IT, Telecom & Cyber · Australia (Perth)

Rework Contracts and Ops for Network, Backup and AI Controls

Published May 9, 2026, 6:06 AM AWSTAPACFull category signal
Ask AI
Kyndryl adds AI to prevent IT outages before they happen

In 60 seconds

Top move

Kyndryl's agentic AI is already in live use and can materially reduce incident-driven costs, so procurement should treat managed‑service renewals as an opportunity to lock in prevention-focused SLAs and human‑review obligations

Key takeaways

  • Kyndryl's agentic AI is already in live use and can materially reduce incident-driven costs, so procurement should treat managed‑service renewals as an opportunity to lock in prevention-focused SLAs and human‑review obligations.[1]
  • Megaport's in‑network DDoS protection shifts mitigation billing toward predictable connectivity charges, meaning connectivity contracts and pass‑through pricing need review to avoid hidden OPEX changes.[2]
  • Firewalls remain the enforcement point for legacy, OT and inline TLS inspection (including future quantum‑safe TLS), so migration plans that remove on‑site inspection risk operational gaps in latency‑sensitive or unpatchable environments.[3]
  • Object First's Fleet Manager centralises backup telemetry without touching backup data, reducing labour for distributed Veeam estates and creating a new support‑contract value that suppliers may leverage at renewal.[4]
  • Broad theme: security functionality is moving deeper into the network and platform layers while automation grows; integration, vendor claims about autonomy, and contracted validation remain the practical gating items to adoption.[1]

What changed since last run

  • New operational signals on network-level security and prevention: Megaport's built-in DDoS and Kyndryl's deployed AI ops shift buying conversations from reactive incident response to preventive SLAs (previous brief fo...
  • Backup management centralisation (Object First Fleet Manager) appears as a supplier value-add tied to support contracts, which is different from the identity and training contract levers raised in the prior brief.

Key facts

  • Deployed across more than 1,400 Kyndryl Bridge customers
  • Platform generates over 16 million AI insights each month
  • Vendor reports up to 50% fewer IT incidents in some customer settings
  • Built‑in mitigation operates inside Megaport Internet
  • Focuses on Layer 3 and Layer 4 attacks with passive and active modes
  • Pricing tied to connection capacity instead of attack volume

Why it matters

Kyndryl's agentic AI is already in live use and can materially reduce incident-driven costs, so procurement should treat managed‑service renewals as an opportunity to lock in prevention-focused SLAs and human‑review obligations. Megaport's in‑network DDoS protection shifts mitigation billing toward predictable connectivity charges, meaning connectivity contracts and pass‑through pricing need review to avoid hidden OPEX changes. Firewalls remain the enforcement point for legacy, OT and inline TLS inspection (including future quantum‑safe TLS), so migration plans that remove on‑site inspection risk operational gaps in latency‑sensitive or unpatchable environments. Object First's Fleet Manager centralises backup telemetry without touching backup data, reducing labour for distributed Veeam estates and creating a new support‑contract value that suppliers may leverage at renewal

Cost / money

  • Preventive AI in managed services can reduce incident OPEX and maintenance spend, changing the OPEX/CAPEX mix procurement must budget for when comparing in‑house vs outsourced operations.[1]
  • Megaport's capacity‑tied pricing moves DDoS mitigation costs from variable incident billing to predictable connectivity OPEX, which may require contract amendments to pass costs through cleanly.[2]

Supplier / commercial

  • Firewall vendors are repositioning appliances as tightly integrated cloud and AI enforcement nodes; expect bundled integration SOWs, longer onboarding terms, and more leverage on scope and support.[3]
  • Object First offering Fleet Manager at no extra cost to support‑contract holders changes the renewal value proposition and gives incumbents a negotiating lever for support-tier upsell.[4]

Safety / operations

  • Kyndryl's agentic AI reduces incidents but embeds a human‑validation step; operations must keep explicit escalation and rollback controls in place to prevent unsafe automated changes.[1]
  • In‑network DDoS filtering reduces detour latency risk versus external scrubbing, but mitigation modes and 'fail‑open' behaviours must be tested to avoid unintended availability impacts during large events.[2]

What to watch

  • Some vendors may market simplified cloud or agent replacements for all firewall functions; don't assume cloud controls can replace on‑site inspection for OT, medical devices, or legacy segments without validation.[3]
  • Kyndryl's headline reductions in incidents are vendor‑reported; verify measured outcomes and false‑positive rates rather than accepting aggregate claims into renewal SLAs.[1]

Top stories

Story 1SecurityBrief Australia

Kyndryl adds AI to prevent IT outages before they happen

Signal strongSource-grounded
Source notes [1]Read source

What happened

Kyndryl has added an agentic AI feature to its Kyndryl Bridge platform that detects and triggers actions to prevent IT outages. The feature is in production across a large installed base and the vendor reports significant incident reductions, but the platform includes a human‑review step before agents act. Procurement should watch measured false‑positive rates, validation methods, and required telemetry exports before accepting automation authority

