Rajesh Khazanchi [00:00:00]:
The attackers are not waiting for you to make the decision. Attackers will continue to attack. And just because you are not able to see it doesn’t mean the attack has not happened.
Karissa Breen [00:00:23]:
Joining me now is Rajesh Khazanchi, CEO and co founder, ColorTokens. And today we’re discussing how being breach ready is more than just a mindset. It’s about implementation. So, Rajesh, thanks for joining me and welcome.
Rajesh Khazanchi [00:00:41]:
Thank you for having me.
Karissa Breen [00:00:42]:
Okay, so Rajesh, I’m really curious to know, given your position, your role, being the co founder, Color Tokens often leads with be breach ready. As I’ve worked a lot with your team over the years. So perhaps I want to get into the mindset and tell me sort of this, what does this mean to you being a CEO?
Rajesh Khazanchi [00:01:02]:
Absolutely. See, from ColorToken’s point of view, breach ready means an organization’s ability to continue operating securely even after an attacker has gained access. That’s the foundational principle in which we are operating against. And this is by minimizing an impact, preventing lateral movement and isolating your critical assets, your crown jewels, in a real time. This is the foundational principle in which we are talking about breach ready. So think it like from a perspective of three, four core concepts. One is assume breach mindset. Because most of the traditional systems that you talk about are focused on preventing attacks, Color Tokens goes with an assumption of breaches are inevitable and it is all about minimizing the damage.
Rajesh Khazanchi [00:01:53]:
So being breach ready means designing your systems and system controls to limit your blast radius, contain those particular threat vectors and recover quickly. That’s essentially the key part of being breach ready.
Karissa Breen [00:02:07]:
Okay, so there’s a couple of things in there that you mentioned. Even like 10 or so years ago, everyone in the industry was like, hey, like let’s try to mitigate all of the things, let’s not try to make it happy. Now we’re sort of at a stage where it’s like, all right, probably the inevitable it’s going to happen. To your earlier point, would you say, though, given your role and the customers that you’re sort of speaking to on the front line, do they have that mindset of like, I am sort of breach ready, Rajesh, or where does that sort of sit with you when I asked you that question?
Rajesh Khazanchi [00:02:33]:
Well, they are still understanding what this entire concept means, but they are very much everywhere that when Attack happens. And how does attack happen? Let’s try to understand that an ignorant user is accessing email, clicks a link, thinks that it’s a general link, clicks that link, boom. The attacker is inside the system. And generally most of the employees, they have either VPN access or grant access or they are inside their offices and that particular system is compromised. And this can happen over and over again. And this is not someone malicious user who is trying to create some kind of a damage. This is an ignorant user. And when you actually have that core concept and then you say okay, now I am into this situation and we have seen so many customers when this particular attack happens, they just don’t know what needs to be done.
Rajesh Khazanchi [00:03:29]:
They’re extremely in a panic state. They all they think about is bringing these particular systems down. But when you, when these systems are down, their business is down. And you might have seen so much of information coming across that this particular manufacturing, this particular plant, this financial services companies is out of business for about two, three days before they actually can recover. So when we talk to customers, this entire mindset that if we want to get there, how do we get there? That entire there is a gap in knowledge and understanding how to become breach ready and we actually help them foundationally bridge that particular gap. So assume breach mindset foundationally putting the zero trust control segments, context aware controls, fast recovery and continuous compliance and visibility are the key constructs in which we operate against with our customers.
Karissa Breen [00:04:21]:
So would you say when a sizer for example is communicating to his board or senior executives like okay, we can just assume a breach is going to happen, how do you think that narrative sort of sits given? Some of these board sort of folks are traditionally from a tech or cyber background, so they might not want to hear hey, we could be breached. Whereas a better narrative in their mind in terms of if they’re shareholders or if there’s ongoing that they need to provide to investors, for example, how does that sort of sit, would you say in terms of that conversation of we need to be breach ready regardless. But again, people might not want to hear that.
Rajesh Khazanchi [00:04:59]:
It’s a great question you’re asking. This was exactly happening five to six years back. Board members didn’t want to hear that and they just say we have it operations team, we have security team, they should be able to control manager. But they have been consistently hearing this either from other board members or within the organization that these are inevitable. So there’s a lot of maturity in the last few years we have seen, especially with board members where they’re saying no, this is extremely important. We understand attack vectors can come from different, different places. Let’s actually have this conversation and understand what needs to be done. So in board conversations today, it’s more about the preparation.
