Orange Cyberdefense and watchTowr partnership in APAC explained

Philip Lee, Head of Orange Cyberdefense APAC and Elvina Liow, Vice President, watchTowr APAC discuss their partnership in helping organizations make the most of threat intelligence.

Orange Cyberdefense, which is part of Orange Group’s cybersecurity business provides consulting, solutions and services to organizations around the globe including the Asia Pacific region. Among the services offered by Orange Cyberdefense includes managed services, incident response, cloud security, endpoint security, threat intelligence, managed detection and response and more.

According to Philip Lee, Head of Orange Cyberdefense APAC, the region has a very unique approach and understanding when it comes to cybersecurity as businesses in each country have its own problems.

“One of the common things that we find when we talk to a lot of different customers across the region, is that we buy all kinds of security controls and all the cloud platforms and yet we also get breached in certain areas, be it ransomware or phishing attacks. So a lot of concerns were raised about how good security controls are and customers are now looking if their existing security control is adequate enough to protect their data today, as all emerging threats are targeted at the data,” Lee said.

This notion on how businesses should protect data is what keeps Orange Cybersecurity busy because they provide consultancy on data protection and look at where and how companies keep their data.

“Is their data classification right for today, especially for AI? How are they going to classify data in the context of AI and also those produced data as well? We look into customers' infrastructures as well as the controls, and match that against the industry best practices. We also partnered with watchTowr to look at an external attack point of view to see how secure an environment is and how companies can protect internal data. So now we are helping them to look at the external attack surface plus the internal, and how to control within the infrastructures to protect the data,” Lee explained.

On top of that, Lee said that Orange Cyberdefense also equips customers in terms of crisis management, especially on how do they respond should there be an attack. Lee also pointed out that while they partner with watchtower on the external attack surface, Orange Cyberdefense also has partnership other cybersecurity vendors.

Orange Cyberdefense and watchTowr

For Elvina Liow, Vice President, watchTowr APAC, while they have a great partnership with Orange Cyberdefense in the region, they are looking to push the partnership globally as well.

“From watchTowr’s perspective, we bring across a very unique proposition to Orange business clients through our Pre-emptive Exposure Management Platform. It combines our industry-leading external attack surface management platform with our proactive threat intelligence to get ahead. We essentially allow clients to know what attackers are doing right now, at this moment out there and does that actually affect them. It's not just giving them more information, more data, more toolset, but really bringing them the real answer,” Liow said.

Liow also pointed out that the partnership with Orange Cyberdefense is strong because Orange brings across the vulnerability insights, the advisory piece and a very comprehensive layer of managed services. She believes by working together, it's a really great joint offering that they have seen across the region.

“We have had multiple successes within the region itself including Singapore and Australia. We have had great success with a lot of enterprise critical infrastructure clients. These are the clients that really know that they are being targeted by the top-tier adversaries. They know that they need to be aware of what's coming in. Our ethos is we hope that they can understand their exposure in time and prevent breaches from happening and basically stay in business. We want them to be able to operate in itself. That's how we have been working, and it's been a great collaboration with the entire Orange Cyberdefense team,” Liow commented.

Trusting the brand

As businesses look to increase their cybersecurity protection, they also want to reduce cost, the risks involved and the exposure. For Lee, it’s a sweet spot for Orange Cyberdefense because they have married all three of those requirements into one to meet customer requirements.

Interestingly, Lee pointed out that some customers are still confused, especially when it comes to consolidation of cybersecurity solutions. He said that new customers have a bit of uncertainty on some of the products provided because they are used to traditional technologies in cybersecurity.

“Because it's not about the product, it's about trust. Are they trusting us enough to deliver? And then we've got another set of customers that belong with us. When we introduce products like the Sequoia, SimAR, and the Pairplug, they embrace that kind of technology. Because they not only trust on the brand, but they trust Orange as a brand that can help them to overcome. Should there be any issue, Orange is the one that funds all the so-called challenges that they face. Be it in all technology or even in the term of support or many services,” Lee said.

The threat landscape and AI

“If you think back about four to five years ago, when we're talking about preventing attacks, most of the time the number one attack factor was phishing. It seems to be always there when we look into news and stuff. It has really changed very considerably. Nowadays, attackers are more creative. They are finding more ways, more points of entries. For example, just exploitation into software vulnerabilities, exposed internet systems and things like that. And in certain cases, attackers have also realized they sometimes don't even need to do that. It can be even easier as they can just procure from the dark web, compromise cracks, log in, deploy ransomware. It's really fast now.” Liow said.

“The other thing is that attackers are now also really fast. And that's the challenge that organizations and customers are facing today, which is a race against time. I think if you think about a few years ago when new vulnerabilities, scary ones appear, organizations sometimes have about a few weeks to respond just because attackers need that time to effectively weaponize it,” Liow added.

But today, Liow highlighted that the timeline from the point of announcement all the way to in the wild mass exploitation, when it's being widely used, is about four to five hours.

“We always talk to customers, if something drops today at eight, by lunchtime it might be widespread. And most organizations have the problem because they are not prepared for that speed. They are not aware of that,” Liow added.

At Watchtower, Liow explained that from an AI perspective, they are able to put it within their practice threat intelligence, where they are able to continuously look in real time in the market right now and find out what are the techniques, what are the latest vials that attackers are using.

“Maybe it's still not disclosed, zero-day kind of stuff. Are they deploying backdoors into systems and stuff like this? And then using that within minutes, utilizing that AI pipeline to then say, okay, are my clients affected? And giving them that answer, not the next day, not two weeks later, but within minutes. In some cases, because of AI, we have always averaged our timeline between two to three hours, which was quite fast. But right now with AI, we are streamlining it to, in some cases, seven minutes. We're able to tell customers that,” she said.

This is also why Liow believes it's important to work with partners like Orange Cyberdefense who can offer that layer, whether it's in advisory, remediation, making sense of it or actioning. Partners like these are sometimes already entrenched within the customer and are able to sort of deliver that as well.

“We try to do our best to let them know exactly where it is with that pinpoint accuracy that they know what they have to drop in order to action it right now,” Liow concluded.

Meanwhile, Lee pointed out that unfortunately most customers are not sure of what to do in scenarios like this. While customers like banks to react faster when issues are highlighted to them, most other organizations don’t.

“For banks, when you pinpoint certain challenges within the findings, normally banks are quite easy to react because that is important for them. If not, anything that compromise, they need to report to regulators. In fact, it's more about managing their reputation unlike companies who are little bit less mature. We do still advise them what to do as a preventive because when you find a lot of exploits within the OEMs, it takes weeks to come up,” said Lee.

“Normally, we advise that we build signatures to do detections. If not, we remove the cover. Because from a watchTowr report, they will say that which are the ports. We see that it's being opened and what kind of technology is being exposed. Then we can help them to narrow down as a quick win. And on top of that, we put in the monitoring on the IPS, IDS to do that kind of filtering. And from the SOC side, because we also manage the SOC, so we build custom detection rules so that we just basically monitor for that period of time,” Lee concluded.