Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
Firmus is a Malaysian cybersecurity company. Its website title emphasizes that it is a “CREST-Certified Cybersecurity Company Malaysia,” positioning the firm as a trusted CREST-certified security provider in Malaysia. Based on the crawled page text, its services are aimed at enterprises and cover penetration testing, red teaming, MSSP managed security services, and compliance services.
In terms of protection types, Firmus appears to focus more on professional security services than on a single security product. Penetration testing is used to identify security weaknesses in systems, applications, or networks; red team services are suitable for simulating real-world attack chains and validating an organization’s defense and response capabilities; MSSP suggests that the company may provide ongoing managed security operations for clients; and compliance services are aimed at regulatory, audit, or industry security requirements. On the certification side, the text explicitly mentions CREST-certified, which is a meaningful credential in the field of security testing and professional services. However, the page does not explain specific testing methodologies, sample reports, covered asset types, SOC capabilities, alerting mechanisms, or integrations with SIEM, EDR, or cloud platforms.
The crawled content does not disclose pricing models, packages, project quotation methods, or subscription fees. For services such as penetration testing, red teaming, and compliance consulting, pricing is typically assessed based on scope, duration, and complexity, but Firmus’s actual pricing strategy cannot be confirmed from the available information. The delivery model is also not stated, so it remains unclear whether its MSSP service is delivered through remote management, on-site support, a cloud platform, or a hybrid model.
Its main strengths are CREST certification and a service portfolio that covers assessment, offensive/defensive exercises, managed security, and compliance, making it suitable for enterprises that need support from an external professional security team. The limitation is that the publicly crawled text is very brief and lacks key information such as SLA, service workflow, industry case studies, response times, management console, and alerting capabilities. Buyers should ask for further details before procurement.
Firmus is better suited to organizations in Malaysia and the surrounding region that need enterprise-grade security assessments, red team services, or managed security. Access from mainland China, payment methods, local invoicing, Chinese-language support, and cross-border service arrangements are not disclosed, so these should currently be treated as unknown. If purchasing from mainland China, it is advisable to also evaluate local MLPS compliance providers, penetration testing teams, and MSSP alternatives.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on firmussec.com official site.
firmussec.com is an Malaysia pentest provider. TG4G tracks its product information, an overall rating of 7.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach firmussec.com directly.