haumaru.
Aotearoa-built · NZISM & ISO 27001 aligned

Cyber defence for mission-critical New Zealand operations

Haumaru combines 24/7 managed detection, offensive testing, and governed AI controls so your business stays protected, compliant, and audit-ready.

Book a security review Explore our services
Threat Operations Console
Live · Auckland SOC
Active threats
0
All clear
Events processed (24h)
8.4M
+2.1%
Mean response time
3m 12s
SLA met
Detection feed
12:04:11Anomalous login blocked · src=203.0.113.42
12:03:58EDR quarantined suspicious process · workstation-AKL-204
12:03:42Cloud IAM drift remediated · prod-vpc
12:03:20Phishing email auto-purged from 14 inboxes
Why now

You can't run a regulated business on hope and good intentions

Threat actors automate. Auditors demand evidence. Boards expect resilience. Haumaru gives you a defensible posture in every domain that matters.

Breach risk

One compromised credential is enough. Detection delays turn intrusions into national-headline incidents.

Compliance risk

NZISM, Privacy Act 2020, ISO 27001, SOC 2 — overlapping controls, mounting evidence demands.

AI risk

Generative tools shipping into production without guardrails introduce data leakage and model abuse.

Meet Haumaru

Defence in depth, delivered as one platform

From the endpoint to the cloud control plane, our team operates a single tightly-integrated stack — so threats are detected, contained, and evidenced before they become incidents.

Detect

24/7 SOC powered by behavioural analytics across endpoints, identity, and cloud.

Protect

Zero-trust controls and hardening that stops attackers from gaining a foothold.

Respond

Containment in minutes with playbooks rehearsed for your environment.

Prove

Continuous evidence for auditors, regulators, and your board.

Managed Detection & Response

A New Zealand SOC that never sleeps

Our analysts in Auckland correlate signals across your entire estate, validate threats and contain them — measured against an SLA, not a marketing promise.

  • Median triage in under 5 minutes
  • Full chain-of-custody for every incident
  • Integrated with Microsoft, Crowdstrike & SentinelOne
Learn more
Live SOC feed
CriticalBrute-force auth blocked
just now
HighMalicious macro quarantined
just now
InfoTLS certificate renewed
just now
MedMFA fatigue attempt mitigated
just now
Offensive Security

Find what attackers would, before they do

CREST-aligned penetration testing, red-team exercises and continuous attack-surface monitoring across web, cloud, mobile and OT.

  • Manual exploitation by senior testers
  • Re-test included — fix until it's fixed
  • Findings mapped to NZISM and OWASP
Learn more
recon · target.haumaru.ltd
$ nmap -sV target
443/tcp open https nginx 1.25
22/tcp open ssh OpenSSH 9.3
$ haumaru-scan --deep
[!] CVE-2024-XXXX exploitable on /api/v1/auth
[+] Reported · severity: HIGH · remediation drafted
3 min
Median time to contain a verified threat
99.99%
SOC service availability since launch
100%
Locally based, security-cleared analysts

Talk to a security architect today

Free 30-minute review of your current posture. No slide decks, no upsell — just an honest assessment from people who do this every day.

Book a review See pricing