IT, Telecom & Cyber · Australia (Perth)

Harden Identity Controls and Validate Cloud-Native Security Options

Published Apr 24, 2026, 6:06 AM AWSTAPACFull category signal
Ask AI
Why runtime identity is emerging as the next cybersecurity imperative

In 60 seconds

Top move

Runtime identity (controlling AI agents while they run) should be a procurement must-have for IAM purchases because agents are non-deterministic and can bypass static access controls

Key takeaways

  • Runtime identity (controlling AI agents while they run) should be a procurement must-have for IAM purchases because agents are non-deterministic and can bypass static access controls.[1]
  • Cloud-native WAF/API protection (Imperva for Google Cloud) changes integration trade-offs for cloud-first apps but is in controlled availability and needs operational validation before production migration.[3]
  • Preference for vendors that can process detection inside APAC Google Cloud regions strengthens sourcing cases where data residency or low-latency detection matter.[4]
  • Supplier and partner email-authentication gaps (DMARC not at 'reject') keep impersonation and phishing risk high for customer-facing channels and raise SOC and communications workload.[2]
  • Net procurement effect: shift demand language toward runtime controls, regional processing, integration SLAs, and mandatory partner authentication rather than only price or feature checklists.[1]

What changed since last run

  • Added explicit runtime-identity procurement requirement for AI-agent workloads versus prior brief's broader AI security framing.
  • Logged two vendor moves: Imperva available in controlled form on Google Cloud and CrowdStrike extending regional Google Cloud detection capability; flagged partner DMARC shortfalls.

Key facts

  • AI agents increasingly embedded in customer service and internal copilots
  • Agents are non-deterministic and can bypass static access controls
  • Analysis covered primary corporate domains used by event sponsors and partners
  • A notable share remain in monitoring or partial enforcement modes
  • Imperva for Google Cloud released in controlled availability
  • Integrates with Google Cloud Load Balancing via Private Service Connect

Why it matters

Runtime identity (controlling AI agents while they run) should be a procurement must-have for IAM purchases because agents are non-deterministic and can bypass static access controls. Cloud-native WAF/API protection (Imperva for Google Cloud) changes integration trade-offs for cloud-first apps but is in controlled availability and needs operational validation before production migration. Preference for vendors that can process detection inside APAC Google Cloud regions strengthens sourcing cases where data residency or low-latency detection matter. Supplier and partner email-authentication gaps (DMARC not at 'reject') keep impersonation and phishing risk high for customer-facing channels and raise SOC and communications workload

Cost / money

  • Expect higher integration or licensing spend where runtime identity or cloud-native connectors are required, because these are often delivered as advanced features or professional services.[1]
  • Choosing regional cloud detection and response can reduce compliance effort but may increase local hosting or managed-service fees compared with global-only contracts.[4]

Supplier / commercial

  • Vendors offering native-in-cloud protection (Imperva via Thales) can command premiums on migration and integration work; negotiate scope, rollback clauses, and performance SLAs up front.[3]
  • Suppliers with proven APAC-region processing gain leverage in multi-year managed-service negotiations where data-residency and latency are procurement drivers.[4]

Safety / operations

  • Without runtime identity controls, agent-driven automation can perform unanticipated actions, increasing security incidents and SOC triage burden.[1]
  • Partners using monitoring-only DMARC posture allow spoofed emails to reach customers, raising the likelihood of phishing incidents that require cross-team incident response.[2]

What to watch

  • Controlled-availability products can lack scale, feature parity, or monitoring hooks; validate those limits before routing production traffic to them.[3]
  • Vendor awards and partner claims show capability but do not guarantee local delivery or partner enablement; confirm local support models and delivery capacity.[4]

Top stories

Story 1SecurityBrief Australia

Why runtime identity is emerging as the next cybersecurity imperative

Signal strongSource-grounded
Source notes [1]Read source

What happened

SecurityBrief reports organisations are embedding AI agents across customer-facing and internal systems and that these agents are non-deterministic. The piece says legacy IAM and static access lists no longer fully control agent behaviour, making runtime identity enforcement and auditability the key operational constraint to address; watch for vendors publishing runtime policy features and telemetry support

