IT, Telecom & Cyber · Australia (Perth)

Re-route AI Workloads and Tighten Telemetry, Compliance, Supplier Controls

Published Jun 5, 2026, 6:06 AM AWSTAPACFull category signal
Ask AI
CIQ expands Fuzzball to span five clouds & on-prem

In 60 seconds

Top move

CIQ’s Fuzzball now runs AI/HPC workflows from one control plane across five public clouds and on-prem, which changes how buyers can move GPU work to the cheapest or most compliant location; procurement should treat workload mobility as a contracted capability, not an ad hoc migration project

Key takeaways

  • CIQ’s Fuzzball now runs AI/HPC workflows from one control plane across five public clouds and on-prem, which changes how buyers can move GPU work to the cheapest or most compliant location; procurement should treat workload mobility as a contracted capability, not an ad hoc migration project.[1]
  • Gigamon + Splunk federation aims to let customers query telemetry where it lives instead of ingesting everything; that shifts cost trade-offs from bulk storage/ingest to query performance, access rights and SLAs you must lock into vendor terms.[2]
  • JupiterOne’s Continuous Controls Monitoring turns compliance evidence into live checks against assets and identities, changing acceptance criteria for audit, evidence export and API access in security procurements.[3]
  • Factor’s Supply Chain Detection & Response is generally available and positions supplier telemetry aggregation as a discrete capability to centralise third-party risk signals; buyers should treat it as a candidate replacement or complement to existing vendor-risk tooling while validating integration scope.[4]
  • Taken together, these moves reduce some lock-in (workload portability) while creating new cross-contract dependencies (federated queries, live control feeds, supplier telemetry) that procurement must map and codify into RFx and SLAs.[1]

What changed since last run

  • New product and partnership entries since the AI-agent runtime-controls brief: CIQ Fuzzball multi-cloud orchestration (article 3), Gigamon+Splunk federated telemetry (article 10), JupiterOne CCM (article 11), and Fact...
  • Shift from agent-control policy focus to operational tooling that affects workload placement, telemetry architecture and continuous compliance evidence.

Key facts

  • Federates across five public clouds and on-prem via a single control plane
  • Routes jobs based on cost, performance and data locality
  • Targets AI training, inference and HPC workflows with GPU routing
  • Integrates Deep Observability Pipeline with Splunk Federated Search
  • Enables queries across Splunk Cloud, S3, Azure Blob and other repositories
  • Pre-built processing pipelines and dashboards for federated search scenarios

Why it matters

CIQ’s Fuzzball now runs AI/HPC workflows from one control plane across five public clouds and on-prem, which changes how buyers can move GPU work to the cheapest or most compliant location; procurement should treat workload mobility as a contracted capability, not an ad hoc migration project. Gigamon + Splunk federation aims to let customers query telemetry where it lives instead of ingesting everything; that shifts cost trade-offs from bulk storage/ingest to query performance, access rights and SLAs you must lock into vendor terms. JupiterOne’s Continuous Controls Monitoring turns compliance evidence into live checks against assets and identities, changing acceptance criteria for audit, evidence export and API access in security procurements. Factor’s Supply Chain Detection & Response is generally available and positions supplier telemetry aggregation as a discrete capability to centralise third-party risk signals; buyers should treat it as a candidate replacement or complement to existing vendor-risk tooling while validating integration scope

Cost / money

  • Multi-cloud orchestration enables routing to lower-cost GPU providers or on-prem capacity but introduces pass-through billing and egress trade-offs that will change total cost of ownership assumptions for AI projects.[1]
  • Federated telemetry reduces ingest-and-store spend but can shift costs into query performance, edge processing or network egress that must be priced and contractually governed with SIEM and network vendors.[2]

Supplier / commercial

  • Workload portability increases buyer leverage if contracts explicitly allow mobility and data-locality routing; absent rights, suppliers may use technical limits to preserve captive pricing.[1]
  • Integrated telemetry offerings (Gigamon + Splunk) create bundling opportunities where vendors can package edge processing, enrichment and search access—expect new commercial models and negotiation points around who pays for processing versus storage.[2]

Safety / operations

  • Continuous control checks (JupiterOne CCM) make it operationally realistic to detect control drift faster and reduce manual evidence collection, improving incident response and audit readiness when integrations are in place.[3]
  • Centralising supplier signals (Factor) can speed detection and cross-company correlation but also creates a new uptime dependency for supplier-risk telemetry; operations must consider availability and fallback procedures.[4]

What to watch

  • Portability claims are only useful if contracts include explicit rights for routing, resource access, and data locality; don’t assume a technical control plane replaces the need for exit and interoperability clauses.[1]
  • Federated query performance and access controls can become a hidden blocker in incident response—verify expected query latency and cross-repository access in procurement tests, not just marketing claims.[2]

Top stories

Story 1SecurityBrief Australia

CIQ expands Fuzzball to span five clouds & on-prem

Signal strongSource-grounded
Source notes [1]Read source

What happened

CIQ expanded Fuzzball to orchestrate AI and HPC jobs across CoreWeave, AWS, Google Cloud, Oracle Cloud, Microsoft Azure and on-prem under one control plane. The platform routes jobs at runtime to the best environment based on cost, performance and data locality, enabling portability for GPU-heavy workloads. Watch whether real-world pilots deliver predictable routing and how providers surface billing/egress implications