Buyer takeaway

Treat vendor claims as conditional: accept prevention benefits only with explicit SLAs, telemetry export, and rollback controls so procurement can enforce safe automation

Cost / money

Potentially reduces incident OPEX and support costs, shifting buying emphasis toward outcome‑based managed services rather than pure labour headcount

Supplier / commercial

Vendors will push for broader automation rights and longer managed‑service terms; require clear acceptance criteria and telemetry rights during negotiation

Safety / operations

Operational safety depends on defined human‑in‑the‑loop review points and validated rollback/runbook behaviours before agents can act in production

What to watch

Vendor‑reported aggregate savings and incident reductions need independent verification; ask for raw metrics and false‑positive/false‑negative rates

Key facts

  • Deployed across more than 1,400 Kyndryl Bridge customers
  • Platform generates over 16 million AI insights each month
  • Vendor reports up to 50% fewer IT incidents in some customer settings

Source excerpts

For Kyndryl, the addition expands the role of Kyndryl Bridge beyond observability and support into more direct intervention in customer operations
Kyndryl said its experts review and validate the generated insights to ensure they fit each customer environment before operational decisions are made. That review step is significant because many businesses remain cautious about handing control of production systems entirely to automated agents
Kyndryl did not detail which remediation steps are automated by default and which require human approval, but said the system is intended to support earlier intervention and reduce operational disruption. Xerxes Cooper, Global Leader, Kyndryl Delivery, outlined the company's rationale for the launch
Story 2SecurityBrief Australia

Megaport launches built-in DDoS protection for network

Signal strongSource-grounded
Source notes [2]Read source

What happened

Megaport launched built‑in DDoS protection that filters malicious traffic inside its network fabric rather than routing traffic to external scrubbing providers. The service focuses on Layer 3 and Layer 4 attacks and ties pricing to connection capacity, which reduces variable attack‑based billing but changes how mitigation costs appear on invoices. Procurement should validate coverage scope (L3/L4 only) and failover behaviour before shifting critical paths to this model

Buyer takeaway

Expect connectivity and security to be sold together; validate what mitigation layers are covered and capture failover guarantees

Cost / money

Moves variability of attack billing into predictable connectivity OPEX; check whether capacity tiers increase base spend

Supplier / commercial

Connectivity providers will use bundled security as a differentiation point—use that in negotiations to consolidate suppliers or to require performance credits

Safety / operations

In‑network filtering reduces added latency from scrubbing but requires operational confidence in mitigation modes and outage runbooks

What to watch

Watch for shorter quote validity, reopeners, pass-through requests, or attempts to reset pricing on the back of weak evidence

Key facts

  • Built‑in mitigation operates inside Megaport Internet
  • Focuses on Layer 3 and Layer 4 attacks with passive and active modes
  • Pricing tied to connection capacity instead of attack volume

Source excerpts

Pricing is tied to connection capacity rather than the volume or frequency of attacks, a structure intended to avoid the variable billing sometimes seen in older mitigation services
Megaport has launched a built-in DDoS protection service for its network, designed to protect traffic on Megaport Internet without sending it to an external mitigation provider. The service filters malicious traffic within Megaport's own network, aiming to avoid the extra latency and routing changes that can come with third-party scrubbing services
How it works The service sits within Megaport Internet, the company's internet connectivity offering. Customers can add the protection through the Megaport Portal, with deployment taking less than a minute, according to Megaport
Story 3SecurityBrief Australia

The Death of the Firewall

Signal moderateSource-grounded
Source notes [3]Read source

What happened

Security commentary argues the firewall is far from dead and is evolving into cloud‑integrated, AI‑driven enforcement nodes that handle inline TLS inspection and local enforcement for legacy and OT systems. The point is operational: many factory, medical and legacy systems cannot tolerate cloud‑only controls, so on‑site inspection remains required. Procurement should avoid blanket migration assumptions and plan for hybrid enforcement purchases where low‑latency local control is needed

Buyer takeaway

Treat modern firewalls as specialized enforcement nodes that must integrate with cloud controls and support inline TLS inspection where needed

Cost / money

Upgrading for inline TLS/PQC inspection and edge AI will increase scope and integration costs compared with legacy appliance replacements

Supplier / commercial

Vendors will bundle management and cloud integration—expect SOWs that cover orchestration and lifecycle for hybrid deployments

Safety / operations

Local enforcement remains necessary for OT and legacy segments that cannot accept cloud latency or changes; keep on‑site inspection in scope

What to watch

Don't accept vendor narratives that claim perimeter removal for all environments; validate per‑site tolerances and legacy constraints

Key facts

  • Firewall market remains a substantial, growing segment
  • Modern role is convergence with networking and cloud security (SASE/SSE)
  • Inline TLS/SSL inspection is cited as a key enforcement responsibility

