Pack analyst btn         PAC        
 
Home » Blog » New Realms of Cyber Defense: Key Takeaways from Orange Cyberdefense’s Analyst Day in London
Wolfgang Schwab

by Wolfgang Schwab

Eric Domage

by Eric Domage

2 December 2025

tagsTags
CTEM CTI Cybersecurity Orange Cyberdefense

New Realms of Cyber Defense: Key Takeaways from Orange Cyberdefense’s Analyst Day in London

At Orange Cyberdefense’s recent Analyst Day in London, which PAC attended, the company outlined a comprehensive vision for growth, differentiation, and closer collaboration with Orange Business and Orange’s telecom operations. Beyond showcasing products, the event focused on how Orange Cyberdefense aims to align intelligence, operations, and innovation, especially around CTEM (Continuous Threat Exposure Management) and CTI (Cyber Threat Intelligence), to reduce risk for its customers and build a more integrated ecosystem with partners.

What follows is a structured analysis of the main themes from the analyst day, examining their implications for Orange Cyberdefense itself, its customers and partners, and identifying areas where the strategy still reveals gaps and risks.

A demanding market backdrop

The London event was set against a challenging backdrop: geopolitical tensions, economic uncertainty, and a threat landscape that continues to evolve in complexity and frequency, rather than just in size. Regulations are becoming stricter, particularly in Europe, through frameworks such as NIS2 and sector-specific rules for critical infrastructure and financial services. Meanwhile, mid-market and smaller organizations are becoming key targets, despite many still lacking basic security maturity.

Within this environment, Orange Cyberdefense positions itself as a growth-focused company. It targets segments where regulation, complexity, and skills shortages naturally create high barriers to entry: critical infrastructure, large enterprises, and increasingly the extended supply chain of SMBs that support them. The company’s messaging emphasizes building strong, long-term positions rather than pursuing every opportunity, especially where security is essential.

For customers, this emphasis reinforces Orange Cyberdefense’s position as a partner that understands both the threat landscape and the regulatory environment in which it operates. For partners, it indicates that those working in regulated industries or offering complementary capabilities for OT, identity, cloud, or compliance are likely to find the most synergy.

Working as one with Orange Business and Orange Telco

Perhaps the most consistent and emphasized message throughout the day was that Orange Cyberdefense does not see itself as a standalone Managed Security Services Provider operating in isolation. Instead, it showcased a model explicitly based on close collaboration with Orange Business and Orange’s telecom operations.

Three layers of this model were repeatedly emphasized:

  • At its core, Orange Cyberdefense functions as a specialized MSSP: managing SOCs, delivering managed detection and response, CTEM, CTI, offensive security, and advisory services.
  • Additionally, co-designed solutions with Orange Business include SASE, secure cloud, secure digital workplace, OT/IoT security, and sector-specific offerings, combining consulting, integration, and managed services. The new offerings on Post Quantum and Quantum Key Distribution solutions are managed by Orange Business for network and asset considerations.
  • Supporting both through deep integration with Orange Telco: embedding security into connectivity, SD-WAN, SASE, and 5G services, and leveraging network data as a valuable source of telemetry and intelligence. Orange Cyberdefense will leverage Orange Group Telco positions in Europe to expand its reach into the SMB markets.

Concrete examples included joint initiatives around Micro-SOCs for SMBs, Trusted SASE delivered on trusted cloud infrastructure, AI security centers of excellence, and quantum-safe networking pilots. In all these cases, the message was that Orange Cyberdefense provides cybersecurity expertise, while Orange Business and Orange Telco contribute scale, infrastructure, and integration into customers’ broader digital transformation.

For Orange Cyberdefense, this model is highly strategic, offering access to a large installed base, extensive network data, and a strong brand presence in key markets. The main challenge is in execution. Working as “one Orange” requires aligned incentives, consistent go-to-market strategies, and seamless delivery across organizations that still maintain their own P&Ls and priorities.

For customers, the promise is appealing: fewer silos between connectivity, cloud, and security, along with a single partner capable of handling strategy, implementation, and operations. The risk is that Orange’s internal complexity leads to inconsistent experiences across countries, business units, or solution lines.

For partners, this integrated model can feel like a double-edged sword. On one hand, it opens opportunities for co-creation with a major European player. On the other hand, it emphasizes the central role of Orange’s own infrastructure and platforms, which might limit the options for some third-party providers.

