Three Pillar

Three Pillar Security Assessment: How Does Your Business Score?

16 February 2026 · 0x1m3 · 5 min read

Most security gaps are not the result of negligence. They are the result of not knowing what to look for. This security assessment checklist gives business owners and IT managers a simple, structured way to evaluate their current defences against the Three Pillar framework: Protect, Detect, Recover.

Grab a pen. Answer honestly. Each "yes" is one point.

Pillar 1 — Protect (Endpoint Security)

Your first line of defence. These questions assess whether your endpoints can stop modern threats autonomously.

- [ ] 1. Do you have endpoint detection and response (EDR) deployed on every endpoint? Not just antivirus — EDR that monitors process behaviour, file changes, and network connections in real time. Every laptop, workstation, and server should be covered.

- [ ] 2. Does your endpoint protection use behavioural AI rather than signature-based detection? Signature-based antivirus only catches known threats. Behavioural AI detects zero-day exploits, fileless attacks, and novel ransomware by analysing what processes *do*, not what they look like.

- [ ] 3. Can your endpoint protection autonomously quarantine threats without human intervention? If a threat detonates at 2 AM, does your protection wait for an analyst to respond? Autonomous response means the threat is contained in seconds, regardless of when it strikes.

- [ ] 4. Do you have ransomware rollback capability? If files are encrypted, can your endpoint solution reverse the damage and restore files to their pre-attack state? This is a distinct capability from backup — it operates at the endpoint level.

- [ ] 5. Does your endpoint protection work offline? Remote workers, branch offices, and sites with unreliable connectivity need protection that functions without a cloud connection. On-device AI is essential.

Your Protect score: ___ / 5

---

Pillar 2 — Detect (Monitoring and Management)

Your eyes and ears. These questions assess whether you can see threats forming and close vulnerabilities before they are exploited.

- [ ] 6. Are all endpoints, servers, and network devices monitored 24/7? Continuous monitoring means automated alerting the moment something abnormal occurs — not waiting for a user to report a problem on Monday morning.

- [ ] 7. Is your operating system patching automated and current? Unpatched systems are the number one attack vector. Windows, macOS, and Linux systems should receive patches automatically, including out-of-band security updates.

- [ ] 8. Are third-party applications patched automatically? Chrome, Adobe, Java, Zoom, Teams — these applications are exploited as frequently as operating systems. Automated patching across 100+ applications closes the gaps attackers target.

- [ ] 9. Do you have automated remediation for common issues? When a service crashes, a disk fills, or a configuration drifts, does your system fix it automatically? Or does it wait for a ticket to be raised and a technician to respond?

- [ ] 10. Can you detect unmanaged devices on your network? Shadow IT — personal devices, forgotten servers, IoT endpoints — represents a significant attack surface. Network discovery should identify every device, managed or not.

Your Detect score: ___ / 5

---

Pillar 3 — Recover (Backup and Disaster Recovery)

Your safety net. These questions assess whether your data survives the worst-case scenario.

- [ ] 11. Are your backups stored off-network in an immutable, cloud-based repository? If backups live on the same network as your production systems, ransomware will encrypt them too. Immutable cloud backups are isolated, encrypted, and unreachable by attackers.

- [ ] 12. Is your Microsoft 365 data backed up independently? Microsoft's shared responsibility model means they guarantee uptime, not your data. Exchange, SharePoint, OneDrive, and Teams data needs independent backup — ideally multiple times per day.

- [ ] 13. Have you tested a full recovery in the last 90 days? A backup that has never been tested is a backup you cannot trust. Automated recovery testing should verify that backed-up systems are bootable and complete — on a schedule, not just after a disaster.

- [ ] 14. Can you recover individual files, full systems, and virtual machines? Granular file restore, bare-metal recovery, and virtual machine failover are different recovery scenarios. Your backup solution should handle all three without manual workarounds.

- [ ] 15. Do you have a documented recovery time objective (RTO) and recovery point objective (RPO)? How long can your business tolerate downtime? How much data can you afford to lose? If these numbers are not defined and tested against your backup solution, your recovery plan is incomplete.

Your Recover score: ___ / 5

---

Your Total Score

Add your three pillar scores together.

ScoreRatingWhat It Means
12–15StrongYour security posture covers all three pillars. Focus on optimisation and testing. Ensure your tools are integrated and managed proactively.
8–11Gaps ExistYou have strength in one or two pillars but meaningful gaps in another. These gaps are where attacks succeed. Prioritise the weakest pillar immediately.
0–7Urgent Action NeededSignificant exposure across multiple pillars. Your organisation is at elevated risk of a breach with limited ability to detect or recover. This requires immediate attention.

What Your Score Reveals

Strong in Protect, weak in Recover? You can stop most threats, but a successful ransomware attack means data loss. You need immutable cloud backup.

Strong in Detect, weak in Protect? You will see the attack happening, but your endpoints cannot stop it autonomously. You need behavioural AI-based EDR.

Strong in Recover, weak in Detect? Your data is safe, but you will not know about a breach until the damage is done. You need 24/7 monitoring and automated patching.

The Three Pillar methodology exists because no single pillar is sufficient on its own. Protection without detection is blind. Detection without recovery is helpless. Recovery without protection is a treadmill.

How OAS Closes the Gaps

OAS delivers all three pillars as a unified managed service:

- Protect — SentinelOne behavioural AI endpoint protection with autonomous response and ransomware rollback - Detect — N-able N-central 24/7 monitoring with automated OS and third-party patching across 100+ applications - Recover — Cove Data Protection cloud-first immutable backup with automated recovery testing every 14 days

All managed from a single console. Delivered by a trusted partner with over 40 years of enterprise IT experience in South Africa. Priced as a simple per-endpoint monthly subscription.

---

<div style="background: #F5F5F5; border-radius: 8px; padding: 32px; margin: 24px 0; text-align: center;"> <p style="font-family: Calibri, sans-serif; font-size: 18px; color: #1B2A4A; font-weight: 700; margin: 0 0 8px 0;">Score below 12? You have gaps. OAS can identify and close them — often within weeks.</p> <p style="margin: 16px 0 0 0;"><a href="/contact/sales" style="background: #2E5090; color: #FFFFFF; padding: 12px 24px; border-radius: 6px; text-decoration: none; font-family: Calibri, sans-serif; font-weight: 700;">Get Your Full Assessment →</a></p> </div>

---

Related Reading

- Cybersecurity & Endpoint Protection - The Hidden Cost of Incomplete Security - Protect, Detect, Recover in Practice: Building a Complete Stack

Related solution

Read more →

Want to Discuss This Further?

OAS's specialists are available to talk through how this applies to your organisation.

Request a Demo Explore Solutions