Rajesh Khazanchi [00:05:43]:
If this happens, give me exactly set of things that you would want to do. And there are SEC guidelines now. In some cases you have 48 hours. In other cases you have 72 hours to report back to the board as to what are your mitigation plan. And a lot of times in 72 hours you just don’t even know what has happened. You’re just scrambling around understanding the first attack vector itself. So no, there is a tectonic shift that has happened over the last three, four years and the maturity level of conversation in board has happened where we are seeing board members asking these questions that what is your readiness plan? Breaches happen, but we want to exactly know that what are you doing to actually reduce the blast radius, to minimize that entire attack and give us that entire plan of action.
Karissa Breen [00:06:35]:
You mentioned before gap in knowledge. So what would you say is the biggest sort of gap at the moment that you’re seeing when you’re speaking to these people out there in the field?
Rajesh Khazanchi [00:06:45]:
So there are three core constructs, especially in being breach ready. First is understanding and getting your head about that breaches are inevitable and assume the breach. So anyone who is inside the network, assume that you’re as if outside the network. So that entire construct is very difficult to get for people because it’s just the whole construct goes upside down. And when you actually have that foundational construct, then you are looking at each and every attack vector in a completely different paradigm. So there is a foundational knowledge gap in shifting from that outside it’s not trusted. But inside users, devices, employees, everybody is a trusted environment. That trust factor is completely changed.
Rajesh Khazanchi [00:07:34]:
So there’s a very big tectonic shift for users. Then when you actually start implementing these controls, you need to have a foundational understanding about and visibility about your entire environment. So from a perimeter shift protection to a containment architecture is very, very important. Like perimeter is like a FORT model. Outside it’s not trusted, inside it is trusted. So that is a one big gap that we see Visualizing your current state. Current attack surface is another area. It’s a very well understood concept.
Rajesh Khazanchi [00:08:11]:
But then comes the construct of creating these secure controls that anytime an attack vector happens, do I have a mechanism of quarantining it? Do I have a mechanism of isolating it? Let’s say a particular system got compromised. You should have an understanding about that. Is this system connected to my crown jewels directly or indirectly? And if it is, what’s my isolation technique and what’s my containment technique? These are three, four areas where we are seeing the people have built constructs which are more very EDR centric, endpoint detection response centric, which is attack is happening, let me try to defend it. Or a firewall centric which is outside everything is untrusted and inside everything is trusted. If I’m allowing it, that’s the gate. But that I have. And now when you are shifting your entire construct from not a perimeter control protection versus containment control protection, visualize your entire attack and design and enforce your security policies in such a way that anytime an insider is attacked, you still have a containment philosophy to defend yourself or at least minimize your blast radius. That’s where we see a lot of the knowledge gaps.
Karissa Breen [00:09:31]:
Yeah, this is interesting. Okay, so I want to go into this a little bit more because I think this is quite important. So given what you’re saying, and previously working in the space myself, historically in security, obviously as organizations have not architected a way to be able to contain and recover from a breach. I mean, if you’re looking at a bank, it’s quite traditional. There’s legacy systems. It’s not as easy to be like, hey, like this looks amazing in terms of our architecture and the way it’s been designed. But how can people sort of get beyond that? Because sometimes we just need to accept where we’re at and then we just need to move forward. But what does that sort of then look like now, given what you’ve just mentioned on how people can start to get to a point where they can contain it more irrespective of how old school their environment may be.
Rajesh Khazanchi [00:10:18]:
See, look, traditionally if you look at today’s architectures, most of them are designed in such a way that they have, they have DMZ environments, demilitarized environments or firewalls actually in place there. And then internally you have VLAN segments but not completely segmented environments. So kind of a flight networks, like more or less like a flat networks. And then they have detection response like solutions like crowdstrikes and defenders or sentinel ones type of solutions, which is EDR technologies. And the main philosophy there for the EDR technology is the breach protection or ransomware protection. So anytime attack happens, they defend it. They actually have remediation controls for it and they do a really, really good job. But take this analogy that let’s say I am someone who is designed as a Commando and I’m physically fit.
Rajesh Khazanchi [00:11:13]:
I can actually do a lot of controls around that. Think from that perspective. But the bullets are constantly coming. Now EDR is that commando skills that you have. You want to prevent yourself from those particular and you’re dodging those particular bullets. But one bullet can take life, one bullet. And if you have these particular controls, especially segmentation controls with EDR technology, that means EDR is predominantly focusing on stopping your active attacks, but you have prevention controls. So for a commando, if you give bulletproof jackets and if you give mechanism shields, that’s your micro segmentation.
