Built to defend what others cannot afford to lose.
Axiata Cyber Fusion Center was established in 2022 with one mandate: build a cybersecurity capability worthy of defending one of Asia's most complex and targeted digital ecosystems. What we built in the process HELIOS, our CREST-accredited SOC, our offensive security team is now available to the organisations that face the same adversaries.
A cybersecurity journey that started in 2018.
The story of ACFC does not begin in 2022 it begins in 2018, when Axiata Group launched its first cybersecurity strategy and stood up a Group Security Operations Centre. That first four-year chapter created the institutional knowledge that ACFC was built on.
By 2021, the operating reality was clear: a fragmented, tool-per-discipline approach to cybersecurity could not protect a group spanning telecommunications, financial services, digital infrastructure, and fintech across the region.
ACFC was the answer. A Cyber Fusion Center that brought together what had previously been separate threat intelligence, security architecture, incident response, offensive security, governance, and data privacy into a single, coordinated operational model.
To secure information assets against cyber threats across the Axiata Group in support of Axiata's strategy and to do so in a way that creates trust and confidence in Axiata as a digital champion across the region.
Why fusion changes everything.
The name 'Cyber Fusion Center' is not a rebrand of a Security Operations Centre. It describes a fundamentally different model one where threat intelligence, defensive operations, offensive testing, governance, and data privacy are not separate functions that share an org chart. They share context, data, and analytical output in real time.
In 2023, ACFC's cybersecurity maturity was independently benchmarked against the NIST Cybersecurity Framework and ranked in the top 30% globally, exceeding the regional average across Asia Pacific, Europe, and Latin America. This is not self-assessed maturity. It is third-party validated performance against an internationally recognised standard.
From GSOC to regional cybersecurity benchmark.
Eight years of deliberate capability building from a Sri Lanka outsourcing model to a patent-granted, CREST-accredited, commercially active cybersecurity operation.
Independently validated. Rigorously maintained.
Every credential listed here was earned not self-declared. Each requires ongoing operational evidence, regular reassessment, and documented adherence to international standards.
National and regional recognitions.
7 national recognitions and 7 regional recognitions across leadership, innovation, and operational excellence each judged independently by industry authorities.
Work with the team that has done it at scale.
ACFC's experience defending one of Asia's most complex digital ecosystems is available to your organisation. Tell us your challenge — we'll connect you with the right practitioner.
Level 10, Persiaran Barat, Seksyen 52, 46200 PJ, Selangor
hello@axiatacfc.comBuilt to defend what others cannot afford to lose.
Axiata Cyber Fusion Center was established in 2022 with one mandate: build a cybersecurity capability worthy of defending one of Asia's most complex and targeted digital ecosystems. What we built in the process HELIOS, our CREST-accredited SOC, our offensive security team is now available to the organisations that face the same adversaries.
Contact UsA cybersecurity journey that started in 2018.
The story of ACFC does not begin in 2022 it begins in 2018, when Axiata Group launched its first cybersecurity strategy and stood up a Group Security Operations Centre. That first four-year chapter created the institutional knowledge that ACFC was built on.
By 2021, the operating reality was clear: a fragmented, tool-per-discipline approach to cybersecurity could not protect a group spanning telecommunications, financial services, digital infrastructure, and fintech across the region.
ACFC was the answer. A Cyber Fusion Center that brought together what had previously been separate threat intelligence, security architecture, incident response, offensive security, governance, and data privacy into a single, coordinated operational model.
The mandate that has never changed
To secure information assets against cyber threats across the Axiata Group in support of Axiata's strategy and to do so in a way that creates trust and confidence in Axiata as a digital champion across the region.
Why fusion changes everything.
The name 'Cyber Fusion Center' is not a rebrand of a Security Operations Centre. It describes a fundamentally different model one where threat intelligence, defensive operations, offensive testing, governance, and data privacy are not separate functions that share an org chart. They share context, data, and analytical output in real time.
