Home
You’re currently viewing our content for All Regions.
You can switch to a different region:
May 7, 2026
Risks are real, threats are targeted and attacks are aggressive – the protection of business-critical assets has never been more critical yet complex for organisations across Australia.
Forever referenced yet seldom addressed, building a robust first line of defence must now become the default approach of a market inundated with high-profile breaches.
And that starts with pre-emptive networking security for the AI age.
Combining the power of Protective DNS and predictive threat intelligence, forward thinking businesses are strengthening defence plans to intercept threats before they spread to users, workloads and infrastructure.
“Australian organisations are moving away from a mindset of ‘building higher walls’ towards pre‑emptive, network‑centric defence,” outlined Scott Morris, Managing Director of Australia and New Zealand (A/NZ) at Infoblox.
“Instead of relying on a single control at the perimeter, leaders are prioritising controls that sit closest to where users, workloads and data actually live – particularly at the DNS and network layers, where most attacks first show their hand.”
In this context, Morris observed that business priorities are shifting in three ways:
Debated at an Executive Roundtable in Sydney – in association with Moxie Insights, Infoblox and leading CISOs across Australia – executives tackled the issue of cyber defence at the source, highlighting executive best practice spanning security, networking and AI.
“AI isn’t just another efficiency tool, it fundamentally changes both the speed and scale of attacks and defence,” noted Madhuri Nandi, Head of Security at Nuvei.
“The first ‘weapon’ security teams sharpen is visibility. You need to understand what’s happening across your network, where the data is flowing and what systems are doing before you even think about breaking or tuning any controls.”
According to Moxie Research – Security Outlook: Australia 2025 / 2026 – 46% of Australian organisations now cite ‘coverage and visibility’ as the most important criteria when evaluating a cyber security solution.
“AI massively amplifies this visibility, helping detect subtle patterns, anomalies and early signs of compromise that humans would otherwise miss,” Nandi added.
“Once visibility is solid, teams can focus on reducing the attack surface and hardening the environment. AI then becomes the force multiplier helping prioritise threats, detect emerging patterns in real time and enable faster response.
“In short, the reshaping is two-fold; perfect the basics and then layer AI to act smarter and faster than humans alone.”
According to Moxie Research, 82% of Australian organisations will prioritise strengthening risk management and cyber resilience during the next 6-12 months. This also extends to preparing the business for a ransomware incident in the first 24 hours (74%) and meeting regulatory and compliance requirements more effectively (72%).
“The first big challenge in network security is attack‑surface sprawl,” Morris added.
“Hybrid working, SaaS adoption and multi‑cloud architectures mean that the ‘network’ is no longer a set of well‑defined corporate sites; it’s everywhere. That makes consistent policy enforcement and visibility very difficult.”
In alignment, Nandi noted the ongoing challenge of complexity in the network.
“Networks today aren’t just on-premises anymore, they’re hybrid, spanning cloud, SaaS and legacy systems,” Nandi said.
“Every application, every identity, every endpoint adds another micro-perimeter that needs monitoring. For example, a single employee using multiple cloud apps can create dozens of potential exposure points, all of which must be tracked and secured.”
Based on Moxie Research, security uplift exercises are underway in response with only 54% of Australian businesses confident that current investments ‘fully align’ with the evolving risk profile of the organisation.
That number drops significantly when asked how frequently organisations reassess their cyber security roadmap in response to emerging threats or regulatory changes.
Only 19% of Australian businesses are committed to ‘continuous, ongoing updates’ with the majority either on an ‘occasional, annual’ cycle (29%) or ‘reactively, only after incidents or mandates’.
“Legacy infrastructure and technical debt hold many organisations back,” Morris continued. “You can’t easily apply modern, API‑driven, AI‑enabled controls to platforms that were never designed to integrate or share telemetry.
“Plus, there’s a skills and capacity gap. Security teams are overwhelmed by alerts and struggle to correlate network, endpoint and identity signals quickly enough. Even when they have good tools, the noise level can be so high that meaningful threats are missed.”
Building on this point, Nandi emphasised the heightening risk associated with talent fatigue in security.
“Security teams are expected to operate at machine speed, responding to alerts, patching vulnerabilities and investigating incidents while still handling manual tasks,” Nandi added. “This constant pressure often leads to burnout, missed signals and delayed responses.”
Under this level of pressure, 65% of Australian organisations are struggling to demonstrate ‘clear measurable impact’ from cyber security investments. Within this group, more than a third reported ‘inconsistent’ measurement and linkage to risk reduction while over a quarter lack clear metrics and evidence.
According to Moxie Research, Australian businesses currently cite security investment as having:
“Many executives still find it hard to translate network security posture into business‑level language – risk to revenue, brand and regulatory exposure – which can slow investment in the right controls,” Morris acknowledged.
Finally, governance around AI is still evolving. AI can detect patterns and anomalies faster than humans but if it’s not properly tuned or monitored, it can create blind spots or give a false sense of security.
“Organisations must ensure AI augments human decision-making, not replaces it, and that teams understand the reasoning behind AI-generated alerts before acting,” Nandi advised.