Buyer takeaway

Treat orchestration as a contracted capability: demand explicit portability, data-locality enforcement and billing transparency because technical portability without legal rights leaves buyers exposed

Cost / money

Routing can reduce peak cloud GPU spend by shifting jobs to alternate providers, but it can also introduce egress and pass-through charges that change TCO

Supplier / commercial

Vendors could charge for connector support, preferred routing or H100 access; require clear pricing for routed workloads and exit clauses to retain leverage

Safety / operations

Operational readiness depends on consistent runtime decisions; establish acceptance tests for routing correctness and data-locality enforcement to avoid compliance slips

What to watch

Watch for hidden egress, network costs and incomplete provider connectors that limit true mobility despite marketing claims

Key facts

  • Federates across five public clouds and on-prem via a single control plane
  • Routes jobs based on cost, performance and data locality
  • Targets AI training, inference and HPC workflows with GPU routing

Source excerpts

CIQ has expanded its Fuzzball orchestration platform to support full multi-cloud deployments across CoreWeave, AWS, Google Cloud, Oracle Cloud and Microsoft Azure
Customers can define a workflow once for training, inference or HPC jobs, then run it across different cloud providers or on their own systems without changing the workflow definition. At runtime, the platform evaluates available environments and routes each job to the most suitable destination based on cost, performance and data locality
Single control plane At the centre of the launch is a provider-agnostic workflow definition that describes compute jobs, data movement, container images and resource requirements without cloud-specific logic
Story 2SecurityBrief Australia

Gigamon & Splunk join forces on federated telemetry

Signal strongSource-grounded
Source notes [2]Read source

What happened

Gigamon and Splunk integrated Gigamon’s Deep Observability Pipeline with Splunk Federated Search so customers can query distributed telemetry where it resides instead of ingesting everything into a single store. The integration aims to cut storage and ingest costs while preserving investigation capabilities, but it relies on federated query performance and access controls. Buyers should test query latency and define who pays for edge enrichment and cross-repository queries

Buyer takeaway

Insist on measurable SLAs for federated queries and clear billing models for ingestion versus processing because cost savings depend on query behaviour as much as storage reduction

Cost / money

Potential to lower long-term storage costs but may shift spend to query latency guarantees, network egress and edge processing fees

Supplier / commercial

Vendors may bundle telemetry extraction and enrichment; ensure pricing lists edge-processing and federated-query charges separately to retain negotiation leverage

Safety / operations

Federated access preserves visibility without centralisation, but incident response playbooks must adapt to cross-repository queries and access rights

What to watch

Validate cross-repository auth, query latency and emergency extraction paths; federated models can create blind spots if access is not fully provisioned

Key facts

  • Integrates Deep Observability Pipeline with Splunk Federated Search
  • Enables queries across Splunk Cloud, S3, Azure Blob and other repositories
  • Pre-built processing pipelines and dashboards for federated search scenarios

Source excerpts

Under the integration, Gigamon's software extracts and enriches network telemetry, while Splunk's federated search tools query datasets where they already reside
The Gigamon Federated Search App includes pre-built processing pipelines for Splunk Edge and Ingest Processor, along with federated search templates and dashboards
Gigamon has partnered with Splunk to integrate its Deep Observability Pipeline with Splunk Federated Search, aiming to give joint customers unified access to distributed telemetry data
Story 3SecurityBrief Australia

JupiterOne launches continuous controls monitoring tool

Signal strongSource-grounded
Source notes [3]Read source

What happened

JupiterOne launched Continuous Controls Monitoring to run live tests against cloud, SaaS and hybrid assets and maintain audit evidence automatically. The product uses a graph data model linking assets, identities and configurations to surface control effectiveness and keep test logic and evidence visible to auditors. Procurement should require API access, test visibility and mapping to frameworks as part of acceptance criteria

Buyer takeaway

Require proof of integrations and evidence export in contracts because continuous monitoring only reduces operational burden when auditors and teams can consume the results

Cost / money

May reduce labor and audit-prep costs over time by automating evidence collection, but expect initial integration and API work to appear as procurement or services expense

Supplier / commercial

Vendors may price advanced connectors or pre-built compliance packs; negotiate for required integrations and acceptance tests as part of scope

Safety / operations

Live checks improve detection of control drift and support faster incident triage if the monitoring covers critical assets and identities

What to watch

Confirm which systems are supported out of the box, and test exporter and API behaviours; incomplete integrations limit effectiveness

Key facts

  • Provides live control checks against current asset data
  • Uses a graph data model linking assets, identities and configuration
  • Maintains audit evidence and maps controls across compliance frameworks

Source excerpts

A central challenge for many teams is producing current, defensible evidence without long manual collection cycles. JupiterOne says feedback from early customers pointed to demand for faster answers on control effectiveness and less manual evidence gathering
JupiterOne has launched Continuous Controls Monitoring, a product for security and compliance teams in cloud, SaaS and hybrid environments. Live control checks The offering, called JupiterOne CCM, is designed to help organisations determine whether security and compliance controls are operating as intended by testing them against live asset data
It is intended to replace manual evidence gathering and point-in-time reviews with a current view of control effectiveness. Compliance shift The launch reflects a broader shift in compliance work as companies seek to move beyond periodic attestations and static audit preparation
Story 4SecurityBrief Australia

