Cyber security today is no longer about defending a perimeter. It’s about building an integrated, adaptive framework that protects your business in a world where users, devices, data, and workloads are constantly in motion.
At Data#3, we anchor our approach to cyber security around four core pillars:
These pillars are not standalone silos—they are interdependent capabilities that, when brought together, provide the layered resilience modern enterprises require.
What ties them together? The network. More than just infrastructure, the network is the connective tissue across every domain—cloud, users, data centres, and applications. It provides the visibility and control to make security decisions in real time, and it’s where we have built our deepest capabilities.
At the core of our approach is a simple but powerful model:
Individually, each pillar addresses a critical area of risk, but it’s the way they intersect that creates a truly resilient cyber security strategy.
Zero Trust is a principle, not a product—and one that’s often misunderstood. At its core, Zero Trust means no implicit trust is given to any user, device, or application, regardless of whether they’re inside or outside the network. Every access attempt must be continuously validated.
Implementing Zero Trust effectively demands identity-driven controls, strong authentication, and real time visibility into who is connecting to what, from where, and under what conditions. That visibility? It comes from the network.
The network is more than just cables and switches—it’s the platform that connects users, data, cloud, and infrastructure. If it’s not secure, nothing else is.
A secure network allows us to enforce segmentation, monitor traffic flows, and apply policies based on user roles and device types across a hybrid environment. It also provides the context we need for threat detection, access control, and incident response. At Data#3 this is where we excel. Our team’s deep expertise in micro-segmentation and intent-based networking using solutions like Cisco’s Identity Services Engine (ISE), play a pivotal role, enabling policy-based networking, where access is based on user role and device posture, aligned with business intent.
Modern threats don’t stay in one place. Attackers move laterally, jumping from endpoint to cloud workload to email system. That’s why observability is critical to detection and response.
Observability provides deep visibility across your entire environment—networks, applications, endpoints, and identities. It collects rich telemetry and uses AI/ML to uncover suspicious lateral movement or unexpected port scans, that traditional monitoring might miss.
When paired with micro-segmentation, observability not only detects threats but also validates whether segmentation policies are working as intended. It adds context, accuracy and a faster response.
This layered, adaptive defence is vital for spotting and combatting advanced threats early.
Security tools alone don’t stop breaches; people and processes matter just as much. Security Operations is the pillar that brings together insights from across the environment, enabling real-time decision-making and incident response.
A strong Security Operations function is built on three things: visibility, automation, and integration. Security Operations Centre (SOC) teams need to see what’s happening, automate repetitive tasks, and act quickly across systems. When network, observability data, and access controls are integrated, SOC teams can detect threats faster and respond more effectively.
These four pillars work in concert. Zero Trust cannot succeed without a secure network to enforce policies. The ability to detect anomalies and threats is reliant on comprehensive visibility into network traffic, application behaviour, and security events. Security Operations relies on inputs from all three to prioritise and act on threats. The tighter the integration between these pillars, the stronger the overall security posture.
While each pillar is essential, the network underpins them all. At Data#3, we often say that securing the network is the most critical first step . Without a trustworthy foundation, the rest of your security strategy will falter.
The network provides context: who is accessing what, from where, and how. It enables segmentation, ensuring that if a breach occurs, the impact is contained. Critically, it allows for consistent policy enforcement across hybrid environments. Whether traffic is flowing from a remote user to a SaaS app, or between containers in a cloud environment, security needs to travel with it.
We see the network as more than just connectivity—it’s a strategic control point. That’s why we’ve invested so heavily in technologies from Cisco such as Software-Defined Access (SD-Access), Next-Generation Firewall (NGFW), and Identity Services Engine (ISE). These tools give our customers the ability to understand what’s inside network traffic, automate policy enforcement, segment and dynamically assign policies based on users and devices.
ISE provides the intelligence and identity context that enables SD-Access to define and enforce access policies based on who the user is and what they are using, rather than static parameters like IP addresses or physical location. That’s a massive shift in how networks are secured—it means policy follows the user, enabling consistent security no matter where or how they connect.
The result is unprecedented visibility and control. Security and network teams can see how devices and users move through the environment, what they access, where they connect, and where it should be restricted. This visibility is essential to enforcing Zero Trust principles and effective detection and response.
In an intent-based network, the goal is simple: make the network understand what the business wants to achieve, and then automatically enforce those goals. In Cisco environments, SD-Access works in tandem with Cisco ISE to deliver smarter operations and stronger security.
At Data#3, we’ve worked with a wide range of customers to implement these principles in real environments. One recent engagement involved a large enterprise looking to modernise its security posture following several near-miss incidents. Their challenge was typical: fragmented tools, limited visibility, and inconsistent policy enforcement across cloud and on-premises infrastructure.
We began by reviewing the network architecture and implementing segmentation via Cisco SD-Access, which reduced the blast radius for lateral movement. We then worked with their identity team to enforce Zero Trust principles using Cisco ISE, which provided centralised access control and secure network segmentation. Cisco Duo was integrated for Multi-Factor Authentication (MFA) and identity intelligence, ensuring secure, contextual access. Finally, we deployed Cisco Extended Detection Response (XDR) to bring together telemetry from firewalls, endpoints, and email into a unified view and connected these feeds into their SOC workflows.
The result wasn’t just better protection—it was operational simplicity. Security teams gained the visibility to act decisively, while network teams had confidence in consistent, automated policy enforcement.
Many organisations understand the need for a stronger cyber security posture, but few know how to get there in a structured, scalable way. That’s why this four-pillar model works, but recognising the model is only step one. The challenge lies in execution.
A typical starting point for customers is to look at what new technology to buy. However, the first step should be gaining visibility into what’s already happening across the environment.
That means understanding:
You can’t secure what you can’t see – visibility is the foundation that enables every other pillar. In our experience, it’s also the thing most often overlooked.
Where customers struggle: Many rely on fragmented tools and point products that provide insight into only one domain (e.g. endpoint, email, network) without a way to correlate or act on that information. This limits threat detection, delays response, and creates blind spots for attackers to exploit.
Before implementing complex detection platforms or advanced analytics, organisations need to secure the connective tissue of their environment—the network. This means putting segmentation in place, enforcing policy through identity, and eliminating excessive access pathways.
This is where Cisco SD-Access and intent-based networking become important; they let security policies follow users and devices, not just IP addresses.
