range of managed services, including Managed SASE (Secure Access Service Edge), Managed CTEM (Continuous Threat Exposure Management), and advanced XDR/MDR solutions. Integrity360 has been recognised five times in Gartner market guides, most recently for Incident Response and Forensic services.

Ian Brown, executive chairman at Integrity360, said, “We are very excited to be welcoming Sean, Cailan and the entire Redshift team to Integrity360. The reputation and expertise they have developed since their formation in 2015 is highly impressive and we are looking forward to helping them provide an enhanced set of services to their customers and expanding further in the African market over the coming years.”

Sean Howell and Cailan Sacks, directors of Redshift, added, “This is a significant moment for us, and we could not be more delighted that Redshift is joining Integrity360 and continuing the growth and development of the business that was initially started by Sean a decade ago. Thanks to the support of our customers and employees, Redshift has grown enormously during that time, and having spent considerable time with Ian, and the wider Integrity360 leadership team, we are confident will continue to do so being part of the Integrity360 group. We are excited about the future for us as an organisation, for our people and in particular for what the enhanced group can provide our customers moving forward.”

ASM strategies to protect digital assets

Attack surface management (ASM) has seen significant growth in recent years, evolving into a recognised market category that provides businesses with the visibility and strategies needed to safeguard their digital assets, reports Kyle Pillay, security as a service manager at Datacentrix

As Forrester’s Attack Surface Management Solutions Landscape, Q2 2024 notes, ASM “delivers insights on assets that ultimately support business objectives, keep the lights on, generate revenue, and delight customers.”

At its essence, ASM involves continuously discovering, identifying, inventorying, and assessing the exposures of an organisation’s IT asset estate, a foundational step in maintaining a strong security posture.

Knowing your environment

Fundamentally, ASM helps organisations ‘know your environment’, highlighting gaps in defenses before attackers can exploit them.

Every threat actor or hacker begins with reconnaissance, mapping out your external-facing assets. This is why External Attack Surface Management (EASM) exists: it concentrates on what attackers can see. Without viewing your environment through this external lens, organisations cannot know which access points are visible or exploitable, leaving them unable to proactively detect or prevent threats before incidents occur.

First steps in protecting your attack surface

The first step in ASM is identifying external-facing touchpoints such as public IPs and domains. For instance, you might recognise your primary domain (e.g., mydomain.co.za), but visibility into similar domains, like mydomain.com, mydomain.net, mydomain.tech, or mydomain.ac.za, is also crucial. These can be targeted for domain squatting or cybersquatting, where attackers exploit similar names to mislead users and enable phishing attacks.

A strong ASM solution not only maps your current footprint but also identifies domains worth securing before malicious actors register them.

If a deceptive domain is registered, like mydomain-tech.co.za, you need an effective takedown process. International domain takedowns can be complex, requiring a partner capable of legally liaising with registrars across jurisdictions. With the right procedures and partnerships, such domains can often be removed within four to eight hours, limiting potential damage.

Keeping pace with today’s infrastructure

One of ASM’s biggest challenges is keeping up with the rapid growth and sprawl of modern IT environments. While multiple tools exist, none fully match the speed of change, even as vendors iterate frequently, often in weekly development sprints, to maintain relevant detection capabilities.

Beyond speed, perspective matters. While an organisation may have visibility from one viewpoint, attackers do not limit themselves to a single angle. To defend effectively against modern threats, you need to view your environment as attackers do and understand vulnerabilities exploitable from within. This is where distinguishing between external and internal ASM becomes crucial.

External ASM (EASM) focuses on publicly exposed digital assets, whereas internal ASM addresses vulnerabilities inside the network. Internal ASM uses network exposure activity tools to simulate real-world attack techniques, often following frameworks like MITRE ATT&CK, to identify weaknesses from the inside. These simulations test whether known attack methods bypass security controls, whether sensitive data can be exfiltrated, whether passwords are weak or compromised, and if lateral movement within the network is possible.

Combining internal and external ASM provides a more accurate view of your security posture, allowing organisations to close gaps before exploitation.

Making the business case for ASM

Cost is often a concern with ASM investments, but when weighed against the reputational and financial impact of a breach, or the risk of sensitive data appearing on the dark web, the case for prevention is clear.

The reality is simple. Without a combination of internal and external ASM, organisations remain essentially blind to vulnerabilities. The ability to identify, monitor, and remediate gaps before adversaries exploit them has become a business imperative.

MultiChoice strengthens Africa’s digital ecosystem, protecting creative content and customer data through advanced cybersecurity solutions

Cybersecurity has evolved from a technical necessity to a core pillar of trust, business continuity, and safe digital experiences

For MultiChoice, Africa’s leading video entertainment company, protecting both customer data and the creative works at the heart of its business is a top priority. In an increasingly connected environment, threats such as phishing, ransomware, and piracy continually evolve, posing risks not only to corporate systems but also to the creative content that drives Africa’s entertainment economy.

To address these challenges, MultiChoice invests heavily in advanced cybersecurity systems, global best practices, and strategic partnerships. The company’s dedicated cybersecurity and information security teams monitor digital threats around the clock, ensuring data integrity and maintaining a secure environment for millions of customers across the continent. These efforts demonstrate that cybersecurity is not just about defending networks; it is also about protecting intellectual property and the creative output that fuels Africa’s storytelling industry.

