Pankit Desai, Sequretek: "today, attackers use much more advanced modes of cyberattacks to compromise enterprises"
The pandemic has created a rather quick shift towards remote working and unfortunately, not all companies were prepared for it. As a result, cybercriminals noticed great opportunities to exploit vulnerable enterprises and obtain illegal profits.
The number of active, sophisticated, and dangerous malware is growing exponentially. Companies of all sizes suffer from ransomware, spyware, and other attacks that not only cause financial losses but also damage the brand image.
Today, we at Cybernews had a chat with the Co-Founder and the CEO at Sequretek (a company that specializes in AI-based security solutions), Pankit Desai, who explains how artificial intelligence and machine learning can help minimize the risks of cyber attacks and improve enterprise security posture.
What was the journey like since your launch almost 10 years ago?
Sequretek was co-founded in 2013 by Anand Naik and me. The company is built on the foundation of simplifying security which means less complexity and driving down the cost of ownership. This vision drives the design, development, and deployment of every innovation that comes out of Sequretek.
Sequretek has offices across the US and India with over 400 cybersecurity professionals. More than 25% of our employees are in R&D. We have been growing with a CAGR of over 50% Y-O-Y and have close to 120 customers worldwide. Our products are covered by technology influencers like Gartner, ICSA Labs, NASSCOM, and have strategic partnerships with Intel, Ingram Micro, and FIS. They give us market access in India and the US. The company has received recognition from several government bodies, startup entities, as well as media houses over these past several years.
Sequretek is known for the application of Machine Learning (ML) and Artificial Intelligence (AI) in its cybersecurity platform which is capable of blocking threat actors trying to enter customers’ systems from multiple touchpoints.
Can you tell us a little bit about what you do? How is Artificial Intelligence incorporated into your services?
Sequretek offers end-to-end security in the areas of enterprise threat monitoring, incident response, device security, as well as identity and access governance through their AI-driven Percept Cloud Security Platform. We own up to the entire customer environment and help them respond to cyber threats. We ensure that the customer environment stays protected.
At Sequretek, we have developed AI-based products that allow you to detect, protect, prevent, and respond to all types of cyber threats and attacks, both external and internal. Sequretek’s AI-based solutions ensure increased efficiency in threat detection since the element of human dependency to write detection rules is eliminated. The algorithm analyzes itself, creates rules, and identifies malicious patterns. We have different point products competing for each of our products (split between legacy and new-age companies).
Beyond the technological advancements, we are one of the very few companies across the world that have their own product, platform, and professional services around the solution.
Besides providing security products, you also actively research emerging cyber threats. Which ones would you consider the most concerning nowadays?
A key tenet of our approach is enhanced visibility into the enterprise: you cannot secure what you cannot see. Improved visibility in the cloud means precise, actionable intelligence as well as more efficient and proactive management of resources - the best competitive edge enterprises require in today’s marketplace.
The cybersecurity threat landscape has been evolving at a rapid pace. Every day we hear about companies across industries suffering cyber attacks such as ransomware, phishing, and data thefts. It is often observed that enterprises get compromised even after investing a significant amount of resources on security technologies, and more often than not, the attack is detected much after the event.
Apart from the usual ransomware and phishing which appear to be the most prominent cyber threats, a lot of state-sponsored activities, snooping, and spyware continue to be big threats in the cyber world today.
Our AI-based products allow you to detect, protect, prevent, and respond to all types of cyber threats and attacks. Sequretek’s Percept Cloud Security Platform is the platform of choice for customers due to its ability to simplify security and reduce the total cost of ownership for enterprises through our technology offerings.
Have you integrated any new features into your products as a result of the pandemic?
The pandemic and concepts like Work From Home (WFH) have worsened the security challenges for all enterprises. Earlier, the antivirus solutions were capable of blocking malware and thus preventing the harm that they might cause to the system or network. Today, the attackers use much more advanced modes of cyberattacks to compromise enterprises.
One fundamental shift that happened post-COVID, was enterprises moving towards the cloud. One can say that enterprises have now been forced to adopt the cloud. Though it provides a lot of benefits around speed, scalability, and flexibility, it creates some serious security challenges.
Transformation to the cloud creates heterogeneity in the infrastructure as the devices now are distributed invariably across on-premise, cloud, and hybrid environments. This heterogeneous infrastructure creates multiple challenges to the enterprises around security visibility, security mess, data sprawl, and botched response.