Where customers struggle: Many organisations still run flat networks. Segmentation is either too coarse or non-existent. Policy enforcement is done manually, making it error-prone and inconsistent. Without a secure network, Zero Trust and XDR solutions are significantly less effective.
Zero Trust is impossible without strong identity foundations. Organisations need to adopt MFA, enforce conditional access policies, and tie identity directly into network and application access decisions.
This means enabling dynamic policy enforcement based on user identity, device health, and contextual factors such as location and time.
Where customers struggle: Identity systems are often disconnected from the network. MFA is deployed only on a few critical systems, and access is granted broadly to avoid friction. These gaps create unnecessary risk and are among the first things attacker’s target.
With identity and network controls in place, the focus can shift to detection—where the real value of a mature security architecture begins to emerge. This is where observability becomes critical. Rather than just collecting logs or alerts, observability means gaining deep, real-time insight into what’s happening across every layer of your environment.
XDR platforms enable this by integrating signals from endpoints, network traffic, cloud workloads, email, and identity systems into a single correlated view. Unlike traditional tools that only see part of the picture, XDR delivers context-rich detections that help teams prioritise and act faster.
However, implementing XDR isn’t just about choosing a product. It’s about integrating existing tools, establishing workflows, and tuning detection logic based on the organisation’s risk profile.
A natural progression from XDR is the integration of Security and Information Event Management (SIEM) and Security, Orchestration, Automation, and Response (SOAR) capabilities, which enable long-term visibility, compliance reporting, and automation of response workflows. Together, they provide a foundation for proactive threat hunting and faster incident containment.
Where customers struggle: Many teams operate in silos. Endpoint teams don’t talk to network teams, and alerts are handled manually without correlation or context. This means there’s no central place to investigate threats, and response actions aren’t automated.
As technologies evolve, so too will the four pillars of security. AI-driven analytics are already transforming how threats are detected and prioritised. The role of the network will only become more critical; it’s where data flows, where threats travel, and where real time security decisions can be enforced.
At Data#3, this isn’t new ground—it’s home turf. A long-standing Gold Partner with Cisco, we’ve built our reputation on helping organisations across Australia build robust, scalable networks. Today our security teams work closely with our Cisco networking experts to help customers build secure networks by design.
The Data#3 Security Resilient Assessment developed in partnership with Cisco is the perfect next step for evaluating your organisation’s security maturity. This half-day workshop delivers actionable insights to identify and address security gaps and provide a roadmap to enhance business continuity and compliance. For more details contact your account manager or register your details below:
Information provided within this form will be handled in accordance with our privacy statement.
Phishing scams. Credential stuffing. Social engineering. These are all familiar tactics, and they’re incredibly effective, being used every day against organisations that don’t have round-the-clock protection. The problem isn’t just about lacking the tools. It’s about not having the time, expertise, or capacity to know when something’s gone wrong and what to do about it.
That’s where Managed Extended Detection and Response (MXDR) steps in as a much-needed enterprise-level cybersecurity solution for SMEs.
Built on Microsoft’s robust security ecosystem, Managed XDR leverages tools like Microsoft Defender XDR and Microsoft Sentinel to deliver comprehensive threat detection, investigation, and response capabilities.
This foundation enables seamless integration across endpoints, identities, cloud apps, and infrastructure, offering a unified view of threats and reducing response times through automation and AI-driven insights.
Built to enhance visibility, Managed XDR ensures continuous monitoring, and enables proactive defence strategies, all while aligning with existing Microsoft 365 and Azure environments for streamlined operations and scalability.
Unlike standalone security tools, XDR connects data across endpoints, servers, networks, cloud and email, using analytics to detect and respond to threats faster.
Managed XDR (MXDR) takes this further by delivering it as a fully managed service. With Data#3, you get the platform and a 24/7 expert team in a Security Operations Centre (SOC), powered by SecurityHQ, lifting the burden from your in-house team and strengthening your cyber defence.
Here are a few examples of how MXDR connects the dots, prioritises threats and accelerates response:
Detecting and responding to a phishing attack: An employee clicks a phishing link, triggering malware. Managed XDR instantly correlates email, endpoint and network alerts, isolates the device, blocks the domain, and removes the email from all inboxes, stopping the attack before damage is done.
Handling insider threats: When a user downloads sensitive data for the first time or logs in from an unusual location, behavioural analytics detect the anomaly and flags it for investigation. If the threat is malicious, security teams can freeze access before data is lost.
A lot of businesses are already swimming in alerts. Some are useful. Many aren’t. What they don’t have is the ability to cut through the noise and pinpoint what really matters.
With Managed XDR, visibility isn’t about being a passive observer; it’s about deeper understanding through a sophisticated process of gathering, interpreting, and acting on security information. So instead of your IT team spending hours chasing red herrings, they get immediate, actionable insights: “Here’s what’s happening. Here’s why it matters. And here’s what we can collectively do about it.”
If we think about this broader definition, visibility is:
This deeper visibility underpins successful cyber security actions, providing:
Improved incident response: When a threat is detected, Managed XDR provides a clear trail of evidence, allowing security teams to quickly understand the scope of the incident and take appropriate action.
Proactive threat hunting: Instead of merely reacting to alerts, security teams can more easily see hidden threats that may have evaded traditional detection methods.
Compliance and reporting: Managed XDR provides detailed logs and reports, making it easier to demonstrate compliance with various regulatory requirements. This is particularly valuable for SMEs that may lack dedicated compliance resources.
Bridged security gaps: Visibility across different security tools and environments helps identify and close security gaps. This is especially important as SMEs increasingly adopt cloud services and support remote work, expanding their attack surface.
Harnessing the superpower of visibility provided by Data#3’s Managed XDR transforms cyber security for SMEs by enabling them to see, understand, and respond to threats more effectively. It turns the overwhelming complexity of modern IT environments into a manageable, actionable security posture, empowering every business to confidently protect its assets.
SMEs often struggle to know what security tools they need or whether the tools they have are providing enough protection. They need solutions that simplify protection while strengthening defences and putting “eyes and ears everywhere.”
Managed XDR ties together all aspects of security, from endpoints to cloud applications, with monitoring, detection and response. For businesses seeking an extra layer of protection, the service can also be configured with Advanced Data Loss Prevention (DLP) and Managed Sentinel Services add-ons
Advanced DLP helps prevent unauthorised access or accidental exposure of sensitive data, protecting intellectual property and regulatory compliance.