A major area of focus for MultiChoice is combating piracy, one of the most persistent threats to the sustainability of local content. Piracy undermines creators, producers, and investors by depriving them of rightful earnings. To tackle this, MultiChoice has partnered with global leader Irdeto, a specialist in digital platform cybersecurity. Together, they have developed cutting-edge anti-piracy technologies capable of detecting, disrupting, and removing illegal content distribution networks in real time.

Beyond technology, MultiChoice collaborates closely with law enforcement to bring perpetrators to justice. Several operations have successfully dismantled piracy syndicates, leading to arrests and reinforcing the company’s commitment to defending Africa’s creative economy. Through these measures, MultiChoice is setting a benchmark for content protection across the continent, safeguarding intellectual property while supporting the growth of local creative industries.

Cybersecurity Awareness Month serves as a timely reminder that protecting digital assets, whether personal data or creative content, is a shared responsibility. MultiChoice continues to champion this mission by fostering a culture of awareness, innovation, and collaboration. By integrating advanced cybersecurity technologies, partnering with global experts, and actively supporting law enforcement efforts, the company ensures that African creativity is both respected and secure.

MultiChoice’s ongoing initiatives, from monitoring threats to combating piracy, reflect a broader mission: “to create a secure, trusted, and sustainable digital ecosystem where African creativity can thrive.” In doing so, the company not only protects its platforms and customers but also empowers the continent’s creative industry, ensuring that local storytellers, producers, and innovators can flourish in a safe and resilient digital environment.

NETSCOUT’s report shows Morocco, Tunisia, Libya, and Algeria facing intensifying DDoS threats on telecoms in early 2025

NETSCOUT SYSTEMS, INC., a leading provider of observability, AIOps, cybersecurity, and distributed denial of service (DDoS) protection solutions, has released its latest global threat intelligence report highlighting the intensification of DDoS attacks across North Africa

The study shows that telecommunications operators, both wired and wireless, were the primary targets in Morocco, Tunisia, Libya, and Algeria during the first half of 2025.

Northern Africa by the numbers

Morocco registered more than 75,600 DDoS incidents, making it the second highest in Africa for attack volume after South Africa. Tunisia experienced the continent’s longest single DDoS campaign, lasting nearly seven hours (418.68 minutes), while also recording the highest bandwidth peak at 756.61 Gbps. Libya faced the second-longest single attack in the region at 242.6 minutes, with the highest attack complexity recorded, involving 23 vectors in one incident. Algeria, although recording fewer attempts (186), still endured significant threats, with peaks of 432.02 Gbps in bandwidth and 41.05 Mpps in throughput.

“Across the region, threat actors consistently targeted the telecommunications sector, unleashing high-volume, multi-vector attacks that disrupted connectivity and threatened service reliability,” commented Bryan Hamman, regional director for Africa at NETSCOUT. “Overall though, the results show an interesting mix of results when compared to our last Threat Intelligence Report, which looked at the second half of 2024.

“For example, Morocco continues to lead North Africa in the number of DDoS strikes sustained, with the country’s attack count rising from around 69,800 to over 75,600. Tunisia shifted from higher volumes - just short of 8,700 in 2H 2024 - to fewer attacks at 6,346 between January and July 2025, but contrastingly with record-breaking peaks in bandwidth and duration.

“Libya, however, more than doubled its attack volume, from just over 1,600 to nearly 3,750 incidents. Algeria saw fewer events but continued to face severe peak magnitudes.”

DDoS activity across the region

In Morocco, the majority of attacks targeted wireless telecommunications carriers, with 64,517 incidents. Wired providers followed with 1,342 incidents, along with research and development organisations in Social Sciences and Humanities (53), and shoe retailers (41). Common vectors included TCP ACK, DNS amplification, and SYN/ACK amplification. The largest recorded attack in the country reached 158.88 Gbps in bandwidth and 17.74 Mpps in throughput.

Tunisia’s attacks primarily struck wired telecommunications providers, with 5,288 incidents, followed by wireless carriers and the hospitality sector (excluding casino hotels and motels). Despite a lower number of attacks compared with 2H 2024, Tunisia endured the largest single DDoS assault in North Africa, with peaks of 756.61 Gbps and 49.51 Mpps, and an aggregate surge hitting 27 Tbps in April 2025. The average duration of attacks also increased substantially, exceeding 400 minutes in some cases.

In Libya, although peak bandwidths were smaller at 113.15 Gbps, attackers deployed 23 different vectors in a single incident — the most complex attack in the region. Wireless telecommunications providers were the primary targets, with 2,519 attacks, but unusual attempts against gasoline stations were also recorded.

Algeria reported 186 DDoS incidents in 1H 2025, the lowest among the four countries. However, the scale of attacks was significant, with peaks hitting 432.02 Gbps. Both wired and wireless telecommunications operators were the main targets, with DNS amplification identified as the most common attack method.

“North Africa is a prime example of how rapid digital growth attracts malicious activity,” adds Hamman. “The first half of 2025 shows that attackers are not only increasing their volumes in countries like Morocco, but are also using more sophisticated multi-vector methods in Libya and high-magnitude events in Tunisia. Even Algeria, with relatively fewer incidents, cannot ignore the scale of its largest attacks.

“The lesson is clear: organisations must prepare for the scale and sophistication of today’s threats,” he concluded.

NETSCOUT maps the DDoS landscape through passive, active, and reactive vantage points, providing unique visibility into global attack activity. The company protects two-thirds of the routed IPv4 space, securing network edges that carried global peak traffic exceeding 800 Tbps in the first half of 2025. It tracks tens of thousands of daily DDoS attacks by monitoring multiple botnets and DDoS-for-hire services that exploit millions of compromised devices.