Factor launches supply chain detection & response platform

Signal moderateSource-grounded
Source notes [4]Read source

What happened

Factor launched a Supply Chain Detection & Response platform aimed at correlating telemetry across enterprises and their supplier networks to surface supplier-related threats. The platform is built to accept multiple data sources without disrupting existing operations, positioning it as a complement or alternative to fragmented third-party risk tools. Buyers should evaluate integration scope, telemetry dependencies and who owns incident response coordination

Buyer takeaway

Treat supplier-telemetry platforms as complementary to vendor-risk programs and require integration, SLA and ownership clarity because detection alone doesn’t fix supplier governance gaps

Cost / money

May concentrate spend on a single platform rather than multiple point tools, but integration and telemetry ingestion will create new line-item costs

Supplier / commercial

Vendors may offer rapid onboarding but expect pricing for scale and custom integrations; insist on clear SLAs for supplier signal freshness and availability

Safety / operations

Centralised supplier signals can speed cross-company correlation, but plans must define what happens when the platform is unavailable

What to watch

Validate how the platform handles noisy signals and false positives across multiple suppliers to avoid operational overload

Key facts

  • Supply-chain-focused detection and response platform now generally available
  • Aggregates telemetry from threat feeds, internal telemetry and supplier signals
  • Designed to add or change data sources without disrupting operations

Source excerpts

Factor has launched its Supply Chain Detection & Response platform, which is now generally available
Factor's platform is designed to operate across an enterprise and its supplier network, drawing on data from multiple sources, including threat intelligence feeds, internal telemetry, supplier signals and third-party information. Customers can change or add data sources without disrupting existing operations, an approach intended to avoid dependence on a single provider
Factor's platform is designed to operate across an enterprise and its supplier network, drawing on data from multiple sources, including threat intelligence feeds, internal telemetry, supplier signals and third-party information

VP Snapshot

Executive Risk & Action View

CIQ’s Fuzzball now runs AI/HPC workflows from one control plane across five public clouds and on-prem, which changes how buyers can move GPU work to the cheapest or most compliant location; procurement should treat workload mobility as a contracted capability, not an ad hoc migration project.

Overall
69
Cost
61
Supply
43
Schedule
20
Compliance
15

Top signals

30-180dcost

Signal 1: Cost / money

Multi-cloud orchestration enables routing to lower-cost GPU providers or on-prem capacity but introduces pass-through billing and egress trade-offs that will change total cost of ownership assumptions for AI projects.

Signal 2: Cost / money

Federated telemetry reduces ingest-and-store spend but can shift costs into query performance, edge processing or network egress that must be priced and contractually governed with SIEM and network vendors.

30-180dcommercial

Signal 3: Supplier / commercial

Workload portability increases buyer leverage if contracts explicitly allow mobility and data-locality routing; absent rights, suppliers may use technical limits to preserve captive pricing.

Signal 4: Supplier / commercial

Integrated telemetry offerings (Gigamon + Splunk) create bundling opportunities where vendors can package edge processing, enrichment and search access—expect new commercial models and negotiation points around who pays for processing versus storage.

30-180dsupplier

Signal 5: Safety / operations

Continuous control checks (JupiterOne CCM) make it operationally realistic to detect control drift faster and reduce manual evidence collection, improving incident response and audit readiness when integrations are in place.

0-30dsupply

Signal 6: Safety / operations

Centralising supplier signals (Factor) can speed detection and cross-company correlation but also creates a new uptime dependency for supplier-risk telemetry; operations must consider availability and fallback procedures.

Recommended actions

CategoryDue 3d

Tag vendors in the supplier register with capability flags: 'multi-cloud orchestration', 'federated telemetry', 'continuous controls monitoring', 'supply-chain detection'.

Supplier register populates capability flags to inform shortlists and procurement prioritisation.

ContractsDue 21d

Update RFx and SOW templates to require workload portability clauses, data-locality routing rights, federated-query SLAs (latency/access), and API-based evidence export for cont...

RFx/SOW templates include scored clauses for portability, federated access SLAs and evidence APIs to reduce negotiation cycles.

OpsDue 21d

Run an Ops pilot that routes a representative AI/HPC job across two cloud providers and on-prem via CIQ to validate routing logic, cost/performance trade-offs and data-locality...

Pilot report documents routing decisions, integration gaps and recommended contract protections for broader rollouts.

ContractsDue 60d

Negotiate amendments or new contracts with cloud, SIEM and telemetry vendors to define federated query SLAs, billing transparency for edge processing, and failover responsibilit...

Contracts include explicit SLAs for federated queries, defined billing models for processing versus storage, and documented failover paths.

LegalDue 60d

Require continuous-controls acceptance criteria and auditor access in security tool procurements: testable checks, evidence export, and identity-scoped API access for auditors.

Procurements include acceptance tests and API requirements that enable continuous validation and reduce manual audit effort.