Source excerpts

The firewall's role is more specialized than it was, more tightly integrated with cloud services and more focused on the scenarios where local enforcement is irreplaceable
Hospitals operate medical devices on isolated network segments because those devices cannot tolerate the latency or complexity of cloud-based access controls
As organizations migrate to NIST-standardized post-quantum cryptography algorithms, the firewall is the enforcement point where quantum-safe TLS inspection gets implemented
Story 4SecurityBrief Australia

Object First launches Fleet Manager for backup estates

Signal moderateSource-grounded
Source notes [4]Read source

What happened

Object First released Fleet Manager, a cloud service that centralises monitoring for distributed Veeam backup estates while explicitly not accessing backup data, and it's available at no extra cost to customers with active support contracts. Operationally this reduces engineer time spent connecting to multiple VPNs and dashboards across sites. Procurement should consider telemetry‑only management clauses to gain oversight without compromising immutability, but note the relevance is limited to Veeam/Ootbi environments

Buyer takeaway

Use telemetry‑only management offers to reduce operational strain on distributed backup estates while insisting on non‑access guarantees for immutability

Cost / money

Can lower labour costs for service providers and enterprises that manage multiple sites by reducing time spent logging into separate systems

Supplier / commercial

Bundling telemetry tools into support changes renewal value proposition—suppliers may push for higher tiers tied to monitoring features

Safety / operations

Centralised telemetry improves visibility for ransomware response without exposing backup content, preserving recovery integrity

What to watch

Limited relevance for organisations not on Veeam/Ootbi stacks; check dependency on active support contracts

Key facts

  • Service gives a single view across multiple backup clusters and customer estates
  • Monitors telemetry only to preserve backup immutability
  • Offered at no extra cost to customers with active support contracts

Source excerpts

Object First cited Enterprise Strategy Group research showing that 96% of ransomware attacks target backup data, using the figure to underline the need for tighter oversight of distributed environments. Fleet Manager centralises monitoring without accessing backup data itself
Object First has launched Fleet Manager for distributed Ootbi backup storage deployments. The service is available to Ootbi users with active support contracts at no extra cost
Fleet Manager centralises monitoring without accessing backup data itself

VP Snapshot

Executive Risk & Action View

Kyndryl's agentic AI is already in live use and can materially reduce incident-driven costs, so procurement should treat managed‑service renewals as an opportunity to lock in prevention-focused SLAs and human‑review obligations.

Overall
65
Cost
79
Supply
43
Schedule
20
Compliance
15

Top signals

30-180dcost

Signal 1: Cost / money

Preventive AI in managed services can reduce incident OPEX and maintenance spend, changing the OPEX/CAPEX mix procurement must budget for when comparing in‑house vs outsourced operations.

Signal 2: Cost / money

Megaport's capacity‑tied pricing moves DDoS mitigation costs from variable incident billing to predictable connectivity OPEX, which may require contract amendments to pass costs through cleanly.

Signal 4: Supplier / commercial

Object First offering Fleet Manager at no extra cost to support‑contract holders changes the renewal value proposition and gives incumbents a negotiating lever for support-tier upsell.

180d+commercial

Signal 3: Supplier / commercial

Firewall vendors are repositioning appliances as tightly integrated cloud and AI enforcement nodes; expect bundled integration SOWs, longer onboarding terms, and more leverage on scope and support.

30-180dsupplier

Signal 5: Safety / operations

Kyndryl's agentic AI reduces incidents but embeds a human‑validation step; operations must keep explicit escalation and rollback controls in place to prevent unsafe automated changes.

0-30dsupply

Signal 6: Safety / operations

In‑network DDoS filtering reduces detour latency risk versus external scrubbing, but mitigation modes and 'fail‑open' behaviours must be tested to avoid unintended availability impacts during large events.

Recommended actions

ContractsDue 3d

Request AI agent control, validation and rollback runbooks from managed‑service and MSP suppliers.

Collected runbooks and validation criteria to attach to near‑term renewals

CategoryDue 3d

Confirm current DDoS billing model and capacity pass‑through mechanics for Megaport or equivalent connectivity suppliers.

Documented billing model and recommended contract amendment points

ContractsDue 21d

Amend SOW/RFx templates to accept telemetry‑only backup monitoring while preserving immutability and access controls for backup data.

SOW language enabling telemetry dashboards for monitoring with explicit non‑access clauses

CategoryDue 21d

Survey edge and OT sites to identify where modern inline TLS inspection or firewall upgrades are required, and draft technical specs for those locations.

Prioritised list of sites and procurement spec for inline inspection upgrades

OpsDue 60d

Negotiate SLA and telemetry export clauses that include AI performance metrics, human‑validation obligations, and acceptance criteria for agentic automation pilots with key mana...