Buyer takeaway

Treat runtime identity as a functional procurement requirement for AI-driven workloads, not an optional security add-on

Cost / money

May increase integration and licensing costs because runtime enforcement and telemetry are often packaged as advanced features

Supplier / commercial

Vendors adding runtime capabilities gain negotiating leverage; contracts should lock scope, SLAs, and telemetry delivery

Safety / operations

Improves operational safety by enabling enforcement and auditing of agent actions at execution time, reducing unpredictable breaches

What to watch

Vendor claims vary; validate actual runtime policy enforcement and log fidelity in proofs-of-concept

Key facts

  • AI agents increasingly embedded in customer service and internal copilots
  • Agents are non-deterministic and can bypass static access controls

Source excerpts

Without the right controls, an agent may take shortcuts that bypass established safeguards, exposing organisations to operational and security failures
These external agents introduce a new layer of complexity, as organisations must accommodate systems they do not own or control. Each of these agent types has distinct requirements, risk profiles, and trust boundaries
This means establishing clear identities, defining delegation relationships and enforcing controls at runtime
Story 2SecurityBrief Australia

One-third of FIFA World Cup partners lack email protection

Signal strongSource-grounded
Source notes [2]Read source

What happened

Proofpoint analysed event sponsors and partners and found a substantial share of domains use DMARC in monitoring mode rather than the strict 'reject' setting. That allows spoofed messages to reach inboxes and creates operational phishing exposure tied to high-profile digital activity; watch partner domains that touch customer communications and require authentication improvements during onboarding

Buyer takeaway

Require DMARC 'reject' or equivalent email-authentication enforcement for suppliers handling customer messaging

Cost / money

Remediation on supplier side is typically low-cost but needs coordination; contracting can set timelines and responsibilities

Supplier / commercial

Use onboarding checks and contract clauses to compel enforcement rather than relying on voluntary adoption

Safety / operations

Reduces delivered-phishing risk and lowers incident frequency associated with supplier impersonation

What to watch

Some suppliers will report monitoring posture as transitional; verify DNS records and reporting before accepting monitoring modes

Key facts

  • Analysis covered primary corporate domains used by event sponsors and partners
  • A notable share remain in monitoring or partial enforcement modes

Source excerpts

Even where a company has begun implementing DMARC, a weaker policy can still allow malicious emails through, leaving customers to judge authenticity on their own. That creates risks not only for individuals but also for the brands being copied
For security teams, the results suggest that publishing a DMARC record is only a first step
In the dataset examined, only 16 of the 25 domains analysed had reached the reject setting that stops spoofed emails from being delivered
Story 3SecurityBrief Australia

Thales launches Imperva for Google Cloud in controlled availability

Signal moderateSource-grounded
Source notes [3]Read source

What happened

Thales launched Imperva for Google Cloud in controlled availability to run web-application and API protection inside Google Cloud using Private Service Connect. The product aims to keep existing pipelines without external routing, which can reduce architecture friction for cloud-native apps, but controlled availability means buyers should validate performance and feature parity before moving production traffic; watch vendor notes on scale and GA timelines

Buyer takeaway

Consider native-in-cloud security for simpler operations, but insist on PoC evidence for performance and rollback plans

Cost / money

May reduce external routing overhead but could carry premiums for integration and managed deployment

Supplier / commercial

Vendors can monetize migration services; negotiate scope, rollback, and performance SLAs

Safety / operations

Potentially reduces routing complexity and attack surface but needs testing to ensure no new gaps are introduced

What to watch

Controlled availability may lack full feature parity or scale testing; confirm limitations during trials

Key facts

  • Imperva for Google Cloud released in controlled availability
  • Integrates with Google Cloud Load Balancing via Private Service Connect

Source excerpts

Development teams often prefer native cloud services because they simplify operations, while some security products depend on external routing that can add latency and add operational overhead. Native cloud security tools can also leave gaps for businesses running critical applications
“Organisations shouldn't have to choose between performance, simplicity, and protection,” said Tim Chang, Global Vice President and General Manager, Imperva Application Security at Thales. “With Imperva for Google Cloud, security is part of the cloud infrastructure, delivering enterprise-grade protection without disrupting how applications are built and delivered
Thales has introduced Imperva for Google Cloud, now in controlled availability
Story 4SecurityBrief Australia