Risk register

RiskTriggerMitigation
Portability claims are only useful if contracts include explicit rights for routing, resource access, and data locality; don’t assume a technical control plane replaces the need for exit and interoperability clauses.Portability claims are only useful if contracts include explicit rights for routing, resource access, and data locality; don’t assume a technical control plane replaces the need for exit and interoperability clauses.Confirm exposure with category, contracts, and operations before the next supplier commitment.
Federated query performance and access controls can become a hidden blocker in incident response—verify expected query latency and cross-repository access in procurement tests, not just marketing claims.Federated query performance and access controls can become a hidden blocker in incident response—verify expected query latency and cross-repository access in procurement tests, not just marketing claims.Confirm exposure with category, contracts, and operations before the next supplier commitment.

CM Snapshot

Category Manager Decision Detail

Today's priorities

Tag vendors in the supplier register with capability flags: 'multi-cloud orchestration', 'federated telemetry', 'continuous controls monitoring', 'supply-chain detection'.

Do this because surfacing these capabilities quickly reveals current exposure and shortlist candidates for AI, telemetry and third-party risk projects.

Due 3d

high

CM move

Use this as the immediate supplier or contract action to move before the next sourcing gate.

Update RFx and SOW templates to require workload portability clauses, data-locality routing rights, federated-query SLAs (latency/access), and API-based evidence export for cont...

Do this because the CIQ control plane, Gigamon+Splunk federated model and JupiterOne CCM make these contract items operationally necessary to avoid vendor lock and ambiguous bil...

Due 21d

high

CM move

Use this as the immediate supplier or contract action to move before the next sourcing gate.

Run an Ops pilot that routes a representative AI/HPC job across two cloud providers and on-prem via CIQ to validate routing logic, cost/performance trade-offs and data-locality...

Do this because a live pilot proves whether orchestration actually moves workloads as marketed and surfaces integration gaps before larger commitments.

Due 21d

high

CM move

Use this as the immediate supplier or contract action to move before the next sourcing gate.

Negotiate amendments or new contracts with cloud, SIEM and telemetry vendors to define federated query SLAs, billing transparency for edge processing, and failover responsibilit...

Do this because the market is moving toward federated telemetry architectures and procurement must lock performance, access and billing terms to avoid unexpected run-rate costs.

Due 60d

high

CM move

Use this as the immediate supplier or contract action to move before the next sourcing gate.

Supplier radar

SecurityBrief Australia

high

Observed supplier signal

Workload portability increases buyer leverage if contracts explicitly allow mobility and data-locality routing; absent rights, suppliers may use technical limits to preserve captive pricing.

Commercial implication

Workload portability increases buyer leverage if contracts explicitly allow mobility and data-locality routing; absent rights, suppliers may use technical limits to preserve captive pricing.

Next step: Validate the source-backed signal with incumbents and alternates before the next award or pricing decision.

SecurityBrief Australia

high

Observed supplier signal

Integrated telemetry offerings (Gigamon + Splunk) create bundling opportunities where vendors can package edge processing, enrichment and search access—expect new commercial models and negotiation points around who pays for processing versus storage.

Commercial implication

Integrated telemetry offerings (Gigamon + Splunk) create bundling opportunities where vendors can package edge processing, enrichment and search access—expect new commercial models and negotiation points around who pays for processing versus storage.

Next step: Validate the source-backed signal with incumbents and alternates before the next award or pricing decision.

Negotiation levers

Tag vendors in the supplier register with capability flags: 'multi-cloud orchestration', 'federated telemetry', 'continuous controls monitoring', 'supply-chain detection'.

When to use: Do this because surfacing these capabilities quickly reveals current exposure and shortlist candidates for AI, telemetry and third-party risk projects.

Expected outcome: Supplier register populates capability flags to inform shortlists and procurement prioritisation.

Commercial mechanism to carry into the next supplier conversation

Update RFx and SOW templates to require workload portability clauses, data-locality routing rights, federated-query SLAs (latency/access), and API-based evidence export for cont...

When to use: Do this because the CIQ control plane, Gigamon+Splunk federated model and JupiterOne CCM make these contract items operationally necessary to avoid vendor lock and ambiguous bil...

Expected outcome: RFx/SOW templates include scored clauses for portability, federated access SLAs and evidence APIs to reduce negotiation cycles.

Commercial mechanism to carry into the next supplier conversation

Run an Ops pilot that routes a representative AI/HPC job across two cloud providers and on-prem via CIQ to validate routing logic, cost/performance trade-offs and data-locality...

When to use: Do this because a live pilot proves whether orchestration actually moves workloads as marketed and surfaces integration gaps before larger commitments.

Expected outcome: Pilot report documents routing decisions, integration gaps and recommended contract protections for broader rollouts.

Commercial mechanism to carry into the next supplier conversation

Negotiate amendments or new contracts with cloud, SIEM and telemetry vendors to define federated query SLAs, billing transparency for edge processing, and failover responsibilit...

When to use: Do this because the market is moving toward federated telemetry architectures and procurement must lock performance, access and billing terms to avoid unexpected run-rate costs.

Expected outcome: Contracts include explicit SLAs for federated queries, defined billing models for processing versus storage, and documented failover paths.

