Hello and welcome. My name is Pritijit and we are bringing you the latest from 
TCS Research and Innovation. In this episode, Gaurav Banga, founder and CEO of 
cyber security startup Balbix, will discuss artificial intelligence and cyber 
resilience. Gaurav will also talk about the threat landscape for enterprises, 
how to leverage artificial intelligence in order to address cyber risk 
challenges, and how to automate cyber security processes. Welcome to the show 
Gaurav. You have to start off. Could you please take our listeners through the 
current threat landscape for enterprises? That the enterprise attacks surface as 
you digitalize the enterprise is massive and is growing rapidly. There are 
practically unlimited ways in which adversaries can attack and compromise a 
network. Cyber security is analyzing it. Improving it is not a human scale 
problem anymore. You cannot improve your cybersecurity posture. Using the tools 
that worked in the past, so which is why you recommend that artificial 
intelligence should be brought into the picture. So if you look at the first 
step that you need in order to improve your security posture or your cyber 
hygiene, you need to know what you're defending and what the current state is. 
And you need to be able to measure any improvements that are happening, what 
outcomes you are achieving in terms of actual reduction of breach risk. So if 
you look at a modern enterprise, the number of factors that go into the 
calculation of cyber risk is in the hundreds of billions. These are the threats, 
the vulnerabilities, exposure, behavior of users, different business criticality 
of different application and assets. Ultimately, the effect of your projects and 
mitigating control that you already have in play, you cannot solve this using 
traditional methods. AI is on the other hand, is particularly good at allowing 
you to see what your risk heat map looks like by analyzing all of these billions 
of factors. That go into your risk calculation so that using AI we can also then 
prescribe specifically the initiators that you should take so that you can 
reduce your breach risk in a measurable way. So what are the things that 
enterprises should do to tap into artificial intelligence and automate the cyber 
security processes? So the first thing you need to do is establish visibility. 
Without visibility, without knowing what you're defending or being able to 
measure how your cyber security posture is improving. You got nothing. The 
second thing after you got visibility is to establish what we call strong 
identity, which is that you must know what specifically what assets, what 
devices, what applications, what users are active on the network and be able to 
ask are they authorized or not authorized. After that you need to get into this 
next level, which is about making sure that your vulnerability are managed 
according to risk. It means that the things that are critically important. For 
which you have a real threat and a real exposure. They need to be addressed 
right away and things that have a lower threat can be addressed maybe next week. 
And the things that do not have a practical threat, you don't need to waste any 
resources on it. We call this risk based voluntary management. Then after that 
you need automation, which is intelligent automation such that all the 
mediating, remediating steps you're taking, they should be automated as much as 
possible with all of the intelligent context that is available. And then last 
but not least. Now you can get into some advanced cyber resilience items, like 
being able to segment your network based on dynamic risk and being able to even 
play subterfuge where you pretend you make attackers believe that they have 
compromised certain parts of your network, but they really haven't. Thanks 
Gaurav. This is very helpful. Now could you please take us through the concept 
of cyber resilience? So cyber resilience is that the ability of an organization 
to limit the impact of cyber attacks. The assumption is that they will be 
failures, either failures or software. IT has a security bug or failures of 
human beings who click on the wrong things. So these failures will happen 
because of the scale of the uprise. Can we arrange things? Can we arrange our 
network infrastructure or policies in such a way that even when these failures 
happened, it doesn't become a systematic breach? That quality is called cyber 
resilience and there are systematic ways by which you can go about and improve 
your cyber resilience, and AI and automation play a very important role in that. 
Right. So how do you build the required skills for a better, stronger and more 
cyber resilient enterprise? Human beings are key to being able to improve cyber 
resilience by educating and training people so that they understand the concept 
of the fact that security can never be perfect and the objective is cyber 
resilience, not absolute cyber security. And then also train them on some of the 
advanced tools that are available that use AI for understanding your 
organization. Orchestration for automation And then now you have all the raw 
ingredients that you need to be able to take the appropriate tools and products 
and help your customer transform their service security posture. What is 
happening unfortunately right now is most of us are still training people 
unsuccessfully to be able to use legacy tools. Unfortunately, legacy tools are 
no longer able to keep up and we should just move away and try to get our people 
to understand that. Cybersecurity can never be perfect. Our goal is cyber 
resilience and start picking up the new tools that are cyber resilience 
enhanced. Most organizations focus on cyber security only after an attack. So 
what kind of steps should they take in order to be more committed to cyber 
security? And that's a great question. So if you look at service security in all 
its details, it is fairly technical. Unfortunately, a lot of senior management 
board members CEO CFO's are not experts in service security. So the first 
problem that happens is that when the seesaw tries to explain the nature. Their 
talk technology and they have trouble trying to map it on to business risk 
items. The second problem has been the Traditionally service security has been 
project oriented. What that means is that the Seesaw goes and asks for funding 
for project ABC and D and the board and the CFO CEO. They agree just because they 
feel that doing those projects will keep them out of trouble. Needs to happen 
though. These discussions should have outcomes attached to them, outcomes that 
are quantifiable in terms of breach risk reduction. So cybersecurity needs to 
become a lot more outcome oriented away from being project oriented. When that 
dialogue starts between the senior management Board of Directors, C-Suite and 
the security team, then we will have the right funding, the right decisions 
being made and will enable cyber security posture to get better. And then reach 
rest together. Proactively avoided. Thank you, Gaurav to our listeners. Until 
next time, stay tuned.