SLA addendum with measurable AI performance and validation gates for automation rollout

ContractsDue 60d

Pilot built‑in network DDoS mitigation on a critical path and capture failover and latency measurements for contract change control.

Pilot report documenting mitigation behaviour, latency impact and proposed contract language

Risk register

RiskTriggerMitigation
Some vendors may market simplified cloud or agent replacements for all firewall functions; don't assume cloud controls can replace on‑site inspection for OT, medical devices, or legacy segments without validation.Some vendors may market simplified cloud or agent replacements for all firewall functions; don't assume cloud controls can replace on‑site inspection for OT, medical devices, or legacy segments without validation.Confirm exposure with category, contracts, and operations before the next supplier commitment.
Kyndryl's headline reductions in incidents are vendor‑reported; verify measured outcomes and false‑positive rates rather than accepting aggregate claims into renewal SLAs.Kyndryl's headline reductions in incidents are vendor‑reported; verify measured outcomes and false‑positive rates rather than accepting aggregate claims into renewal SLAs.Confirm exposure with category, contracts, and operations before the next supplier commitment.

CM Snapshot

Category Manager Decision Detail

Today's priorities

Request AI agent control, validation and rollback runbooks from managed‑service and MSP suppliers.

because Kyndryl and similar providers are operating agentic AI that acts on infrastructure and procurement needs concrete runbooks to define acceptance and human review points b...

Due 3d

high

CM move

Use this as the immediate supplier or contract action to move before the next sourcing gate.

Confirm current DDoS billing model and capacity pass‑through mechanics for Megaport or equivalent connectivity suppliers.

because Megaport's service ties pricing to connection capacity and that shift can alter OPEX pass‑throughs and ordering logic for connectivity lines.

Due 3d

high

CM move

Use this as the immediate supplier or contract action to move before the next sourcing gate.

Amend SOW/RFx templates to accept telemetry‑only backup monitoring while preserving immutability and access controls for backup data.

because Object First's Fleet Manager centralises backup telemetry without accessing backup content and procurement should standardise clauses that allow oversight without compro...

Due 21d

high

CM move

Use this as the immediate supplier or contract action to move before the next sourcing gate.

Survey edge and OT sites to identify where modern inline TLS inspection or firewall upgrades are required, and draft technical specs for those locations.

because the firewall remains the enforcement point for TLS/quantum‑safe inspection and many legacy/OT systems cannot be migrated to cloud controls without operational impact.

Due 21d

high

CM move

Use this as the immediate supplier or contract action to move before the next sourcing gate.

Supplier radar

SecurityBrief Australia

high

Observed supplier signal

Firewall vendors are repositioning appliances as tightly integrated cloud and AI enforcement nodes; expect bundled integration SOWs, longer onboarding terms, and more leverage on scope and support.

Commercial implication

Firewall vendors are repositioning appliances as tightly integrated cloud and AI enforcement nodes; expect bundled integration SOWs, longer onboarding terms, and more leverage on scope and support.

Next step: Validate the source-backed signal with incumbents and alternates before the next award or pricing decision.

SecurityBrief Australia

high

Observed supplier signal

Object First offering Fleet Manager at no extra cost to support‑contract holders changes the renewal value proposition and gives incumbents a negotiating lever for support-tier upsell.

Commercial implication

Object First offering Fleet Manager at no extra cost to support‑contract holders changes the renewal value proposition and gives incumbents a negotiating lever for support-tier upsell.

Next step: Validate the source-backed signal with incumbents and alternates before the next award or pricing decision.

Negotiation levers

Request AI agent control, validation and rollback runbooks from managed‑service and MSP suppliers.

When to use: because Kyndryl and similar providers are operating agentic AI that acts on infrastructure and procurement needs concrete runbooks to define acceptance and human review points b...

Expected outcome: Collected runbooks and validation criteria to attach to near‑term renewals

Commercial mechanism to carry into the next supplier conversation

Confirm current DDoS billing model and capacity pass‑through mechanics for Megaport or equivalent connectivity suppliers.

When to use: because Megaport's service ties pricing to connection capacity and that shift can alter OPEX pass‑throughs and ordering logic for connectivity lines.

Expected outcome: Documented billing model and recommended contract amendment points

Commercial mechanism to carry into the next supplier conversation

Amend SOW/RFx templates to accept telemetry‑only backup monitoring while preserving immutability and access controls for backup data.

When to use: because Object First's Fleet Manager centralises backup telemetry without accessing backup content and procurement should standardise clauses that allow oversight without compro...

Expected outcome: SOW language enabling telemetry dashboards for monitoring with explicit non‑access clauses

Commercial mechanism to carry into the next supplier conversation

Survey edge and OT sites to identify where modern inline TLS inspection or firewall upgrades are required, and draft technical specs for those locations.

When to use: because the firewall remains the enforcement point for TLS/quantum‑safe inspection and many legacy/OT systems cannot be migrated to cloud controls without operational impact.

