top of page

Our Reference Architecture

This is our Reference Architecture; built on vendor technologies that complement Microsoft 365 with best-in-class capability.

 

We’ve taken a one vendor per domain approach, selecting only those tools that demonstrate high efficacy, ease of use, and proven results.

 

The outcome is simple: a trusted framework that allows us to deliver solutions that are robust, effective, and ready to meet today’s security challenges.

SentinalOne Graphic.png
SentinelOne delivers endpoint and identity protection that’s fast, effective, and truly real time.

 

Its Singularity XDR platform unifies Endpoint Detection & Response (EDR), Identity Security, and Cloud Workload Protection into an AI-driven, integrated environment. Extending beyond endpoint, SentinelOne’s Purple AI-powered AI SIEM and SOAR capabilities accelerate threat detection, investigation, and response. 

 

Unlike traditional tools that rely on delayed reaction, SentinelOne prevents, detects, and responds in the moment, even when devices are offline.

 

And if the worst happens, every change made during a compromise can be reversed in seconds using the patented rollback feature—restoring systems to a known-good state with minimal disruption.

 

Key capabilities & outcomes:

  • Singularity EDR – real-time detection and response powered by on-device AI, blocking ransomware and zero-day threats instantly.

    This means organisations aren’t waiting for cloud lookups or signature updates — threats are contained before they spread.

  • Storyline™ Technology – automatically tracks and correlates every process and event into a contextual storyline.

  • This gives security teams instant visibility of how an attack unfolded, reducing investigation time from hours to seconds, automatically remediates and rolls back attacks, restoring endpoints to a clean state without manual rebuilds.

  • Singularity Identity – real-time defence of Active Directory and identity infrastructure against credential theft and lateral movement.

    By stopping identity-based attacks early, SentinelOne helps protect the “keys to the kingdom” that adversaries rely on.

  • Singularity Cloud – protects cloud workloads and containers with the same AI-driven speed and automation.

    This ensures consistent security across hybrid and multi-cloud environments, reducing blind spots.

  • Purple AI – accelerates investigations and threat hunting with natural language queries and contextual insights.

    Security teams can act faster, with AI surfacing the right data and guiding them to resolution.

  • HyperAutomation – orchestrates and automates response workflows / SOAR playbooks across the environment, using low code/no code prompts.

    From isolating devices, killing processes, and blocking accounts to full rollback, HyperAutomation reduces manual effort and speeds up resolution, without the need for a threat hunting genius.

 

 

 

Alignment with the Essential Eight​

  • Application control & patching – blocks malicious or unapproved applications in real time, reducing reliance on patch cycles.

  • User application hardening – detects and stops exploitation of browsers, scripts, and plug-ins before they compromise the system.

  • Restrict admin privileges & MFA – protects Active Directory with Singularity Identity, limiting credential misuse and lateral movement.

  • Daily backups & recovery – HyperAutomation with rollback ensures systems can be restored quickly, supporting resilience requirements.

 

This makes SentinelOne not just a strong security platform, but a practical enabler of compliance with baseline Australian cyber standards. The Essential Eight calls for rapid detection and response, but most tools work in delays. SentinelOne delivers it in real time, with autonomous AI blocking attacks instantly and rolling systems back without disruption.

 

The business impact:

Prevent breaches before they spread

Reduce complexity with a single security platform

Lower operational costs through automation

Recover fast and keep business running

Netskope Logo Light.png
Netskope delivers cloud-native security that gives you visibility, control, and protection everywhere your data lives.
​

It lets organisations understand what cloud services are being used, who is accessing what, and how data is moving — especially outside managed apps. By combining inline and API-based controls, it enforces policy in real time. So whether it’s SaaS, IaaS, or shadow IT, Netskope ensures governance and risk don’t get left behind.

Netskope is your Secure Web Gateway (SWG), Cloud Access Security Broker (CASB) &

Zero Trust Network Access (ZTNA).

 

Key capabilities & outcomes:

• Cloud service discovery & usage visibility 

You get full insight into what apps your people are using (approved or not), and where data flows risk lies.

• Data protection (DLP) across web, SaaS, and collaboration tools 

Prevent accidental or malicious data leakage beyond your control.

• Real‑time inline policy enforcement 

Block or restrict actions the moment a rule is violated (e.g. uploading sensitive files to unapproved apps).

• Shadow IT & unmanaged device detection 

Identify devices and services your IT team didn’t know were in play.

• Centralised cloud governance dashboards 

Single pane of glass for policy, incidents, reports, and compliance metrics.

 

Alignment with the Essential Eight​

  • Helps with Data Security  - by preventing unapproved sharing or storage of sensitive info.

  • Supports Application & Cloud Security  - via policing of SaaS and service configuration.

  • Boosts Threat Mitigation  - by catching risky behaviour and enforcing policy inline.