CrowdStrike expands Google Cloud security & wins award

Signal strongSource-grounded
Source notes [4]Read source

What happened

CrowdStrike expanded its Cloud Detection and Response service to run within Google Cloud regions and was named Google Cloud Security Partner of the Year for Infrastructure Protection. Operationally, customers can now process detection telemetry inside regional Google infrastructure, supporting data-sovereignty and low-latency detection for APAC deployments; watch regional availability, partner enablement, and any managed-service SLA changes

Buyer takeaway

Regionally hosted detection reduces cross-border handling and supports tighter SLAs for regulated workloads

Cost / money

Regional processing can trade lower compliance complexity for potentially higher local hosting or support fees

Supplier / commercial

Regional capability strengthens supplier bargaining power for long-term managed-service agreements

Safety / operations

Enables faster, in-region threat processing which can shorten detection-to-response times for local incidents

What to watch

Partner awards are indicative but validate regional delivery, data residency handling, and local support models

Key facts

  • Falcon Cloud Detection and Response extended to Google Cloud
  • Named Google Cloud Security Partner of the Year for Infrastructure Protection

Source excerpts

CrowdStrike has expanded its Cloud Detection and Response service to Google Cloud and has been named Google Cloud Security Partner of the Year for Infrastructure Protection for a second straight year. The expansion brings CrowdStrike's Falcon platform to regional Google Cloud infrastructure, allowing customers to process and act on security data within specific regions to meet operational and data sovereignty requirements
CrowdStrike's Cloud Detection and Response offering is designed to detect malicious activity as it happens across hybrid and multi-cloud environments, rather than relying on batch log processing that can delay alerts. Under the expanded arrangement, organisations using Google Cloud will be able to run CrowdStrike's cloud detection and response tools within that environment
Regional deployment is a key part of the update

VP Snapshot

Executive Risk & Action View

Runtime identity (controlling AI agents while they run) should be a procurement must-have for IAM purchases because agents are non-deterministic and can bypass static access controls.

Overall
64
Cost
61
Supply
61
Schedule
20
Compliance
15

Top signals

30-180dcost

Signal 1: Cost / money

Expect higher integration or licensing spend where runtime identity or cloud-native connectors are required, because these are often delivered as advanced features or professional services.

Signal 2: Cost / money

Choosing regional cloud detection and response can reduce compliance effort but may increase local hosting or managed-service fees compared with global-only contracts.

30-180dcommercial

Signal 3: Supplier / commercial

Vendors offering native-in-cloud protection (Imperva via Thales) can command premiums on migration and integration work; negotiate scope, rollback clauses, and performance SLAs up front.

Signal 4: Supplier / commercial

Suppliers with proven APAC-region processing gain leverage in multi-year managed-service negotiations where data-residency and latency are procurement drivers.

30-180dsupplier

Signal 5: Safety / operations

Without runtime identity controls, agent-driven automation can perform unanticipated actions, increasing security incidents and SOC triage burden.

Signal 6: Safety / operations

Partners using monitoring-only DMARC posture allow spoofed emails to reach customers, raising the likelihood of phishing incidents that require cross-team incident response.

Recommended actions

CategoryDue 3d

Inventory systems using AI agents or long-running automation and flag those lacking runtime identity controls.

List of agent-using systems with risk flags to drive sourcing requirements

ContractsDue 3d

Verify DMARC enforcement for critical partner and supplier domains and escalate gaps to contract owners for remediation planning.

Catalog of partner DMARC posture and remediation owners assigned

OpsDue 21d

Run a short proof-of-concept in a Google Cloud test project to validate Imperva integration, latency, and monitoring compatibility.

Validated runbook and performance notes for cloud-native WAF/API protection

ContractsDue 21d

Update IAM RFPs and vendor questionnaires to require runtime-identity controls, telemetry/auditability, and APAC data-residency options.

RFPs and questionnaires that measure runtime identity and regional processing capabilities

CategoryDue 60d

Reassess preferred supplier list for cloud detection and response and prioritise vendors with proven APAC regional deployments and local support evidence.

