Sentinel
Forensic engine that ingests logs from 50+ vendor stacks, reconstructs the full attack chain, and maps every finding to APP, Essential Eight and ISM controls. Breach-notifiability scoring and OAIC-ready memos.
Explore Sentinel →Strong cyber governance without handing your data to a US SaaS. Forensic log analysis, a compliance assistant, zero-trust access and a sovereign VPN — every finding mapped to the Privacy Act, Essential Eight and the ISM.
Each Kaitiaki product slots into the rest — shared identity, shared telemetry, shared compliance evidence — so you can adopt one and grow into the whole platform without a re-implementation.
Forensic engine that ingests logs from 50+ vendor stacks, reconstructs the full attack chain, and maps every finding to APP, Essential Eight and ISM controls. Breach-notifiability scoring and OAIC-ready memos.
Explore Sentinel →A knowledge-grounded compliance assistant that ingests your policies and playbooks. Retrieves with citation, refuses outside scope, and enforces tenant boundaries at the index layer — your knowledge never crosses to another customer.
Talk to us about Cortex →Zero-trust access broker — ZPA-class application reachability without exposing inbound ports. Continuous device posture, per-app policy, outbound-only connectors, signed binaries, dual-control admin paths.
Explore Iron Sentinel →Sovereign WireGuard VPN on the Ardwolf edge. Per-device keypair, split routing that preserves LAN and remote-admin sessions, kill-switch, verified-encryption indicator. Australian exit, Australian-owned infrastructure.
Explore Kaitiaki Shield →Privacy Act and cyber-security education for your team. Courses with quizzes scoped to your actual policies, completion certificates mapped to APP obligations, and an AI tutor that won't speculate outside your corpus.
Explore the Academy →Every Sentinel finding becomes a packaged deliverable — 90-day IT action plan, board brief, HR awareness summary, and a draft OAIC notification memo from lawyer-reviewed templates.
See a sample deliverable →Every engagement follows the same explainable spine — so your compliance officer, your CISO and your board all see the same evidence trail.
Pull from your SIEM, EDR, Microsoft 365 / Entra, Okta, AWS / GCP / Azure, firewall stack and 40+ more sources via push, pull or our hardened on-prem connector. PII is classified and scrubbed before warm storage.
A deterministic rule library (Sigma + our Compliance Detection Language) maps every event to APP, E8 and IRAP controls. A temporal property graph reconstructs the full attack chain. LLM narrative on top — never deciding, always citing.
One incident produces four aligned deliverables: a 90-day remediation plan, a plain-English board brief, an HR awareness summary and a draft OAIC notification memo. Each grounded in the deterministic findings, citation-traceable, and owned by you.
Designed for the operators carrying the most compliance load — SOCI-declared entities, APP entities handling sensitive PII, and anyone where a breach has both a regulator and a public-trust consequence.
Agencies carrying PROTECTED-tier obligations; we map findings to the IRAP/ISM control set.
APRA CPS 234 control evidence, PII inventories, continuous breach-notifiability.
My Health Record stewardship, NDB readiness, clinical-system access auditing.
Critical-infrastructure obligations, OT/IT boundary monitoring, supply-chain mapping.
University and TAFE — student PII, research integrity, residential network safety.
Transport, telco, data-storage and processing entities under SOCI obligations.
Legal and accounting — client confidentiality, file-server auditing, device posture.
Water, ports, food and supply-chain — long-life OT stacks, physical-cyber boundaries.
Designed by Australians, for Australians, against the frameworks operating here. No re-mapping. No translation tax. No "approximately Essential Eight".
Every detection rule references the APP it relates to. APP 11.1 incidents surface automatically with breach-impact scoring under the NDB scheme.
Continuous posture against all 8 controls — application control, patching, MFA, admin restrictions, hardening, daily backups — through to ML3 evidence.
Detection coverage is mapped to the ASD ISM control set, so findings reference the ISM control they relate to. We are not IRAP-assessed and don't yet handle classified data — that's on the roadmap, not a claim.
A pre-canned RMP evidence pack — asset register, threat register, control attestation, incident playbooks.
Threshold detection scoring affected-individual count and serious-harm probability, then drafts an OAIC memo against the published template — watermarked DRAFT, requires legal sign-off.
We're preparing for an IRAP assessment toward PROTECTED and publish our roadmap and control status as it changes. We are not IRAP-assessed today — and we won't claim a certification we don't hold.
We run an ISMS internally and are building toward SOC 2 and ISO 27001 certification on a published timeline. We'll share current readiness status with qualified prospects under NDA — and we won't claim a certificate we don't hold.
Most "Australian" security platforms are SaaS fronts for North American infrastructure. Kaitiaki is the actual platform — Australian-owned and resident from the ingest pipeline through to the warm store, the cold store, the vector index and the audit log.
Australian-owned and Australian-hosted, from ingest through analysis to the audit log. Your data isn't replicated offshore, and every tenant is isolated with its own keys.
The decision about what counts as a finding is deterministic — it runs on your data on Kaitiaki infrastructure, with no AI in that loop. PII is stripped before analysis. AI only narrates findings, and we run it sovereign, on local models.
We don't outsource support, offshore engineering, or hand you to a contractor pool. The people who build the platform are the people who answer when you call.
Every deliverable, scan artefact and audit log is yours. We hand you exports on request and at exit — not "for an additional fee".
An on-prem scan engagement with a hand-back package. For SMBs and accountants/lawyers carrying APP obligations.
Continuous monitoring with the full deliverable pack and managed reporting. For orgs running their own IT but needing the evidence chain.
Sovereign-grade deployment with Cortex, Iron Sentinel zero-trust access, per-tenant isolation and a dedicated Kaitiaki support team.
Run a real log through Sentinel right now — or start a one-week posture scan against your own telemetry. You keep every artefact whether you continue with us or not.