TelcoNews Australia - Telecommunications news for ICT decision-makers
Australia
Flux result 89b895f6 2142 4f0a 96ba c21758ac4373
#
Cloud Security
#
IoT Security
#
Advanced Persistent Threat Protection

Orro launches AI CTEM service for Australian firms

Wed, 15th Apr 2026
Author image
By Sean Mitchell, Publisher

Orro has launched a Continuous Threat Exposure Management service for Australian organisations, aimed at improving vulnerability management.

The managed service is designed to help security teams identify which exposures need urgent attention by weighing risk and threat information instead of relying solely on vulnerability scores. It uses an artificial intelligence-based platform to combine data from more than 100 security tools and apply business context to that information.

The launch comes as Australian organisations face a growing volume of cyber incidents and vulnerability alerts. Figures cited by Orro show the Australian Signals Directorate's Australian Cyber Security Centre notified organisations of potentially malicious cyber activity more than 1,700 times in FY2024-25, while attacks on critical infrastructure rose 111% over the same period.

Those pressures have exposed weaknesses in conventional vulnerability management, where security teams can be left with thousands of alerts marked high or critical but little guidance on which issues pose the greatest operational risk. Orro says the problem is compounded by shadow IT, cloud blind spots, fragmented tooling, and disputes between security and operations teams over remediation priorities.

Daniel Greengarten, Chief Executive Officer of Orro, said the new service is intended to address that gap.

"Australian security teams are working harder than ever, but many still can't answer basic questions their boards are asking, including 'are we safer than last quarter?' and 'what are our most critical exposures?'

That is why we've launched our CTEM service. It represents a fundamental shift from asking 'what's broken?' to asking 'what actually threatens our business?' For organisations drowning in vulnerability data but starving for clarity, this changes everything," Greengarten said.

Risk context

Orro says the service takes a context-led approach to prioritisation by assessing an asset's business importance, its position on the network, and whether threat intelligence suggests it is likely to be exploited. The service covers both corporate IT and operational technology environments, which are often managed separately but can both be relevant to critical infrastructure operators.

That differs from traditional approaches based largely on generic severity ratings such as CVSS scores, which can elevate large numbers of issues without considering whether a specific weakness is likely to affect core business systems. Orro argues this leaves teams trying to patch everything, even when resources and operational constraints make that impractical.

Manuel Salazar, Director of Cyber Services at Orro, said many businesses are struggling with that workload.

"We see this challenge every day across Australian businesses, where security teams receive thousands of high and critical vulnerabilities demanding immediate attention. Traditional vulnerability management says to patch everything, but that's operationally impossible.

CTEM provides the context that's been missing. Instead of relying only on CVSS scores, we factor in where the asset sits, its importance to the business, whether attack paths are exploitable, and whether existing controls are working. This approach ensures that a CVSS 9.8 vulnerability on an isolated test server is appropriately deprioritised, while a CVSS 6.5 vulnerability on your internet-facing customer portal, critical to business operations, moves to the top," Salazar said.

Market pressure

The economic impact of cyber incidents is also rising. Orro pointed to IBM data showing the average Australian data breach now costs AUD $4.26 million, up 27% since 2020. It also cited Rapid7 research stating that exploited high and critical vulnerabilities more than doubled in a year and that the median time between disclosure and active exploitation had fallen to five days.

That shorter window has increased pressure on security teams to assess and respond more quickly, particularly in sectors with large estates of legacy systems, cloud services, and internet-facing assets. For critical infrastructure operators, the challenge is intensified by reporting and risk management obligations under Australia's security framework.

Orro said the service is built on the Rapid7 Command platform and managed through its National Cyber Defence Centre. It positioned the service as a way to produce evidence-based risk assessments that can be used by both operational teams and boards.

The launch also follows Orro being named Rapid7's APJ Partner of the Year for 2026, an award from the cybersecurity vendor whose platform underpins the service. The new offering is available now to Australian organisations.

Related stories
Rue Gilt Groupe plugs Riskified into Zendesk to curb fraud
Siemens launches DC protection kit for data centres
Colt completes SAP cloud ERP migration across 40 countries
VQ adds advanced conferencing controls in version 4.8
Tenable launches OT discovery tool for exposure management

Top stories

HiDock launches P1 AI voice recorder with HiNotes 3.0
Equinix launches Fabric Intelligence for AI networks
UK among cheaper markets in global broadband price league
Jabra launches Evolve3 headsets & room kit in Singapore
Twilio launches embeddable Flex contact centre for apps