ActiveWatch is a groundbreaking solution newly launched by Orange Cyberdefense, a global leader in cybersecurity services. It merges continuous attack surface discovery and penetration testing of internet-facing systems and applications to deliver only qualified, high-risk alerts on exploitable vulnerabilities that could compromise an organisation.
Leon Jacobs, Orange Cyberdefense CTO.
Security, infrastructure, and cloud teams are consistently under pressure to manage an ever-growing, ever-changing attack surface as IT environments become more complex and distributed.
Vulnerability scanning offers comprehensive surfacing of any potential issues in an environment without always having a realistic risk or security implication attached to it. Penetration testing, although a highly effective and targeted exercise, is costly and therefore does not scale readily.
The only way to perform continuous ‘pentesting’ cost-effectively, is with the ability to monitor and analyse the attack surface continuously to prioritise risk mitigation.
Integrating scanning and penetration testing
ActiveWatch eliminates this compromise between scanning and pentesting by integrating both methodologies, to ensure continuous attack surface monitoring.
"ActiveWatch bridges the gap by employing a suite of scanners – both open source and customised – in an effective workflow which detects early signals and indicators that seasoned hackers recognise as precursors to deeper vulnerabilities," says Leon Jacobs, Orange Cyberdefense CTO.
"On detecting these signals, our expert team conducts manual verification and investigation, avoiding false positives and delivering high-quality alerts."
By combining advanced automated scanning with the expertise of seasoned penetration testers, ActiveWatch ensures organisations receive appropriate, actionable alerts with zero false positives and closes critical security gaps that leave them vulnerable to attackers.
ActiveWatch delivers structured, high-quality vulnerability assessments conducted by trained professionals. Each identified signal undergoes thorough analysis, to ensure organisations receive only validated, relevant alerts.
"If you hear from us, it's likely that we've discovered a seriously dangerous vulnerability or attack path that needs urgent remediation," Jacobs says.
Key differentiators
- Continuous reconnaissance mode – Ongoing monitoring and discovery of external attack surfaces, spotting obscure risks that might otherwise be missed, including those exposed by shadow IT.
- Laser-focused alerts – Unlike conventional scanners that generate floods of information, ActiveWatch prioritises real, hacker-validated threats, ensuring security teams focus on effective risk mitigation.
- Human intelligence + smart technology – Ethical hackers use multiple scanning sources and workflows to analyse findings, delivering demonstrable, and reproducible reports.
- The crowd effect – The more scanning data at hand, the more one can correlate across multiple clients, providing compounding security benefits.
- Constant evolution – ActiveWatch detection capabilities are based on new research from the industry and Orange Cyberdefense, plus penetration testing insights from traditional engagements, which enable adaptation to growing threats.
Market validation and timing
The need for continuous and proactive monitoring remains ever-present. The Forrester Wave: Attack Surface Management Solutions, Q3 2024 report [1] underscores the importance of comprehensive attack surface visibility for effective exposure management. It highlights that organisations need to combine internal and external asset visibility to strengthen their cybersecurity strategy, as well as continuous penetration testing of any identified attack surface.
Simple setup, maximum impact
Setting up ActiveWatch is simple and flexible. Organisations provide an inventory of their internet-facing infrastructure, including domains, hostnames, IP addresses, and brand-related information – anything an external attacker would find interesting.
Operationally, no access needs to be provisioned, nor do any agents need to be installed. This makes the solution especially lightweight and ‘low-effort for clients to activate. ActiveWatch takes the perspective of a motivated external attacker.
Importantly, ActiveWatch does not charge per-host or per-application, encouraging broad-based attack surface management while remaining cost-effective and scalable. Once initial test scans confirm stability, continuous monitoring begins, allowing ActiveWatch to adapt dynamically to evolving threats.
"ActiveWatch is designed to evolve with an organisation. Its flexible workflow continuously maps and monitors the external attack surface, and the Orange Cyberdefense SensePost Team constantly updates detection capabilities based on real-world threats. This means organisations are addressing today's security challenges and are prepared for future threats," Jacobs concludes.
Reference
[1] https://www.forrester.com/blogs/announcing-the-forrester-wave-attack-surface-management-solutions-q3-2024
For more information visit: https://www.orangecyberdefense.com/za/
