Monitoring & Alerting (SOC-lite)
Continuous 24/7 watch with an open source SIEM. You get actionable alerts, not noise.
- Log collection and correlation with Wazuh
- Intrusion detection and event triage
- Monthly security posture report
Managed cybersecurity · Law 21.663
Comply with Chile's Cybersecurity Law 21.663 without slowing the business
We diagnose your gaps, close them and get your company compliant in roughly 90 days. A managed service with an open source stack and AI, on sovereign infrastructure.
100% open source stack (Wazuh · Suricata · Grafana)
Sovereign infrastructure in Chile
Anthropic AI + AWS · no OpenAI
Rates 40–60% below traditional consulting
Services
Five modules, one goal: your company protected and compliant
Contract them separately or as a full program. Monitoring is recurring; compliance runs per project.
vCISO & Law 21.663 Compliance
An external security director runs your compliance end to end.
- Gap analysis against Law 21.663
- Policies, risk governance and 90-day plan
- ANCI preparation and reporting
DPO as a Service
An external Data Protection Officer for the new personal data law.
- Record of Processing Activities (RoPA)
- Consent management and data subject rights
- Personal data incident response
DevSecOps as a Service
Security embedded in your development cycle, not patched at the end.
- Code and dependency analysis (SAST/SCA)
- Prioritized vulnerability management
- Pipeline and container hardening
Observability & Anomaly Detection
Real visibility into your network and behavior, AI-assisted.
- Grafana dashboards over your metrics
- Network monitoring with Suricata (IDS/IPS)
- Anomalous behavior detection
Full compliance program
We combine modules based on your exposure and maturity.
- Assessment, gap closure and monitoring
- A single accountable point of contact
- Documented evidence for audit
How it works
From uncertainty to compliance in four steps
1
Assessment
The free Health-Check walks through your organization by chat, voice or form and maps your exposure.
2
Gap report
You receive a digitally signed report with every gap prioritized and a fine-risk estimate.
3
90-day plan
We define a closure plan by risk: what's fixed first, who does it and with what evidence.
4
Compliance
We implement the controls and keep continuous monitoring to sustain compliance over time.
Legal framework
Law 21.663: what it requires and who it binds
- Who it applies toVital Importance Operators (OIV) and essential services: healthcare, banking, energy, telecommunications, transport, water, sanitation, public administration and critical suppliers.
- Risk managementImplement an information security management system with technical and organizational controls proportionate to risk.
- Incident reportingNotify the ANCI (National Cybersecurity Agency) of significant incidents within the timeframes set by law.
- Operational continuityContinuity and recovery plans for incidents, with owners and documented evidence.
- Personal dataIn parallel, the new data protection law requires a DPO, a record of processing activities and data incident response.
The cost of non-compliance
The law contemplates significant fines and liability for the organization and its leadership. Beyond the financial penalty, an uncontrolled incident hits service continuity, customer trust and your standing with the regulator. The Health-Check estimates your concrete exposure before the cost becomes real.
Conversational assessment
The hook: find your gaps in a conversation
You don't need to be a security expert to start. The Health-Check asks you in plain language —by chat, voice or form— about your operation, your systems and your data. The AI translates your answers into a technical map of gaps against Law 21.663.
The output is a digitally signed report, with each finding prioritized by risk and an estimate of the potential fine. No cost, no commitment.
Frequently asked questions
What a manager or CISO asks before starting
Does Law 21.663 apply to my company?
It applies to Vital Importance Operators and essential services: healthcare, banking and finance, energy, telecommunications, transport, water, sanitation, public administration and their critical suppliers. The free Health-Check determines whether your organization is in scope.
How long does the compliance process take?
The initial assessment takes days. The gap-closure plan runs in about 90 days, prioritized by risk, versus the usual 18 to 24 months of a traditional consultancy.
What is a vCISO?
A vCISO (virtual Chief Information Security Officer) is an external security director who takes strategic ownership: sets policy, governs risk and reports to the ANCI, without the cost of a full-time executive.
Is an open source stack really secure?
Yes. Wazuh, Suricata and Grafana are audited by global communities and used by security teams at large enterprises. Open source allows independent review, avoids license lock-in and cuts costs without sacrificing detection capability.
What is a DPO and why do I need one?
The DPO (Data Protection Officer) is responsible for ensuring lawful processing of personal data. Chile's new data protection law requires it for many organizations. We provide it as a managed service (M5 — DPO as a Service).
Do you use OpenAI models?
No. SENTINEL-IA runs on Anthropic models over AWS infrastructure, hosted sovereignly. It is a contractual decision driven by data governance.
What exactly does the free assessment include?
The Health-Check identifies your gaps against Law 21.663, delivers a digitally signed report and a fine-risk estimate. No cost, no obligation to contract.
How is the service billed?
The M1 monitoring module is a recurring monthly service. Gap closure and consulting (M2) are contracted per project. Rates sit 40% to 60% below traditional consultancies.
Free assessment
Know where you stand before the regulator does
Request your Health-Check at no cost. In days you'll have a signed gap report and a clear plan to comply with Law 21.663.