Expected outcome: Prioritised list of sites and procurement spec for inline inspection upgrades

Commercial mechanism to carry into the next supplier conversation

Talking points

Kyndryl's agentic AI is already in live use and can materially reduce incident-driven costs, so procurement should treat managed‑service renewals as an opportunity to lock in prevention-focused SLAs and human‑review obligations.
Megaport's in‑network DDoS protection shifts mitigation billing toward predictable connectivity charges, meaning connectivity contracts and pass‑through pricing need review to avoid hidden OPEX changes.
Firewalls remain the enforcement point for legacy, OT and inline TLS inspection (including future quantum‑safe TLS), so migration plans that remove on‑site inspection risk operational gaps in latency‑sensitive or unpatchable environments.
Object First's Fleet Manager centralises backup telemetry without touching backup data, reducing labour for distributed Veeam estates and creating a new support‑contract value that suppliers may leverage at renewal.

Supplier radar

SupplierSignalImplicationNext stepConfidence
SecurityBrief AustraliaFirewall vendors are repositioning appliances as tightly integrated cloud and AI enforcement nodes; expect bundled integration SOWs, longer onboarding terms, and more leverage on scope and support.Firewall vendors are repositioning appliances as tightly integrated cloud and AI enforcement nodes; expect bundled integration SOWs, longer onboarding terms, and more leverage on scope and support.Validate the source-backed signal with incumbents and alternates before the next award or pricing decision.high
SecurityBrief AustraliaObject First offering Fleet Manager at no extra cost to support‑contract holders changes the renewal value proposition and gives incumbents a negotiating lever for support-tier upsell.Object First offering Fleet Manager at no extra cost to support‑contract holders changes the renewal value proposition and gives incumbents a negotiating lever for support-tier upsell.Validate the source-backed signal with incumbents and alternates before the next award or pricing decision.high

Negotiation levers

  • Request AI agent control, validation and rollback runbooks from managed‑service and MSP suppliers.because Kyndryl and similar providers are operating agentic AI that acts on infrastructure and procurement needs concrete runbooks to define acceptance and human review points b...Collected runbooks and validation criteria to attach to near‑term renewals

    high confidence

  • Confirm current DDoS billing model and capacity pass‑through mechanics for Megaport or equivalent connectivity suppliers.because Megaport's service ties pricing to connection capacity and that shift can alter OPEX pass‑throughs and ordering logic for connectivity lines.Documented billing model and recommended contract amendment points

    high confidence

  • Amend SOW/RFx templates to accept telemetry‑only backup monitoring while preserving immutability and access controls for backup data.because Object First's Fleet Manager centralises backup telemetry without accessing backup content and procurement should standardise clauses that allow oversight without compro...SOW language enabling telemetry dashboards for monitoring with explicit non‑access clauses

    high confidence

  • Survey edge and OT sites to identify where modern inline TLS inspection or firewall upgrades are required, and draft technical specs for those locations.because the firewall remains the enforcement point for TLS/quantum‑safe inspection and many legacy/OT systems cannot be migrated to cloud controls without operational impact.Prioritised list of sites and procurement spec for inline inspection upgrades

    high confidence

What to do / What to watch

What to do now

  • Request AI agent control, validation and rollback runbooks from managed‑service and MSP suppliers.

    Why: because Kyndryl and similar providers are operating agentic AI that acts on infrastructure and procurement needs concrete runbooks to define acceptance and human review points b...

    Owner: Contracts

    Expected outcome: Collected runbooks and validation criteria to attach to near‑term renewals

    [1]
  • Confirm current DDoS billing model and capacity pass‑through mechanics for Megaport or equivalent connectivity suppliers.

    Why: because Megaport's service ties pricing to connection capacity and that shift can alter OPEX pass‑throughs and ordering logic for connectivity lines.

    Owner: Category

    Expected outcome: Documented billing model and recommended contract amendment points

    [2]

Next few weeks

  • Amend SOW/RFx templates to accept telemetry‑only backup monitoring while preserving immutability and access controls for backup data.

    Why: because Object First's Fleet Manager centralises backup telemetry without accessing backup content and procurement should standardise clauses that allow oversight without compro...

    Owner: Contracts

    Expected outcome: SOW language enabling telemetry dashboards for monitoring with explicit non‑access clauses

    [4]
  • Survey edge and OT sites to identify where modern inline TLS inspection or firewall upgrades are required, and draft technical specs for those locations.

    Why: because the firewall remains the enforcement point for TLS/quantum‑safe inspection and many legacy/OT systems cannot be migrated to cloud controls without operational impact.

    Owner: Category

    Expected outcome: Prioritised list of sites and procurement spec for inline inspection upgrades

    [3]

Longer view

  • Negotiate SLA and telemetry export clauses that include AI performance metrics, human‑validation obligations, and acceptance criteria for agentic automation pilots with key mana...