Managed Sentinel Services provide deeper visibility and forensic capabilities, leveraging Microsoft Sentinel for more proactive threat detection, incident response, and security analytics tailored to your organisation’s needs.
This means SMEs can rely on one service to protect their entire environment without the need for additional security resources or the complexity of managing multiple solutions.
But beyond unifying security tools, Managed XDR provides four key advantages that SMEs value most:
A core advantage of Managed XDR is the inclusion of a global 24/7 SOC constantly monitoring for threats. Cyber attacks can occur anytime, so around-the-clock coverage ensures that nights, weekends and holidays are all covered. With Managed XDR, a team of analysts – augmented by algorithms – continuously watch the incoming telemetry and alerts, ready to investigate and respond immediately.
Unlike signature-based tools that rely on known threats, AI and machine learning continuously analyse vast amounts of data to detect subtle anomalies and emerging attack patterns, far beyond human capability.
Automation goes hand in hand with AI. With XDR, the system can not only detect but also act on certain threats instantly, or assist analysts by handling routine tasks to ensure rapid threat containment.
With limited resources and tight budgets, costly security solutions can appear out of reach. Managed XDR is crafted to be cost-effective and predictable, enabling SMEs to access enterprise-grade security without the difficulties of configuring, deploying, and managing it internally.
As Australia’s largest Microsoft partner and a Gold Certified Security Partner, Data#3 brings the expertise and experience to secure your business. With industry-leading Microsoft Defender XDR and Sentinel platforms deployed, configured in code and managed for you; and local support backed by global security powerhouse SecurityHQ, Managed XDR by Data#3 makes it simple and affordable to protect your environment your way.
This combination of an integrated XDR platform with a managed service team breaks down security silos, reduces alert fatigue and provides organisations with a single, 24/7 coordinated view of attacks across the entire IT environment.
To discover how our Managed Microsoft XDR solution can transform your organisations security posture, speak to a Data#3 Security specialist today.
Contact us today to enhance your security posture.
Information provided within this form will be handled in accordance with our privacy statement.
When evaluating Software as a Service (SaaS) applications, organisations increasingly prioritise security and the adoption of Zero Trust principles to safeguard their data. A critical component of this approach is using an external Identity Provider (IDP), such as Microsoft Azure Active Directory (Azure AD), to manage authentication and access control. However, many SaaS providers charge additional fees for integrating their applications with external IDPs – creating unnecessary roadblocks to security.
The role of IDPs in Zero Trust Security
An external IDP is a system that manages authentication for users outside of the SaaS application itself, ensuring the organisation retains full control over usernames, passwords, and security policies. In most organisations, their Azure AD directory serves as the single source of truth for user management, centralising identities and policies across all corporate systems and enforcing consistent security policies regardless of the application being accessed.
By integrating SaaS applications with a third-party IDP, organisations not only centralise user management, but they also unlock advanced security features such as conditional access, device trust, and risk-based authentication, leveraging tools such as Microsoft Authenticator and Cisco Duo. Depending on your SaaS provider, this may incur an additional fee – which often creates an unnecessary barrier to implementing critical security enhancements.
Traditional username and password authentication is inherently insecure. By integrating SaaS applications with external IDPs like Azure AD, organisations gain access to advanced security features that go far beyond basic login credentials. These include:
Additionally, integrating with an external IDP reduces the risks associated with poor password hygiene. According to Haveibeenpwned.com, billions of credentials have been exposed in SaaS-related data breaches, demonstrating the inherent insecurity of relying on individual applications to manage passwords. When users are forced to create multiple passwords for different SaaS apps, they often resort to bad habits like reusing passwords, choosing weak passwords, or storing them insecurely. By centralising authentication through an IDP, organisations enable employees to use a single, secure corporate password alongside MFA, reducing the likelihood of compromised credentials and improving overall security.
These components work together to support a Zero Trust model, where every access attempt is verified based on multiple factors, not just static credentials alone.
Some SaaS providers offer built in authentication and MFA, but these solutions often lack the flexibility and sophistication of external solutions. For example:
Integrating an external IDP with SaaS applications isn’t just about security—it’s about operational efficiency and compliance. By leveraging centralised authentication, organisations can:
The integration of SaaS applications with external IDPs like Azure AD is essential for organisations looking to enhance their security posture. IDPs provide the foundation for implementing advanced policies like conditional access, device trust, and risk-based authentication. Tools like Microsoft Authenticator and Cisco Duo complement these systems by enforcing MFA requirements, ensuring users meet the conditions defined by corporate policies on Azure.
Secure access is the foundation of cyber security, and it starts with SSO.
When evaluating SaaS providers, organisations should prioritise those that offer seamless Single Sign-On (SSO) integration without hidden costs. Providers that align their pricing with strong security principles demonstrate a genuine commitment to their customers’ Zero Trust strategies.
To protect your organisation effectively, choose SaaS providers that support third-party IDP integration as a standard feature. Secure access is the foundation of cyber security, and it starts with SSO.
Zero Trust isn’t a switch you flip—it’s a journey of layered security improvements. Many organisations struggle to move from strategy to implementation, especially when SaaS providers create barriers to strong identity management.
A good place to start is Data#3’s no cost Security Resilience Assessment Workshop where we help you identify practical steps to strengthen your defences. Or reach out to me any time to chat through your security strategy.
Imagine a regular Tuesday afternoon when the DevOps team at an organisation in Australia noticed something odd: a sudden spike in resource consumption within the cloud environment. Data#3 was quick to take action, and on closer inspection, our team discovered an unauthorised script mining cryptocurrency on their virtual machines. We realised this was not an isolated incident, a small misconfiguration in their orchestration system had left the environment vulnerable to exploitation. Thankfully, swift action limited the damage, no data was exfiltrated, however the incident underscored a glaring truth: even the smallest oversight in the cloud can lead to catastrophic consequences.
This story is not unique. In an era where IT teams are rapidly adopting cloud technologies like containers, serverless architectures, and virtual machines, the complexity of managing these environments has skyrocketed.
DevOps engineers are under pressure to maintain uptime, ensure scalability, and deploy features quickly. This leads to misconfigurations, lack of security controls, not thoroughly reviewing configurations and lack of attention to details. Security missteps are not a question of “if” but “when.”
This is a Security Leader challenge and understanding this dynamic is critical. As a leader, understanding this dynamic is critical. The role isn’t just about managing risks at a strategic level but also about having a plan that empowers your engineering teams to build and maintain secure systems in an increasingly hostile cyber landscape.