As the threat landscape evolves in scale and severity, businesses are balancing traditional network hygiene with the need to modernise towards AI-assisted, real-time threat prevention.
“It’s no longer an either–or choice,” Nandi cautioned. “Traditional network hygiene, things like keeping an up-to-date asset inventory, proper segmentation, timely patching and strict access controls remain the foundation.
“Without these basics, introducing AI can actually make things worse, because it ends up amplifying the noise rather than highlighting real threats.”
Based on experience in the financial services sector, Nandi observed a blended approach in practice.
For example, a team might automate patching and monitor network segmentation continuously, while AI tools look for unusual patterns like unusual data flows or abnormal logins in real time. If a machine suddenly sees a service talking to an endpoint it has never communicated with before, AI flags it immediately for investigation.
“The key is operationalising both together,” Nandi added.
“Hygiene keeps the environment clean and predictable, while AI adds the intelligence to detect and respond faster than humans alone. The ideal outcome is a network that’s clean by default and smart by design, where AI enhances what we already do well rather than replacing it.”
In practice, organisations tackling these ongoing challenges head-on treat network hygiene as the fuel for AI, not something that competes with it.
“Businesses are doubling down on fundamentals – accurate asset and IPAM data, consistent DNS and DHCP controls, segmentation, strong configuration management – because these are the sources of truth that make AI‑driven analytics reliable,” Morris added.
On top of that, organisations are layering AI‑assisted analytics and policy enforcement at key control points in the network.
For example, using behavioural models on DNS traffic to spot command‑and‑control or data exfiltration attempts, then automatically blocking and enriching tickets in the SOC.
The hygiene work keeps the environment predictable; the AI layer turns that predictability into real‑time prevention rather than after‑the‑fact investigation.
“DNS is effectively the phone book and control plane of the internet, which makes it one of the earliest and most reliable points to spot malicious activity,” Morris highlighted.
“Most modern attacks rely on DNS at some stage – whether that’s command-and-control, staging, phishing or data exfiltration – so if a business can see and control DNS, they can intercept threats before they reach users, workloads or infrastructure.”
By combining Protective DNS with AI and predictive threat intelligence, Morris said organisations can analyse patterns in queries at massive scale; new or suspicious domains, domain-generation algorithms, DNS tunnelling behaviours and more.
“Models can then automatically categorise risk and block high-risk traffic in real time, while feeding rich context into SIEM and SOAR platforms for investigation,” Morris continued.
“Through our Protective DNS and threat-intelligence platform, we’re currently blocking new malicious destinations an average of 68 days before the wider industry even sees a patient zero, giving Australian organisations a decisive head start on emerging threats.
“In other words, DNS plus AI turns a traditionally passive service into a high-value security control that raises the overall protection level of the network.”
Today, best practice will no longer just mean having the latest tools, rather a strategy with resilience baked into the network.
As outlined by Nandi, that translates into organisations requiring:
“Ultimately, good will mean networks that anticipate threats, absorb impact and recover quickly so business keeps running, even under attack,” Nandi summarised. “It’s about blending people, process and technology in a way that’s practical, accountable and forward-looking.”
For Morris, a strong first line of defence starts with recognising that network and DNS infrastructure are security assets, not just connectivity utilities.
Best practice includes:
In 2026, ‘good’ looks like a security posture where pre-emptive security controls are implemented to ensure most attacks are quietly blocked at the first query response workflows are heavily automated, and the board has clear, data‑driven visibility into risk reduction – not just a long list of tools.
“Infoblox is focused on helping organisations turn core network services into a security advantage with advanced pre-emptive security capabilities,” Morris expanded.
“Our platforms bring together DDI, Protective DNS and threat intelligence so customers can see and control traffic across on-premises, cloud and remote environments from a single pane.
“That gives security and network teams the shared visibility they need to act quickly, including the ability to pre-emptively block threats an average of 68 days before industry first encounters a patient zero.”
The business is also heavily investing in AI-driven detection at the DNS layer, surfacing high-fidelity signals into existing SOC stacks such as SIEM and SOAR tools, and working closely with partners to integrate with broader security architectures.
This is in addition to entering the final stages of completing IRAP assessment across the entire Infoblox platform, aligning services to Australian Government and critical infrastructure requirements.
To further strengthen this, Infoblox has committed dedicated resources to deliver a local control plane in Australia by 31 October 2026, underpinning Australian data sovereignty for the vendor’s SaaS platform and ensuring sensitive telemetry can be kept on-shore.
“Building a robust first line of defence can’t remain an aspirational talking point – it has to become the default operating model for Australian organisations,” Morris advised.
“AI will undoubtedly raise the sophistication and scale of attacks but it also gives defenders a powerful set of tools. The organisations that will win are those that start at the source – the network – leveraging pre-emptive security capabilities of DNS, data and automation to make every other control smarter.”
In that sense, the message is simple – businesses don’t need to rip and replace everything to get there.
“Start with the network services you already rely on every day, turn them into intelligent control points – reinforced by capabilities like Protective DNS, IRAP-aligned assurance and on-shore control planes – and you’ll be a long way toward building an AI-ready security posture,” Morris concluded.
Inform your opinion with executive guidance, in-depth analysis and business commentary.