    Why: because Kyndryl's results indicate preventive AI can reduce outages but only where decision transparency and validation are contractually enforceable.

    Owner: Ops

    Expected outcome: SLA addendum with measurable AI performance and validation gates for automation rollout

    [1]
  • Pilot built‑in network DDoS mitigation on a critical path and capture failover and latency measurements for contract change control.

    Why: because Megaport's in‑network filtering changes routing and mitigation behaviour and procurement must verify performance and failover terms before broader adoption.

    Owner: Contracts

    Expected outcome: Pilot report documenting mitigation behaviour, latency impact and proposed contract language

    [2]

What to watch

  • Some vendors may market simplified cloud or agent replacements for all firewall functions; don't assume cloud controls can replace on‑site inspection for OT, medical devices, or legacy segments without validation
  • Kyndryl's headline reductions in incidents are vendor‑reported; verify measured outcomes and false‑positive rates rather than accepting aggregate claims into renewal SLAs
  • Some vendors may market simplified cloud or agent replacements for all firewall functions; don't assume cloud controls can replace on‑site inspection for OT, medical devices, or legacy segments without validation.: Some vendors may market simplified cloud or agent replacements for all firewall functions; don't assume cloud controls can replace on‑site inspection for OT, medical devices, or legacy segments without validation
  • Kyndryl's headline reductions in incidents are vendor‑reported; verify measured outcomes and false‑positive rates rather than accepting aggregate claims into renewal SLAs.: Kyndryl's headline reductions in incidents are vendor‑reported; verify measured outcomes and false‑positive rates rather than accepting aggregate claims into renewal SLAs
  • Kyndryl's agentic AI is already in live use and can materially reduce incident-driven costs, so procurement should treat managed‑service renewals as an opportunity to lock in prevention-focused SLAs and human‑review obligations
  • Megaport's in‑network DDoS protection shifts mitigation billing toward predictable connectivity charges, meaning connectivity contracts and pass‑through pricing need review to avoid hidden OPEX changes
  • Firewalls remain the enforcement point for legacy, OT and inline TLS inspection (including future quantum‑safe TLS), so migration plans that remove on‑site inspection risk operational gaps in latency‑sensitive or unpatchable environments
  • Object First's Fleet Manager centralises backup telemetry without touching backup data, reducing labour for distributed Veeam estates and creating a new support‑contract value that suppliers may leverage at renewal

Market pulse

IndexLatestChangeAs of
Palo Alto (PANW)320 +0.00 (+0.00%)May 8, 2026, 10:09 PM
CrowdStrike (CRWD)285 +0.00 (+0.00%)May 8, 2026, 10:09 PM
Zscaler (ZS)195 +0.00 (+0.00%)May 8, 2026, 10:09 PM
Fortinet (FTNT)72 +0.00 (+0.00%)May 8, 2026, 10:09 PM
  • Palo Alto: Network/security vendor index to watch as firewall and cloud‑security shifts affect vendor positioning
  • Fortinet: Fortinet index is a proxy for demand in edge/inline firewall and network protection buying trends

Sources

Inline citations jump here. Expand a source to read the excerpt, the AI interpretation, and the original link.

[1] Kyndryl adds AI to prevent IT outages before they happen

securitybrief.com.au · n.d.

Expand

AI reading

Kyndryl has added an agentic AI feature to its Kyndryl Bridge platform that detects and triggers actions to prevent IT outages. The feature is in production across a large installed base and the vendor reports significant incident reductions, but the platform includes a human‑review step before agents act. Procurement should watch measured false‑positive rates, validation methods, and required telemetry exports before accepting automation authority

Buyer takeaway

Treat vendor claims as conditional: accept prevention benefits only with explicit SLAs, telemetry export, and rollback controls so procurement can enforce safe automation

Cost / money

Potentially reduces incident OPEX and support costs, shifting buying emphasis toward outcome‑based managed services rather than pure labour headcount

Supplier / commercial

Vendors will push for broader automation rights and longer managed‑service terms; require clear acceptance criteria and telemetry rights during negotiation

Safety / operations

Operational safety depends on defined human‑in‑the‑loop review points and validated rollback/runbook behaviours before agents can act in production

What to watch

Vendor‑reported aggregate savings and incident reductions need independent verification; ask for raw metrics and false‑positive/false‑negative rates

Key facts

  • Deployed across more than 1,400 Kyndryl Bridge customers
  • Platform generates over 16 million AI insights each month
  • Vendor reports up to 50% fewer IT incidents in some customer settings

Source excerpts

For Kyndryl, the addition expands the role of Kyndryl Bridge beyond observability and support into more direct intervention in customer operations
Kyndryl said its experts review and validate the generated insights to ensure they fit each customer environment before operational decisions are made. That review step is significant because many businesses remain cautious about handing control of production systems entirely to automated agents
Kyndryl did not detail which remediation steps are automated by default and which require human approval, but said the system is intended to support earlier intervention and reduce operational disruption. Xerxes Cooper, Global Leader, Kyndryl Delivery, outlined the company's rationale for the launch