Rajesh Khazanchi [00:11:52]:
So if you have now solution like micro segmentation along with edr, that becomes a very, very strong solution. So even if a bullet is coming through all the EDR technologies that you have, if it passes through, which actually it is happening for last several years, if EDR was completely effective, then breaches won’t happen, right? But then you have a shield to prevent those particular controls. This is the techtronic shift that we right now are saying that any of the organizations, if you have EDR technologies, color tokens will be able to provide you a solution on top of EDR technology and implement micro segmentation technology with that. So you have a perimeter defense, but you have a containment strategy as well as part of that entire solution. And if you look at today’s attack, there are sophisticated attacks. Earlier they were non state sponsored. Now they have become state sponsored and now it’s moving towards AI, AI driven attacks. The attack vectors are significantly sophisticated.
Rajesh Khazanchi [00:12:54]:
And to prevent yourself and hope that EDR technologies are going to prevent it, it is just not possible. That’s why we feel like with the EDR technology and the micro segmentation technology you have a best of both worlds coming together to prevent these attacks.
Karissa Breen [00:13:09]:
Okay, so would you say they Rajesh people, are they beyond like, okay, we’ve got to do a little bit more here than just edr. Like you said, the best of both worlds. Are people thinking more about just a defense only strategy? Like are they there in terms of the mindset? Are they getting it or is it now people are starting to understand we need to do a bit more than just edr.
Rajesh Khazanchi [00:13:29]:
No, they absolutely are getting it. They are recognizing it. They are absolutely understanding there is a need. They just don’t know how to go about doing it. So it’s something like I know that I need to be physically strong, but I just don’t know the path towards it and that recognition is actually happening significantly. Color tokens provides you that entire mechanism, those workflows and takes you towards that particular path of EDR which is stop breaches, micro segmentation, it’s contained breaches killer of both particular solutions. But we do see that there is a significant amount of recognition that they need to follow the Zero Trust principles. From the Zero Trust principles, those are access control, segmentation controls and identity controls.
Rajesh Khazanchi [00:14:14]:
These are core three principles in the Zero Trust and people are absolutely following it.
Karissa Breen [00:14:18]:
Do you think in terms of a timeline, in terms of where this mindset is starting to shift? Even if we go back a couple of years ago when Covid happened, people work from home, work virtually work remotely, a lot of big organizations have got remote teams now, etc. Do you think maybe that was the inception of the mind shift to say, well, we’ve got to think a little bit beyond? Because I started to see companies really change their approach, yes to security, but to their architecture, to the way in which they’re working and how they’re securing this remote workforce. So would you say from then onwards people started to think a little bit more deeply about this problem? Would you say?
Rajesh Khazanchi [00:14:51]:
You’re absolutely right. As soon as Covid hit, people started realizing that they need to have a perimeterless, the boundaryless security. And obviously it started with Zero Trust network access. It started with identity and access. These two were the two waves that came in. That’s why you saw the Zero Trust network access solutions really catching momentum, identity solutions catching momentum. But they’ve well gone past that because working from home and working remotely was a very important area. Now we are clearly seeing the tektronic shift happening towards the segmentation because that’s a third pillar of Zero Trust.
Rajesh Khazanchi [00:15:28]:
So you’re spot on.
Rajesh Khazanchi [00:15:30]:
Covid hit.
Rajesh Khazanchi [00:15:31]:
A lot of organizations were not ready. It took them few years to really catch up to Zero Trust network access. So they controlled network access along with that identity. And now they are heading towards controlling their systems, devices and servers and critical assets. So, but that was the way when it started, especially working remotely and working from anywhere.
Karissa Breen [00:15:53]:
So now I just sort of want to zoom out and talk about the business side of it for a moment. And I’ve interviewed one of your other guys, Agni, on the show earlier this year, which focused, focused a lot on the continuous business. Obviously something happens, you can’t operate your business, you’re losing money, you’re losing customers. What I’m starting to see now, given to the people and the caliber of people like yourself that I interview on this show, is people aren’t just gonna wait days and days and days for a company to sort of recover, get back online. Why? People aren’t as loyal nowadays. They’re impatient. Soon as something is slight inconvenience, they take to Twitter and start acting up online. So give us a little bit of a picture about this, the business side of it.