Before diving into a plan of action, it’s essential to understand the common risks teams face in cloud environments.
As a security leader, the goal should be to bridge the gap between security and engineering, ensuring the DevOps team is equipped to manage risks proactively. Here’s a five-step plan I have developed and want share to help you secure your cloud environment:
Step 1. Build security into the development pipeline
Step 2. Establish clear policies and guardrails
Step 3. Provide the right tools and automation
Step 4. Regularly test and train
Step 5. Foster a culture of collaboration
A small misconfiguration might seem trivial, but as the opening story illustrates, it can lead to significant consequences.
Cloud environments offer unparalleled flexibility and scalability, but they also come with unique challenges. DevOps engineers are the frontline defenders of these systems, but they cannot do it alone. As a security leader, your leadership is critical in providing the tools, policies, and culture that enable the engineering team to stay ahead of threats.
Data#3 brings deep expertise in planning, designing, and deploying secure cloud technologies while establishing governance frameworks to mitigate risk. By collaborating with trusted service provider like Data#3 and implementing a proactive plan, security can be turned from a bottleneck into a competitive advantage, ensuring your organisation is prepared for whatever challenges lie ahead.
Speak to a Data#3 security specialist today to elevate your security posture.
Strengthen your cyber resilience
In today’s threat landscape, organisations must adapt to stay resilient against cyber threats. This workshop, guided by cyber security experts, will help you self-assess your organisation’s security maturity using a proven framework based on the updated Cybersecurity Infrastructure Security Agency (CISA) Zero Trust Model.
Discover how your organisation measures up across four key pillars:
Your assessment report includes:
Qualification criteria
In order to get started you must meet the below eligibility criteria:
If you meet the eligibility criteria and would like to proceed with a no cost Security Resilience Assessment, contact a Data#3 Security Specialist below.
Information provided within this form will be handled in accordance with our privacy statement.
Cyber threats are evolving at an alarming rate, presenting a never-ending barrage of challenges to organisations worldwide. It’s no longer enough to just have a solid defence—you need to think bigger. You need to build cyber resilience to adapt, respond, and recover, no matter what comes your way.
At its core, cyber resilience is about staying operational—even when you’re under attack. It extends beyond traditional protection measures, probing an organisation’s ability to adapt to, respond to, and recover from cyber threats. It’s a holistic approach integrating cyber security, business continuity, and enterprise resilience. The objective is not just to thwart attacks, but to ensure that you can continue to keep your organisation running smoothly even when under siege.
Measuring cyber resilience involves assessing how well your organisation can anticipate, withstand, and recover from cyber threats. A robust measurement framework would look beyond conventional security metrics and include elements of recovery and adaptability. Consider:
1. Maturity Models:
There are several maturity models designed to help organisations assess their cybersecurity strength and resilience. These models, such as the Cybersecurity Infrastructure Security Agency (CISA) Zero Trust Model, Essential Eight or the National Institute of Standards and Technology (NIST) Cybersecurity Framework, offer a set of criteria for gauging your current capabilities. Organisations will often use aspects from each model to categorise their maturity, or readiness, into levels – from initial (least mature) to optimised (most mature), so that it’s easier to then identify areas for improvement.
2. Benchmarking:
If you’re looking for effective ways to measure and enhance your cybersecurity posture while comparing yourself to industry standards and peers, tools like Microsoft Secure Score and CIS CSAT (Critical Security Controls Self-Assessment Tool) are excellent options to consider.
Here’s why:
Using both tools gives you a well-rounded understanding of your cybersecurity strengths and areas for improvement. They don’t just tell you where you stand—they help you take actionable steps to build a stronger, more resilient security posture.
3. Resilience Metrics:
Want to see measurable results? Start tracking things like:
4. Continuous Assessment:
Cyber resilience is not a one-off exercise. Regularly scheduled reviews and updates to the resilience plan ensure that an organisation remains prepared as new threats emerge. This also includes continuously training staff and updating them on new threats and best practices.
Improving your cyber resilience and maturity level involves a strategic approach integrating processes, technologies, and people. It requires commitment from all levels of the organisation, from executive leadership to individual team members. Key steps include:
Here’s the thing: threats aren’t going to slow down. That’s why it’s so important to regularly assess your security maturity – it’s crucial to strengthening your resilience. Regular assessments will illuminate current security posture, identify vulnerabilities, and provide actionable insights for continuous improvement. It’s like taking your car in for a service—you might not think you need it until it’s too late.
Working with experts can make a big difference here. They’ll bring fresh eyes to your challenges, ask the tough questions, mitigate the influence of organisational bias and help you spot gaps you might not even realise exist. (Shameless plug for my Security Resilience Assessment Workshop I’ve developed with Cisco here.)
Using the updated CISA Zero Trust Model that we mentioned earlier, we can focus on four critical pillars of cybersecurity resilience: Zero Trust, Secure Network, Extended Detection and Response (XDR), and Security Operations. Let’s delve into how each contributes to fortifying an organisation’s cyber resilience.
With today’s constantly evolving threats, adopting a cyber resilience framework is not just beneficial; it’s a necessity. That’s why, Data#3, a Cisco Master Security Specialised Partner, has collaborated with Cisco to develop a Security Resilience Assessment Workshop. This is a free to attend, hands-on session where you’ll assess your organisation’s security posture with guidance from experienced experts.
Want to learn more? Consider participating in a Security Resilience Assessment Workshop or reach out to your account manager today. Let’s build your resilience together.
In cyber security, change is constant, but some challenges remain stubbornly familiar. Do you remember the Anna Kournikova virus from over two decades ago? It spread rapidly by tricking users into opening a seemingly harmless email attachment. Fast forward to today, and it’s no surprise that email remains the number one attack vector. The only difference is that the stakes are higher, and as technology evolves, the threats grow more sophisticated.
In our latest Security Minutes video series, with Mimecast, Data#3’s National Practice Manager for Security, Richard Dornhart, and Mimecast’s Senior Sales Engineer, Matt Youman, discuss the critical challenges organisations face and how they can stay ahead. From polished phishing attacks to overlooked attack vectors such as collaboration tools, here are the key insights you can’t afford to miss.
