Closing the gap between public-private cybersecurity partnerships
The first regional security operations centre (RSOC) that this region will see, is based out of Malaysia and operated by Vigilant Asia, a subsidiary of Efficient E-solutions Berhad (Efficient).
The launch of Vigilant Asia last month, was officiated by Deputy Minister MOSTI, the CEO of CSM and 300 delegates from six ASEAN countries including Director Generals of Computer Emergency Response Teams, or CERTS, from Laos, Cambodia, Vietnam, and Chairman of Indonesian Incident Response Division.
With so many countries looking to be involved in the RSOC, who are the parties responsible for setting it up?
Efficient is a business process outsourcing (BPO) company with a focus on document management, but two years ago it had sold off its printing business and redirected a major part of its efforts into cybersecurity services, together with Kaapagam Technologies, a local information security product development, management and IT consulting company.
Vigilant Asia is the result of this collaboration, and it is a 24x7x365 managed security services provider (MSSP) which focuses upon but is not limited to, the Southeast Asia region.
It says a lot about the trend towards a digital economy, when Efficient which initially had plans to expand its financial statements printing business to other countries in collaboration with Singpost, had opted to divest of its printing business to Canon two years ago, and focus on securing the digital cyberspace instead.
Vigilant Asia CEO, Victor Cheah, who is also CEO of Efficient E-solutions, said, “Vigilant is the biggest project for Efficient, currently.”
Vigilant’s COO is Clement Arul, CEO of Kaapagam Technologies and two-time winner in a national Cybersecurity Professional of the Year award category. Notably in 2017, he won the title, the first time ever for a Malaysian, for an APAC-level award.
“This was also a pat on the back for what (Kaapagam) is doing here in Malaysia,” Clement said.
Focusing on local cybersecurity innovation
Kaapagam Technologies was formed in 2012 and created the first local web application firewall (WAF) called Valari, the year after.
Clement shared, “We are the only Malaysian WAF that is endorsed by Cybersecurity Malaysia (CSM) and that is Common-Criteria certified (by CSM).
CSM is a specialist agency under the Ministry of Science, Technology and Innovation, and it houses the Malaysian Common Criteria Certification Body (MyCB) which carries out the MyCC Scheme, a systematic process for evaluating and certifying the security functionality of ICT products against defined criteria or standards.
Created as a way to harmonise cybersecurity criteria produced by other countries, the CC is now also recognised as an ISO standard, or more specifically it is the ISO/IEC15408 (Information technology – security techniques – Evaluation criteria for IT security).
Clement explained why Kaapagam had built Valari, saying, “When security services become more expensive, it kills the adoptability of those services.”
With an annual license that is cheaper than that of their nearest competitor, Valari had driven adoptability of WAF across many universities, according to the COO.
Besides this, Kaapagam works closely with CSM, often sitting in working groups and weighing in on technical aspects of cybersecurity frameworks for the nation. The same also goes for training and certification schemes that CSM produces for the local industry.
“We are contributing to the entire ecosystem from a national perspective,” Clement commented.
Vigilant – platform for private-public partnership
Since late last year, Efficient has a 65-percent stake in Kaapagam. From thereon, Vigilant Asia, a managed security services provider (MSSP) was born, and a regional security operations centre is well on the way for Southeast Asia.
Cheah said, “With cloud services today, it doesn’t really matter where you are (monitoring cyberthreats from). Through Clement’s years of dealings in this space, he has met with people in the industry in Singapore who are interested in this.
“As a result of that, we have formed collaborations and have done Letters of Intents with three Singapore organisations to date, who are interested in this MSSP service in Singapore.”
Cheah also shared that these partners have been networking around the region, in countries like Laos, Cambodia, Vietnam, Indonesia, Myanmar.
This had set in motion the thinking that this MSSP service, shouldn’t just be a Malaysian outfit but that is should also cater for the ASEAN region.
After the launch of Vigilant Asia in early February, next in the pipeline are security assessments and security profiling projects.
“Clement is in discussions with these parties and taking a look at their respective infrastructures to try gauge how Vigilant can help add value,” said Cheah.
He added that Vigilant would also be able to conduct security monitoring services remotely from outside these countries, if required.
Vigilant Asia is shaping up to be a platform that pools resources from not just its own companies, but also cybersecurity resources from the private and public sectors, including tech companies like Microsoft and Trend Micro.
Threat intelligence – a better view
More significantly, threat intelligence that governments in this region collect, have never been shared with the industry before, taking the potential of this platform for private-public partnerships, to a whole new level.
Clement described, “A cyberattack starts in a country, but it also moves around. The idea is to plot how the attack is moving and serve the information back to its customers in the industry.
“Vigilant works with different parties to close the loop (between private and public sectors),” he said.