Interview conducted by Alain Establier during « Les Assises de la Cybersécurité 2025 »

SDBR News: What's behind the acronym ACDS*?

Franck Chevalier: ACDS stands for "Advanced Cyber ​​Defense Systems." The company was founded three years ago in England by Jonathan Smith—whose 40 years of experience in technology companies have allowed him to successfully develop numerous FTSE startups—and Elliott Wilkes—a leading authority on cybersecurity who has worked for the U.S. intelligence community and in France, where he served as a long-time liaison officer. They are both now part of the company. As part of his duties for the U.S. Embassy, ​​Elliott had created a tool to monitor server security and realized that his tool was ultimately far more advanced and effective than anything else on the market. That's when he decided to contact John Smith, whom he had met, and they created ACDS.

SDBR News: What differentiates ACDS from other cybersecurity companies?

Franck Chevalier: ACDS was founded to bring national security technical expertise to the private sector. The underlying technology of each of our products is based on the same design, engineering, and code that underpins critical security systems used within various governments.

The differentiator is that ACDS focuses on the niche of EASM (External Attack Surface Management), that is, the analysis of the external attack surface through which attackers can penetrate our clients' services. There are indeed many companies that do this as add-ons, with XDRs, NDRs, EDRs, monitoring software, and automated pen testing. ACDS decided to truly focus on discovery and attack surface analysis, to do just that and do it better than most other players in the market.

SDBR News: So what is your tool?

Franck Chevalier: Our flagship tool is a solution called "Observatory." It's an attack surface management tool that reveals exposed servers and services, as well as the associated vulnerabilities, with a capability unmatched by many competitors. Thanks to its sophisticated detection mode and a daily scan of the entire IPv4 range (and a large portion of IPv6), Observatory effectively identifies vulnerabilities on an organization's Internet-connected IP addresses and domains. In addition, we use a standard, multi-variant risk assessment approach based on the Common Vulnerability Scoring System (CVSS) and the Exploit Prediction Scoring System (EPSS), which strategically prioritizes vulnerabilities for rapid triage. We really want end users to be able to get started with Observatory in minutes, if it isn't integrated into their SOC/SIEM, and without a second thought.

SDBR News: Isn't that what others are already doing?

Franck Chevalier: Unlike many of our competitors, who perform scans on demand or whose business model is possibly based on the number of scans, ACDS doesn't offer a scan done for them, but a visualization of what we found in the scan, as far as they're concerned. This is a huge differentiator. In just a few minutes, we reveal all the systems linked to the client company's domains or subdomains, along with the associated vulnerabilities.

All vulnerabilities: this will include CVEs but also everything related to cyber hygiene, including SSL certificates, poorly configured DNS, AWS keys that may be in the source code of web pages, etc.

We strive to push the analysis to the maximum, while filtering out false positives, so that the user knows roughly what they need to work on at that moment: this is generally someone who is in the SOC** or the VOC. What we offer them is that as soon as they click, as soon as they log in, they know what they need to work on without having to filter, without having to search, without wasting time. So "Observatory" allows organizations to map, prioritize, and continuously monitor their external attack surface.

SDBR News: And "Mobile EDR," then, is that another version?

Franck Chevalier: It's a continuation of our experience with Observatory. With Observatory, we cover all services exposed to attacks on the Internet. But as everyone knows, everyone has at least one mobile device in their pocket. Often two, maybe three if we count the tablet. However, we have observed that nearly 85% of network intrusion attempts occur via mobile devices. We felt it was important to also offer a solution to protect against this vulnerability.

SDBR News: What type of vulnerability?

Franck Chevalier: It could be a keylogger, or spyware like Pegasus, for example, which can be installed without the user's knowledge. The idea is to be transparent and gather all possible information. Smishing can also occur, for example. We've all received the text message from the mailman who couldn't get the package into the mailbox, etc. It's a gateway into corporate networks. So our offering consists of an application installed, with or without MDM (Mobile Device Management), on phones and tablets, both Android and iOS, both in the company fleet and on personal phones (BOYD), to observe the Kernel layer (the very lowest layer of the OS). We don't have visibility into the data itself, but we do observe the behavior of applications. For example, a gaming application should never have access to network data. This blocks attempts to steal data or penetrate networks.

"Mobile EDR" provides enterprise-grade mobile protection against advanced threats (smishing, spyware, zero-day, credential theft, etc.), without the need for MDM and with full respect for user privacy.

* https://acdsglobal.com

**: SOC Security Operation Center – VOC Vulnerability Operation Center.