Trust, sovereignty, and a uniquely European perspective

Another key theme was trust and digital sovereignty. Orange Cyberdefense aims to establish itself as a leader in a “trusted European digital space,” aligning with Europe’s political and regulatory landscape. The Analyst Day highlighted several points:

  • Data residency, control, and transparency in how security operations and cloud services are provided.
  • “Trusted” variants of cloud and SASE services, combining Orange infrastructure, Orange Cyberdefense security capabilities, and selected technology partners.
  • A more curated partner ecosystem with a clear goal to expand business with European vendors and include stronger obligations and transparency requirements in partner contracts.

This positioning aligns well with the concerns of European governments and regulated sectors regarding the reliance on non-European platforms and extraterritorial laws. It also supports Orange’s identity as a European incumbent with strong national roots.

For Orange Cyberdefense, this is a long-term advantage over global competitors whose focus is elsewhere. However, it also creates a responsibility to uphold very high standards within its internal processes, supply chain, and data management. Any gap between words and actions would quickly harm credibility.

For customers, the sovereignty narrative offers reassurance that they can meet regulatory and political expectations without compromising their capabilities. At the same time, many global enterprises will continue operating multi-cloud, multi-region architectures; Orange Cyberdefense must demonstrate that a sovereignty-first approach is compatible with this reality rather than insisting on a solely “European only” perspective.

For partners, especially European cybersecurity vendors, the message is positive: there is clear space and ambition for them within Orange Cyberdefense’s portfolio. Global partners remain important but will need to operate within clearer guidelines on data access, transparency, and contractual obligations.

Industrialising security for SMBs with Micro-SOCs

The event also highlighted the vulnerability of small and mid-sized businesses. Many lack structured security programs, formal incident response plans, or even consistent use of multi-factor authentication. Yet they are deeply embedded in the supply chains of larger companies and government agencies.

Orange Cyberdefense’s solution is the Micro-SOC model: a standardized, mostly remotely provided managed security service designed for SMBs, often bundled with connectivity or other Orange services. The idea is to centralize most capabilities, technology stack, analytics, automations, and playbooks, while maintaining close relationships with local markets through Orange’s national operations.

In practice, this involves industrialization, characterized by high levels of standardization, extensive use of automation and AI, and simple packaging that can be sold and supported by generalist sales forces. It aims to make security services as repeatable and scalable as telecom services.

For Orange Cyberdefense, this provides a way to access a large yet highly fragmented market segment and to enhance the security of entire ecosystems rather than just the biggest nodes. The challenge is balancing scale with quality: SMBs might accept less customization, but they will not tolerate poor responsiveness or unclear accountability when incidents happen.

For customers in this segment, the Micro-SOC approach makes professional security services more accessible and affordable. However, it also creates a strong reliance on a single provider for both connectivity and security, which can be problematic if they want to switch telco providers or incorporate niche security solutions.

For partners, particularly local IT service providers and resellers, the model offers a means to connect with a broader managed security platform. However, they need to adapt to Orange’s standardized service definitions, SLAs, and tools, which might feel limiting compared to solely local arrangements.

AI and Quantum: Preparing for Disruptive Technologies

Another significant factor was the simultaneous disruption caused by AI and quantum technologies.

On the AI side, Orange Cyberdefense discussed two main areas. First, securing customers’ use of AI by helping to define governance frameworks, threat models, and controls around generative AI, data leaks, model misuse, and regulatory compliance. Second, utilizing AI to enhance its own operations, especially in the SOC: summarizing incidents, pinpointing root causes, clustering alerts, and detecting weak signals that human analysts might overlook.

These capabilities are being integrated into the company’s core platform and analyst workflows. Reported efficiency improvements in specific activities are substantial, and the trend is clear: AI is not just an addition but a vital part of how Orange Cyberdefense plans to expand its services and address analyst shortages.

On the quantum side, the message was urgency and preparation. The company emphasized the “store now, decrypt later” risk inherent in future quantum computing breakthroughs and the need for crypto-agility: the ability to discover, assess, and gradually migrate cryptographic assets and protocols. Pilot projects in quantum-safe networking, combining post-quantum cryptography and Quantum Key Distribution, were positioned as early steps toward practical offerings.

For Orange Cyberdefense, these moves are strategically important: they help position the company as a long-term partner on transformational topics rather than just an operator of current tools. They also open opportunities to collaborate more closely with Orange’s network and cloud teams on future infrastructure.