Updated preferred vendor roster reflecting regional deployment and support evidence

Risk register

RiskTriggerMitigation
Controlled-availability products can lack scale, feature parity, or monitoring hooks; validate those limits before routing production traffic to them.Controlled-availability products can lack scale, feature parity, or monitoring hooks; validate those limits before routing production traffic to them.Confirm exposure with category, contracts, and operations before the next supplier commitment.
Vendor awards and partner claims show capability but do not guarantee local delivery or partner enablement; confirm local support models and delivery capacity.Vendor awards and partner claims show capability but do not guarantee local delivery or partner enablement; confirm local support models and delivery capacity.Confirm exposure with category, contracts, and operations before the next supplier commitment.

CM Snapshot

Category Manager Decision Detail

Today's priorities

Inventory systems using AI agents or long-running automation and flag those lacking runtime identity controls.

because knowing which systems run agentic workloads lets procurement and security prioritise requirements and vendor evaluations correctly.

Due 3d

high

CM move

Use this as the immediate supplier or contract action to move before the next sourcing gate.

Verify DMARC enforcement for critical partner and supplier domains and escalate gaps to contract owners for remediation planning.

because partners with monitoring-only DMARC posture increase impersonation risk and should be tracked contractually to reduce operational exposure.

Due 3d

high

CM move

Use this as the immediate supplier or contract action to move before the next sourcing gate.

Run a short proof-of-concept in a Google Cloud test project to validate Imperva integration, latency, and monitoring compatibility.

because controlled-availability products can differ from general availability and need operational validation before changing deployment patterns.

Due 21d

high

CM move

Use this as the immediate supplier or contract action to move before the next sourcing gate.

Update IAM RFPs and vendor questionnaires to require runtime-identity controls, telemetry/auditability, and APAC data-residency options.

because explicit procurement language forces suppliers to disclose runtime controls and regional processing capabilities during selection rather than after award.

Due 21d

high

CM move

Use this as the immediate supplier or contract action to move before the next sourcing gate.

Supplier radar

SecurityBrief Australia

high

Observed supplier signal

Vendors offering native-in-cloud protection (Imperva via Thales) can command premiums on migration and integration work; negotiate scope, rollback clauses, and performance SLAs up front.

Commercial implication

Vendors offering native-in-cloud protection (Imperva via Thales) can command premiums on migration and integration work; negotiate scope, rollback clauses, and performance SLAs up front.

Next step: Validate the source-backed signal with incumbents and alternates before the next award or pricing decision.

SecurityBrief Australia

high

Observed supplier signal

Suppliers with proven APAC-region processing gain leverage in multi-year managed-service negotiations where data-residency and latency are procurement drivers.

Commercial implication

Suppliers with proven APAC-region processing gain leverage in multi-year managed-service negotiations where data-residency and latency are procurement drivers.

Next step: Validate the source-backed signal with incumbents and alternates before the next award or pricing decision.

Negotiation levers

Inventory systems using AI agents or long-running automation and flag those lacking runtime identity controls.

When to use: because knowing which systems run agentic workloads lets procurement and security prioritise requirements and vendor evaluations correctly.

Expected outcome: List of agent-using systems with risk flags to drive sourcing requirements

Commercial mechanism to carry into the next supplier conversation

Verify DMARC enforcement for critical partner and supplier domains and escalate gaps to contract owners for remediation planning.

When to use: because partners with monitoring-only DMARC posture increase impersonation risk and should be tracked contractually to reduce operational exposure.

Expected outcome: Catalog of partner DMARC posture and remediation owners assigned

Commercial mechanism to carry into the next supplier conversation

Run a short proof-of-concept in a Google Cloud test project to validate Imperva integration, latency, and monitoring compatibility.

When to use: because controlled-availability products can differ from general availability and need operational validation before changing deployment patterns.

Expected outcome: Validated runbook and performance notes for cloud-native WAF/API protection

Commercial mechanism to carry into the next supplier conversation

Update IAM RFPs and vendor questionnaires to require runtime-identity controls, telemetry/auditability, and APAC data-residency options.

When to use: because explicit procurement language forces suppliers to disclose runtime controls and regional processing capabilities during selection rather than after award.

