01
Executive Summary
Strong Security Posture Maintained
Meridian Defence Systems maintained an 86% overall security posture throughout February 2026, a 3-point improvement from January. Zero security incidents required escalation to the ACSC, and all DISP compliance obligations were met. The managed detection and response platform processed over 1.2 million events with a 99.7% automated resolution rate, demonstrating mature and effective security operations across all 180 endpoints.
1.2M
Events Processed
↑ 8% from Jan
0
Security Incidents
No escalations
14
Vulnerabilities Closed
↑ 3 from Jan
88%
48hr Patch Rate
↑ 5% from Jan
Monthly Highlights
Achievements
- Sophos MDR detected and blocked a targeted phishing campaign (14 recipients, 0 compromised)
- ThreatLocker Secured Mode enabled on 97% of endpoints
- Microsoft Secure Score increased from 79% to 82%
- All critical patches deployed within 48 hours for the 3rd consecutive month
Areas for Improvement
- 3 devices missing ThreatLocker agent (new deployments pending)
- 6 stale Intune devices (>90 days since last check-in)
- 2 users without MFA enforcement (contractor accounts)
- Adobe Reader CVE-2026-0142 pending on 12 workstations
02
Sophos MDR
1,247,832
Events Processed
↑ 8.2% from Jan
99.7%
Auto-Resolved
Industry avg: 94%
3,744
Escalations
↓ 12% from Jan
0
Active Cases
All resolved
Threat Detection Breakdown
| Category | Count | Blocked | Status |
|---|---|---|---|
| Malware / PUA | 847 | 847 | 100% |
| Phishing / BEC | 423 | 421 | 99.5% |
| Suspicious Process | 156 | 149 | 95.5% |
| Network Anomaly | 89 | 89 | 100% |
| Credential Abuse | 34 | 34 | 100% |
| Policy Violation | 18 | 18 | 100% |
6-Month Event Trend
Phishing Campaign Detail: Operation “Invoice Override”
Targeted Phishing Campaign Detected — 12 Feb 2026
Sophos MDR identified a coordinated spear-phishing campaign targeting Meridian’s finance team. Emails impersonated a known defence subcontractor with a malicious PDF attachment containing a credential harvester. The campaign was fully contained within 4 minutes of the first delivery.
14
Recipients
3
Clicked Link
0
Compromised
4 min
Time to Contain
Repeat Offenders (Clicked in Multiple Campaigns)
| User | Department | Campaigns Clicked | Training Status |
|---|---|---|---|
| j.morrison@meridiandefence.com.au | Finance | 2 of 6 | Enrolled |
| s.chen@meridiandefence.com.au | Projects | 2 of 6 | Completed |
Security Awareness Training Completion
91%
164 / 180 employees completed February training module: “Identifying AI-Generated Phishing Emails”
03
Vulnerability Management
8
New This Month
↑ 2 from Jan
14
Closed This Month
↑ 3 from Jan
6
Currently Open
↓ 6 from Jan
3.2d
Avg Time to Close
↓ 1.1d from Jan
Open Vulnerabilities by Severity
6
Open
Critical: 1
High: 2
Medium: 2
Low: 1
6-Month Vulnerability Trend
Downward trend (improving)
Critical & High Vulnerabilities
| CVE | Severity | Product | Affected | Ticket | Status |
|---|---|---|---|---|---|
CVE-2026-0142 | Critical | Adobe Reader DC | 12 devices | INC-4521 | In Progress |
CVE-2026-21391 | High | Windows Print Spooler | 8 devices | INC-4518 | In Progress |
CVE-2026-0987 | High | Microsoft Edge | 3 devices | INC-4525 | Scheduled |
CVE-2025-48721 | Critical | SolarWinds Orion | 1 server | INC-4412 | Closed |
CVE-2026-0028 | High | VMware vCenter | 2 servers | INC-4415 | Closed |
04
Essential Eight — Patching Compliance
48-Hour Critical Patch Target: Met
All critical and high-severity patches for internet-facing services were deployed within 48 hours of release, meeting Essential Eight Maturity Level 2 requirements for the third consecutive month.