Karissa Breen [00:16:33]:
Now, like, I interviewed another guest and they were saying the average days for a company to come back after some sort of attack was 24 days. I mean, that’s a long time in today’s day and age. So keen to sort of, if you can paint a bit of a picture around this sort of narrative.
Rajesh Khazanchi [00:16:49]:
Well, you’re absolutely right. The business disruption is one of the leading causes of a concern for most of the industry. And the breakout time and business disruption, these two are very, very important parameters in which, especially from the cyber defense perspective, people are observing. Zero disruption is a very, very ambitious target. But minimizing disruption is a realistic target to achieve for organizations. When we look at companies who have implemented micro segmentation and zero trust, their ability to recover, and we have hospital, their benchmark is 40 minutes and they do trial runs every year. They completely plug it out. They say breaches have happened.
Rajesh Khazanchi [00:17:31]:
They do this red teaming, blue teaming, and they completely take out, they say my backup is completely compromised, my current systems are compromised. How do I recover from there? Their benchmark is that 40 minutes they want to get back to the business. So organizations that have implemented zero trust principles, specifically on the segmentation side, they are able to recover within that period of time. And that’s the goal that we have for organization. It should be less than one hour. And if they have practices in place, they should be getting to the business during that particular time. Now, do you want to minimize it? Even lesser than that, Go for it. But that is a very, very ambitious goal to keep.
Rajesh Khazanchi [00:18:10]:
If a business gets back within an hour or so and you are able to really understand that’s the minimal impact I would say that any board would take it. So putting those particular controls and practices in place for organizations, if a breach happens, you have a containment strategy. You want to minimize that blast radius and you want to get back to that particular business within that 40 minutes or one hour period is the key goal. And we are marching towards that particular objective.
Karissa Breen [00:18:36]:
Yeah. So Rajesh, you made a good point. Recently I interviewed someone and they were talking about disruption to like aviation. So for example, LAX is a very big popular airport. One hour of a disruption to that airport per airline could cost like a million bucks, which is a lot of money per hour. And then obviously, as the hours Progress, it gets worse, it gets more expensive, the blast radius starts to increase, people start to get annoyed, potential cases start to happen in terms of people suing one another, etc. So how does that sort of sit with you in terms of what you’re seeing with customers? That we need to minimize it, of course, but also the long tail impact of keeping a customer as well as how do we acquire new ones. Given if there was a massive disruption, which is what we’ve seen over the past few years of these big businesses.
Karissa Breen [00:19:24]:
What are your thoughts then around that?
Rajesh Khazanchi [00:19:26]:
See, it’s gaining trust with customers takes time. Today when we are interacting with customers, there is a little bit of a skepticism concern around oh, we are talking about these massive objectives. But as and when we are approaching towards these goals, they can really see it and test it. That’s where the trust gets built. So I’ll give you an example. Just as I talked to you about the hospital line of chain of line, it’s a very well knit community. As soon as we started actually meeting these objectives of 40 minutes to one particular hospital, now we have chain of hospitals. We are managing it with a very clear North Star metric of being breach ready and getting back to the business very, very quickly.
Rajesh Khazanchi [00:20:15]:
So there is that element of trust now that we have established, especially with hospitals. Same is true for life sciences. In life sciences it is a bit different. Life science is all about intellectual property. If they lose that intellectual property, the separation of lab environments becomes very, very important. If they lose that intellectual property, they can go out of business. So earning that trust over the period of time for each and every vertical where we understand what it matters for them. Because for life sciences it is all about they have created some kind of an intellectual property, chemical composition or something.
Rajesh Khazanchi [00:20:53]:
They don’t want that to be somebody.
Rajesh Khazanchi [00:20:56]:
Disgruntled employee or someone taking away and going to somebody else. So it’s a completely different mindset at that point in time. They have a lab, they are doing the research. They just want completely contained in our environment. You look at manufacturing, it’s all about production. Losses of production really disrupts the whole business. One day of loss. Exactly to what you talked about.
Rajesh Khazanchi [00:21:19]:
Aviation really messes up a lot of things. Energy sector, it is all about life. They want to make sure they put controls on it. If someone takes control of the boiler, lives can be lost.
Rajesh Khazanchi [00:21:33]:
So you look, you have to look.