Cyber criminals are leveraging artificial intelligence (AI) tools to revolutionise their tactics. In the first episode, Youman highlights the rapid rise of AI-driven phishing attacks:
With tools capable of learning, adapting, and automating attacks at scale, organisations can no longer rely on traditional defences alone.
While cyber criminals use AI to evade detection, it’s imperative to remember that AI is also a powerful ally for defenders. Youman explores how Mimecast uses natural language processing and social graphing to identify behavioural patterns to help you catch threats that static tools miss.
When Youman reviewed 2,000 emails that bypassed standard security tools, the results were staggering: payroll switch scams and other business email compromise threats had slipped through unnoticed.
Relying on static rules and limited keyword scans is no longer enough. Utilising AI-driven solutions can help you think like attackers, making it easier for your organisation to fight back
It’s not just email. Collaboration tools, essential to everyday business operations, are also becoming an increasingly popular target for attackers. Yet they’re often overlooked in security strategies. Youman shares how Mimecast addresses this blind spot by integrating collaboration platforms into its centralised security solution, enhancing visibility and simplifying management.
Are your collaboration tools secure? If not, attackers may already be exploiting the gap.
Even with advanced technology, people remain the final safeguard. Roles such as those in C-suite, IT, HR, and finance are prime targets due to their access to sensitive data. Youman emphasises that understanding and addressing human risk is vital to any security strategy.
Did you know that Mimecast’s 30-day Email Threat Scanner not only uncovers risks but also identifies patterns of human error? Making it a great tool for helping you tailor training to individual roles.
When was the last time you tested your human defences?
No single tool or strategy can eliminate cyber risk. Reflecting on recent incidents, Youman highlights the critical need to look beyond email when protecting your organisation from cyber criminals.
That’s why Data#3 and Mimecast advocate for a defence-in-depth approach. By layering advanced detection, automation, and human-centric strategies, organisations can:
The final episode showcases Mimecast’s Email Threat Scanner in action. This free tool provides a powerful way to uncover email-borne risks that have bypassed your existing defences. With access to the Mimecast console, you can:
With everything we’ve learned so far, it’s easy to see that the evolving cyber threat landscape requires more than just traditional security measures. The rise of AI-driven attacks, sophisticated phishing campaigns and overlooked vulnerabilities in collaboration tools reveal critical security blind spots that many organisations still miss. Relying solely on static defences alone is no longer enough to stay ahead of cyber criminals.
A comprehensive, defence-in-depth approach is necessary to safeguard your organisation against emerging threats. Don’t delay, each day leaves your organisation open to more attacks. With Data#3 and Mimecast, you’ll take proactive steps to identify and address potential risks that will help protect your organisation.
Mimecast’s Email Threat Scanner Report will give you actionable insights into your current security posture, helping you stay one step ahead of cyber criminals. Don’t leave your organisation’s security to chance—ensure you’re fully prepared for the threats ahead.
Contact your Data#3 Security Specialist today to request your Email Threat Scanner Report and uncover hidden threats before they become a problem.
Graham Robinson, Chief Technology Officer at Data#3, and Carl Solder, Chief Technology Officer at Cisco ANZ, discuss the role of AI in technology, its challenges, and its future potential.
Watch the video in full or jump ahead to the questions linked below.
Graham: Carl, there’s a lot of talk about AI. Many people say it’s at the top of the Gartner hype cycle. There’s a growing number of people now thinking that AI is going to plummet into that trough of disillusionment and it’s going to be years until we actually see any real value from the technology. What are your thoughts?
Carl: We’ll eventually reach a point where AI will address and solve many of the challenges customers are facing today. With the advent of current technologies like ChatGPT, Gemini, and Chord, many people are exploring how to integrate these tools into business operations.
That said, let’s not forget that AI itself is not new. From Cisco’s perspective, we’ve been developing AI for over a decade. In fact, our first AI toolset was launched nearly seven years ago. Cisco has been on this AI journey for quite some time, consistently focusing on how to leverage AI effectively to address customer use cases. I believe we have some fantastic technology solutions available today that are already achieving this.
The release of ChatGPT brought AI to the forefront of public awareness. It essentially announced to the masses that AI is here. However, it’s important to recognise that a broader foundation of AI technologies has been around for a while. These mature solutions are already solving real business problems and are ready for organisations to take advantage of right now.
Graham: When you read the Harvard Business Review, they highlight that 80% of AI projects fail, but only 30% of generative AI projects fail, that means 70% of generative AI projects are not being cancelled and are proceeding through to production. Compared to the stats on digital transformation projects where only 12% succeeded – that’s a huge improvement. AI initiatives are performing multiples better then digital transformation projects. So, I fail to see how we can really say that there’s no value when we’re already seeing progress.
Carl: I agree. On the AI front, there’s generative AI, but we also need to consider how customers are consuming AI. You have the toolsets—like generative AI with chat-style interfaces where you type, interact, and drive workflows. But there’s also generative AI embedded within existing solutions. Often, customers don’t even realise it’s there, yet it’s quietly doing its job and delivering value behind the scenes. That’s where Cisco has been focusing for years. Many of our solutions already have AI built in, operating in the background. Customers may not always notice, but that embedded AI is making a difference.
Graham: The real value of AI adoption lies in moving beyond the hype and turning AI into something that delivers tangible, meaningful outcomes. It’s not about the flashy, in-your-face AI like ChatGPT—it’s about the AI that works quietly in the background, embedded within code and applications, where people use it without even realising they’re engaging with AI.
Carl: Correct. A classic example is the AI-powered radio resource management in the Cisco Meraki dashboard. Imagine a customer with a Meraki Wi-Fi network—there’s an AI engine running in the background, analysing user behaviour, network settings, and configurations. It optimises and fine-tunes the network to deliver a better Wi-Fi experience. Users benefit from this improved performance without necessarily realising AI is at work. It’s seamless, purpose-driven, and delivers clear outcomes.
This kind of embedded AI is something we’ve been leveraging for years. While you could debate whether it qualifies as generative AI, it’s still AI, serving a critical function. Now, with generative AI, we’re seeing entirely new possibilities, like virtual AI systems powered by large language models. These systems represent a shift in how operators interact with infrastructure. Instead of navigating a GUI and clicking buttons, operators can type commands and engage in a conversational workflow.
For example, a security operator could use such a system to craft an optimised security policy. The AI could analyse existing rule sets, identify redundancies, and consolidate rules to make the policy leaner and more efficient. These types of use cases highlight how generative AI can enhance productivity, improve decision-making, and ultimately drive better outcomes for organisations.
