cogitogroup.net

What It Is

Cogito Group, founded in 2011, is an Australian-owned ICT/cybersecurity company operating internationally. It primarily provides managed cybersecurity solutions for federal agencies, private-sector organizations, critical infrastructure, and customers related to Australian defence and intelligence. Its core product, Jellyfish, is an all-in-one digital trust platform covering PKI, identity management, certificate lifecycle management, key management, HSM, digital signatures, and credential management. SecureSME PKIaaS is its cloud-delivered, fully managed enterprise-grade PKI service.

Core Capabilities and Deployment

In terms of protection type, Cogito is more focused on “digital trust infrastructure” than traditional antivirus or perimeter firewalls. It can automate certificate issuance, renewal, revocation, rotation, and policy enforcement, and supports ACME, SCEP, CMP, EST, Windows Auto Enrolment, and REST API. It also integrates with systems such as AD, Entra ID, ADCS, Intune, Kubernetes, API gateways, VPN, Wi‑Fi 802.1X, NAC, PACS/LACS, and SIEM/SOAR. Jellyfish can be used as part of the SecureSME service, or deployed on-premises or in the customer’s preferred cloud environment, making it suitable for hybrid architectures.

Compliance, Management, and Support

According to its website, Cogito Group’s ISMS is certified to ISO/IEC 27001:2022, and it also references Common Criteria and Gatekeeper PKI. SecureSME PKIaaS further highlights alignment with FIPS 140-2 Level 2/3 HSM, ISM, Essential Eight, ISO27001, and DISP, as well as Australian-certified data centers, geographic redundancy, and data sovereignty. On the management side, it provides a single console, real-time status, event notifications, audit logs, reporting, proactive alerts, and visualization of certificate dependencies. Support options include a 24/7 helpdesk, customer portal, email support, escalation phone line, and Jellyfish Training Academy.

Pricing, Pros, and Cons

Pricing is not transparent. The website only states that PKIaaS uses a predictable subscription model and does not require customers to purchase hardware such as HSMs or servers. It also offers a 14-day trial for CLM, PKI, and Key Management as a Service. Its strengths are a broad platform scope, strong certificate automation and enterprise integration capabilities, and notable experience in compliance and government use cases. The drawbacks are the lack of public information on pricing, SLA, performance metrics, and local delivery in China. In addition, the product is centered on PKI, identity, and credential systems, so it is not a good fit for users looking for general-purpose EDR, WAF, or CSPM.

Who It’s For and Access from China

Cogito is better suited to government, defence, critical infrastructure, finance, healthcare, education, legal, and mid-to-large organizations that need zero-trust identity, mTLS, digital signatures, smart cards, and large-scale certificate governance. The official website does not state how well it can be accessed from China, and payment methods are not disclosed. If domestic government/enterprise compliance, electronic certification, cross-border data transfer, and local support in China are involved, it is advisable to also evaluate alternatives such as CFCA, 天威诚信, 沃通, as well as DigiCert, GlobalSign, Entrust, Keyfactor, and Venafi.