Kekkai
Scan free

Know where you’re exposedbefore your insurer asks.

External posture assessment across 7 categories. Exact fix commands. Board-ready and technical reports in under 90 seconds.

 

Free. No signup.

Built by the team that ran managed security operations for Petbarn, IGA, and Australian government agencies. We’ve seen what breaks from the inside.

Security checks:40+·
Frameworks:E8, CIS, ISO·
Scan time:<90s·
Data hosted:Australia
The Problem

Everything about mid-market security is manual

invoice.pdf
Essential Eight assessment
$8,000
CA policy workshop (2 days)
$5,200
Posture review (quarterly)
$3,500
Annual total
$52,800

$200-$500/hr. Point-in-time. Stale in weeks.

Threat modelling, posture assessments, compliance evidence gathering, board reporting. All done by consultants or not done at all.

managed-soc-portal.com
Monthly retainer
$10,000-$40,000
DetectionActive
Prescriptive guidanceNot included
Hardening adviceLimited
Board reportingManual

They watch your logs. They don't harden your environment.

Managed SOC products focused on detection, not guidance. No prescriptive hardening. No CA policy recommendations. Alert fatigue, poor reporting.

Mail
Inbox2 new
S
Sarah ChenCFO
2:14 pm
Board pack due Friday
Can you add a security posture summary? Plain language, not technical.
J
James WrightBroker
11:03 am
Re: Cyber insurance renewal
Underwriter needs evidence of email auth and encryption config.
D
Dev PatelEngineer
Yesterday
DMARC record - which value?
The audit says fix email security. What exactly do I change?

Three audiences. Nobody's tool serves all three.

The board wants plain language. The engineer wants commands. The broker wants evidence. CISOs end up manually translating between all of them.

The Platform

Your buyer needs an advisor, not another tool.

Prescriptive guidance across your external posture, M365 tenant, conditional access policies, and Essential Eight maturity. Reported for two audiences, mapped to your compliance frameworks, and priced for organisations that aren’t enterprise.

External posture report
B
84%
Overall posture
Email SecurityC
TLS & CertificatesB
HTTP HeadersB
DNS ConfigurationA
Web ApplicationC
Breach ExposureD
SubdomainsB
The report your broker has been asking for. Ready in 93 seconds.
Copy-paste fix commands
CRITICAL
Subdomain takeover risk
staging.example.com CNAME → staging-app.herokuapp.com(NXDOMAIN)
FIX
Remove dangling CNAME or reclaim the Heroku app
VERIFY
$ dig CNAME staging.example.com.au

Provider detected: Heroku. Fix steps are platform-specific.

Scan your domain free →
Essential Eight Assessment
Application control
Patch applications
Configure macros
User application hardening
Restrict admin privileges
Patch operating systems
Multi-factor authentication
Regular backups

Scored gap analysis with prescriptive remediation playbooks. Already required for government. Increasingly expected by enterprise supply chains. Your Essential Eight assessment was a 3-month consulting engagement. This takes an afternoon.

Conditional Access Advisor
RECOMMENDED POLICIES
Require MFA for all users
Block legacy authentication
Require compliant devices for admin
Exportable as JSON policy templates for Entra ID

Not “your conditional access is misconfigured.” Here are the 6 policies you should have based on your licensing and size, here is the JSON template to import, and here is how to test it safely.

M365 & GWS Security Advisor
Connect via OAuth. No PowerShell. No agents.
50-80 CIS benchmark controls scanned
Configuration drift alerts in real time
Attack path context across findings
Insurance questionnaire auto-population
Monthly posture trend reports

Shows how individual findings connect. Legacy auth enabled means MFA can be bypassed, which means the 3 mailboxes with external forwarding rules are an active exfiltration risk. Context, not just findings.

Framework-mapped out of the box
Essential EightCIS Controls v8ISO 27001ASD ISMCPS 234

Every finding automatically cross-referenced. The evidence your auditor asks for and your broker needs at renewal, generated in seconds instead of weeks.

Why Kekkai

Built for how Australian security teams actually work

Prescriptive, not diagnostic
Other tools say

“Improve your email security configuration.”

Kekkai says

_dmarc TXT "v=DMARC1; p=quarantine"

Exact DNS records. PowerShell commands. Admin console paths. Provider-specific fix steps for Cloudflare, Microsoft, Google, AWS, and more.

