SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

#
Firewalls
#
Data Analytics
#
Network Security

Exclusive: Garland Technology on safeguarding critical infrastructure

Mon, 22nd Sep 2025
Author image
By Melania Watson, Interview Editor

When it comes to cybersecurity, the race to adopt AI, automate security operations, and fortify defences often overlooks one basic but vital truth: "You can't secure what you can't see."

Those are the words of Michael Fisher, Regional Vice President for Asia Pacific and Japan at Garland Technology, who believes that amid soaring threats to critical infrastructure, the unglamorous world of network visibility deserves far more attention.

"We're not a flashy tech company," Fisher said during an exclusive interview.

"What we do is simple, we provide 100% packet fidelity. No blind spots, no dropped packets. That's foundational to any security architecture."

Growing threats and widening blind spots

Fisher, six months into his role at Garland, has a long history in the cybersecurity space, with previous stints at Palo Alto Networks and Tanium.

His perspective is shaped by decades of work in systems integration and vendor ecosystems.

Critical infrastructure has increasingly found itself in the crosshairs of cybercriminals - with sectors such as healthcare, defence, utilities and transport facing unique risks due to their ageing, agentless operational technology (OT).

"When people hear 'critical infrastructure', they think power or water," he explained. "But it's broader - it's anything that, if disrupted, would impact the public. Airports, banking systems, railway signalling - the consequences can be significant."

Yet many of these systems weren't built with IT principles in mind. They operate in harsh conditions and on long cycles, meaning patching and upgrades aren't always feasible. "You can't just reset a server in a power substation," Fisher said. "Outages are tightly scheduled, if allowed at all."

The OT-IT divide

One of the biggest challenges Fisher sees is the cultural and operational divide between OT and IT teams - what he described as "two different team colours in different corners."

"OT teams are focused on uptime. They're risk averse, and for good reason - they're responsible for keeping trains on time or machinery operational," he said. "On the other hand, IT is pushing hard into next-gen tools, AI and automation."

That divide creates blind spots, especially when cybersecurity tools can't 'see' into isolated OT environments. "Different organisations have different levels of maturity in how well their IT and OT teams collaborate. But if they don't work together, the customer ultimately suffers," Fisher added.

TAPs, diodes, and safe visibility

Garland's solution lies in hardware: network TAPs, data diodes and packet brokers.

These devices act as bridges between isolated OT environments and broader security operations.

"TAPs are simple. They're a bump in the wire, no IP address, no MAC address. Not hackable. They just make sure your cybersecurity tools can actually see the traffic," Fisher explained. "Data diodes do the same, but in one direction only - you can't send data back. That makes them ideal for sensitive or high-risk segments."

In places like oil rigs or energy substations, these solutions allow safe monitoring without disrupting mission-critical systems.

"It's about ensuring upstream tools - your firewalls, your detection systems - can see what's happening downstream, even in isolated environments."

Regulatory push in APAC

Fisher sees the Asia Pacific region as especially dynamic, with regulatory momentum building in several countries.

"Markets like Australia, Singapore, India, Malaysia and Japan are introducing mandates for critical infrastructure protection. That's a big tailwind for us," he said.

He credits this push for bringing visibility into the spotlight.

"In some cases, governments are offering incentives or frameworks to help organisations meet compliance. So instead of the stick, it's the carrot."

Yet despite the advances, Fisher said many mid-sized enterprises still struggle to adopt visibility technologies - which is where managed security service providers (MSSPs) can step in.

"Some MSSPs already deploy Garland technology on the customer premises to complete that last mile. They might offer a proprietary SOC (Security Operations Centre) service, but they rely on our hardware to feed reliable data into it," he said.

Making hard things simple

Fisher is clear about Garland's role: they don't aim to compete with mainstream cybersecurity vendors but rather enable them.

"No one wakes up wanting a data diode," he admitted. "But they do want better ROI from their detection tools. They want to know they've got full visibility across the network."

The company's no-subscription, capex-first model also appeals to OT-heavy industries with long investment cycles and limited appetite for software maintenance or patching.

"A lot of our hardware is purpose-built for harsh environments. It's designed to last. That resonates in OT spaces where equipment has a 10 or 15-year lifespan," he added.

Leadership, partners, and a regional focus

Fisher leads Garland's APJ operations remotely from Melbourne but is set to relocate to Southeast Asia next year to be closer to the action.

"It's a big region, and the market is moving fast," he said. "We've got over 300 customers here already, and demand is only growing."

Partnerships are central to Garland's strategy. "We're channel-first, always. Whether it's partners helping us with federal agencies in Vietnam or working with our ecosystem technology partners in Australia, we rely on strong local partners," he said.

His team wears "many hats" across sales, channel enablement, architecture and customer support. "We're a small team, but we punch above our weight. That's what makes it fun," he said.

What does the future look like in Fisher's eyes?

While he doesn't expect major breakthroughs in diode or TAP technology, Fisher hopes awareness around visibility continues to grow - especially as AI adoption accelerates.

"In three years, I'd love to see visibility treated as the non-negotiable starting point for cybersecurity, not an afterthought," he said.

"We're already seeing that shift."

His final message is simple: "It's not scare mongering - it's just reality. These systems were built differently. But with the right visibility, you can make sure your cybersecurity tools do what they're supposed to do."

Related stories
Preparing campus and branch networks for AI demand
Experts warn AI era demands tougher data protection
AppOmni study pegs average SaaS breach at USD $1.365m
Data Privacy Day spotlight on control, resilience, design
AI surge exposes cloud security gaps, report warns

Top stories

Phishing campaign exploits RMM tools for stealthy access
Cohesity boosts identity resilience for hybrid AD, Entra
Claroty raises USD $150m to boost CPS cyber security
Singapore, Shenzhen trial cross-border data platform
GitHub unveils Copilot SDK to power AI agent workflows