Cybersecurity
Cybersecurity you can actually
prove to a regulator.
Managed EDR, email security, compliance documentation, and incident response — three tiers with pricing posted. No scoping games.
"We will tell you when something is broken before we tell you what it costs to fix. That order is non-negotiable."
Services
What managed cybersecurity covers
Managed EDR — Huntress
Persistent endpoint detection and response backed by a 24/7 human SOC. Huntress catches attacker persistence and lateral movement that signature-based antivirus misses. Deployed to every managed endpoint.
Email security and phishing simulation
Inbound filtering for malicious links, attachments, and impersonation attempts. Phishing simulation campaigns measure your team's susceptibility and feed into training.
M365 / Google Workspace hardening
CIS Benchmark–aligned configuration hardening for your cloud office environment. MFA enforcement, conditional access, admin privilege review, and audit logging enabled.
Vulnerability scanning + remediation tracking
Scheduled scans of your internal and external attack surface. Findings are tracked to closure — not just reported and forgotten.
Compliance support
HIPAA, PCI-DSS, IRS Pub 4557, and CMMC Level 1/2 readiness. We produce the documentation auditors ask for: policies, risk assessments, vendor agreements, and gap reports.
Incident response retainer
Pre-established relationship with defined response SLAs. When something happens, you're not starting from zero. Retainer includes a written IR plan and annual tabletop exercise.
Security awareness training
Role-appropriate training that actually changes behavior. Completion tracked and reportable — useful for audits and cyber insurance applications.
Pricing
Three tiers. Contents fixed. Pricing varies by industry.
The contents of each tier are fixed — no add-ons required to get what's listed. Per-seat rate depends on your industry and compliance profile. Contact us for your number.
Essentials
Small offices with low compliance burden
Per seat / mo — rate by industry
Per-site minimum applies · contact us for your quote
- Managed EDR — Huntress endpoint detection & response
- Email security (spam filtering, malicious link protection)
- Microsoft 365 / Google Workspace hardening (CIS-aligned)
- Security awareness training
- Monthly health report
Recommended
Most law firms, CPAs, and medical practices
Per seat / mo — rate by industry
Per-site minimum applies · contact us for your quote
- Everything in Essentials
- Vulnerability scanning + remediation tracking
- Phishing simulation
- Incident response — on-call coverage
- Quarterly security review
Compliance
HIPAA, PCI-DSS, IRS Pub 4557, CMMC L1/L2 candidates
Per seat / mo — rate by industry
Per-site minimum applies · contact us for your quote
- Everything in Recommended
- Compliance documentation & gap assessment
- Incident response retainer with SLA
- Annual tabletop exercise
- Written information security policy
Which tier is right for your industry?
| Industry | Recommended tier |
|---|---|
| General business | Essentials |
| Real estate / title | Essentials |
| Automotive dealership | Recommended |
| Legal / law firm | Recommended |
| Accounting / CPA | Recommended |
| Healthcare / medical | Compliance |
| Defense contractor | Compliance |
| Payment processing | Compliance |
Tier recommendation is a starting point — final selection depends on your specific risk profile and compliance obligations.
All tiers require a 12-month initial agreement. Pricing scales by seat count — bundles with Managed IT receive 10% off.
Compliance
Frameworks we work in every day
Compliance support means documentation, configuration, and gap analysis — not a PDF checklist you could print off yourself.
Who it applies to
Healthcare practices, clinics, covered entities and business associates
What we deliver
Technical safeguards, BAA management, risk analysis, breach notification procedures
Who it applies to
Any business that accepts, stores, or transmits payment card data
What we deliver
Network segmentation, access controls, logging, vulnerability management, annual assessment support
Who it applies to
Tax preparers, CPA firms, enrolled agents
What we deliver
Written Information Security Plan (WISP), data disposal, access controls, incident response
Who it applies to
Defense contractors and subcontractors handling CUI
What we deliver
NIST 800-171 control implementation, system security plan, readiness assessment
FAQ
Common questions about cybersecurity
- What is managed cybersecurity and what does it include?
- Managed cybersecurity is an ongoing service where Dogwood Security monitors, hardens, and responds to threats across your environment. It includes managed EDR via Huntress, email security, M365 or Google Workspace hardening, vulnerability scanning, phishing simulation, security awareness training, and incident response coverage. The exact scope depends on which tier fits your compliance burden.
- How much does cybersecurity cost for a small business in East Texas?
- Dogwood Security offers three published tiers — Essentials, Recommended, and Compliance — priced per seat with a per-site minimum. Pricing is posted on our pricing page. The right tier depends on your industry and compliance requirements: most law firms, medical practices, and CPA offices land on Recommended.
- What's the difference between EDR and antivirus?
- Antivirus detects known malware by signature — it compares files against a list of known bad patterns. EDR (endpoint detection and response) monitors behavior: what processes are running, what network connections are being made, what files are being modified. Huntress adds human threat hunting on top of that. Modern attackers use tools that antivirus never flags because they're not technically malware.
- What compliance standards do you support?
- HIPAA for healthcare, PCI-DSS for businesses handling payment cards, IRS Publication 4557 for tax professionals and CPA firms, and CMMC Level 1 and Level 2 readiness for defense contractors. Compliance support means documentation, gap assessments, and configuration work — not just a checkbox.
- What happens if we get breached?
- On Recommended and Compliance tiers, Dogwood provides incident response on-call coverage. We contain, investigate, and document the incident. The Compliance tier includes a retainer with a defined response SLA and a pre-established IR plan so we're not improvising when it matters. On Essentials, IR is available on a time-and-materials basis.
- Do we need managed cybersecurity if we already have managed IT?
- Managed IT and managed cybersecurity overlap at the endpoint layer but serve different purposes. Managed IT keeps systems running. Cybersecurity is specifically focused on threat detection, hardening, compliance, and response. Huntress is included in our Managed IT engagements, but email security, phishing simulation, compliance documentation, and IR retainers are cybersecurity-tier services.
Know your compliance burden. Pick a tier.
Not sure which tier fits? Tell us your industry and how many seats — we'll tell you which tier makes sense and why.