Used in this brief

  • Safety / operations: Kyndryl's agentic AI reduces incidents but embeds a human‑validation step; operations must keep explicit escalation and rollback controls in place to prevent unsafe automated changes
  • Next 72 hours — Request AI agent control, validation and rollback runbooks from managed‑service and MSP suppliers.. Rationale: because Kyndryl and similar providers are operating agentic AI that acts on infrastructure and procurement needs concrete runbooks to define acceptance and human review points b.... Owner: Contracts. KPI: Collected runbooks and validation criteria to attach to near‑term renewals
  • Next quarter — Negotiate SLA and telemetry export clauses that include AI performance metrics, human‑validation obligations, and acceptance criteria for agentic automation pilots with key mana.... Rationale: because Kyndryl's results indicate preventive AI can reduce outages but only where decision transparency and validation are contractually enforceable.. Owner: Ops. KPI: SLA addendum with measurable AI performance and validation gates for automation rollout
Open original source

[2] Megaport launches built-in DDoS protection for network

securitybrief.com.au · n.d.

Expand

AI reading

Megaport launched built‑in DDoS protection that filters malicious traffic inside its network fabric rather than routing traffic to external scrubbing providers. The service focuses on Layer 3 and Layer 4 attacks and ties pricing to connection capacity, which reduces variable attack‑based billing but changes how mitigation costs appear on invoices. Procurement should validate coverage scope (L3/L4 only) and failover behaviour before shifting critical paths to this model

Buyer takeaway

Expect connectivity and security to be sold together; validate what mitigation layers are covered and capture failover guarantees

Cost / money

Moves variability of attack billing into predictable connectivity OPEX; check whether capacity tiers increase base spend

Supplier / commercial

Connectivity providers will use bundled security as a differentiation point—use that in negotiations to consolidate suppliers or to require performance credits

Safety / operations

In‑network filtering reduces added latency from scrubbing but requires operational confidence in mitigation modes and outage runbooks

What to watch

Watch for shorter quote validity, reopeners, pass-through requests, or attempts to reset pricing on the back of weak evidence

Key facts

  • Built‑in mitigation operates inside Megaport Internet
  • Focuses on Layer 3 and Layer 4 attacks with passive and active modes
  • Pricing tied to connection capacity instead of attack volume

Source excerpts

Pricing is tied to connection capacity rather than the volume or frequency of attacks, a structure intended to avoid the variable billing sometimes seen in older mitigation services
Megaport has launched a built-in DDoS protection service for its network, designed to protect traffic on Megaport Internet without sending it to an external mitigation provider. The service filters malicious traffic within Megaport's own network, aiming to avoid the extra latency and routing changes that can come with third-party scrubbing services
How it works The service sits within Megaport Internet, the company's internet connectivity offering. Customers can add the protection through the Megaport Portal, with deployment taking less than a minute, according to Megaport

Used in this brief

  • Cost / money: Megaport's capacity‑tied pricing moves DDoS mitigation costs from variable incident billing to predictable connectivity OPEX, which may require contract amendments to pass costs through cleanly
  • Safety / operations: In‑network DDoS filtering reduces detour latency risk versus external scrubbing, but mitigation modes and 'fail‑open' behaviours must be tested to avoid unintended availability impacts during large events
  • Next 72 hours — Confirm current DDoS billing model and capacity pass‑through mechanics for Megaport or equivalent connectivity suppliers.. Rationale: because Megaport's service ties pricing to connection capacity and that shift can alter OPEX pass‑throughs and ordering logic for connectivity lines.. Owner: Category. KPI: Documented billing model and recommended contract amendment points
Open original source

[3] The Death of the Firewall

securitybrief.com.au · n.d.

Expand

AI reading

Security commentary argues the firewall is far from dead and is evolving into cloud‑integrated, AI‑driven enforcement nodes that handle inline TLS inspection and local enforcement for legacy and OT systems. The point is operational: many factory, medical and legacy systems cannot tolerate cloud‑only controls, so on‑site inspection remains required. Procurement should avoid blanket migration assumptions and plan for hybrid enforcement purchases where low‑latency local control is needed

Buyer takeaway

Treat modern firewalls as specialized enforcement nodes that must integrate with cloud controls and support inline TLS inspection where needed

Cost / money

Upgrading for inline TLS/PQC inspection and edge AI will increase scope and integration costs compared with legacy appliance replacements

Supplier / commercial

Vendors will bundle management and cloud integration—expect SOWs that cover orchestration and lifecycle for hybrid deployments

Safety / operations

Local enforcement remains necessary for OT and legacy segments that cannot accept cloud latency or changes; keep on‑site inspection in scope