Rajesh Khazanchi [00:21:34]:
At each and every vertical. What is their North Star metrics? For every organization it might not be production, it could be the whole company can go for A toss. When intellectual property goes, lives can be lost. And when lives are lost, then the whole trust goes. Your customers go away, your employees go away. So we are working with each of these vertical, understanding their North Star metric and building that entire trust with them. And that’s why we feel proud about that. It’s not only about objective of securing.
Rajesh Khazanchi [00:22:07]:
We are saving lives, we are saving businesses, we’re saving livelihood of a lot of people. That’s the mission that I really feel proud about. Color tokens is marching towards.
Karissa Breen [00:22:16]:
So would you say at this point in time where we’re sitting in businesses in general and what I keep reading online is the market’s getting more aggressive. And what I mean by that is now companies out there, whether they’re big or even medium sized businesses are having to innovate faster because of AI. They’re having to shift very quickly and pivot and all of this sort of stuff. So therefore, because they need to retain their customers, because customers are going elsewhere, there’s no loyalty anymore. It’s not, oh, I’m going to drive down to the bank and speak to the dude I’ve been you know, dealing with for 40 years. People don’t care about that. They get it cheaper, faster, better, they’re going to go elsewhere. So would you say that as a result of that as a buyer byproduct, it’s putting more pressure on t security departments to make sure this stuff just keeps running.
Karissa Breen [00:22:59]:
In terms of potential revenue loss, so mentioned before the airline, million bucks, that’s a lot of money. But then it’s also yes, the revenue, if you were to just look at that but then also down the line the revenue that could be lost as.
Rajesh Khazanchi [00:23:12]:
Well, it definitely is putting a lot.
Rajesh Khazanchi [00:23:14]:
Of pressure on it.
Rajesh Khazanchi [00:23:15]:
And security companies expectation is completely, completely different. We look at 20 years back, 45 years back, just a system administrator ratio between one system admin to servers where one is to 20 to one is to 30, these one is to thousands of servers. Obviously automation solutions have come in but so have attack surfaces come in. So expectations are absolutely very aggressive, there.
Rajesh Khazanchi [00:23:39]:
Is no question about it.
Rajesh Khazanchi [00:23:40]:
But at the same time that we as vendors really need to do a good job in making sure that we live up to our expectations.
Rajesh Khazanchi [00:23:49]:
Because if we are right now running.
Rajesh Khazanchi [00:23:52]:
These particular systems, managing these particular systems we have to run into, we have to really make sure that IT organizations, security organizations have those bells and whistles and automations built in to these systems so that they can preserve the key North Star metric. And this could be production, this could be customer trust, this could be intellectual property, so on and so forth is preserved. But you are absolutely right, in today’s world, this can become a distinct advantage against your competitors.
Rajesh Khazanchi [00:24:25]:
And we are already seeing that.
Rajesh Khazanchi [00:24:27]:
I was actually interacting with very large bioenergy company and they are using this as a distinctive advantage against their competitors because they’re saying that we can prove it to you, that we are far more secure and they were able to get a significant amount of valuation and investment into that company. Customers started trusting them because they were able to demonstrate that and use this as a core differentiator against their competitors. So it’s just not only securing the business, you can earn more business out of it if you are able to demonstrate that you’re a far more stronger and resilient company.
Karissa Breen [00:25:05]:
Yeah, and you’re right about that. And then would you say, so just to extend on this a little bit more, it’s going to force big companies because I mean big corporations that can take ages to make decisions. What I’m seeing now, maybe you can talk a little bit more about this, Rajesh. Are they making decisions faster? It’s not like we can sit around a room and do all these risk assessments and all these things and get all these people across it because we need to move faster because we want to have that competitive advantage. We don’t have time to do all these beautiful spreadsheets and all the things we used to do 20 years ago because we got to get ahead. So are you seeing now that people are willing to probably take a calculated risk making sure that they maintain that moat around their business to stay ahead or how are you sort of seeing that in terms of the shift internally for making decisions?
Rajesh Khazanchi [00:25:50]:
It is improving, no questions about it.
Rajesh Khazanchi [00:25:52]:
But it could be better because organizations.
Rajesh Khazanchi [00:25:55]:
Still take six to nine months, especially large organizations, to make a decision that they can do it within a couple of months. In some cases it used to take a year, year and a half. So it has gotten better. Metric is better, but nowhere to the stage where it should be. It’s not about selling, it’s about, you know, the decision making process of getting everybody on board going through that procurement process. And it definitely could be better. My only request to them is the attackers are not waiting for you to make the decision. Attackers will continue to attack.
