Cybersecurity in APAC is becoming increasingly complex. Organizations are expanding digital services, moving critical workloads to the cloud, and opening more applications and APIs to customers and partners. At the same time, identity-based attacks, credential theft, and web application exploits continue to grow across the region.
In this environment, Axidian has partnered with D2G Security, a Singapore-based cybersecurity distributor focused on helping organizations build practical, multi-layered security architectures. Through a portfolio that spans web application protection, hardware-based authentication, security awareness, and identity management, D2G Security supports partners and customers across the Asia-Pacific region.
To better understand the challenges organizations face today and the role identity plays in modern cybersecurity strategies, we spoke with Don Goh, Director, Business Development at D2G Security Pte Ltd. In this interview, we discuss the evolving threat landscape in APAC, the growing focus on identity-based attacks, common security misconceptions, and the opportunities created by our new partnership.
How would you describe the current cybersecurity landscape across APAC? What makes the region unique from a security perspective?
The Asia-Pacific cybersecurity landscape is caught in a pincer movement. Threat actors are concurrently launching highly sophisticated layer-7 web application exploits from the outside while exploiting fractured identity perimeters from the inside. Globally and regionally, identity has become the path of least resistance; recent enterprise threat dynamics show that preventable identity gaps and compromised credentials drive nearly 90% of investigated breaches. Concurrently, public-facing applications and APIs are being hammered by automated botnets and zero-day vulnerabilities.
What makes APAC uniquely complex is its extreme digital asymmetry. On one hand, we have hyper-connected regional hubs like Singapore driving advanced regulatory mandates. On the other, rapidly expanding digital economies like Indonesia are experiencing exponential growth in cloud adoption, mobile-first workforces, and critical infrastructure digitization. This creates an expansive, fragmented attack surface.
Organizations across ASEAN are navigating intense geopolitical attention, localized compliance shifts, and a severe shortage of specialized cyber talent, making the region a primary target for web application defacement, data exfiltration, and credential harvesting.
Do you see growing awareness around identity-based attacks and insider threats in the region?
Awareness is growing rapidly, but it is being driven by operational necessity. For a long time, organizations focused heavily on traditional network perimeters. However, as threat actors increasingly leverage automated AI tools to scale highly localized phishing lures and deploy weaponized web-shells on internet-facing servers, legacy defenses are buckling.
Compromised sessions, stolen OAuth tokens, and credential reuse are bypassing basic software MFA, causing a clear spike in identity-centric incidents. Furthermore, the definition of the “insider threat” has shifted. It is no longer just the malicious employee; it includes the compromised remote worker, third-party vendors with over-scoped privileges, and web applications left vulnerable to lateral movement. Forward-thinking CISOs in ASEAN now recognize that identity and web applications are the dual perimeters of modern infrastructure, which is driving a structural migration toward rigid Zero Trust architectures.
What differentiates D2G Security in such a fast-growing and competitive cybersecurity market?
D2G Security’s edge lies in our role as a “Defense-in-Depth Architecture Aggregator.” The market is exhausted by fragmented, point-solution security tools that don’t speak to one another. Over our last two years of rapid expansion across ASEAN — particularly within the enterprise and channel ecosystems of Singapore and Indonesia — D2G has proven that structured, modular solution stacks win.
We do not just hand over a license; we deliver complete, complementary security frameworks. We protect public-facing infrastructure and block web exploits using F1 Security’s advanced Web Application Firewall (WAF) and Unified Web Security Service. We guard the Human Layer through continuous simulation and training with Ako Labs.
We lock down the Hardware Layer using phishing-resistant, hardware-bound cryptographic MFA via Swissbit iShield Keys. Finally, we orchestrate the entire backend identity infrastructure through Versasec. By embedding Axidian’s powerful identity, access, and privilege governance into this ecosystem, we provide our resellers and end-users with a fully integrated, multi-layered security blueprint from a single, trusted partner.
What made Axidian a strong fit for D2G Security’s portfolio?
Axidian was the missing foundational pillar in our enterprise identity and perimeter offering. While our portfolio features market-leading web application firewalls from F1 Security, hardware authenticators from Swissbit, and credential management systems from Versasec, modern enterprises require a robust, centralized software layer to govern internal access policies, manage privileged accounts, and detect identity-based anomalies in real time.
Axidian’s 360-degree approach — spanning Axidian Access, Axidian Privilege (PAM), CertiFlow (PKI lifecycle), and Axidian Shield (ITDR) — complements our existing stack perfectly. Axidian’s modular design allows our channel partners to land and expand within an account. For example, a customer can shield their public APIs and web servers using an F1 Security WAF, deploy Swissbit hardware keys for absolute desktop and cloud authentication, manage those keys via Versasec, and utilize Axidian Access for single-sign-on (SSO) policy enforcement and Axidian Privilege to isolate and record administrative sessions. This seamless interplay delivers an elite, plug-and-play architecture that dramatically lowers deployment friction for ASEAN enterprises.
Which security misconceptions do you still encounter most often when speaking with customers?
The most persistent and dangerous misconception we encounter is siloed security thinking — specifically the belief that “securing the identity layer means your web apps are safe,” or vice versa. Organizations will often deploy an enterprise-grade Identity and Access Management platform but leave their customer-facing portals open to automated SQL injections or web-shell uploads. Conversely, they might have a robust firewall but allow administrators to log in using basic, easily phished SMS OTPs.
Another frequent misconception, particularly among growing mid-market enterprises in ASEAN, is that advanced solutions like Privileged Access Management (PAM) or sophisticated Web Application Firewalls are luxury items reserved only for massive banks and enterprises. In a highly interconnected supply chain, mid-market companies and local portals are frequently targeted as entry points to larger enterprise networks.
Security is only as strong as its weakest link and shifting the market mindset from simple point-defense to continuous, stacked “identity and application resilience” remains an ongoing mission for D2G.
Building stronger identity and application security across APAC
The conversation with D2G Security highlights how quickly the security landscape is changing across APAC. As organizations continue to expand their digital footprint, attackers are increasingly targeting both identities and applications, exploiting gaps that traditional security approaches were not designed to address.
This is why integrated security strategies are becoming essential. Organizations need visibility into who has access to critical systems, control over privileged accounts, and the ability to detect identity-based threats before they escalate. At the same time, customer-facing applications and APIs require continuous protection against increasingly sophisticated attacks.
Together, D2G Security and Axidian are helping address these challenges through a layered approach to cybersecurity. Within this ecosystem, Axidian Access provides centralized authentication and access management, Axidian Privilege helps secure and monitor privileged accounts, CertiFlow supports certificate and PKI lifecycle management, and Axidian Shield delivers identity threat detection and response capabilities.
We are excited to begin this partnership with D2G Security and look forward to working together to support partners and organizations across APAC as they build more resilient, accountable, and secure digital environments.