Expected outcome: RFPs and questionnaires that measure runtime identity and regional processing capabilities

Commercial mechanism to carry into the next supplier conversation

Talking points

Runtime identity (controlling AI agents while they run) should be a procurement must-have for IAM purchases because agents are non-deterministic and can bypass static access controls.
Cloud-native WAF/API protection (Imperva for Google Cloud) changes integration trade-offs for cloud-first apps but is in controlled availability and needs operational validation before production migration.
Preference for vendors that can process detection inside APAC Google Cloud regions strengthens sourcing cases where data residency or low-latency detection matter.
Supplier and partner email-authentication gaps (DMARC not at 'reject') keep impersonation and phishing risk high for customer-facing channels and raise SOC and communications workload.

Supplier radar

SupplierSignalImplicationNext stepConfidence
SecurityBrief AustraliaVendors offering native-in-cloud protection (Imperva via Thales) can command premiums on migration and integration work; negotiate scope, rollback clauses, and performance SLAs up front.Vendors offering native-in-cloud protection (Imperva via Thales) can command premiums on migration and integration work; negotiate scope, rollback clauses, and performance SLAs up front.Validate the source-backed signal with incumbents and alternates before the next award or pricing decision.high
SecurityBrief AustraliaSuppliers with proven APAC-region processing gain leverage in multi-year managed-service negotiations where data-residency and latency are procurement drivers.Suppliers with proven APAC-region processing gain leverage in multi-year managed-service negotiations where data-residency and latency are procurement drivers.Validate the source-backed signal with incumbents and alternates before the next award or pricing decision.high

Negotiation levers

  • Inventory systems using AI agents or long-running automation and flag those lacking runtime identity controls.because knowing which systems run agentic workloads lets procurement and security prioritise requirements and vendor evaluations correctly.List of agent-using systems with risk flags to drive sourcing requirements

    high confidence

  • Verify DMARC enforcement for critical partner and supplier domains and escalate gaps to contract owners for remediation planning.because partners with monitoring-only DMARC posture increase impersonation risk and should be tracked contractually to reduce operational exposure.Catalog of partner DMARC posture and remediation owners assigned

    high confidence

  • Run a short proof-of-concept in a Google Cloud test project to validate Imperva integration, latency, and monitoring compatibility.because controlled-availability products can differ from general availability and need operational validation before changing deployment patterns.Validated runbook and performance notes for cloud-native WAF/API protection

    high confidence

  • Update IAM RFPs and vendor questionnaires to require runtime-identity controls, telemetry/auditability, and APAC data-residency options.because explicit procurement language forces suppliers to disclose runtime controls and regional processing capabilities during selection rather than after award.RFPs and questionnaires that measure runtime identity and regional processing capabilities

    high confidence

What to do / What to watch

What to do now

  • Inventory systems using AI agents or long-running automation and flag those lacking runtime identity controls.

    Why: because knowing which systems run agentic workloads lets procurement and security prioritise requirements and vendor evaluations correctly.

    Owner: Category

    Expected outcome: List of agent-using systems with risk flags to drive sourcing requirements

    [1]
  • Verify DMARC enforcement for critical partner and supplier domains and escalate gaps to contract owners for remediation planning.

    Why: because partners with monitoring-only DMARC posture increase impersonation risk and should be tracked contractually to reduce operational exposure.

    Owner: Contracts

    Expected outcome: Catalog of partner DMARC posture and remediation owners assigned

    [2]

Next few weeks

  • Run a short proof-of-concept in a Google Cloud test project to validate Imperva integration, latency, and monitoring compatibility.

    Why: because controlled-availability products can differ from general availability and need operational validation before changing deployment patterns.

    Owner: Ops

    Expected outcome: Validated runbook and performance notes for cloud-native WAF/API protection

    [3]
  • Update IAM RFPs and vendor questionnaires to require runtime-identity controls, telemetry/auditability, and APAC data-residency options.

    Why: because explicit procurement language forces suppliers to disclose runtime controls and regional processing capabilities during selection rather than after award.

    Owner: Contracts

    Expected outcome: RFPs and questionnaires that measure runtime identity and regional processing capabilities

    [1]

Longer view

  • Reassess preferred supplier list for cloud detection and response and prioritise vendors with proven APAC regional deployments and local support evidence.