Rajesh Khazanchi [00:26:25]:
And just because you’re not able to see doesn’t mean the attack has not happened. I wish they can make faster decisions and in some cases businesses have completely gotten disrupted. In some cases trust is lost. But yeah, I wish it was much Better than what it is right now.
Karissa Breen [00:26:43]:
So I want to switch gears and talk about just micro segmentation as a definition. Would you say that people out there have sort of a different version in their mind around what this means? Because perhaps they’re thinking of a little bit more traditional way of how people have done micro seg, for example. Can you sort of talk through this?
Rajesh Khazanchi [00:27:00]:
Yes. I mean micro segmentation is now a very well established space. It wasn’t few years back, a lot of companies, five, six years back we would talk about micro segmentation. That was more educational in nature because people sometimes felt like micro segmentation to network segmentation or VLAN segmentation. They kind of correlated with it. We don’t face that problem right now. I think it’s very well understood particular space and they also understand the value for micro segmentation. One big challenge, especially with micro segmentation has been that it has been hard to implement.
Rajesh Khazanchi [00:27:38]:
And lots of organizations are bit worried about how to implement micro segmentation because think about it that you are in a hotel and each and every room you have a lock and you have to program those locks. This can run into thousands of policies. And that was one of the big concerns that continues to be a big concern, especially for organizations that how do I go about implementing these controls and managing these controls? But over the last few years especially what we have designed and done is our value to the customer is that we will be able to implement that entire micro segmentation if it’s a medium sized deployment to 30 days and if it’s a large deployment to 90 days. The only way we can do it is we have built in AI solution that understand that visualize and understand traffic patterns, then adapt to it and start continuously monitoring it.
Rajesh Khazanchi [00:28:37]:
This is all done in a manual way. Not anymore.
Rajesh Khazanchi [00:28:39]:
You can analyze and understand the traffic, adapt to it and then start actually constantly monitoring it. So people have understood micro segmentation as a tool to secure it, but they were always worried about can I implement it across 40, 50,000 servers. If it’s a large financial organizations now they are able to do it because of the scale and velocity AI provides in deep learning and then adapting once they actually learn these particular controls.
Karissa Breen [00:29:08]:
So then on that point, would you say that people like a bit disgruntled towards oh, it’s another tool, it’s another thing I got to do. And I asked this because a lot of people are now talking around, hey, we want to reduce our tool sprawl, we want to focus on platformization, we want to reduce the tools, we want to Reduce the vendors. How does that sort of conversation work, would you say? Or what are people’s sort of response to that?
Rajesh Khazanchi [00:29:28]:
I think it’s a fair point. Tool proliferation, too many tools, too many agents is a very big problem across the industry. And it’s not only for cyber, it could be for config management solutions and other monitoring solutions as well. It’s a fair point. And the way we are handling it is that customers don’t need to add any other agent to achieve the objective of better security, better resilience from color tokens. If they have EDR technology, any of the EDR technologies, mainstream media, CrowdStrike, Defender, Microsoft Defender or a Sentinel, one solution, they will be able to achieve micro segmentation through those particular agents. That’s a big news for most of our customers because they want to really not have too many tools and too many agents in there. But they obviously want a better security because as I mentioned to you earlier, that when you look at CrowdStrike or Sentinel, their entire main theme is they stop breaches, but they don’t contain breaches.
Rajesh Khazanchi [00:30:28]:
Contained philosophy just doesn’t exist. And if you look at some of the Gartner data, they are saying because of AI attacks, EDRs and firewalls just are not capable to handle it. They expect that the proactive security will have 50% investment in cyber resilience programs in the next three to four years. 50% investment? Currently it is 5 to 10. It’s a significant tectonic shift that you’re going to see as attacks actually get sophisticated through AI. EDRs are just not capable to handle that. So having a proactive preemptive security which is AI driven, controlled is actually the way to go. And to your point on platformization or reducing the tool set color tokens type of technology does not do that.
Rajesh Khazanchi [00:31:17]:
It actually enables, it empowers EDR to actually implement micro segmentation on the ground. The crowdstrike agent is good enough for us to implement micro segmentation. That’s the comfort that we are giving to our customers.