For customers, the main value is having a partner who can put AI and quantum risk in context, prioritize actions, and integrate them into broader security programs. The challenge will be avoiding over-promising and ensuring that pilots and proofs of concept turn into scalable, economically viable services.

For partners, AI and quantum naturally facilitate co-innovation. Specialist AI vendors, cryptography experts, and hardware providers can leverage Orange Cyberdefense’s scale and access to data. The downside is increased reliance on Orange Cyberdefense’s platform and data models, which could limit flexibility over time.

Platformization and the Role of Core Fusion

A key part of Orange Cyberdefense’s approach is platformization. The company’s Core Fusion platform, along with the management interfaces for CISOs and operational teams, is central to its plans for delivering security services and engaging with customers.

Core Fusion aims to normalize and enrich data from a wide range of sources, including endpoints, network devices, cloud platforms, application security tools, identity systems, and more. It coordinates detection, response, and remediation workflows through a unified engine. It is also the place where CTI and CTEM insights are integrated into operations, for example, by prioritizing vulnerabilities based on real-world exploitation or adjusting detection rules in response to current campaigns.

From a customer perspective, the platform is designed to provide consistent visibility, reporting, and control regardless of the underlying technologies used. It also supports integration with ITSM tools, ticketing systems, and collaboration platforms, allowing security processes to be seamlessly incorporated into broader IT and business workflows.

For Orange Cyberdefense, Core Fusion functions as a strategic “spine” that both differentiates and creates a form of lock-in: once a customer’s telemetry, playbooks, and reporting are deeply integrated into the platform, switching providers becomes more complicated. This is common in the MSSP market, but it also places a responsibility on the company to maintain openness, documented APIs, and data portability to prevent customer frustration.

For partners, the platform functions as both a gateway and a filter. It enables third-party technologies to be integrated into Orange Cyberdefense services and to leverage its analytics and automation. At the same time, it can decrease the visibility of those technologies to the end customer and may limit the ways they can be used or customized.

CTEM and CTI: transforming information into risk mitigation

CTEM and CTI were consistently emphasized as key differentiating pillars.

Continuous Threat Exposure Management is described as an ongoing, operational process rather than a one-time assessment. It begins with scoping and asset discovery, including the external attack surface, internal infrastructure, cloud environments, and SaaS, and continues with ongoing identification and validation of exposures. These exposures are then prioritized based on technical severity, exploitability, threat intelligence insights, and business criticality, and are translated into specific remediation strategies.

Cyber Threat Intelligence is delivered through a combination of strategic reporting, customized advisories, vulnerability intelligence, dark web monitoring, and operational feeds to SOCs and customers. Orange Cyberdefense leverages its role as a major carrier and MSSP to feed a central intelligence layer, supporting both CTEM and detection and response services.

The connection between CTEM and CTI is especially crucial. Threat intelligence enhances exposure data, helping customers focus not on every hypothetical vulnerability but on those actively exploited or relevant to their industry, location, or technology environment. CTEM, in turn, provides a formal process for acting on CTI outputs, rather than simply adding to information overload.

For Orange Cyberdefense, this is where its combination of scale, data, and offensive security capabilities is most convincing. Few competitors can claim to continuously monitor exposures, validate them through ethical hacking, and align remediation with live threat intelligence at this scope.

For customers, the value proposition is clear: shift from periodic, checklist-based assessments to an always-on, risk-focused view that connects exposures to specific actions. The key to success will be how effectively Orange Cyberdefense integrates into customers’ internal processes and tools, spanning change management, patching, DevOps, and cloud governance.

For partners, CTI and CTEM create opportunities in both technology and services. Tool vendors can provide data to the exposure and intelligence layers; consulting and integration partners can assist customers in implementing remediation plans and integrating them into transformation programs.

What it all signifies, and where the gaps still exist

Overall, the Analyst Day showcased a mature and ambitious Orange Cyberdefense that emphasizes its strengths, including intelligence-led security, tight integration with networks and cloud, a strong European identity, and an increasing focus on automation and AI.

For Orange Cyberdefense itself, the strategy is clear. CTEM and CTI serve as the analytical backbone; Core Fusion provides the operational platform; Micro-SOCs and joint offerings with Orange Business and Orange Telco expand reach across segments and regions; AI and quantum initiatives position the company for the future. The main risks include organizational complexity, overextension across too many areas, and the need for ongoing investment in platform and talent.

