Singapore security firm looks to differentiate with physical, cyber offerings

e-Cop changes name to Quann in a corporate rebranding that includes plans to grow its revenue four-fold by 2020, as it bets on its "pureplay" ability to provide both physical and cyber security products.
Written by Eileen Yu, Senior Contributing Editor

e-Cop has relaunched with a new brand name and hopes of capturing more market share, by touting itself as one of few vendors that offer both physical and cyber security products.

Renamed Quann, the Singapore home-grown security vendor also unveiled plans to grow its revenue four-fold over the next four years, with plans to expand into international markets and new security domains.

Speaking to local media the relaunch Monday, Quann's managing director Foo Siang Tse said the company was the only market player which portfolio included both physical and cyber security products and services. Its parent company, Certis Cisco, is one of a handful approved to provide armed security officers to government and commercial organisations in Singapore, and also operates document storage facilities as well as installs home and building monitoring systems. It is owned by state-run investment company, Temasek Holdings.

With the rebranding, Quann would be looking to broaden its portfolio beyond prevent and detection as well as expand its footprint into international markets. The company currently operates more than 10 security operations centres (SOCs) with disaster recovery capabilities across the region, including Singapore, India, Thailand, Malaysia, Hong Kong, and Japan.

Its growth plans would focus on expanding its SOC footprint into other regions such as North America, Oceania, and Europe, as well as its offerings in various key security segments such as analytics and remediation and industrial operations. Such efforts would include bolstering its SOC capabilities by melding physical security monitoring, so its customers would be able to centrally mange their physical and digital assets.

Traditional SOCs looked at monitoring as a core service, Foo said, but noted that gaining deeper security intelligence would enable such facilities to correlate events more effectively and provide actionable intel.

He said Quann would offer such services by expanding its SOC footprint and, hence, coverage as well as through industry partnerships including FireEye, Kaspersky, Cisco Systems, Palo Alto, Trend Micro, Intel, and Websense. He added that such alliances would enable the company to provide a range of security services including network, data, applications, cloud, and critical infrastructure.

Asked to elaborate on its SOC expansion plans, Foo told ZDNet that this would depend on the market's maturity and data residency requirements. For instance, a local monitoring facility might be required in a market where government regulations prohibit certain data from being stored or transferred beyond local shores.

Hence, the company might consider establishing joint ventures or setting up wholly-owned subsidiaries in some international markets, he explained.

Given the company's close association with the public sector, as well as an executive team comprising several former government officials including from the Ministry of Home Affairs and Singapore Armed Forces, ZDNet asked if Quann would be aiming to make deeper inroads into this vertical.

Foo, however, would not provide details on whether it was bidding for government tenders such as those involving the country's smart nation plans or recently announced satellite-based electronic road pricing system. He also declined to comment on any potential collaboration with government-owned businesses such as security company, Assurity.

He noted, though, that Quann was currently operating the government's cyber watch centre, which was set up in 2007 to provide round-the-clock monitoring of the government's IT systems and networks.

He added that as societies and nations became more connected, systems would inevitably become more vulnerable. This meant all governments would need to ensure any new rollouts, including smart city or nation implementations, kept pace with cybersecurity developments, he said.

Addressing security requirements in operational technology

At the relaunch, Quann also roped in new partners Palo Alto Networks and Team8 Industrial, as well as signed MOUs with the National University of Singapore and Singapore Management University, forming a five-year partnership to jointly develop cybersecurity skills and training modules for students and security professionals.

Stressing the growing need to provide relevant security tools for operational technology (OT), Team8's vice president of sales Colin Blou said 37 percent of S&P500 companies depended on such systems. Gartner defines OT as hardware and software that detect or trigger a change through direct monitoring or control of physical devices and processes within an organisation.

With the emergence of Internet of Things (IoT) and increasing interconnectivity, Blou said the ills and malware associated with the enterprise realm were now becoming part of the industrial world, which encompassed critical infrastructures such as water, power, chemical, and transport.

Industrial systems were inherently insecure by design due primarily to legacy architectures and unfamiliarity with the enterprise environment, he told ZDNet. Security patches, for instance, were deployed less regularly because these would require more intensive tests since one wrong patch could bring down a nation's critical infrastructure. This meant security vulnerabilities could remain unresolved and result in a longer time between detection and remediation.

OT also would typically be static and predictive, while enterprise IT was more dynamic and fast-evolving, he noted. As such, industrial systems required security tools that addressed requirements specific to OT as well as encompassed enterprise security capabilities.

Blou added that a transport network that also tracked the location of motor vehicles, for instance, should ensure all data communication points were adequately secured since the integration between the physical world--such as cars--and cyber meant a security breach might potentially impact any component within the network.

This meant all perimeters and access points including the control centre, from which data might be exchanged with motor vehicles, and the vehicles themselves would need to be properly safeguarded, he explained. Because even firmware or software upgrades, that might be required on the tracking unit sitting inside the vehicle, could potentially introduce a virus or malware, remediation guidelines also should be established for such incidents.

Editorial standards