There’s also generative AI embedded within existing solutions. Often, customers don’t even realise it’s there, yet it’s quietly doing its job and delivering value behind the scenes.
Carl Solder – CTO A/NZ, Cisco
Graham: AI helps solve a lot of problems, but it raises the question: is it more trouble than it’s worth? One of the most common concerns I hear revolves around the potential threats associated with AI—security risks, overexposure to technology, and fears about AI being used against us. What’s your perspective on AI’s impact on security?
Carl: From our standpoint AI serves as the foundation for how we’re evolving our security portfolio. AI appears in a number of different ways. First, on the backend, every security device needs up-to-date information to identify and respond to current threats. We have an organisation within Cisco actively scouring the internet tracking billions of artifacts daily—emails, file attachments, web links—all in search of emerging threats.
It’s impossible for humans alone to sift through that volume of data, so AI steps in to scale the process. AI analyses those artifacts, identifies new threat vectors, and creates signatures to inform our security solutions. For example, when a solution encounters a flagged instance, it knows to pay closer attention.
AI also works within the technology itself, embedding functions that serve specific purposes. For instance, an AI system might monitor for potential threat signatures and alert SecOps teams when something warrants further investigation.
Beyond these applications, we’re also seeing AI, particularly large language models, redefine how operators interact with networks. This represents a new paradigm—operators moving from GUIs to conversational interfaces powered by AI. This shift is going to be driving a really different way in which operators are going to be doing the job.
Graham: We’ve been in the industry long enough to witness major technology disruptions – the evolution of the PC, the internet and cloud. Each wave has brought significant reskilling. With the rapid acceleration of AI, how do you see this impacting the current skills gap? Do you think AI will exacerbate the issue, or can it be leveraged to help close the gap?
Carl: First thing I’d say is that we’ve both chosen a career where you never stop learning. You take a break, you come back and oh that’s something new that didn’t exist before. The mere fact of being in IT means that you’re going to be on this continuous learning journey because technology is always changing. I see the advancement of technology picking up pace and the generation of new IT practitioners today have got it a little bit tougher than maybe when I started.
Graham: I used to say the only thing constant is change but even the rate of change is no longer constant – it’s accelerating.
Carl: Absolutely, and that means IT careers are inherently built around continuous learning. AI is just another evolution, another chapter in that journey. That said, AI does change the game in terms of how operators will work with infrastructure that they manage.
When I look back, I see an evolution in IT operations. From the traditional NetOps – when I started everything was CLI (Command Line Interface), beautiful CLI! We went through this motion of DevOps where we started using software defined networking tool sets to automate. We also went through this with AIOps a few years ago where we had AI engines embedded in the solutions to enhance operations and streamline specific tasks. Now we’re moving into this era of large language model operations. Instead of just running scripts or using GUIs, operators can now use natural language to implement workflows, troubleshoot, or optimise systems. This shift not only demands new skills but also offers tools to bridge gaps, making IT professionals more efficient in managing modern infrastructure.
Graham: Every period of technological advancement is getting shorter. What does it mean for our people today because technology has accelerated out of the gate over the last five years. There’s also been a number of things happening around the world that have stopped us from upskilling them cross-skilling our people at the same pace. It feels like the gap between technological advancement and education is widening. What role does AI play in addressing that gap?
Carl: When you look at the AI solutions in Cisco’s portfolio today, most IT professionals will find them relatively easy to adopt. For instance, many people have already used tools like ChatGPT, and we’re starting to see similar interfaces integrated into administration panels now. It becomes intuitive, but there will definitely be a learning curve, especially in understanding how to frame questions or commands to leverage AI’s full potential.
The one area that Australia will get to at some point is when you actually build and run your own custom AI workload tailored to your specific business needs. What’s exciting is these tools have the potential to help all employees perform their roles more effectively. It’s not just an IT transformation; it’s a workplace evolution where AI becomes a ubiquitous tool for problem-solving and productivity across all functions.
Graham: When you mention a custom AI workload, you’re referring to a specific application tailored for that customers’ needs. One that would probably be leveraging a third-party large language model or small language model or micro language model to perform a business function. We’re not just talking about the data centre. This extends to edge computing, specific devices, even down to mobile devices. Is that what you’re thinking?
Carl: Absolutely. In Cisco’s portfolio right now, we have an AI chat bot in our contact centre. This chatbot, powered by a large language model, enables true conversational interactions. If you think back a few years, chatbots were rigid, relying heavily on syntax and specific keywords to function. If you didn’t phrase something exactly right, they simply didn’t work.
But now, these chatbots can handle fluid, natural conversations, hugely improving the user experience. It’s not just a better customer interaction, it’s a transformative leap in how businesses engage with their users.
This also extends to IT practitioners. It’s a new world that our operators are starting to go into. Whether it’s automating routine tasks or assisting in daily workflows, these AI-driven systems are opening up new opportunities for efficiency and innovation in business operations.
Graham: Final question because I know we’re well and truly out of time that I could sit here and we have this conversation all afternoon. AI – Are we heading to utopia or dystopia?
Carl: I am a glass half full person, so I’m hoping it’s utopia. Within Cisco we have a group of engineers dedicated to ethics and how we can use AI in an ethical way. I’m optimistic that our engineering teams build AI tool sets that are going to serve mankind in a better way. That they’re going to produce better outcomes for businesses. They’re going to drive better productivity. better profitability, a better customer experience. That’s my hope for this.
That being said there’s always the darker side of human nature who might look to use those tool sets in in a bad way and I don’t think that we can avoid that. The only thing we can do is to continue to build out this technology to help mitigate those threats.
Graham: I share that hope. Going back to our conversation regarding security we know there are malicious actors out there. My hope is that AI for the first time really gives us an opportunity to harness the good in people and scale it to a level that we can actually provide a better future.
Within Cisco we have a group of engineers dedicated to ethics and how we can use AI in an ethical way.
Carl Solder – CTO A/NZ Cisco
Data#3 is a Cisco Gold Partner dedicated to helping organisations build secure, connected, and future-ready operations. As a Master Security Specialised, Master Collaboration Specialised, and Master Networking Specialised partner, Data#3 combines deep expertise with Cisco’s leading technologies to deliver tailored solutions. Recognised as Cisco’s APJC Customer Experience Partner of the Year for two consecutive years, we are committed to driving exceptional outcomes for our customers. Learn more at www.data3.com/cisco.