For customers, the main advantage is the ability to work with a single partner that can handle the entire chain from strategy to operations, while also providing strong intelligence and innovation capabilities. The trade-offs include increased dependency on one provider and the need to trust Orange Cyberdefense’s automation, data handling, and internal collaboration.

For partners, the road ahead looks promising but challenging. Those willing to align with Orange Cyberdefense’s platform, sovereignty requirements, and joint go-to-market models can access a powerful distribution engine and participate in co-innovation. Others may find the boundaries too restrictive or see their direct brand presence weakened.

Several issues and unresolved questions remain:

  • The integrated model with Orange Business and Orange Telco is appealing in theory, but can be complicated in practice. Customers will assess how smooth contracting, delivery, and support feel across boundaries, and whether “one Orange” truly acts as a unified team.
  • The extensive use of AI and automation in operations raises concerns about transparency and accountability. Customers will seek clarity on how decisions are made, how errors and biases are managed, and how they can audit or override automated actions.
  • The broad scope of the portfolio – from OT to SMB, from CTEM to quantum – is impressive but demands significant resources. Sustaining depth and thought leadership in all these areas at once will require ongoing investment and prioritization.
  • In the SMB market, Micro-SOCs offer scalability but may face challenges due to price sensitivity, reliance on local relationships, and the perception that security is still “optional” for some smaller businesses.
  • The sovereignty-first approach, while aligned with European policy, might occasionally clash with global customers’ preferences for certain non-European technologies or cloud platforms. Orange Cyberdefense will need to demonstrate flexibility and practical interoperability.

Conclusion

Orange Cyberdefense’s Analyst Day in London showcased an organization that deeply understands the complexities of today’s cyber threat landscape and is dedicated to leveraging its unique assets, including network visibility, a European presence, and close ties with Orange Business and Orange Telco, to carve out a distinct position. The strong collaboration with Orange Group assets (including R&D with Orange Innovation for PQC) utilizes the full capacity to benefit clients.

By emphasizing CTEM and CTI as ongoing, integrated practices; by investing in platformisation through Core Fusion; by expanding Micro-SOCs for SMBs; and by advancing AI and quantum, Orange Cyberdefense is focusing on depth, integration, and long-term partnerships rather than quick, point-solution sales.

The direction aligns with where the market is heading. The real test will be execution: transforming a compelling strategy and strong internal teamwork into consistently high-quality results for customers and sustainable, balanced relationships with partners.

 

Latest Blog Posts

Workday Updates on Europe, Sana & AI Progress

PAC recently attended the Workday EMEA Rising event in Barcelona, where the vendor updated on the progress it is making a year after unveiling a major investment drive in the region. It has been a big 12 months for Workday, with a string of eye-catching acquisitions and a raft of new AI features, as the company positions as what CEO Carl ...

Event Date : December 03, 2025

Read more

Orange Cyberdefense's 'Come to Jesus' moment: getting closer to the mother, facing eternity, whispers & prayers

Orange Cyberdefense is reshaping its MSSP strategy through deeper integration with Orange Group, major bets on PQC and agentic AI, and a renewed focus on threat intelligence. This article analyses the key insights from Orange Cyberdefense’s Analyst Day.

Event Date : December 03, 2025

Read more

New Realms of Cyber Defense: Key Takeaways from Orange Cyberdefense’s Analyst Day in London

Orange Cyberdefense’s Analyst Day in London revealed a sharpened strategy built on intelligence-led security, tighter integration with Orange Business and Orange Telco, and a strong focus on CTEM, CTI, AI, and quantum-safe technologies. The event highlighted how the company aims to scale across enterprises and SMBs while reinforcing its European ...

Event Date : December 02, 2025

Read more

Why Infrastructure Security Is Now a Boardroom Priority

Introduction to the Series The nature of enterprise IT is evolving quickly. From cloud-native architectures to remote work, from IoT devices at the edge to highly regulated multi-cloud data flows, the modern digital business relies on an increasingly complex, distributed, and dynamic infrastructure. This complexity creates a strong need for ...

Event Date : December 02, 2025

Read more

Part 9: What’s Next? Emerging Trends in Data and Application Security

In the previous eight posts, we have thoroughly covered the full scope of securing data and applications, from business strategy and compliance to architecture, implementation, and operations. As we look ahead, it’s evident that the security field is changing quickly. The digital landscape is changing rapidly. AI is transforming how development ...

Event Date : December 01, 2025

Read more

Share via ...