Servers
94% patched within 48h
Workstations
88% patched within 48h
Network Devices
100% patched within 48h
Applications
82% patched within 48h
OS Patching Status
| OS | Devices | Current | Behind | Rate |
|---|---|---|---|---|
| Windows 11 24H2 | 142 | 138 | 4 | 97.2% |
| Windows Server 2022 | 18 | 17 | 1 | 94.4% |
| Windows Server 2019 | 6 | 6 | 0 | 100% |
| macOS 15.3 | 14 | 12 | 2 | 85.7% |
Agent Coverage Gaps
| Device | Missing Agent | Status |
|---|---|---|
| MDS-KIOSK-03 | NinjaOne RMM | Pending deploy |
| MDS-LAB-THIN-01 | Sophos Endpoint | Scheduled |
| MDS-CONF-DISPLAY | NinjaOne RMM | Low priority |
05
ThreatLocker
177
Managed Devices
+3 from Jan
97%
Secured Mode
↑ 2% from Jan
342
Requests This Month
↓ 15% from Jan
18
Denied & Reviewed
All legitimate blocks
Device Count Alignment
| Platform | Count | vs ThreatLocker | Delta |
|---|---|---|---|
| Sophos Endpoint | 179 | 177 | -2 |
| NinjaOne RMM | 178 | 177 | -1 |
| Intune MDM | 180 | 177 | -3 |
3 devices pending ThreatLocker deployment: MDS-KIOSK-03, MDS-LAB-THIN-01, MDS-CONF-DISPLAY
Request Breakdown
342
Total
Approved: 182 (53%)
Auto-allowed: 120 (35%)
Denied: 40 (12%)
Elevation Audit — Admin Privilege Usage
| User | Elevations | Application | Justification | Risk |
|---|---|---|---|---|
| m.taylor (IT Admin) | 47 | Various IT tools | Approved admin role | Expected |
| r.singh (DevOps) | 23 | Docker Desktop, VS Code | Development work | Expected |
| k.williams (Engineering) | 12 | MATLAB, CAD tools | Engineering software | Review |
| d.nguyen (Finance) | 3 | Unknown .exe | No justification | Investigate |
06
Microsoft Intune
180
Managed Devices
+2 from Jan
95%
Compliant
↑ 1% from Jan
98%
Encrypted
↑ 2% from Jan
6
Stale Devices
↑ 2 from Jan
Device Breakdown by Type
180
Total
Windows: 142 (79%)
macOS: 14 (8%)
iOS/iPadOS: 18 (10%)
Android: 6 (3%)
Compliance & Encryption Status
| Check | Compliant | Non-Compliant | Rate |
|---|---|---|---|
| Device Compliance Policy | 171 | 9 | 95% |
| BitLocker / FileVault | 176 | 4 | 97.8% |
| Configuration Profiles | 174 | 6 | 96.7% |
| Windows Autopilot | 138 | 4 | 97.2% |
Stale Devices (>90 Days Since Check-in)
| Device | User | Last Check-in | Action |
|---|---|---|---|
| MDS-WS-MORRISON-OLD | j.morrison | 18 Nov 2025 | Decommission pending |
| MDS-IPAD-CONF-02 | Shared | 22 Nov 2025 | Locate & wipe |
| MDS-WS-TEMP-CONT | Contractor | 30 Nov 2025 | Wipe ordered |
| MDS-ANDROID-POOL-04 | Pool device | 5 Dec 2025 | Investigate |
| MDS-MACBOOK-DESIGN | k.patel | 12 Dec 2025 | On leave |
| MDS-IPHONE-SPARE-02 | Spare | 18 Dec 2025 | Return to stock |
07
Microsoft 365 Tenant Security
192
Total Identities
180 users + 12 service
98.9%
MFA Enforced
2 users without
82%
Secure Score
↑ 3% from Jan
12
CA Policies
All enforced
Microsoft Secure Score
Identity91%↑ 4%
Data78%↑ 2%
Device85%↑ 3%
Apps74%↑ 1%
MFA Gaps
| User | Type | Reason | Action |
|---|---|---|---|
| ext.contractor.01 | Contractor | Awaiting hardware token | Expedite |
| svc.legacy.scanner | Service | Legacy app (no modern auth) | Migration planned |
Conditional Access Policies
| Policy | Scope | Status |
|---|---|---|
| Require MFA for all users | All users | Enforced |