 

This makes Netskope more than a cloud security product — it’s a foundational tool for modern work. It gives you control in places where traditional tools can’t operate: unmanaged devices, third-party SaaS, personal accounts, and remote collaboration. By making cloud activity visible and enforceable, it closes critical gaps without blocking productivity.

 

The business impact:

Reduce risk from unmonitored cloud usage

Slow down or stop data loss incidents before they escalate

Keep cloud posture clean, reducing audit gaps

Give visibility that lets you make proactive security decisions, not reactive ones

ThreatLocker_logo wordmark ZTEPP_white_PNG 1200.png
ThreatLocker delivers Zero Trust application control and endpoint security that’s simple, powerful, and enforceable in real time.

​

It allows organisations to define exactly what software, scripts, and processes are permitted and blocks everything else by default. This “deny by default” approach dramatically reduces the attack surface and makes it far harder for attackers to gain a foothold.

 

Key capabilities & outcomes:

  • Application Control – only approved applications can run, blocking ransomware, malware, and shadow IT at the source.

    Eliminates unapproved or risky software before it executes, reducing breach likelihood.

  • Ringfencing™ – isolates applications from each other and from sensitive data, limiting how they can be misused.

    Stops exploits that abuse trusted apps (e.g. Word launching PowerShell) and reduces lateral movement.

  • Storage Control – manages access to external drives, USBs, and network shares to prevent unauthorised data exfiltration.

    Ensures sensitive data can’t be copied or stolen through unmanaged storage.

  • Elevation Control – allows temporary admin rights only when required, with full audit logging.

    Reduces insider risk and credential abuse while keeping users productive.

  • Real-Time Enforcement – policies are applied instantly across the environment.

    Provides continuous protection without lag, ensuring policy gaps can’t be exploited.

 

Alignment with the Essential Eight​

  • Application control – its core strength, delivering “default deny” for all unauthorised executables.

  • Restrict admin privileges – Elevation Control enforces least privilege without sacrificing usability.

  • Patch applications – reduces reliance on patch speed by blocking unpatched/unauthorised apps outright.

  • User application hardening – Ringfencing prevents apps from being abused by attackers.

​

By enforcing application allowlisting and restricting lateral movement, ThreatLocker goes beyond compliance, it makes the Essential Eight’s “Application Control” practical and enforceable in real time.

 

The business impact:

Minimise risk by controlling exactly what runs in your environment

Reduce insider and privilege-related threats

Prevent data leakage through unmanaged storage

Strengthen Essential Eight compliance with enforceable, real-time controls

Veeam Grapghic.png
Veeam delivers modern backup solutions, server replication and recovery that is reliable, flexible, and proven across Microsoft 365 cloud, virtual, and physical environments.

 

It provides fast, automated backup and recovery, giving organisations confidence their data and systems can be restored when it matters most, whether that’s recovering from ransomware, accidental deletion, or system failure.

 

Key capabilities & outcomes:

  • Backup & Recovery – simple, automated backups across Microsoft 365, cloud, virtual, and on-prem systems.

    Ensures critical data is always recoverable, reducing downtime and data loss.

  • Ransomware Resilience – immutable backups and clean recovery options protect against ransomware encryption and reinfection.

    Guarantees businesses have a safe copy of data to restore from, even after an attack.

  • Instant Recovery – rapid restore of entire workloads, from files to VMs, to keep operations running.

    Minimises disruption and ensures business continuity.

  • Cloud & Hybrid Ready – supports multi-cloud environments with seamless integration across Azure, AWS, and on-prem.

    Delivers flexibility without locking organisations into a single platform.

  • Monitoring & Automation – built-in tools for testing, monitoring, and automating backup health checks.

    Provides assurance that backups will actually work when needed.

 

Alignment with the Essential Eight​

  • Daily backups – central to its platform, with flexible scheduling and retention policies.

  • Rapid recovery – Instant Recovery and automation reduce downtime after an incident.

  • Ransomware protection – immutable backups ensure attackers can’t corrupt recovery points.

  • System availability – aligns with business continuity and disaster recovery best practices.

​

​Veeam doesn’t just meet the “Daily Backups” requirement of the Essential Eight; it transforms it, with immutability and instant recovery that ensure ransomware resilience, not just data copies.

​

The business impact:

Assured recoverability of business-critical data and systems

Reduced downtime and financial loss during incidents

Strong defence against ransomware through immutable backups

Confidence that operations can continue, even in worst-case scenarios

Delinea Graphic.png
At it's core, Delinea delivers modern Privileged Access Management (PAM) that makes
controlling and securing privileged accounts simple, scalable, and effective - and so much more!

 

It ensures that admin rights, service accounts, and other privileged credentials are tightly controlled, monitored, and used only when necessary; dramatically reducing the risk of insider threats and credential-based attacks.

 

Key capabilities & outcomes:

  • Privileged Account Vaulting – securely stores and rotates admin and service account credentials.

    Prevents credential theft and reuse by attackers.

