Interviewed by Adeesh Sharma
We spoke to Rajeev Shukla, Founder and CEO, Castellum Labs-Hyderabad to understand his organisation’s methodology towards securing digital assets of customers, how much have Indian organizations matured in understanding the importance of securing their information using the latest technology tools, their revolutionary Threat Watch Service and how it proves beneficial to organizations, and how they plan to further improve upon their offerings in future.
Please tell us about your organisation’s methodology towards securing digital assets of customers.
Castellum Labs has four core principles pivoting value proposition of its portfolio. These three core principles have been picked give the current threat landscape, and, risks thereof.
- Real time perspectives & insights
- Detection and response for preemption
- Continuous model of cyber security management
- Outside-In stance to threat intelligence & preemption
Today, historical cyber security insights and views of your digital infra do not make sense. We live in a world, where Ransomware-as-a-Service, Attack-as-a-Service and Botnet-as-a-Service options and large swathe of information available on darkweb, is making it possible for cyber criminals to launch ever larger, more pointed and objective oriented attacks on companies. With this new threat landscape, hygiene based and protective security is almost outdated. In fact, even newly spawned detection and response model of cyber security management are not very effective.
Companies need to understand that breach attempts and even breaches will take place, sooner or later (if it has not already taken place). A real time ability to understand the threats, understand the gaps in your security, within your digital infrastructure and then build a detection and respond competence, which goes beyond current day, wait and watch, and traps threats, which have not yet knocked on the door, is urgently needed to deal with modern day, unprecedented levels of threats.
Another significant change industry will need to adopt, is to, create an outside-in perspective of threats and vulnerabilities. Companies need to create a view of their threats, which is a reflection of a hacker's view. An internal view of threats is no longer genuine and effective. Simulation based techniques, to model threats within organization, and, then look at people, process and technology readiness of the organization is another dimension of outside-in model of security.
How much have Indian organizations matured in understanding the importance of securing their information using the latest technology tools?
Indian organizations have started realizing that cyber security is no longer an optional layer on their digital aspirations and digital infrastructure. A lot of Indian organization and CISOs know, that, cyber security is an enabler of businesses for their organization. Though this change of mindset at CISO level, has started taking place, it still has to propagate up to other CxO and board level in India. Quite a many organizations, CISOs still have to struggle, to pitch their units, their plans and their budgets, in context of transforming the digital infra, to secure digital infrastructure. I believe corporate India, still needs a board level acceptance and push, to fund and sponsor the cyber security initiatives in organization with right kind of pace and right kind of model.
Another challenge I see, is that, quite a many times, product centric approach to cyber security is adopted. It is thought that adopting certain products, across spectrum of cyber security areas, and, threats, will change and improve their overall stance on cyber security. Nothing can be farther than truth. CISOs in India, would need to look at Cyber Security as a road-map, a continuous evolving process, and, develop programs, competencies and technologies in context to a stated and adopted road-map. I still see most organizations not carrying a stated, accepted and well communicated road-map for the organization.
Please tell us about your Threat Watch Service and how does it prove beneficial to organizations?
Castellum Labs operates across four major areas of security. These are, Threat Intelligence, Application Security, Continuous Assessments and Threat Monitoring. We are creating unique platform delivered, human intelligence added and continuous modeled Orchestrated Security Services for our customers in India and world-wide.
WatchOUT, Threat Watch Service is one such service in our Threat Intelligence portfolio. WatchOUT, Threat Watch Service is a subscription based external watch service. It watches for data leaks, stolen credentials, threat causing elements, phishing sources, reputational damage and more. It also watched for your-own-attack-surface on daily basis, for vulnerabilities, mis-configurations and holes, which can make it easy for a hacker to compromise your digital infrastructure. We offer a daily/continuous threat insight for your organization based on what we find on darkweb, social web, your-own-surface, forums and more. WatchOUT delivers daily custom intelligence, threat insight, continuous surface assessment and rolling threat/risk score board.
WatchOUT is delivered using a proprietary threat data platform, and, an excellent team of threat data analyst, who use this platform to scrap, filter, collect and analyze large number of places on darkweb, social web, open web, forums and communities. WatchOUT does not need any installation and has no complex setup process.
WatchOUT is first of its kind services from India, to watch for threats from outside. And, create a real time outside-in perspective of threat intelligence for organization.
How do you plan to further improve upon your offerings in future?
We intend to expand on our technology capabilities, and, add more and more "CySec Strengths" to our platforms. We also intend to expand our portfolio and create more services, in the continuous assessment and threat monitoring space. We will be offering industry, a combination of services and platforms, which will help customers, develop real time detection and response abilities against threats. We also intend to create continuous models of security, in areas, which have traditionally been checklist and random frequency based.
Castellum Labs is committed to creating next generation platforms, services and orchestrated models of cyber security, which simplifies cyber security for customers. We also will focus on innovating in areas of cyber security, which have seen less technology, product and service innovations and hence continue to be operational and risk challenge for organizations.