Intelligence-Led Defence
ACFC's SOC does not monitor alerts in isolation. Every alert is enriched with HELIOS threat intelligence so analysts know not just what happened, but which adversary group is likely behind it and what their next likely move is.
Offensive Feeds Defence
ACFC's red team and penetration testers operate against the same threat models the SOC monitors. Findings from offensive engagements directly update detection use cases the same week.
Governance in the Loop
Security architecture and governance are not separate functions that produce policies nobody reads. ACFC's governance team turns operational findings into policy updates, compliance evidence, and board-level risk reporting in real time.
Unified Data Fabric
Threat intelligence, vulnerability data, incident logs, and dark web intelligence flow into a single operational picture HELIOS's correlated intelligence layer. No silos. No re-entry.
Multi-Entity Coordination
ACFC coordinates security across 12 operating entities with different technology stacks, regulatory environments, and risk profiles. A threat detected at one OpCo is triaged for relevance across all others.
Continuous Improvement
ACFC operates on a metrics-driven delivery model 78% of governance reports automated, 87% effort reduction, MTTD under 1 hour. Security maturity is not declared it is evidenced.
Ranked in the top 30% globally on NIST cybersecurity maturity
In 2023, ACFC's cybersecurity maturity was independently benchmarked against the NIST Cybersecurity Framework and ranked in the top 30% globally, exceeding the regional average across Asia Pacific, Europe, and Latin America. This is not self-assessed maturity. It is third-party validated performance against an internationally recognised standard.
From GSOC to regional cybersecurity benchmark.
Eight years of deliberate capability building from a Sri Lanka outsourcing model to a patent-granted, CREST-accredited, commercially active cybersecurity operation.
Digital Trust 2020 · Strategy Launched · First Group SOC
Axiata defines its first group-wide cybersecurity strategy under Digital Trust 2020. A comprehensive Cybersecurity Posture Assessment is completed, and the Group establishes its first SOC in Sri Lanka under an outsourced support model. The first three-year cybersecurity strategy is formalised, setting the foundation for capability building.
FIRST Membership · First in Axiata Operating Markets
Axiata Cyber becomes the first telecommunications group across all Axiata operating markets to receive FIRST membership, enabling rapid global threat-intelligence exchange and access to the international incident response community.
Digital Trust & Resilience 2023 Strategy · Zero Trust · CyberARB
Axiata adopts the NIST CSF as its baseline maturity framework. The Zero Trust Framework and Certification Programme are introduced. The Cybersecurity Architecture Review Board (CyberARB) is formed to review all major technology investments for security implications prior to sign-off.
ACFC Inauguration
ACFC Inauguration — The Axiata Cyber Fusion Center is formally launched by YB Annuar bin Musa. ACFC also attains CREST accreditation, becoming the first telecom group in Axiata markets to be certified for both SOC and penetration testing.
Top 30% Globally on NIST · CREST 'Above Average'
ACFC is benchmarked in the top 30% globally against the NIST CSF, surpassing regional averages across Asia Pacific, Europe, and Latin America. CREST independently rates the SOC as 'Above Average'. ACFC hosts over 40 industry visits for benchmarking and knowledge sharing.
Cybersecurity Project of the Year
ACFC earns its first major industry recognition at the Malaysia Cyber Security Awards validating the fusion-center model within 12 months of launch.
Licensed Under Malaysia Cyber Security Act 2024
Axiata Group secures a licence from NACSA to provide SOC and penetration testing services becoming part of an exclusive group authorised under the national cybersecurity framework. HELIOS patent application submitted.
HELIOS Wins Multiple Awards · MoU with MDEC & CyberSecurity Malaysia
HELIOS wins Cybersecurity Innovation Product of the Year (Malaysia Cyber Security Awards) and the AIBP Enterprise Innovation Award. MOUs are signed with MDEC and CyberSecurity Malaysia to enhance national threat-intelligence sharing.