    Why: because prioritising regional processing reduces cross-border compliance friction and aligns managed-service SLAs with local operational needs.

    Owner: Category

    Expected outcome: Updated preferred vendor roster reflecting regional deployment and support evidence

    [4]

What to watch

  • Controlled-availability products can lack scale, feature parity, or monitoring hooks; validate those limits before routing production traffic to them
  • Vendor awards and partner claims show capability but do not guarantee local delivery or partner enablement; confirm local support models and delivery capacity
  • Controlled-availability products can lack scale, feature parity, or monitoring hooks; validate those limits before routing production traffic to them.: Controlled-availability products can lack scale, feature parity, or monitoring hooks; validate those limits before routing production traffic to them
  • Vendor awards and partner claims show capability but do not guarantee local delivery or partner enablement; confirm local support models and delivery capacity.: Vendor awards and partner claims show capability but do not guarantee local delivery or partner enablement; confirm local support models and delivery capacity
  • Runtime identity (controlling AI agents while they run) should be a procurement must-have for IAM purchases because agents are non-deterministic and can bypass static access controls
  • Cloud-native WAF/API protection (Imperva for Google Cloud) changes integration trade-offs for cloud-first apps but is in controlled availability and needs operational validation before production migration
  • Preference for vendors that can process detection inside APAC Google Cloud regions strengthens sourcing cases where data residency or low-latency detection matter
  • Supplier and partner email-authentication gaps (DMARC not at 'reject') keep impersonation and phishing risk high for customer-facing channels and raise SOC and communications workload

Market pulse

IndexLatestChangeAs of
Palo Alto (PANW)320 +0.00 (+0.00%)Apr 23, 2026, 10:11 PM
CrowdStrike (CRWD)285 +0.00 (+0.00%)Apr 23, 2026, 10:11 PM
Zscaler (ZS)195 +0.00 (+0.00%)Apr 23, 2026, 10:11 PM
Fortinet (FTNT)72 +0.00 (+0.00%)Apr 23, 2026, 10:11 PM
  • CrowdStrike: CrowdStrike's regional Google Cloud expansion supports sourcing preference for APAC-hosted detection and response capabilities
  • Fortinet: Cloud-native WAF and API protection developments increase attention on firewall and application security vendors when evaluating integration and SLA trade-offs

Sources

Inline citations jump here. Expand a source to read the excerpt, the AI interpretation, and the original link.

[1] Why runtime identity is emerging as the next cybersecurity imperative

securitybrief.com.au · n.d.

Expand

AI reading

SecurityBrief reports organisations are embedding AI agents across customer-facing and internal systems and that these agents are non-deterministic. The piece says legacy IAM and static access lists no longer fully control agent behaviour, making runtime identity enforcement and auditability the key operational constraint to address; watch for vendors publishing runtime policy features and telemetry support

Buyer takeaway

Treat runtime identity as a functional procurement requirement for AI-driven workloads, not an optional security add-on

Cost / money

May increase integration and licensing costs because runtime enforcement and telemetry are often packaged as advanced features

Supplier / commercial

Vendors adding runtime capabilities gain negotiating leverage; contracts should lock scope, SLAs, and telemetry delivery

Safety / operations

Improves operational safety by enabling enforcement and auditing of agent actions at execution time, reducing unpredictable breaches

What to watch

Vendor claims vary; validate actual runtime policy enforcement and log fidelity in proofs-of-concept

Key facts

  • AI agents increasingly embedded in customer service and internal copilots
  • Agents are non-deterministic and can bypass static access controls

Source excerpts

Without the right controls, an agent may take shortcuts that bypass established safeguards, exposing organisations to operational and security failures
These external agents introduce a new layer of complexity, as organisations must accommodate systems they do not own or control. Each of these agent types has distinct requirements, risk profiles, and trust boundaries
This means establishing clear identities, defining delegation relationships and enforcing controls at runtime