Percept Cloud Security Platform addresses all the above challenges and ensures end-to-end enterprise security through its AI-based products.
As more companies adopt work-from-home policies, what cybersecurity threats do you see becoming a common occurrence?
Over the last year, we have noticed an increase in the reported number of data breach cases. Almost daily, we hear about companies across industries suffering cyberattacks such as ransomware, phishing, and data thefts. Secondly, if you look at across-the-board statistics, year on year, there is a minimum of three to four times increase in the number of cyberattacks since the Pandemic. Ransomware attacks have also changed such that it not only encrypts the data but it also steals it. This combination of data theft and ransomware has fueled the rise in cyberattacks. Thirdly, the way organizations were structured they were not prepared for WFH. They continue to face additional challenges where personal assets are being used for professional purposes and vice versa. These are some of the reasons that create multiple security loopholes in the way enterprises are set up.
We believe advanced ransomware, phishing attacks, weak passwords, and insider threats are some of the worst cyber threats. A small mistake committed by any employee of the enterprise (knowingly or unknowingly) could result in a successful cyberattack. Once attacked, the compromised data is sold on the dark web, irrespective of payment of the ransom amount. The unpreparedness of the enterprises to such attacks is a major concern as cybersecurity is often looked-up as the cost center.
Why might some organizations not be aware of the security risks they are exposed to?
As organizations continue to move to Cloud, a corresponding rise in Cloud data breaches has followed due to poorly configured Cloud environments. There is no focus on any specialty coverage of the risk that security brings in, so the technology that gets adopted and the talent deployed may or may not be well versed in the security technology deployed.
CEOs need to Take Control of their enterprise security and ask a few critical questions to the CIOs, CISOs, and the IT Leaders of their enterprises:
- Is our organization compliant?
- Are the technologies being used optimally?
- What is the organization's Security Posture?
- What critical business assets the company needs to secure?
The above questions will not only give them a comprehensive idea of where one enterprise stands concerning cybersecurity but also will help you to take control and strategize towards being secured, as well as compliant to the industry regulations.
Look out for solutions that have capabilities to cover multiple components of the threat landscape rather than opting in for point solutions. The cutting-edge point solutions will also require highly qualified and paid resources to understand and manage the products effectively.
Although it seems like any company can be struck by a cyberattack, which industries do you think are the most vulnerable?
The industries or companies that are doing good in the market, will most probably be attacked. The attack can either be initiated by their competitors to bring down the brand value and disrupt the company’s business continuity or it might be targeted by some cybercriminals who would wish to earn a hefty ransom amount.
In the recent past, underinvested sectors like manufacturing, media, hospitality, pharmaceuticals, and others have also started investing heavily in security on account of several high-profile attacks.
Irrespective of the industry, all enterprises must have a robust cybersecurity posture and ensure readiness against advanced threats and cyberattacks with timely incident management and response mechanisms.
Which security solutions do you see taking off in 2022? Alternatively, what measures do you think are going to fall off the radar in the near future?
The cyber threat landscape is continuously evolving with more stealth and sophistication. Advanced threats such as targeted phishing attacks, ransomware, coin-miners, trojans, zero-day attacks, and persistent threats, are today’s reality for threat management. More often than not, the attacks nowadays carry stamps of an adversary nation-state’s sponsored espionage and disruptions over long periods. Prevention, detection, response, and mitigation of these threats need the highest degree of automation, robust processes, and a well-trained team of security professionals.
The technologies like Extended Detection and Response (XDR), Security Orchestration, Automation and Response (SOAR), and IoT Security look to take off in 2022. Most of the organizations have displayed their interest in learning and subscribing to these technologies due to the unique advantages which their IT teams could leverage to save time.
With the advent of innovative technologies like XDR & SOAR, technologies like SIEM will certainly fall off the radar soon. SIEM technology itself comes with super high costs, and then there’s a differentiated cost associated with the integration and management of the platform.
Would you like to share what’s next for Sequretek?
Technology innovation will be core to Sequretek's ethos. All innovations will be focused to simplify security for enterprises and consumers, thus creating safe experiences in digital economies. Along with innovating and investing in the R&D towards our existing offerings, we would also create product lines for IoT Security as industries and organizations move towards adopting connected devices.