New Organizational Structure and R&D To Be the Focus for Orange CyberDefense (OCD)

The regional dynamics of the cybersecurity market

The cyber threat landscape is evolving, and the potential danger and volume of incidents continue to rise. Europe has been no stranger to this phenomenon, witnessing a variety of attacks, such as denial of service, malware, data breach incidents (as an outcome of the E.U.’s General Data Protection Regulation or GDPR), mail and phishing attacks, ransomware and state-sponsored attacks, to name a few. Exacerbating these threats has been a 78 percent increase in supply chain attacks and a lack of skilled cyber expertise. The region has witnessed few cyber regulations and frameworks that would help put an apparatus in place to counter the cyber threats. In the last few months, the European Council adopted a Cybersecurity Act and established a framework that allows the E.U. to impose restrictive measures to deter and respond to cyber attacks.

The complex nature of cyber security today has led to an evolution of enterprise needs, transforming cybersecurity from a siloed approach, comprising of hardware security, identity protection, integration and managed devices, to an “all encompassing” one, including consulting and audit services. Trust, context and proximity are dominant regional security requirements and must be considered when it comes to scaling security for an enterprise.

At the Analyst Day at Orange Gardens in Paris in July 2019, Orange Business Services (Orange) showcased its offerings ranging from cloud/IT to OT security and vertical know-how across the manufacturing and oil and gas industries. The company extended this roadmap further at the Cybersecurity Analyst Day in November 2019, where it highlighted its vision for cybersecurity through Orange Cyberdefense (OCD).

Security at Orange

Hugues Foulon, Executive Director of Strategy and Cybersecurity at Orange Group, emphasized the importance of security and its value as a fundamental building block of Orange’s business, which includes 266 million customers worldwide and more than 450,000 kilometers of submarine network cable. The company is in “scale up” mode as it works to integrate acquired companies SecureData and SecureLink with OCD to enable growth and propel it toward a 360-degree security-focused entity in the coming years. Each of these companies brings a unique value proposition to the combined OCD entity, equipping it with depth, presence, talent and scale across geographies.

SecureData has 200 people in the U.K. and the U.S. and offers turnkey managed security services (MSS), research and training expertise. SecureLink has over 600 people in seven European countries and China and offers extensive mid-market coverage. OCD has 1,300 people with hubs and Security Operations Centers (SOCs) in Europe, APAC, Africa and the U.S. The company has what it calls “operator DNA,” with a Computer Emergency Response Team (CERT) dedicated to incident response and monitoring and end-to-end security, pureplay or embedded services for multi-national companies (MNCs). Its key customers include an insurance firm in Africa and a retail giant in Europe, among others.

As a result, OCD is well positioned to address the security needs of very large MNCs, large national businesses and mid-market organizations. For the large MNCs, OCD offers embedded security with Orange at scale, standardized with managed security services (MSS) and managed detection and response (MDR); it also offers bespoke MSS and MDR, leveraging 16 SOCs, 10 cyber security operations centers. For mid-market clients, it offers a local portfolio of MSS and MDR standardized offerings.

Capabilities and Services

OCD aims to be a leading European security service provider. The company has 24x7 operations in 19 locations (mainly in Europe), 10 CyberSOCs, 16 SOCs, 4 CERTs and sales and services in 160 countries. The company’s SOC / CyberSOCs are present in Norway, Sweden, Denmark, Netherlands, Belgium, U.K., Canada, U.S., Morocco, Egypt, India, Mauritius, Malaysia, South Africa, Poland, Germany, China and France.

OCD’s leading service areas include: cloud security for multi-cloud environments, managed security services, managed threat defense, network security, internet of things (IoT) and industrial IoT (IIoT) with more than 100 OT / IIoT experts and industrial alliances for co-innovation with Airbus, Total, Sanofi. Its services cover asset discovery, mapping of the operational technology (OT) environment, advisory services and networks.

OCD takes a structured approach that includes detecting an offensive action, understanding the attack surface and prioritizing the impact of vulnerabilities across the various IT functions of an organization. It uses visually rich reporting interfaces. Enterprise customers are seeking holistic security services in place of siloed offerings from providers, and Orange’s cybersecurity services place it among the larger security services providers handling complexity, scale and expertise.

Research and Innovation

Threat research is in Orange’s DNA. The organization has 40 dedicated R&D and threat protection experts. It has published 35 papers and more than two thousand unique threat intelligence entries. The organization assimilates information from various sources, including open source intelligence, vendor advisories, vulnerability research, honeypots and in-house CERT, and feeds it into its proprietary security intelligence platform to triage, quantify and analyze the information and to make recommendations. The organization is looking to leverage insights from this proprietary security intelligence platform for its MDR, MSS, threat advisories, R&D and Cyberfactory services.

Proprietary assets

Cortex is Orange’s co-relation engine for automated advance malware analysis and mobile sandbox and is the company’s unique proprietary asset being leveraged to offer value and differentiation to its customers. Insights from Cortex are gathered in a threat intelligence datalake and used by other assets. Moving forward, the company aims to consolidate its research and innovation capabilities and build an R&D community, a combined security intelligence unit that will undertake joint research and publications.

The way forward

Orange Cyberdefense’s CEO Michel Van den Berghe said that OCD will focus on branding beginning with SecureData and SecureLink integration by early 2020 and streamline MDR and MSS practices. The company also will push its presence in the mid-market space with a focus on expertise pooling and cross selling security to connectivity, cloud and unified communication and collaboration (UCC) customers. In addition, it has plans to grow the base of 200 ethical hackers in France, Netherlands and South Africa and boost its cloud and OT/IIoT security business. It will focus on MDR through security orchestration, automation and response (SOAR) and integrating threat intelligence into the MSS, MDR and proprietary assets such as Cortex. The next couple of years will be critical for OCD to establish itself as a security leader in Europe – a move that will largely depend on the seamless integration of capabilities and offerings of SecureData, SecureLink and the crystallization of a unified cybersecurity organization.

About the author

Kartik Subramaniam has joined ISG as the Lead Analyst for Application Development and Maintenance (ADM). Within ADM he covers application development, deployment, modernization, optimization, maintenance, digital transformation, managed services along with tracking the larger ecosystem of ADM service providers and partners. He brings in close to 10 years of experience in primary as well as Secondary Research, Advisory and Consulting experience from leading IT companies such as Accenture, IBM, IDC and TNS.