Commercial mechanism to carry into the next supplier conversation

Talking points

CIQ’s Fuzzball now runs AI/HPC workflows from one control plane across five public clouds and on-prem, which changes how buyers can move GPU work to the cheapest or most compliant location; procurement should treat workload mobility as a contracted capability, not an ad hoc migration project.
Gigamon + Splunk federation aims to let customers query telemetry where it lives instead of ingesting everything; that shifts cost trade-offs from bulk storage/ingest to query performance, access rights and SLAs you must lock into vendor terms.
JupiterOne’s Continuous Controls Monitoring turns compliance evidence into live checks against assets and identities, changing acceptance criteria for audit, evidence export and API access in security procurements.
Factor’s Supply Chain Detection & Response is generally available and positions supplier telemetry aggregation as a discrete capability to centralise third-party risk signals; buyers should treat it as a candidate replacement or complement to existing vendor-risk tooling while validating integration scope.

Supplier radar

SupplierSignalImplicationNext stepConfidence
SecurityBrief AustraliaWorkload portability increases buyer leverage if contracts explicitly allow mobility and data-locality routing; absent rights, suppliers may use technical limits to preserve captive pricing.Workload portability increases buyer leverage if contracts explicitly allow mobility and data-locality routing; absent rights, suppliers may use technical limits to preserve captive pricing.Validate the source-backed signal with incumbents and alternates before the next award or pricing decision.high
SecurityBrief AustraliaIntegrated telemetry offerings (Gigamon + Splunk) create bundling opportunities where vendors can package edge processing, enrichment and search access—expect new commercial models and negotiation points around who pays for processing versus storage.Integrated telemetry offerings (Gigamon + Splunk) create bundling opportunities where vendors can package edge processing, enrichment and search access—expect new commercial models and negotiation points around who pays for processing versus storage.Validate the source-backed signal with incumbents and alternates before the next award or pricing decision.high

Negotiation levers

  • Tag vendors in the supplier register with capability flags: 'multi-cloud orchestration', 'federated telemetry', 'continuous controls monitoring', 'supply-chain detection'.Do this because surfacing these capabilities quickly reveals current exposure and shortlist candidates for AI, telemetry and third-party risk projects.Supplier register populates capability flags to inform shortlists and procurement prioritisation.

    high confidence

  • Update RFx and SOW templates to require workload portability clauses, data-locality routing rights, federated-query SLAs (latency/access), and API-based evidence export for cont...Do this because the CIQ control plane, Gigamon+Splunk federated model and JupiterOne CCM make these contract items operationally necessary to avoid vendor lock and ambiguous bil...RFx/SOW templates include scored clauses for portability, federated access SLAs and evidence APIs to reduce negotiation cycles.

    high confidence

  • Run an Ops pilot that routes a representative AI/HPC job across two cloud providers and on-prem via CIQ to validate routing logic, cost/performance trade-offs and data-locality...Do this because a live pilot proves whether orchestration actually moves workloads as marketed and surfaces integration gaps before larger commitments.Pilot report documents routing decisions, integration gaps and recommended contract protections for broader rollouts.

    high confidence

  • Negotiate amendments or new contracts with cloud, SIEM and telemetry vendors to define federated query SLAs, billing transparency for edge processing, and failover responsibilit...Do this because the market is moving toward federated telemetry architectures and procurement must lock performance, access and billing terms to avoid unexpected run-rate costs.Contracts include explicit SLAs for federated queries, defined billing models for processing versus storage, and documented failover paths.

    high confidence

What to do / What to watch

What to do now

  • Tag vendors in the supplier register with capability flags: 'multi-cloud orchestration', 'federated telemetry', 'continuous controls monitoring', 'supply-chain detection'.

    Why: Do this because surfacing these capabilities quickly reveals current exposure and shortlist candidates for AI, telemetry and third-party risk projects.

    Owner: Category

    Expected outcome: Supplier register populates capability flags to inform shortlists and procurement prioritisation.

    [1]

Next few weeks

  • Update RFx and SOW templates to require workload portability clauses, data-locality routing rights, federated-query SLAs (latency/access), and API-based evidence export for cont...

    Why: Do this because the CIQ control plane, Gigamon+Splunk federated model and JupiterOne CCM make these contract items operationally necessary to avoid vendor lock and ambiguous bil...

    Owner: Contracts

    Expected outcome: RFx/SOW templates include scored clauses for portability, federated access SLAs and evidence APIs to reduce negotiation cycles.

    [2]
  • Run an Ops pilot that routes a representative AI/HPC job across two cloud providers and on-prem via CIQ to validate routing logic, cost/performance trade-offs and data-locality...

    Why: Do this because a live pilot proves whether orchestration actually moves workloads as marketed and surfaces integration gaps before larger commitments.

    Owner: Ops

    Expected outcome: Pilot report documents routing decisions, integration gaps and recommended contract protections for broader rollouts.

    [1]

Longer view

  • Negotiate amendments or new contracts with cloud, SIEM and telemetry vendors to define federated query SLAs, billing transparency for edge processing, and failover responsibilit...

