This article first appeared in Digital Edge, The Edge Malaysia Weekly on October 14, 2024 - October 20, 2024

Rapid digitalisation has accelerated internet penetration, e-commerce growth and improved access to services. But it also has resulted in a surge in cyberattacks.

A worrying statistic is that Malaysia experienced the highest number of cyberattacks in Southeast Asia over the past year, according to Palo Alto Networks. A third of Malaysian organisations encountered a shocking 50% or more increase in cybersecurity incidents during that period.

“Cyberattacks are becoming increasingly sophisticated. Insider threats, whether from malicious employees or negligent ones, pose a significant risk as they can bypass external security measures,” says Gerald Daniel, CEO of Fajar Defence Sdn Bhd.

To address these concerns, Fajar Defence, which specialises in blockchain analysis and cybersecurity solutions, has introduced Cydexa, a homegrown managed detection and response (MDR) solution. It uses a proactive approach, providing round-the-clock monitoring and threat hunting.

Traditionally, reactive security measures are employed after an incident has occurred, says Gerald. These measures focus on aspects such as responding to the incident, analysing the breach and fixing vulnerabilities that may have been exposed during an attack.

However, such reactive measures are akin to putting out a fire as the issues are addressed only after the damage has been done, he points out. This results in significant downtime, data loss and financial damage.

On the other hand, proactive measures are aimed at preventing threats. For instance, threat intelligence actively searches for potential threats that have not yet triggered any alarms. This is done by analysing patterns or behaviours that indicate possible malicious activity, explains Gerald.

He adds that these processes are automated, meaning that the system is able to detect and respond to the threat when an incident occurs. The affected system is then quickly isolated to prevent the spread of the malware or other malicious activities.

Essentially, Fajar Defence’s MDR solution protects organisations from cyber threats with proactive threat detection, automated responses, continuous monitoring and incident responses.

“Sometimes, malware won’t be activated immediately. It will sit in your network for one or two years. When it has gathered enough information, it will pull the attack. In order to prevent all these things, this is where Cydexa comes in. When there is a malicious attack, it will respond to it. That is what you call manage, detect and respond,” explains Gerald.

“The moment it detects, it remediates. It does an investigation and [responds] to the threat immediately. We have over 2,000 playbooks in Cydexa that will determine how to do the triage. It is programmed to do so and it is all automated. It will take steps to do what needs to be done.

“If it cannot be done, it will raise a ticket to us. And our security engineer will come in, investigate [the threat] and get it [fixed].”

Cydexa is developed on Fajar Defence’s openXDR network, which is vendor agnostic. This allows it to integrate with any technology vendor that has application programming interfaces, says Gerald. This is a critical component that reduces the dwell time on threats and improves response rates.

As cryptocurrencies gain mainstream acceptance, with more users and funds entering the space, there is an increasing amount of illicit activity. These include fraudulent investment schemes, phishing attacks, pump and dump schemes and fake cryptocurrency exchanges.

Victims of these activities inevitably suffer financial loss and emotional distress. As such, advanced technological tools and highly skilled investigators are essential in combating these sophisticated schemes.

However, the current landscape for blockchain investigation lacks efficient tools for continuous training and skills enhancement, says Gerald.

“Crypto investigators face ever-evolving challenges as crypto crime is [happening against a backdrop of] rapid evolution of cryptocurrency and Web3 applications. As such, we must relate to them with an adequate proficiency level and provide them with the knowledge and tools that will enable them to keep up and even stay ahead of the bad actors,” he stresses.

“In that sense, crypto investigators are similar to other professionals like pilots, who must continuously be trained and are also required to maintain their professional competence in order to serve.”

To tackle the shortage of skilled professionals, Fajar Defence developed the Operational Simulator for Blockchain Investigators. The immersive training platform offers a range of investigative scenarios that cover areas such as terror financing, fraud, tax evasion and market manipulation, and can be utilised by law enforcement agencies and regulators.

The simulator helps investigators to recognise patterns and indicators of fraudulent activity as well as to collect and analyse digital evidence to build strong cases against criminals, says Gerald.

In addition, it guides investigators in their collaborations with international agencies, as cryptocurrency scams often occur across borders, requiring collaboration between law enforcement agencies worldwide.

“These scenarios are all inspired by real-life cases and have been transformed into immersive training sessions. For instance, we dissect famous global fraud cases or known terror financing campaigns. [This allows] users to delve into the intricacies of these investigations. The training sessions cater to crypto investigators at all levels of expertise, enabling them to operate as if they were part of the actual investigation team, even for cases that may be far outside their local jurisdiction,” he adds.

Cybercrime knows no borders. To combat this, Asean countries will need to collaborate with international partners to curb cybersecurity breaches, says Gerald. Towards this end, Fajar Defence is partnering with Cynclair Co Ltd to pool their expertise, resources and technologies to serve businesses and organisations struggling to cope with the evolving cyberthreat landscape in the region.

Cydexa leverages Cynclair’s threat intelligence platform to develop threat hunting playbooks, with each hunt tailored to specific scenarios. “We proactively trigger such hunts automatically within the customers’ environment to ensure that threats, if any, are detected and remediated immediately. The platform also allows us to set parameters that will extend the reach and frequency of each hunt,” says Gerald.

The two companies are also establishing an innovation hub that will focus on tackling emerging cyber threats, augmenting threat intelligence capabilities and exploring avenues to attain cybersecurity resilience.

“Our vision for the innovation hub is to cultivate talent in Malaysia and the region, where we will work with influential partners like Cybersecurity Malaysia to widen the reach of the hub. [This is to] also bring our skills to universities and tertiary education [institutions] to provide a launchpad for aspiring cyber practitioners in their careers and also to incubate their ideas, solutions and intellectual property,” he says.

Malaysia should not be dependent on foreign technology when it comes to cybersecurity, says Gerald, as relying solely on foreign products can expose organisations to vulnerabilities and risks.

Homegrown solutions, on the other hand, offer greater control over data and security practices. This is because local companies can better tailor solutions to meet the demands of the domestic market while creating jobs and stimulating the economy. And by investing in homegrown cybersecurity solutions, Malaysia can strengthen its digital resilience and protect its critical infrastructure, he asserts.

Gerald says Fajar Defence will continue to develop artificial intelligence and machine learning capabilities to improve its detection capabilities, improve the efficiency of data correlation and enhance its automation functionalities.

Save by subscribing to us for your print and/or digital copy.

P/S: The Edge is also available on Apple's App Store and Android's Google Play.