Bastion Security Group has signed an agreement to merge with Melbourne-based cybersecurity consultancy Astralas, in a move that further consolidates Australia’s mid-market security services sector.
The transaction, expected to complete in February 2026, marks Bastion’s fourth strategic combination in Australia, following earlier integrations of managed services providers Cythera and Seamless Intelligence, and professional services firm Phronesis Security. Astralas’ leadership will remain invested in the combined group.
Founded in 2021, Astralas has grown to more than 60 cybersecurity and cloud professionals, with a focus on security architecture, engineering and automation, identity and access management, and cloud consulting. The firm serves enterprise clients across financial services, telecommunications and critical infrastructure sectors.
For Bastion, the merger strengthens its professional services capability in Australia, complementing its existing managed security operations, governance, risk and compliance advisory, penetration testing, cloud and network security, cyber strategy and threat intelligence services.
Post-transaction, Bastion will employ more than 250 cybersecurity professionals across Australia and New Zealand, with over half of its workforce based in Australia. The group will operate from six offices across the two countries.
The deal reflects broader consolidation trends in the Australian cybersecurity market, where firms are combining advisory, engineering and managed services capabilities to offer end-to-end “build and run” models. Increasing regulatory pressure, complex cloud environments and sustained threat activity have driven demand for integrated service providers capable of delivering strategy, implementation and 24/7 operational monitoring.
Astralas brings technical depth in architecture-led engagements — an area increasingly critical as organisations modernise identity frameworks, automate security controls and migrate to hybrid cloud environments. Bastion, meanwhile, expands Astralas’ access to managed security operations, including a 24/7 security operations centre and associated tooling.
While financial terms were not disclosed, the merger signals continued competition among Australian-headquartered cybersecurity firms seeking scale to compete with multinational providers and larger systems integrators.
For clients, the practical impact will hinge on integration execution — particularly maintaining specialised engineering capability while absorbing operations into a larger group structure. Bastion says Astralas’ leadership team will remain in place, with gradual integration into its Australian operations.
As Australia sharpens its focus on cyber resilience across critical sectors, local providers are positioning themselves to deliver broader service portfolios at scale. This latest merger suggests that consolidation is likely to remain a defining feature of the region’s cybersecurity services landscape in the near term.
