Sydney: Orro, a leading Australian technology partner for secure networks and digital infrastructure, today launched its Continuous Threat Exposure Management (CTEM) service. This managed service addresses critical pain points in vulnerability management by focusing on risks and threats, rather than just theoretical vulnerabilities.
Australian security teams face challenges such as noise from thousands of vulnerability alerts, flagged as high and critical, which lack business context for prioritisation, and tension between security and operations teams over remediation actions. Furthermore, shadow IT and cloud blind spots, too many tools without a single unified view, and data overload with no clear insights exacerbate the problem.
The scale of this challenge is accelerating. ASD’s ACSC notified Australian organisations of potentially malicious cyber activity more than 1,700 times in FY2024–25 – an 83% increase on the previous year – while attacks on Australian critical infrastructure surged 111% in the same period.1 At the same time, Rapid7’s 2026 Global Threat Landscape Report found that exploited high and critical severity vulnerabilities more than doubled in a single year, with the window between a vulnerability being disclosed and actively exploited shrinking to a median of just five days.2
Against this backdrop, the average Australian data breach now costs AUD $4.26 million – a 27% increase since 2020, according to IBM.3 For organisations drowning in vulnerability data but starving for clarity, the gap between what security teams are told to act on and what genuinely threatens the business has never been more costly.
Orro’s CTEM service provides a new model to solve this decision-making challenge, using an AI-powered platform to unify data from over 100 security tools and apply business context. This enables teams to identify which handful of exposures, out of thousands, truly threaten operational continuity and require immediate focus.
Daniel Greengarten, CEO, Orro commented:
“Australian security teams are working harder than ever, but many still can’t answer basic questions their boards are asking, including ‘are we safer than last quarter?’ and ‘what are our most critical exposures?’
This is why we’ve launched our CTEM service as it represents a fundamental shift from asking ‘what’s broken?’ to asking ‘what actually threatens our business?’ For organisations drowning in vulnerability data but starving for clarity, this changes everything.”
Unlike traditional vulnerability management that relies on generic severity scores, Orro’s service delivers a context-over-severity approach. It factors in an asset’s business criticality, network position, and active threat intelligence to prioritise remediation based on actual risk. The service extends across both corporate IT and OT environments, a critical capability for organisations managing critical infrastructure under the SOCI Act.
Manuel Salazar, Director of Cyber Services, Orro commented:
“We see this challenge every day with a lot of Australian businesses where security teams are receiving thousands of high and critical vulnerabilities demanding immediate attention. Traditional vulnerability management says to patch everything, but that’s operationally impossible.
CTEM provides the context that’s been missing. Instead of just CVSS scores, we factor in where the asset sits, its importance to the business, whether attack paths are exploitable, and if existing controls are working. This approach ensures that a CVSS 9.8 vulnerability on an isolated test server is appropriately deprioritised, while a CVSS 6.5 vulnerability on your internet-facing customer portal, which is critical to business operations, moves to the top”
The launch of Orro’s CTEM service coincides with the company being named Rapid7’s APJ Partner of the Year for 2026, recognising Orro’s technical excellence and ability to deliver measurable security outcomes for customers across the region.
Built on the Rapid7 Command platform and managed by Orro’s National Cyber Defence Centre, the service provides a systematic, evidence-based approach to risk management that delivers on both board and regulatory requirements.
Orro’s CTEM service is available now to Australian organisations.
Sources
1 ASD’s ACSC Annual Cyber Threat Report 2024–25, Australian Signals Directorate, October 2025. cyber.gov.au
2 2026 Global Threat Landscape Report: Decoding the Accelerated Cyber Attack Cycle, Rapid7, March 2026. rapid7.com
3 Cost of a Data Breach Report 2024, IBM/Ponemon Institute, July 2024. ibm.com/reports/data-breach
