ThreatPulse is LDD’s managed SIEM (security monitoring) service. It centralises log collection, threat detection and compliance reporting across servers, endpoints, network and cloud — offered in three bands so your internal IT, or LDD’s South African team, manages it day-to-day.
ThreatPulse is the security-monitoring product in LDD’s Pulse family. It gives you a full SIEM (Security Information and Event Management) capability — centralised log collection and analysis, real-time threat detection, and audit-ready compliance reporting — built on a proven security engine and enhanced by the Logix AI analysis layer. LDD has been delivering IT and security since 2003.
Whether your own IT team wants to run the platform or you want LDD to handle everything, ThreatPulse scales to how much you want to manage in-house.
Three ways to run ThreatPulse
ThreatPulse comes in three service bands. The main difference is simple: who manages it day-to-day, and whether LDD’s AI-assisted triage is included. In every band, LDD hosts and maintains the underlying platform so your team is never stuck patching or babysitting infrastructure.
1. Self-managed (for internal IT)
Your own internal IT team runs the SIEM day-to-day — reviewing alerts, investigating events and tuning detections — while LDD hosts and maintains the platform underneath. Best for organisations with a capable security or IT team who want full control and a managed, always-up platform without the AI layer.
2. Self-managed with AI Triage (for internal IT)
Everything in the self-managed band, plus LDD’s AI-assisted alert triage layer. Your IT team still manages the SIEM, but the Logix AI layer cuts alert noise, groups related events and surfaces what actually matters — so your people spend their time on real threats instead of false positives.
3. Fully Managed
LDD manages ThreatPulse completely on your behalf: detection, triage, investigation, response and proactive monitoring, backed by South African support and a service-level agreement (SLA). Best for organisations that want enterprise-grade security monitoring without building an in-house security operations team.
What ThreatPulse detects and monitors
The depth of capability is the same across all three bands — only the day-to-day management differs:
- Centralised log collection and analysis across servers, endpoints, network devices and cloud platforms
- Host-based intrusion detection with real-time threat detection
- File integrity monitoring to flag unauthorised changes to critical files
- Vulnerability detection plus CIS security-configuration assessment
- Malware and rootkit detection with active response to contain threats automatically
- MITRE ATT&CK mapping so detections are tied to known adversary techniques
- Cloud and container security monitoring
The Logix AI analysis layer
On top of the proven security engine, the Logix AI layer turns raw security data into clear, actionable insight. It is included in the AI Triage and Fully Managed bands:
- AI-assisted alert triage that cuts noise and prioritises genuine threats
- Automated threat reporting and summaries generated from live event data
- Plain-language reporting that non-technical stakeholders and management can actually understand
Compliance reporting built in
ThreatPulse produces audit-ready evidence and reporting to support a wide range of regulatory and security frameworks, including GDPR, POPIA, ISO 27001, PCI DSS and HIPAA. If you are formalising an information-security management system, this pairs well with our ISO 27001 compliance system design.
Delivered in South Africa and worldwide
ThreatPulse is delivered remotely to clients in South Africa, Ireland, Portugal, the UK, the EU and worldwide. As a 20-year South African company, LDD leads with compliance for GDPR, POPIA and ISO 27001, so monitoring and reporting align with the rules that apply to your business wherever you operate.
How ThreatPulse fits with LDD’s other services
Security monitoring works best as part of a layered approach. Pair ThreatPulse with regular penetration testing and VAPT to find weaknesses before attackers do, and with InfraPulse for infrastructure monitoring and uptime across the same estate.
Pricing
Pricing for all three ThreatPulse bands is available on application (POA), scoped to your environment — the number of endpoints, servers and cloud platforms, and the level of management and SLA you need. Get in touch for a tailored quote.
ThreatPulse service bands
Run it with your own internal IT, add LDD’s AI triage, or hand the whole thing to us — pricing is by quote (POA).
| What’s included | Self-managed internal IT | + AI Triage internal IT | Fully Managed LDD runs it |
|---|---|---|---|
| Hosted SIEM platform & log collection | ✓ | ✓ | ✓ |
| Real-time threat detection, FIM & MITRE ATT&CK mapping | ✓ | ✓ | ✓ |
| Compliance reporting (POPIA, GDPR, ISO 27001, PCI DSS) | ✓ | ✓ | ✓ |
| AI-assisted alert triage & plain-language summaries | — | ✓ | ✓ |
| Alert investigation & response | Customer | Customer | LDD |
| Proactive monitoring & tuning by LDD | — | — | ✓ |
| SA-based support + SLA | — | — | ✓ |
| Who manages day-to-day | Customer | Customer | LDD |
FAQ
What are the three ThreatPulse service bands?
ThreatPulse comes in three bands. Self-managed (for internal IT): your IT team runs the SIEM day-to-day while LDD hosts and maintains the platform. Self-managed with AI Triage (for internal IT): the same, plus LDD’s AI-assisted alert triage to cut noise. Fully Managed: LDD handles detection, triage, investigation, response and proactive monitoring with South African support and an SLA.
Can our internal IT run ThreatPulse themselves?
Yes. The two self-managed bands are designed exactly for this — your own IT team runs the SIEM day-to-day, while LDD hosts and maintains the underlying platform so there is no infrastructure to patch or babysit. You can also add LDD’s AI-assisted triage layer to help your team cut alert noise, or move to the Fully Managed band later if you prefer LDD to run it all.
What is the difference between the bands?
The differentiator is who manages it day-to-day and whether AI triage is included. In both self-managed bands the customer’s IT team manages day-to-day; in the Fully Managed band LDD does. AI-assisted triage is included in the AI Triage and Fully Managed bands, but not in the basic self-managed band. The detection and monitoring depth is identical across all three.
What does ThreatPulse monitor?
ThreatPulse centralises log collection and analysis across servers, endpoints, network and cloud. It provides host-based intrusion detection, real-time threat detection, file integrity monitoring, vulnerability detection, CIS security-configuration assessment, malware and rootkit detection with active response, MITRE ATT&CK mapping, and cloud and container security.
Which compliance frameworks does ThreatPulse support?
ThreatPulse produces audit-ready reporting and evidence to support GDPR, POPIA, ISO 27001, PCI DSS and HIPAA. As a South African company serving clients internationally, LDD leads with GDPR, POPIA and ISO 27001 compliance.
Does ThreatPulse use AI?
Yes. The Logix AI analysis layer adds AI-assisted alert triage that cuts noise and prioritises real threats, automated threat reporting and summaries, and plain-language reporting that management can understand. The AI layer is included in the AI Triage and Fully Managed bands.
Where does LDD deliver ThreatPulse?
ThreatPulse is delivered remotely to clients in South Africa, Ireland, Portugal, the UK, the EU and worldwide. LDD has provided IT and security services since 2003.
How much does ThreatPulse cost?
Pricing is on application (POA). It is scoped to your environment — the number of servers, endpoints and cloud platforms monitored, the service band you choose, and your SLA requirements. Contact LDD for a tailored quote.
Ready to get started? Talk to LDD.