International Safety Systems wanted to modernise their IT infrastructure and migrate to the cloud.
As International Safety Systems infrastructure neared end of life, the business sought recommendations from a trusted consultant, and determined that a shift to Microsoft Azure was the right path forward. That advisor joined Data#3 and they recognised that the expertise and culture of their partnership would make a good match.
• Scalable environment
• Exceptional availability
• Built-in backup and disaster recovery functionality
• Improved security
• Fast and cost-effective, making it easier to innovate
• Customer’s data is cloud-hosted, residing in their chosen location
• Streamlined onboarding process
• Access to additional expertise
• Avoidance of capital expenditure (CapEx)
The most outstanding part of the project is the improved reliability. We have had no unscheduled downtime thanks to the way our Data#3 consultant designed the platform.
David Rickward – Commercial Director, International Safety Systems
International Safety Systems (ISS) provides customised safety, quality and risk management solutions to customers around the world, helping them to meet compliance requirements while improving their business resilience.
ISS had been hosting its specialised apps in-house, using a thin client approach to distribute software. As available cloud options matured, ISS recognised the potential to work more efficiently and offer an enhanced service to customers.
The AIRS app from ISS is used to capture and manage safety and quality data for customers in stringently controlled industries, such as defence and aerospace. The small, very busy ISS team helps its customers meet all compliance obligations, reducing risk and operating more safely. Until recently, Commercial Director David Rickward said that managing infrastructure was a way of life.
“We had a traditional model, before Software as a Service was widely available. We hosted our software on our own hardware in a Sydney data centre. In addition to the hosting cost we had all the associated maintenance costs and then every five years, we would have to throw it away and start again, which meant incurring substantial capital costs and add-on services. Whilst it allowed us to distribute AIRS online it was a costly and labour-intensive model.”
That service model required effort from customers, and the cost was amplified by the need for extremely high availability to meet the service levels required by clients.
“We had backup redundancy and disaster recovery servers running. Overall, we were happy with the uptime – however, there were occasional unscheduled outages which required on-premises support, adding more cost,” explained Rickward.
As the time for renewal approached, with cloud options now offering greater maturity, ISS sought advice from a trusted cloud specialist, who learned about the ISS business model and made initial suggestions.
“He was experienced with Microsoft Azure. After we started discussions with him, he moved to Data#3. He provided a lot of really good ideas around platform design to make our operations more efficient. We had been working with him for several years and we wanted to continue that relationship.”
After careful evaluation, ISS followed Data#3’s recommendation for a Microsoft Azure environment, first instating one instance of the ISS software, then provisioning more until the solution hosted all customers. Microsoft Azure backup and DR, as well as several Microsoft Azure security and management features were put to work to help the ISS team work efficiently.
“It was a reasonably quick transition by technology standards, taking six months from our first proof of concept discussions, through commitment and implementation. We canvassed our biggest clients to see if there were any issues for them to move to the new environment, especially in terms of security. Their primary concern was where their data would reside.
“We sandbox tested with a couple of our biggest clients, migrated some smaller clients, then lastly the bigger organisations over a period of eight months.”
The solution included expertise from a Data#3 cloud specialist, so that ISS would always be positioned to work proactively and able to get the most form the Microsoft Azure platform, while managing costs effectively.
“We’re leveraging our Data#3 cloud specialist as our platform manager. We monitor the day-to-day ourselves, and he does general housekeeping a couple of times a month to ensure updates are installed. He also talks us through new security features we might be interested in. This input is invaluable to us – we’re a small company and can handle tasks ourselves but can’t do everything in-house. This arrangement gives us access to the wider resources of Data#3 when we need it.”
Rickward has stated that the flexibility of the Microsoft Azure platform has already impressed ISS clients, given the speed and cost-effectiveness of rolling out the custom app that the company is known for. The feedback has been overwhelmingly positive.
“One client in the aviation industry initially wanted to run the app in-house. They went to their IT department, who quoted six figures for the new servers, and managing and monitoring those assets. We can spin up a dedicated host for them and provide continuous access to data. It was one fifth of the cost that their internal IT would have needed.
“They would have had to go through getting budget approval, which would have taken 12 months, but being a pay-as-you-go model, it was signed off within a week.”
Microsoft invests around $1 billion (USD) each year on Microsoft Azure security, with developers designing solutions for the modern threat landscape where organisations face an increasingly sophisticated barrage of attacks. Rickward said that this timely boost to security is “absolutely a plus”, with the shift to the secure online platform reducing risk for ISS and its clients.
“It is a valuable part of the solution without a shadow of a doubt. Before, every thin client had its own port, so there were multiple ports facing the world. By changing, customers now have web access through a firewall, with only one single point of entry. When you look at it from a security risk point of view, it is considerably better than before, and our customers stay safer.”
The transition for customers went smoothly, causing no disruption and earning praise for the improved ISS offering after the shift to Microsoft Azure.
“Their lives got easier without having to run the thin client. The cutover was seamless, and the users had their familiar app, they weren’t seeing any difference except that they just had to use a hyperlink instead of clicking an icon on their desktop.”
As a technology business itself, ISS places considerable importance on finding solutions that keep its lead position in its competitive market.
“We can stay at the forefront of technology, always using the latest and greatest, as opposed to buying hardware that becomes obsolete in a month, which then becomes a patch job. Moving to the Microsoft Azure platform means we can stay at the front of the curve, in turn giving our customers the best outcomes,” described Rickward.
This progress is aided by sharing knowledge, with the Data#3 Azure expert helping the small ISS team to gain confidence in the new platform. Rickward is happy that the business has benefitted from someone with enormous depth of Azure experience.
“He has done quite a bit of work with our internal team on things like day-to-day monitoring and firewalls. He’s helped our team to completely understand what to look for, and how to achieve compliance.
“It has been a game-changer for us, and we look at it as a partnership arrangement. Given what the Data#3 Azure expert has delivered us, it is a lot more capability than we would otherwise have, and we’ve gained a lot more capability in-house with him there.”
That capability extends to helping ISS respond to requests for tenders. Rickward said that the ability to access expertise helps to show prospective corporate and government clients that ISS has the capability needed when providing such a critical service.