    Why: Do this because the market is moving toward federated telemetry architectures and procurement must lock performance, access and billing terms to avoid unexpected run-rate costs.

    Owner: Contracts

    Expected outcome: Contracts include explicit SLAs for federated queries, defined billing models for processing versus storage, and documented failover paths.

    [2]
  • Require continuous-controls acceptance criteria and auditor access in security tool procurements: testable checks, evidence export, and identity-scoped API access for auditors.

    Why: Do this because JupiterOne CCM shifts audit evidence from point-in-time snapshots to live checks and procurement must ensure auditors and internal teams can validate controls in...

    Owner: Legal

    Expected outcome: Procurements include acceptance tests and API requirements that enable continuous validation and reduce manual audit effort.

    [3]

What to watch

  • Portability claims are only useful if contracts include explicit rights for routing, resource access, and data locality; don’t assume a technical control plane replaces the need for exit and interoperability clauses
  • Federated query performance and access controls can become a hidden blocker in incident response—verify expected query latency and cross-repository access in procurement tests, not just marketing claims
  • Portability claims are only useful if contracts include explicit rights for routing, resource access, and data locality; don’t assume a technical control plane replaces the need for exit and interoperability clauses.: Portability claims are only useful if contracts include explicit rights for routing, resource access, and data locality; don’t assume a technical control plane replaces the need for exit and interoperability clauses
  • Federated query performance and access controls can become a hidden blocker in incident response—verify expected query latency and cross-repository access in procurement tests, not just marketing claims.: Federated query performance and access controls can become a hidden blocker in incident response—verify expected query latency and cross-repository access in procurement tests, not just marketing claims
  • CIQ’s Fuzzball now runs AI/HPC workflows from one control plane across five public clouds and on-prem, which changes how buyers can move GPU work to the cheapest or most compliant location; procurement should treat workload mobility as a contracted capability, not an ad hoc migration project
  • Gigamon + Splunk federation aims to let customers query telemetry where it lives instead of ingesting everything; that shifts cost trade-offs from bulk storage/ingest to query performance, access rights and SLAs you must lock into vendor terms
  • JupiterOne’s Continuous Controls Monitoring turns compliance evidence into live checks against assets and identities, changing acceptance criteria for audit, evidence export and API access in security procurements
  • Factor’s Supply Chain Detection & Response is generally available and positions supplier telemetry aggregation as a discrete capability to centralise third-party risk signals; buyers should treat it as a candidate replacement or complement to existing vendor-risk tooling while validating integration scope

Market pulse

IndexLatestChangeAs of
Palo Alto (PANW)320 +0.00 (+0.00%)Jun 4, 2026, 10:08 PM
CrowdStrike (CRWD)285 +0.00 (+0.00%)Jun 4, 2026, 10:08 PM
Zscaler (ZS)195 +0.00 (+0.00%)Jun 4, 2026, 10:08 PM
Fortinet (FTNT)72 +0.00 (+0.00%)Jun 4, 2026, 10:08 PM
  • Palo Alto: Firewalls and NGFW vendors are part of telemetry and detection stacks; watch pricing posture as telemetry architectures shift
  • CrowdStrike: Endpoint and detection vendors tie into continuous controls and supply-chain detection; capability shifts affect contract leverage
  • Zscaler: Cloud security and edge access vendors will be relevant as federated architectures change access models
  • Fortinet: Network and observability integrations matter for federated telemetry and workload routing decisions

Sources

Inline citations jump here. Expand a source to read the excerpt, the AI interpretation, and the original link.

[1] CIQ expands Fuzzball to span five clouds & on-prem

securitybrief.com.au · n.d.

Expand

AI reading

CIQ expanded Fuzzball to orchestrate AI and HPC jobs across CoreWeave, AWS, Google Cloud, Oracle Cloud, Microsoft Azure and on-prem under one control plane. The platform routes jobs at runtime to the best environment based on cost, performance and data locality, enabling portability for GPU-heavy workloads. Watch whether real-world pilots deliver predictable routing and how providers surface billing/egress implications

Buyer takeaway

Treat orchestration as a contracted capability: demand explicit portability, data-locality enforcement and billing transparency because technical portability without legal rights leaves buyers exposed

Cost / money

Routing can reduce peak cloud GPU spend by shifting jobs to alternate providers, but it can also introduce egress and pass-through charges that change TCO

Supplier / commercial

Vendors could charge for connector support, preferred routing or H100 access; require clear pricing for routed workloads and exit clauses to retain leverage

Safety / operations

Operational readiness depends on consistent runtime decisions; establish acceptance tests for routing correctness and data-locality enforcement to avoid compliance slips

What to watch

Watch for hidden egress, network costs and incomplete provider connectors that limit true mobility despite marketing claims

Key facts

  • Federates across five public clouds and on-prem via a single control plane
  • Routes jobs based on cost, performance and data locality
  • Targets AI training, inference and HPC workflows with GPU routing

Source excerpts

CIQ has expanded its Fuzzball orchestration platform to support full multi-cloud deployments across CoreWeave, AWS, Google Cloud, Oracle Cloud and Microsoft Azure
Customers can define a workflow once for training, inference or HPC jobs, then run it across different cloud providers or on their own systems without changing the workflow definition. At runtime, the platform evaluates available environments and routes each job to the most suitable destination based on cost, performance and data locality
Single control plane At the centre of the launch is a provider-agnostic workflow definition that describes compute jobs, data movement, container images and resource requirements without cloud-specific logic