No gates, no tricks
Email required to see resultsNo signup needed
14-day trial then paywallFree scan, always
Contact sales for pricingPrices on the website
Book a demo to see the productEnter a domain, see it now

Every competitor gates their product behind a form, a call, or a trial. We let you scan and decide.

Australian-built

Not an American product with NIST swapped out.

Essential Eight alignment built in from day one. ASD ISM and CPS 234 mapping. Australian data residency. Built by people who understand ACSC guidelines, not just the acronyms.

Insurance-aware

Findings flagged for cyber insurance relevance.

Premiums are climbing. Underwriters are asking harder questions. Kekkai generates the evidence you attach directly to renewal applications. Send the report to your broker.

Dual-layer reporting

One scan, two audiences.

Executive summary your CFO can read. Technical playbook your engineer can act on. Both generated automatically, both exportable as PDF. Stop manually translating between the two.

Pricing

Transparent pricing. No sales call required.

Every competitor hides their pricing behind a demo form. We don’t.

External Scan
$0forever

No signup. No credit card. No trial period.

7-category external assessment
Executive + technical reports
Compliance framework mapping
Provider-specific fix commands
PDF export
Scan your domain free →
Essentials
$149/mo

1 tenant. Monthly scans.

Full dual-layer reports
Compliance mapping + PDF export
Drift alerts
Monthly posture trending
Get started
Professional
Most popular
$349/mo

1 tenant. Weekly scans.

Everything in Essentials
Attack path context
Prescriptive CA recommendations
Insurance evidence export
Board reporting module
Get started
Advisor
$599/mo

Hybrid environments.

Everything in Professional
On-prem AD collector
Identity posture analysis
Industry benchmarking
Priority support
Talk to us
MSP / Partner$49/tenant/month

Multi-tenant dashboard. White-label dual-layer reports. All Professional features per tenant.

FAQ

Questions we hear from CISOs, brokers, and IT managers

Yes, always. No signup, no credit card, no trial that expires. Enter your domain, get a full 7-category assessment with both executive and technical reports. The free scan is not a teaser. It is the complete product.

Email security (SPF, DKIM, DMARC, MX), TLS certificates and configuration, HTTP security headers, DNS configuration, web application exposure, breach database exposure, and subdomain enumeration. 40+ individual checks across 7 categories, all from publicly available data.

No. Kekkai performs passive external reconnaissance only. We analyse publicly visible signals like DNS records, TLS certificates, HTTP headers, and breach databases. No active exploitation, no agents installed, no traffic generated that would trigger your WAF or IDS. Safe to run against production domains.

They are $25,000+/year vendor risk platforms designed for enterprises managing hundreds of third-party vendors. Kekkai is $149-$599/month and focused on helping you fix your own environment. They give you a score. We give you the exact DNS record to add, the PowerShell command to run, and the admin console path to change.

Yes. Managed SOC providers focus on detection, monitoring logs and responding to alerts. They rarely provide prescriptive hardening guidance, conditional access policy recommendations, or compliance-mapped reporting. Kekkai covers the advisory gap that SOC providers leave open. Send them the technical report as a fix list.

Very. The report either validates what your MSP has already done or gives them a prioritised list of what they have not. Either way, you get visibility into your posture without relying solely on your provider to self-report.

Essential Eight (ASD maturity levels), CIS Controls v8 (implementation groups), ISO 27001 (Annex A controls), ASD ISM (security guidelines), and CPS 234 (APRA Section 26). Every finding is automatically cross-referenced so you know exactly where you stand before your next audit or insurance renewal.

That is one of the primary use cases. Findings are flagged for insurance relevance. The executive report is formatted for board packs and broker submissions. The PDF includes compliance mapping and posture scoring that underwriters can reference directly. Several findings map to the specific technical questions insurers now ask about email authentication, encryption, and access controls.

Australia. Scan results are stored for historical comparison and posture trending. Data is never sold, never shared with third parties, and never used for purposes beyond your account. Results are automatically deleted after 30 days if you do not create an account.

Under 90 seconds for most domains. The scan runs all 7 categories in parallel with per-check timeouts. Large domains with many subdomains may take slightly longer. Results are available immediately on completion, no email delivery delay.

Run your first scan. It takes 90 seconds.

No signup. No credit card. No sales follow-up.

 

Over 7 categories and 40+ checks. Free, forever.