Used in this brief

  • Safety / operations: Without runtime identity controls, agent-driven automation can perform unanticipated actions, increasing security incidents and SOC triage burden
  • Next 72 hours — Inventory systems using AI agents or long-running automation and flag those lacking runtime identity controls.. Rationale: because knowing which systems run agentic workloads lets procurement and security prioritise requirements and vendor evaluations correctly.. Owner: Category. KPI: List of agent-using systems with risk flags to drive sourcing requirements
  • Next 2-4 weeks — Update IAM RFPs and vendor questionnaires to require runtime-identity controls, telemetry/auditability, and APAC data-residency options.. Rationale: because explicit procurement language forces suppliers to disclose runtime controls and regional processing capabilities during selection rather than after award.. Owner: Contracts. KPI: RFPs and questionnaires that measure runtime identity and regional processing capabilities
Open original source

[2] One-third of FIFA World Cup partners lack email protection

securitybrief.com.au · n.d.

Expand

AI reading

Proofpoint analysed event sponsors and partners and found a substantial share of domains use DMARC in monitoring mode rather than the strict 'reject' setting. That allows spoofed messages to reach inboxes and creates operational phishing exposure tied to high-profile digital activity; watch partner domains that touch customer communications and require authentication improvements during onboarding

Buyer takeaway

Require DMARC 'reject' or equivalent email-authentication enforcement for suppliers handling customer messaging

Cost / money

Remediation on supplier side is typically low-cost but needs coordination; contracting can set timelines and responsibilities

Supplier / commercial

Use onboarding checks and contract clauses to compel enforcement rather than relying on voluntary adoption

Safety / operations

Reduces delivered-phishing risk and lowers incident frequency associated with supplier impersonation

What to watch

Some suppliers will report monitoring posture as transitional; verify DNS records and reporting before accepting monitoring modes

Key facts

  • Analysis covered primary corporate domains used by event sponsors and partners
  • A notable share remain in monitoring or partial enforcement modes

Source excerpts

Even where a company has begun implementing DMARC, a weaker policy can still allow malicious emails through, leaving customers to judge authenticity on their own. That creates risks not only for individuals but also for the brands being copied
For security teams, the results suggest that publishing a DMARC record is only a first step
In the dataset examined, only 16 of the 25 domains analysed had reached the reject setting that stops spoofed emails from being delivered

Used in this brief

  • Safety / operations: Partners using monitoring-only DMARC posture allow spoofed emails to reach customers, raising the likelihood of phishing incidents that require cross-team incident response
  • Next 72 hours — Verify DMARC enforcement for critical partner and supplier domains and escalate gaps to contract owners for remediation planning.. Rationale: because partners with monitoring-only DMARC posture increase impersonation risk and should be tracked contractually to reduce operational exposure.. Owner: Contracts. KPI: Catalog of partner DMARC posture and remediation owners assigned
  • Proofpoint analysed event sponsors and partners and found a substantial share of domains use DMARC in monitoring mode rather than the strict 'reject' setting. That allows spoofed messages to reach inboxes and creates operational phishing exposure tied to high-profile digital activity; watch partner domains that touch customer communications and require authentication improvements during onboarding
Open original source

[3] Thales launches Imperva for Google Cloud in controlled availability

securitybrief.com.au · n.d.

Expand

AI reading

Thales launched Imperva for Google Cloud in controlled availability to run web-application and API protection inside Google Cloud using Private Service Connect. The product aims to keep existing pipelines without external routing, which can reduce architecture friction for cloud-native apps, but controlled availability means buyers should validate performance and feature parity before moving production traffic; watch vendor notes on scale and GA timelines

Buyer takeaway

Consider native-in-cloud security for simpler operations, but insist on PoC evidence for performance and rollback plans

Cost / money

May reduce external routing overhead but could carry premiums for integration and managed deployment

Supplier / commercial

Vendors can monetize migration services; negotiate scope, rollback, and performance SLAs

Safety / operations

Potentially reduces routing complexity and attack surface but needs testing to ensure no new gaps are introduced

What to watch

Controlled availability may lack full feature parity or scale testing; confirm limitations during trials

Key facts

  • Imperva for Google Cloud released in controlled availability
  • Integrates with Google Cloud Load Balancing via Private Service Connect