| Block legacy authentication | All users | Enforced |
| Require compliant device | All users | Enforced |
| Block high-risk sign-ins | All users | Enforced |
| Require app protection | Mobile | Enforced |
| Named location restrictions | Admins | Enforced |
Email Security per Domain
| Domain | SPF | DKIM | DMARC |
|---|---|---|---|
| meridiandefence.com.au | -all | Signed | reject |
| meridian-ds.com.au | -all | Signed | reject |
| mds-projects.com.au | -all | Signed | quarantine |
| meridiandefence.io | -all | Signed | reject |
Forwarding Rules Audit
No External Forwarding Rules Detected
All 180 mailboxes were scanned for inbox rules that forward externally. Zero external forwarding rules found. Transport rules are configured to block automatic external forwarding.
Defender for Endpoint Health
| Component | Healthy | Warning | Error | Rate |
|---|---|---|---|---|
| Sensor Health | 176 | 3 | 1 | 97.8% |
| Antivirus Signatures | 178 | 2 | 0 | 98.9% |
| Tamper Protection | 180 | 0 | 0 | 100% |
| Network Protection | 174 | 4 | 2 | 96.7% |
| Attack Surface Reduction | 168 | 12 | 0 | 93.3% |
08
Appendices
A. Methodology
This report is compiled from automated data collection across the Meridian Defence Systems managed security stack. All metrics are sourced directly from vendor APIs and verified by Netier Security Operations analysts. The reporting period covers 1–28 February 2026.
| Data Source | Collection Method | Frequency |
|---|---|---|
| Sophos Central | API — Events, Alerts, Endpoints | Real-time + daily aggregation |
| Microsoft Defender for Endpoint | API — Machine actions, alerts | Real-time + daily aggregation |
| Microsoft Intune | Graph API — Device compliance | Every 4 hours |
| Microsoft Secure Score | Graph API — Security assessment | Daily |
| ThreatLocker | API — Approvals, denials, elevation | Every 6 hours |
| NinjaOne RMM | API — Patch status, agent health | Every 4 hours |
| Vulnerability Scanner | Authenticated scans (Nessus) | Weekly + on-demand |
B. Glossary
| Term | Definition |
|---|---|
| MDR | Managed Detection and Response — 24/7 threat monitoring and incident response service |
| E8 | Essential Eight — ACSC-recommended baseline mitigation strategies for cyber security |
| DISP | Defence Industry Security Program — Australian Government program for defence contractors |
| CA Policy | Conditional Access — Azure AD policy that enforces access controls based on conditions |
| MFA | Multi-Factor Authentication — requiring two or more verification factors |
| CVSS | Common Vulnerability Scoring System — industry standard for rating vulnerability severity |
| RMM | Remote Monitoring and Management — tool for remote device administration |
| BEC | Business Email Compromise — targeted email fraud impersonating trusted parties |
C. Distribution
| Recipient | Role | Access Level |
|---|---|---|
| David Harrington | CEO, Meridian Defence Systems | Full report |
| Sarah Chen | CTO, Meridian Defence Systems | Full report |
| Mark Taylor | IT Manager, Meridian Defence Systems | Full report |
| Tom Houston | Account Manager, Netier | Full report |
| DISP Security Officer | FSO, Meridian Defence Systems | Executive summary |