“The advantage of dealing with a technology company like Data#3 is that if we don’t have specific expertise in-house, we know we have it through them. When we’re bidding on some contracts, it gives us more credibility to have that support, especially in the government space. We do a lot of work for government and from a security point of view, if we’re working with an organisation that is already approved, it makes for a more seamless transition, and we don’t have to delay delivery getting approvals.”
For customers, the Microsoft Azure platform raises the bar for custom solutions. ISS can now offer shared platforms, where customers’ individual environments are logically separated, and where customers prefer, dedicated platforms can be quickly provided. The ability to store data in their own or an approved jurisdiction has proven to be essential.
“Microsoft Azure provides more flexibility, allowing us to do more for our clients with specific requirements. For example, for legal or regulatory reasons, clients may need to ensure their data is stored in a particular jurisdiction. With Microsoft Azure we know we can provide that assurance and have them covered.”
It has been a game-changer for us, and we look at it as a partnership arrangement. Given what the Data#3 Azure expert has delivered us, it is a lot more capability than we would otherwise have.
David Rickward – Commercial Director, International Safety Systems
Although Rickward said that any major change in delivery method had the “potential to be traumatic”, he was clear that with the right team in place, it didn’t have to be.
“My advice is simple: find someone who totally understands what you do. Data#3 was very good in terms of what we were trying to achieve and that understanding meant we were able to map it out together – it was truly a collaborative experience. In terms of understanding the platform and how to manage disaster recovery, that was important.
“The transition itself should be made straightforward – taking the environment off the existing platform and moving it into the cloud. However, there are so many tricks to managing Microsoft Azure well with the right security around it, it’s essential to engage with an experienced consulting firm.
You might be tempted to do it yourself, but you will end up saving money and getting a better result with the right partner. When I filled out the customer satisfaction survey, I gave it a 10 out of 10. One hundred percent!”
Ultimately, the solution was measured by ISS against the benefits and service levels they were able to provide to their valued customers around the world. The switch to the Microsoft Azure platform has been deemed a success.
“The most outstanding part of the project is the improved reliability; we have had no unscheduled downtime because of the way the platform is set up. When we did have minor issues, we were able to failover to backup systems without service interruption. The service delivery has been outstanding,” concluded Rickward.
Download Customer Story Explore how Microsoft Azure can benefit your business
In this AI edition of our Security Minutes series, Richard Dornhart, Data#3’s Security Practice Manager, sits down with Carl Solder, Cisco’s Chief Technology Officer A/NZ, to discuss the impact of AI in cyber security—from Cisco’s latest AI-powered solutions to the challenges posed by adversarial AI.
As a Cisco Master Security Specialised Partner and Gold Partner, Data#3 has one of Australia’s most mature and highly accredited security teams. You can trust our expert team to help you navigate the challenges faced today around how to connect and protect your network.
To discuss any aspect of security in your environment, please get in touch with us today.
This isn’t another “what is zero-trust” article – I think we can all agree that we’ve moved beyond that as we know it isn’t a product, it’s not a replacement for firewalls or VPNs, and it’s not something you do and then move on.
However, it is essential and appears in some form on virtually every government department’s cybersecurity strategic plan. Some departments and agencies have made progress and implemented elements of the zero-trust model within their environment, but not at a broad enough level to provide the promised levels of protection. Hence, despite the plan, they’re still vulnerable to a cyber-attack.
If zero trust is essential and part of a plan, why are government departments and agencies struggling to implement it? This post will explore that question.
The imperative to adopt zero-trust security has never been clearer for government departments and agencies. In an era of remote work, cloud-based services, and increasingly sophisticated cyber threats, zero-trust is an additional, identity-based layer that reduces the reliance on increasingly ineffective perimeter defences.
Driven by mandates from federal, state, and local authorities (such as the new Cyber Security Bill 2024), and the recognition that a new security model is needed, government entities are eager to embrace the principles – but reality on the ground tells a different story. Despite the strategic importance of zero trust, many government entities are struggling to turn that vision into tangible action for a number of reasons.
As a result, many government organisations find themselves stuck in a paradoxical situation. They know zero trust is where we all need to be, but the path remains elusive. Instead of bold action, their security roadmaps remain tactical and address the next pressing need rather than being a strategic, long-term plan that is continuously checked and aligned to.
In a recent discussion with a financial industry CISO, they revealed that these pitfalls are all too common. Despite an acknowledgement of the need for zero trust in their cybersecurity plan, and a multi-million dollar investment, they also:
Breaking free of this paradox requires a fundamental shift in mindset and approach. Rather than viewing zero trust as a product- or tool-based, all-or-nothing proposition, government agencies must embrace a more strategic, process-driven incremental path forward. They can chart a course towards zero trust success by focusing on their most critical assets, prioritising use cases, and partnering with experienced advisors who take this process-driven approach.
Without trivialising the difficulties of implementing zero trust, there are some principles to consider:
Do this by conducting an audit to pinpoint the most sensitive data, applications, and systems requiring the highest level of protection. Then, identify your Protect Surface DAAS elements – Data, Applications, Assets, Services.
While tools and solutions are a component of the zero-trust model, they too often become the focus of government security teams looking for tangible ways to move forward. While tools can provide valuable data points, implementing zero trust effectively requires a more holistic, process-driven approach. Simply relying on a tool to assess one’s zero-trust posture is insufficient.
That’s why working with experienced advisors like Data#3 and Business Aspect, who can guide you through a comprehensive readiness assessment and the development of a practical zero-trust roadmap, is critical. This process-oriented approach, rather than a tool-centric one, can ensure that government entities have a clear understanding of their current state, their priorities, and the steps needed to achieve their zero trust goals.
This includes:
The final factor is understanding the vendor landscape. Vendor solutions are a critical implementation component, and aligning the right vendor solution is easier for a partner like Data#3, with its extensive vendor relationships and accreditations.
For example, government entities that have made significant investments in Cisco networking could use Data#3’s 25+ year relationship with Cisco to access their extensive security portfolio and zero-trust capabilities.
Implementing zero trust is a marathon, not a sprint. Government entities can chart a course toward a more secure, adaptable, and future-proof security architecture by taking a phased, strategic approach—identifying critical assets, assessing current capabilities, and partnering with experienced advisors. If you would like to discuss further please reach out to me using the contact button below or contact your account manager.
Data#3, in partnership with Cisco, will be hosting Security Resilience Assessment Workshops in 2025. These workshops will guide you through a self-assessment of your security posture using the updated CISA Zero Trust Model.
Register your details below to receive an invitation.