Source excerpts

Development teams often prefer native cloud services because they simplify operations, while some security products depend on external routing that can add latency and add operational overhead. Native cloud security tools can also leave gaps for businesses running critical applications
“Organisations shouldn't have to choose between performance, simplicity, and protection,” said Tim Chang, Global Vice President and General Manager, Imperva Application Security at Thales. “With Imperva for Google Cloud, security is part of the cloud infrastructure, delivering enterprise-grade protection without disrupting how applications are built and delivered
Thales has introduced Imperva for Google Cloud, now in controlled availability

Used in this brief

  • Cost / money: Expect higher integration or licensing spend where runtime identity or cloud-native connectors are required, because these are often delivered as advanced features or professional services
  • Supplier / commercial: Vendors offering native-in-cloud protection (Imperva via Thales) can command premiums on migration and integration work; negotiate scope, rollback clauses, and performance SLAs up front
  • Next 2-4 weeks — Run a short proof-of-concept in a Google Cloud test project to validate Imperva integration, latency, and monitoring compatibility.. Rationale: because controlled-availability products can differ from general availability and need operational validation before changing deployment patterns.. Owner: Ops. KPI: Validated runbook and performance notes for cloud-native WAF/API protection
Open original source

[4] CrowdStrike expands Google Cloud security & wins award

securitybrief.com.au · n.d.

Expand

AI reading

CrowdStrike expanded its Cloud Detection and Response service to run within Google Cloud regions and was named Google Cloud Security Partner of the Year for Infrastructure Protection. Operationally, customers can now process detection telemetry inside regional Google infrastructure, supporting data-sovereignty and low-latency detection for APAC deployments; watch regional availability, partner enablement, and any managed-service SLA changes

Buyer takeaway

Regionally hosted detection reduces cross-border handling and supports tighter SLAs for regulated workloads

Cost / money

Regional processing can trade lower compliance complexity for potentially higher local hosting or support fees

Supplier / commercial

Regional capability strengthens supplier bargaining power for long-term managed-service agreements

Safety / operations

Enables faster, in-region threat processing which can shorten detection-to-response times for local incidents

What to watch

Partner awards are indicative but validate regional delivery, data residency handling, and local support models

Key facts

  • Falcon Cloud Detection and Response extended to Google Cloud
  • Named Google Cloud Security Partner of the Year for Infrastructure Protection

Source excerpts

CrowdStrike has expanded its Cloud Detection and Response service to Google Cloud and has been named Google Cloud Security Partner of the Year for Infrastructure Protection for a second straight year. The expansion brings CrowdStrike's Falcon platform to regional Google Cloud infrastructure, allowing customers to process and act on security data within specific regions to meet operational and data sovereignty requirements
CrowdStrike's Cloud Detection and Response offering is designed to detect malicious activity as it happens across hybrid and multi-cloud environments, rather than relying on batch log processing that can delay alerts. Under the expanded arrangement, organisations using Google Cloud will be able to run CrowdStrike's cloud detection and response tools within that environment
Regional deployment is a key part of the update

Used in this brief

  • Runtime identity (controlling AI agents while they run) should be a procurement must-have for IAM purchases because agents are non-deterministic and can bypass static access controls. Cloud-native WAF/API protection (Imperva for Google Cloud) changes integration trade-offs for cloud-first apps but is in controlled availability and needs operational validation before production migration. Preference for vendors that can process detection inside APAC Google Cloud regions strengthens sourcing cases where data residency or low-latency detection matter. Supplier and partner email-authentication gaps (DMARC not at 'reject') keep impersonation and phishing risk high for customer-facing channels and raise SOC and communications workload
  • Cost / money: Choosing regional cloud detection and response can reduce compliance effort but may increase local hosting or managed-service fees compared with global-only contracts
  • Next quarter — Reassess preferred supplier list for cloud detection and response and prioritise vendors with proven APAC regional deployments and local support evidence.. Rationale: because prioritising regional processing reduces cross-border compliance friction and aligns managed-service SLAs with local operational needs.. Owner: Category. KPI: Updated preferred vendor roster reflecting regional deployment and support evidence
Open original source

[5] CrowdStrike

finance.yahoo.com · n.d.

Expand
Open original source

[6] Fortinet

finance.yahoo.com · n.d.

Expand
Open original source
More from IT, Telecom & CyberBack to Executive View