Karissa Breen [00:31:31]:
So effectively color tokens, to use an analogy, will swim beside these EDRs. So whether it’s crowdstrike, et cetera. So therefore people don’t have to think about, oh, we’ve got to deploy another agent, because I think that’s where people start to get a bit anxious, would you say?
Rajesh Khazanchi [00:31:47]:
You’re absolutely right. So a crowdstrike type of an agent is enough to implement it and we program those particular agents itself to achieve the objective of micro segmentation.
Karissa Breen [00:31:58]:
You’re spot on so then looking forward, I know we’ve sort of covered a lot of ground here today. What do you sort of think like when you sit back at the end of your week thinking about the industry or micro segmentation, what are your sort of thoughts now as of today? But also as we’re rolling up to the end of the year into next year, what do you think’s sort of happening in this space right now?
Rajesh Khazanchi [00:32:18]:
So AI will drive a lot of activities and AI on both sides, AI from the attack vector side and AI on the defense side. And I think I alluded to that before, that there is going to be a significant amount of thought process in terms of proactive and preventive security. Significant amount of focus on that. Because if you are getting I would say 5 mitre techniques or 10 mitre techniques that you have, you’re going to get thousand of those different types of techniques in which your attack vectors come in thinking that you are actually. The amount of thought process AI attackers can bring in, it can be extremely overwhelming to any of the detection response systems. And one has to be prepared for it. The only way to actually defend yourself is being proactive and you have a complete mechanism. Design your systems, design your networks, design your controls upfront for that inevitable situation.
Rajesh Khazanchi [00:33:20]:
That’s one. As I mentioned, AI would drive lot of these particular things towards that closure. Third element is where we are seeing a clear, clear progression happening today. I would say in the last five, six years, rations technology was not considered as a focal point or an attack vector. They are becoming more and more visible to us like manufacturing plants, critical infrastructure, aviation, industry, pharmaceuticals, life sciences, hospitals. Those are getting attacked. And those are not getting attacked because you have a laptop or a server. Those are getting attacked on medical devices, proprietary systems, your boilers, your geysers, your non standard operating systems, your H Vac systems, your logistics support systems.
Rajesh Khazanchi [00:34:14]:
Those are going to be a very easy attack vector for any vertical. So making sure you have designs around that and you have preventive measures around that will be another area. And countries can come down because of that. If your critical infrastructure is down, what are you going to do? Your power grid, your water supplies, those are foundational elements. So it’s just getting into that serious note that you have one side. It is ot the attackers are getting sophisticated through the AI driven and defenders will also actually implement a lot of the AIs in that. And that’s why the containment strategy, the proactive security strategy will become very, very important element. These are kind of the three or four cor points we are looking at from a two to three year standpoint.
Karissa Breen [00:34:59]:
And lastly, Rajesh, is there any sort of final thoughts you’d like to leave our audience with today?
Rajesh Khazanchi [00:35:05]:
I just want all the audience to be aware that cyber is going to stay. Keep yourself safe, be knowledgeable about it. These core principles that we are talking about are not to scare you, to make you aware. So understanding your environment, it doesn’t have to be on the network side or understanding your environment. All these entire activities are moving your bank accounts, your core assets. Just be aware about that and then awareness solves a lot of problems. So from the organization’s perspective, if you are looking at the concepts around having a design thinking, having security by design constructs that’s applicable everywhere in your home, in your finances, in your controls, for example, in your home system you might have like 40, 50 devices connected to the Internet. Be aware about what’s happening, try to be safe, try to be educated about it.
Rajesh Khazanchi [00:36:04]:
Because it’s no longer comfort. Comfort comes at a price. So if your systems, if your cooking tops, if your refrigerators, if your devices are directly connected to the Internet, think again. Does it need to be connected to the Internet?
Rajesh Khazanchi [00:36:19]:
And if it needs to be, is.
Rajesh Khazanchi [00:36:20]:
There a secure way of doing it? But just be aware about that. That’s my line of sight for almost everybody. For kids, for grownups, and especially for older people who are not as much aware about it. This is on the personal side, on the organization side, from the large company side. I just want them to think about that. Having design principles in place pays a lot. Just being aware about where your infrastructure is, what your infrastructure is, how you can actually do design. Thinking about putting core constructs up front will save you a lot of money later.
Rajesh Khazanchi [00:36:53]:
So just thinking about detection, response and EDR technologies and firewalling is just not.
Rajesh Khazanchi [00:36:58]:
Enough for new set of attackers.