Used in this brief

  • Next 72 hours — Tag vendors in the supplier register with capability flags: 'multi-cloud orchestration', 'federated telemetry', 'continuous controls monitoring', 'supply-chain detection'.. Rationale: Do this because surfacing these capabilities quickly reveals current exposure and shortlist candidates for AI, telemetry and third-party risk projects.. Owner: Category. KPI: Supplier register populates capability flags to inform shortlists and procurement prioritisation
  • Next 2-4 weeks — Run an Ops pilot that routes a representative AI/HPC job across two cloud providers and on-prem via CIQ to validate routing logic, cost/performance trade-offs and data-locality.... Rationale: Do this because a live pilot proves whether orchestration actually moves workloads as marketed and surfaces integration gaps before larger commitments.. Owner: Ops. KPI: Pilot report documents routing decisions, integration gaps and recommended contract protections for broader rollouts
  • Portability claims are only useful if contracts include explicit rights for routing, resource access, and data locality; don’t assume a technical control plane replaces the need for exit and interoperability clauses
Open original source

[2] Gigamon & Splunk join forces on federated telemetry

securitybrief.com.au · n.d.

Expand

AI reading

Gigamon and Splunk integrated Gigamon’s Deep Observability Pipeline with Splunk Federated Search so customers can query distributed telemetry where it resides instead of ingesting everything into a single store. The integration aims to cut storage and ingest costs while preserving investigation capabilities, but it relies on federated query performance and access controls. Buyers should test query latency and define who pays for edge enrichment and cross-repository queries

Buyer takeaway

Insist on measurable SLAs for federated queries and clear billing models for ingestion versus processing because cost savings depend on query behaviour as much as storage reduction

Cost / money

Potential to lower long-term storage costs but may shift spend to query latency guarantees, network egress and edge processing fees

Supplier / commercial

Vendors may bundle telemetry extraction and enrichment; ensure pricing lists edge-processing and federated-query charges separately to retain negotiation leverage

Safety / operations

Federated access preserves visibility without centralisation, but incident response playbooks must adapt to cross-repository queries and access rights

What to watch

Validate cross-repository auth, query latency and emergency extraction paths; federated models can create blind spots if access is not fully provisioned

Key facts

  • Integrates Deep Observability Pipeline with Splunk Federated Search
  • Enables queries across Splunk Cloud, S3, Azure Blob and other repositories
  • Pre-built processing pipelines and dashboards for federated search scenarios

Source excerpts

Under the integration, Gigamon's software extracts and enriches network telemetry, while Splunk's federated search tools query datasets where they already reside
The Gigamon Federated Search App includes pre-built processing pipelines for Splunk Edge and Ingest Processor, along with federated search templates and dashboards
Gigamon has partnered with Splunk to integrate its Deep Observability Pipeline with Splunk Federated Search, aiming to give joint customers unified access to distributed telemetry data

Used in this brief

  • Cost / money: Federated telemetry reduces ingest-and-store spend but can shift costs into query performance, edge processing or network egress that must be priced and contractually governed with SIEM and network vendors
  • Supplier / commercial: Integrated telemetry offerings (Gigamon + Splunk) create bundling opportunities where vendors can package edge processing, enrichment and search access—expect new commercial models and negotiation points around who pays for processing versus storage
  • Next 2-4 weeks — Update RFx and SOW templates to require workload portability clauses, data-locality routing rights, federated-query SLAs (latency/access), and API-based evidence export for cont.... Rationale: Do this because the CIQ control plane, Gigamon+Splunk federated model and JupiterOne CCM make these contract items operationally necessary to avoid vendor lock and ambiguous bil.... Owner: Contracts. KPI: RFx/SOW templates include scored clauses for portability, federated access SLAs and evidence APIs to reduce negotiation cycles
Open original source

[3] JupiterOne launches continuous controls monitoring tool

securitybrief.com.au · n.d.

Expand

AI reading

JupiterOne launched Continuous Controls Monitoring to run live tests against cloud, SaaS and hybrid assets and maintain audit evidence automatically. The product uses a graph data model linking assets, identities and configurations to surface control effectiveness and keep test logic and evidence visible to auditors. Procurement should require API access, test visibility and mapping to frameworks as part of acceptance criteria

Buyer takeaway

Require proof of integrations and evidence export in contracts because continuous monitoring only reduces operational burden when auditors and teams can consume the results

Cost / money

May reduce labor and audit-prep costs over time by automating evidence collection, but expect initial integration and API work to appear as procurement or services expense

Supplier / commercial

Vendors may price advanced connectors or pre-built compliance packs; negotiate for required integrations and acceptance tests as part of scope

Safety / operations

Live checks improve detection of control drift and support faster incident triage if the monitoring covers critical assets and identities

What to watch

Confirm which systems are supported out of the box, and test exporter and API behaviours; incomplete integrations limit effectiveness