  • Just-in-Time Access – grants admin rights only when required, for the minimum time needed.

    Eliminates standing privileges, reducing the attack surface.

  • Session Monitoring & Recording – tracks privileged activity with full audit trails.

    Improves visibility, accountability, and compliance reporting.

  • Secrets Management – manages application and service credentials without hardcoding.

    Reduces risk in DevOps and cloud environments where secrets are often exposed.

  • Cloud-Ready & Scalable – integrates across hybrid and multi-cloud environments.

    Delivers consistent control as organisations evolve infrastructure.

 

Alignment with the Essential Eight​

  • Restrict admin privileges – core to its design, removing standing admin rights and enforcing least privilege.

  • Patch applications/operating systems – ensures admin rights are only available during controlled updates, reducing exposure.

  • Multi-factor authentication – enforces MFA for privileged account access, strengthening identity protection.

  • Audit & monitoring – aligns with logging requirements for privileged activity.

 

Restricting admin privileges is a cornerstone of the Essential Eight. Delinea makes it achievable at scale through just-in-time access and auditable privileged session management.

​

The business impact

Stronger defence against credential theft and misuse

Reduced risk of insider or privilege-based attacks

Simplified compliance with detailed audit trails

Greater control of privileged access across hybrid and cloud systems

PatchMyPC Graphic.png
Patch My PC simplifies third-party application lifecycle management, making app
packaging & patching fast, automated, and reliable -- fully integrated....

 

It integrates with Microsoft Intune and Configuration Manager to automate updates and extends far

beyond native Intune and Microsoft capabilitied, for thousands of applications, ensuring

environments stay secure without creating extra overhead for IT teams.

 

Key capabilities & outcomes:

  • Automated Patching – keeps third-party apps updated without manual packaging or scripting.

    Reduces risk from unpatched vulnerabilities and saves IT time.

  • Wide App Catalogue – supports 2600+ applications with ready-to-deploy updates.

    Ensures consistency across the environment without chasing individual vendor installers.

  • Seamless Intune/SCCM Integration – works directly with existing Microsoft management tools.

    Extends Microsoft’s patching capability without adding another console to learn.

  • Customisable Deployment – control how and when updates are applied, with pre/post-script support.

    Balances security with operational needs, minimising business disruption.

  • Reporting & Visibility – provides insight into patch compliance across the environment.

    Gives assurance that endpoints are consistently up to date.

 

Alignment with the Essential Eight

  • Patch applications – automates updates for third-party apps, closing a major attack vector.

  • Patch operating systems – complements Microsoft’s patching to ensure full coverage.

  • Application control – integrates with policies to ensure only approved versions are deployed.

  • Mitigation of vulnerabilities – reduces reliance on manual patch cycles and human error.

 

The Essential Eight stresses rapid application patching; Patch My PC operationalises it, automating third-party updates so environments stay secure without IT teams chasing installers.

 
The business impact

Reduced risk of exploitation through unpatched software

Lower operational overhead by automating repetitive tasks

Improved compliance with patching requirements

Consistent, secure application experience for users

1Password Graphic Colour.png
1Password delivers simple, secure password and secrets management that reduces risk and improves usability for every user.

 

It ensures credentials, secrets, and sensitive information are stored safely, shared securely, and

protected with strong encryption and modern authentication.

 

Key capabilities & outcomes:

  • Password Vaulting – securely stores and encrypts passwords, notes, and secrets.

    Reduces risk of credential theft from weak or reused passwords.

  • Cross-Platform Access – works seamlessly across browsers, devices, and operating systems.

    Ensures users stay secure without friction or lost productivity.

  • Team & Enterprise Sharing – allows secure, permission-based sharing of credentials.

    Eliminates insecure practices like emailing or texting passwords.

  • Strong Authentication – supports MFA, biometrics, and modern authentication methods.

    Adds another layer of protection beyond simple passwords.

  • Secrets Automation – manages application and infrastructure secrets in DevOps pipelines.

    Prevents exposure of credentials in code and CI/CD processes.

  • One-Time Password (OTP) Generation – built-in support for generating and auto-filling 2FA codes.

  • Simplifies multi-factor authentication for users while strengthening security across accounts.

 

Alignment with the Essential Eight​

  • Restricting admin privileges – secures and controls privileged credentials through vaulting and access management.

  • Multi-factor authentication – integrates with MFA to secure logins for users and admins.

  • User application hardening – reduces credential reuse, phishing risk, and unauthorised access attempts.

  • Mitigating credential compromise – enforces strong, unique passwords across the business.

 

The Essential Eight calls for restricting admin privileges and hardening user applications. 1Password delivers this by eliminating weak passwords and securing credential use across the organisation, and your team will love using it. We Do!

​

The business impact

Reduced risk of password-related breaches and credential theft

Stronger protection for privileged accounts and admin access

Safer collaboration with secure credential sharing

Improved user adoption with a simple, seamless experience

bottom of page