Australian broadband wholesaler NBN Co boosts security with Microsoft Defender

Established in 2009 by the Commonwealth of Australia, NBN Co is a government-owned organization that designs, builds, and operates the country’s wholesale broadband access network. NBN Co plays a critical role in delivering fast, reliable, resilient, and secure broadband. The company’s stated purpose is to elevate Australia by connecting people and powering progress.

Cybersecurity vigilance

As a critical infrastructure provider, NBN Co wanted to update its defense capability in response to increasingly sophisticated threats. “As the threat landscape changes, we must ensure we are using tools and technologies from vendors and service providers that are at the forefront of cybersecurity,” said Darren Kane, Chief Security Officer at NBN Co. “As threats became more sophisticated and targeted, we knew we needed to improve our agility.”

NBN Co aimed to build a more proactive, scalable, and adaptive security framework. Key objectives included improving threat visibility, accelerating response times, and meeting regulatory requirements. In addition, the company wanted to strengthen Linux security without impacting performance on critical systems while also gaining behavioral insights and real-time detection to guard against internal and supply chain threats. 

Integrated threat protection to secure critical infrastructure

With a broad and complex digital environment, and with thousands of endpoints across hybrid infrastructure and multiple operating systems, NBN Co needed a security solution to meet its unique requirements. The company began a pilot of Microsoft Defender for Endpoint evaluating its performance across Windows, macOS, and Linux systems. The pilot showed that Defender could deliver the visibility, responsiveness, and performance NBN Co required—particularly its low-latency support for Linux. 

Following the successful pilot, NBN Co deployed Defender across its environment. The solution allowed the security team to monitor activity across devices and workloads from a single interface and respond to threats more quickly. Features like behavioral analytics and automated attack disruption made it easier to detect and contain suspicious activity before it could escalate.

Collaborative, integrated deployment

NBN Co deployed Defender across its diverse device estate using a phased approach, integrating Defender into SOC workflows with enforced protections like attack surface reduction rules, credential guard, and BitLocker. Support for Linux servers was added in parallel as part of broader infrastructure hardening efforts. “Defender has definitely reinforced our ability to detect and respond to threats in real time,” said Kane. “It’s also helped us respond to incidents more quickly, and has significantly improved our overall resilience.” 

Gains in visibility, compliance, and responsiveness

Defender has improved NBN Co’s security, operations, and compliance by providing visibility across Windows, macOS, and Linux, and enabling consistent enforcement of key controls. Automation, real-time detection, and centralized management have streamlined endpoint security, enhanced SOC efficiency, and strengthened the company’s overall resilience.

Native integration with Microsoft 365, Azure, and NBN Co’s SIEM platform has reduced complexity, improved efficiency, and supported compliance with SOCI, PSPF, and TSSR requirements through audit-ready reporting. The successful deployment has laid the groundwork for continued collaboration with Microsoft on initiatives like Sentinel Phase 2a and future efforts to strengthen risk governance and operational resilience. “The consistent policy enforcement and telemetry collection we’ve achieved across our hybrid environment with Defender has made impressive improvements for us in both visibility and control,” said Kane.

Discover more about NBN Co on Facebook, Instagram, LinkedIn, X/Twitter, and YouTube.