Key facts

  • Provides live control checks against current asset data
  • Uses a graph data model linking assets, identities and configuration
  • Maintains audit evidence and maps controls across compliance frameworks

Source excerpts

A central challenge for many teams is producing current, defensible evidence without long manual collection cycles. JupiterOne says feedback from early customers pointed to demand for faster answers on control effectiveness and less manual evidence gathering
JupiterOne has launched Continuous Controls Monitoring, a product for security and compliance teams in cloud, SaaS and hybrid environments. Live control checks The offering, called JupiterOne CCM, is designed to help organisations determine whether security and compliance controls are operating as intended by testing them against live asset data
It is intended to replace manual evidence gathering and point-in-time reviews with a current view of control effectiveness. Compliance shift The launch reflects a broader shift in compliance work as companies seek to move beyond periodic attestations and static audit preparation

Used in this brief

  • Safety / operations: Continuous control checks (JupiterOne CCM) make it operationally realistic to detect control drift faster and reduce manual evidence collection, improving incident response and audit readiness when integrations are in place
  • Next quarter — Require continuous-controls acceptance criteria and auditor access in security tool procurements: testable checks, evidence export, and identity-scoped API access for auditors.. Rationale: Do this because JupiterOne CCM shifts audit evidence from point-in-time snapshots to live checks and procurement must ensure auditors and internal teams can validate controls in.... Owner: Legal. KPI: Procurements include acceptance tests and API requirements that enable continuous validation and reduce manual audit effort
  • Shift from agent-control policy focus to operational tooling that affects workload placement, telemetry architecture and continuous compliance evidence
Open original source

[4] Factor launches supply chain detection & response platform

securitybrief.com.au · n.d.

Expand

AI reading

Factor launched a Supply Chain Detection & Response platform aimed at correlating telemetry across enterprises and their supplier networks to surface supplier-related threats. The platform is built to accept multiple data sources without disrupting existing operations, positioning it as a complement or alternative to fragmented third-party risk tools. Buyers should evaluate integration scope, telemetry dependencies and who owns incident response coordination

Buyer takeaway

Treat supplier-telemetry platforms as complementary to vendor-risk programs and require integration, SLA and ownership clarity because detection alone doesn’t fix supplier governance gaps

Cost / money

May concentrate spend on a single platform rather than multiple point tools, but integration and telemetry ingestion will create new line-item costs

Supplier / commercial

Vendors may offer rapid onboarding but expect pricing for scale and custom integrations; insist on clear SLAs for supplier signal freshness and availability

Safety / operations

Centralised supplier signals can speed cross-company correlation, but plans must define what happens when the platform is unavailable

What to watch

Validate how the platform handles noisy signals and false positives across multiple suppliers to avoid operational overload

Key facts

  • Supply-chain-focused detection and response platform now generally available
  • Aggregates telemetry from threat feeds, internal telemetry and supplier signals
  • Designed to add or change data sources without disrupting operations

Source excerpts

Factor has launched its Supply Chain Detection & Response platform, which is now generally available
Factor's platform is designed to operate across an enterprise and its supplier network, drawing on data from multiple sources, including threat intelligence feeds, internal telemetry, supplier signals and third-party information. Customers can change or add data sources without disrupting existing operations, an approach intended to avoid dependence on a single provider
Factor's platform is designed to operate across an enterprise and its supplier network, drawing on data from multiple sources, including threat intelligence feeds, internal telemetry, supplier signals and third-party information

Used in this brief

  • CIQ’s Fuzzball now runs AI/HPC workflows from one control plane across five public clouds and on-prem, which changes how buyers can move GPU work to the cheapest or most compliant location; procurement should treat workload mobility as a contracted capability, not an ad hoc migration project. Gigamon + Splunk federation aims to let customers query telemetry where it lives instead of ingesting everything; that shifts cost trade-offs from bulk storage/ingest to query performance, access rights and SLAs you must lock into vendor terms. JupiterOne’s Continuous Controls Monitoring turns compliance evidence into live checks against assets and identities, changing acceptance criteria for audit, evidence export and API access in security procurements. Factor’s Supply Chain Detection & Response is generally available and positions supplier telemetry aggregation as a discrete capability to centralise third-party risk signals; buyers should treat it as a candidate replacement or complement to existing vendor-risk tooling while validating integration scope
  • Safety / operations: Centralising supplier signals (Factor) can speed detection and cross-company correlation but also creates a new uptime dependency for supplier-risk telemetry; operations must consider availability and fallback procedures
  • Factor launched a Supply Chain Detection & Response platform aimed at correlating telemetry across enterprises and their supplier networks to surface supplier-related threats. The platform is built to accept multiple data sources without disrupting existing operations, positioning it as a complement or alternative to fragmented third-party risk tools. Buyers should evaluate integration scope, telemetry dependencies and who owns incident response coordination
Open original source

[5] Palo Alto

finance.yahoo.com · n.d.

Expand
Open original source

[6] CrowdStrike

finance.yahoo.com · n.d.

Expand
Open original source

[7] Zscaler

finance.yahoo.com · n.d.

Expand
Open original source

[8] Fortinet

finance.yahoo.com · n.d.

Expand
Open original source
More from IT, Telecom & CyberBack to Executive View