What to watch

Don't accept vendor narratives that claim perimeter removal for all environments; validate per‑site tolerances and legacy constraints

Key facts

  • Firewall market remains a substantial, growing segment
  • Modern role is convergence with networking and cloud security (SASE/SSE)
  • Inline TLS/SSL inspection is cited as a key enforcement responsibility

Source excerpts

The firewall's role is more specialized than it was, more tightly integrated with cloud services and more focused on the scenarios where local enforcement is irreplaceable
Hospitals operate medical devices on isolated network segments because those devices cannot tolerate the latency or complexity of cloud-based access controls
As organizations migrate to NIST-standardized post-quantum cryptography algorithms, the firewall is the enforcement point where quantum-safe TLS inspection gets implemented

Used in this brief

  • Supplier / commercial: Firewall vendors are repositioning appliances as tightly integrated cloud and AI enforcement nodes; expect bundled integration SOWs, longer onboarding terms, and more leverage on scope and support
  • What to watch: Some vendors may market simplified cloud or agent replacements for all firewall functions; don't assume cloud controls can replace on‑site inspection for OT, medical devices, or legacy segments without validation
  • Next 2-4 weeks — Survey edge and OT sites to identify where modern inline TLS inspection or firewall upgrades are required, and draft technical specs for those locations.. Rationale: because the firewall remains the enforcement point for TLS/quantum‑safe inspection and many legacy/OT systems cannot be migrated to cloud controls without operational impact.. Owner: Category. KPI: Prioritised list of sites and procurement spec for inline inspection upgrades
Open original source

[4] Object First launches Fleet Manager for backup estates

securitybrief.com.au · n.d.

Expand

AI reading

Object First released Fleet Manager, a cloud service that centralises monitoring for distributed Veeam backup estates while explicitly not accessing backup data, and it's available at no extra cost to customers with active support contracts. Operationally this reduces engineer time spent connecting to multiple VPNs and dashboards across sites. Procurement should consider telemetry‑only management clauses to gain oversight without compromising immutability, but note the relevance is limited to Veeam/Ootbi environments

Buyer takeaway

Use telemetry‑only management offers to reduce operational strain on distributed backup estates while insisting on non‑access guarantees for immutability

Cost / money

Can lower labour costs for service providers and enterprises that manage multiple sites by reducing time spent logging into separate systems

Supplier / commercial

Bundling telemetry tools into support changes renewal value proposition—suppliers may push for higher tiers tied to monitoring features

Safety / operations

Centralised telemetry improves visibility for ransomware response without exposing backup content, preserving recovery integrity

What to watch

Limited relevance for organisations not on Veeam/Ootbi stacks; check dependency on active support contracts

Key facts

  • Service gives a single view across multiple backup clusters and customer estates
  • Monitors telemetry only to preserve backup immutability
  • Offered at no extra cost to customers with active support contracts

Source excerpts

Object First cited Enterprise Strategy Group research showing that 96% of ransomware attacks target backup data, using the figure to underline the need for tighter oversight of distributed environments. Fleet Manager centralises monitoring without accessing backup data itself
Object First has launched Fleet Manager for distributed Ootbi backup storage deployments. The service is available to Ootbi users with active support contracts at no extra cost
Fleet Manager centralises monitoring without accessing backup data itself

Used in this brief

  • Kyndryl's agentic AI is already in live use and can materially reduce incident-driven costs, so procurement should treat managed‑service renewals as an opportunity to lock in prevention-focused SLAs and human‑review obligations. Megaport's in‑network DDoS protection shifts mitigation billing toward predictable connectivity charges, meaning connectivity contracts and pass‑through pricing need review to avoid hidden OPEX changes. Firewalls remain the enforcement point for legacy, OT and inline TLS inspection (including future quantum‑safe TLS), so migration plans that remove on‑site inspection risk operational gaps in latency‑sensitive or unpatchable environments. Object First's Fleet Manager centralises backup telemetry without touching backup data, reducing labour for distributed Veeam estates and creating a new support‑contract value that suppliers may leverage at renewal
  • Supplier / commercial: Object First offering Fleet Manager at no extra cost to support‑contract holders changes the renewal value proposition and gives incumbents a negotiating lever for support-tier upsell
  • Next 2-4 weeks — Amend SOW/RFx templates to accept telemetry‑only backup monitoring while preserving immutability and access controls for backup data.. Rationale: because Object First's Fleet Manager centralises backup telemetry without accessing backup content and procurement should standardise clauses that allow oversight without compro.... Owner: Contracts. KPI: SOW language enabling telemetry dashboards for monitoring with explicit non‑access clauses
Open original source

[5] Palo Alto

finance.yahoo.com · n.d.

Expand
Open original source

[6] Fortinet

finance.yahoo.com · n.d.

Expand
Open original source
More from IT, Telecom & CyberBack to Executive View