HELIOS Patent MY-212304-A
HELIOS is granted patent MY-212304-A by MyIPO, Malaysia's patented AI-powered attack-intelligence platform and Axiata Group's first-ever patent.
Industry Recognitions . Expanding Beyond Borders
HELIOS and ACFC secure multiple regional and national awards, including Asian Telecom Awards: Cybersecurity Initiative of the Year (Malaysia), the MARM Cyber Risk Defence Excellence Award, GBS ASEAN Best Digital Transformation Provider, and the Malaysia Technology Excellence Award (second consecutive year). ACFC supports multiple external clients across Sri Lanka, Bangladesh, Cambodia, and Malaysia.
Independently validated.
Rigorously maintained.
Every credential listed here was earned not self-declared. Each requires ongoing operational evidence, regular reassessment, and documented adherence to international standards.
CREST-Accredited SOC
ACFC's Security Operations Centre holds CREST accreditation the international gold standard for SOC quality. Rated 'Above Average' by CREST in February 2023. First telecom group in Asia's operating markets to achieve this.
CREST-Accredited Pen Testing
ACFC's penetration testing capability holds independent CREST accreditation certifying that our testers meet the international competency standard. First in Asia's markets.
FIRST Membership
ACFC holds membership in FIRST the Forum of Incident Response and Security Teams enabling faster threat intelligence sharing and access to the global incident response community.
Malaysia Cyber Security Act 2024
Licensed by NACSA to provide SOC and Penetration Testing services under the Cyber Security Act 2024 one of a select number of organisations authorised under the national cybersecurity framework.
AWARDS & RECOGNITION
National and regional recognitions
7 national recognitions and 7 regional recognitions across leadership, innovation, and operational excellence each judged independently by industry authorities.
Cybersecurity Project of the Year
Malaysia Cyber Security Awards recognising ACFC as the most significant cybersecurity project in Malaysia. First major recognition within 12 months of establishment.
Malaysia Cyber Security Awards 2023
Cybersecurity in Telecommunications
Malaysia Technology Excellence Award for cybersecurity in the telecommunications sector awarded to Axiata Group Berhad in recognition of ACFC's contribution to group-wide cyber resilience.
Malaysia Technology Excellence Award 2024 & 2025
HELIOS — Innovation Product of the Year
Malaysia Cyber Security Award for the most innovative cybersecurity product in the Malaysian market. Judged by the national cybersecurity authority on technical merit and real-world impact.
Malaysia Cyber Security Award 2024
HELIOS — AIBP Enterprise Innovation Award
Association for Information and Business Professionals Enterprise Innovation Award recognising HELIOS as the leading AI-driven enterprise security innovation across ASEAN.
AIBP 2024
Cybersecurity Initiative of the Year — Malaysia
Asian Telecom Awards Cybersecurity Initiative of the Year for the Malaysian market. Recognises HELIOS as the leading cybersecurity initiative by a regional telecommunications operator.
Asian Telecoms Awards 2025
Telecommunications Initiative — ACFC HELIOS
Malaysia National Business Awards Initiative Awards in the Telecommunications category, recognising ACFC HELIOS as the most significant technology initiative in the sector.
National Business Malaysia Awards 2025
Cyber Risk Defence Excellence Award
MARM Awards recognising ACFC's operational excellence in cyber risk defence across a complex, multi-entity environment.
MARM Awards 2025
Best Digital Transformation Provider of the Year
GBS ASEAN Awards 2025 by PIKOM recognising ACFC's contribution to digital transformation through cybersecurity as a strategic enabler across the region.
GBS ASEAN Awards 2025
HELIOS — Patent Granted MY-212904-A
Intellectual property formally recognised through a granted patent by the Intellectual Property Corporation of Malaysia the first AI-powered attack intelligence platform to be patented in Malaysia.
MyIPO - Issued 10 February 2026
Work with the team that has done it at scale.
ACFC's experience defending one of Asia's most complex digital ecosystems is available to your organisation. Tell us your challenge — we'll connect you with the right practitioner.