Cybersecurity in the Age of AI with SEQURETEK s Anand Naik

Episode Overview

Anand Naik is the Co-founder and CEO of SEQURETEK, a Mumbai-based cybersecurity firm established in 2013. With over 25 years in the IT industry, Anand has held significant roles at leading technology companies, including Symantec, IBM, and Sun Microsystems. At Symantec, he served as the Managing Director for South Asia, where he was instrumental in shaping IT security strategies and architectures for numerous global enterprises. His extensive experience has positioned him as a subject matter expert in cybersecurity, contributing to various policy programs with the Government of India and other industry bodies.

In 2013, recognizing the complexities and fragmentation in the cybersecurity market, Anand co-founded SEQURETEK with the mission to simplify security for businesses. The company offers AI-driven solutions, including Percept XDR, Percept EDR, and Percept IGA, designed to provide comprehensive protection against evolving cyber threats. Under his leadership, SEQURETEK has expanded its client base to over 150 organizations globally, spanning sectors such as financial services, pharmaceuticals, government, retail, logistics, and manufacturing.

Anand’s commitment to advancing cybersecurity is evident through his active participation in industry forums and his role in bridging the gap between technology and business needs. He has been a thought leader in the field, advising on IT security strategies and contributing to the development of robust security frameworks. His dedication to innovation and excellence continues to drive SEQURETEK’s mission to empower organizations to grow without fear, serving as a trusted partner in simplifying security. ​

Episode Transcript

Anand Naik: We decided we will keep an open and modular architecture that can coexist and complement whatever the customer has so that their investment stays protected and it is pretty easy. We sit on top of whatever the customer has and start bringing in this visibility.

Kevin Rosenquist: Hey, welcome to Pay Pod, where we bring you conversations with the trailblazers shaping the future of payments and fintech. My name is Kevin Rosenquist and thanks for listening. Anand Nayak spent much of his career with big players like IBM, Sun Microsystems and Symantec, but in 2013, he felt there was a need for a more robust and agile cybersecurity solution. So he founded SEQURETEK and is now using machine learning and AI to help stop attackers in real time. We discuss how secure tech protects businesses in all industries, and he also gives his thoughts on threats we don’t talk about as much like Internet of things breaches and quantum computing. If you’re ready for a deep dive into cybersecurity, please welcome Anand Nayak. You’ve worked for global giants like Symantec, IBM, Sun Microsystems before founding Secure Tech way back in 2013. Seems like a lifetime ago now. Obviously things looked a little different back then compared to today. What was your inspiration for founding the company?

Anand Naik: Yeah. So,  thanks, Kevin, for having me on this podcast. And,  like you,  just alluded, you know, I’m working with all these big giants,  some of the best companies and the biggest in their heyday.  I had the opportunity to go and learn what security is and how customers consume this security from their perspective, is 20 years of corporate experience. Give me 3 or 4 important insights. One, it told me how the market is evolving, how the customer’s evolution is happening. You know, early in the day when I started,  back in the day when I started, it used to be decentralized environment, then moving into the data centers in the.com era and then moving away from data centers into, again,  you know, private data centers and then to cloud and, you know, the entire IT journey. My last role with Symantec, as a CEO and managing director for India and Southeast Asia, gave me a couple of very interesting technology perspectives,  from a customer viewpoint. Um, what big companies ended up becoming were more of an aggregator of technology. So you had to do because these are Wall Street driven,  you know, market dependencies that one has, you ended up making too many product offerings for the customers. So in that journey with Symantec, in my tenure of nine years with them, they ended up acquiring 60 plus technology companies either to, you know, address a adjacent market need. And it was just easy to go and acquire and bring that product line in in terms of the offering or to fill a technical product gap that may be present in the current offering that they had.

Kevin Rosenquist: 

Anand Naik: This gave me three different perspectives. One, the technology shift that was happening in that period of nine years in security, with the threat landscape evolving continuously,  you needed to have a very nimble organization. A startup therefore made a lot of sense to capture and look at the research from a fresh perspective. Second,  a complete different technology wave of ML. I was not the word then. It was ML.

Kevin Rosenquist: Yeah.

Anand Naik: And,  you know, people were trying to experiment and see how machine language can actually solve the problem of this,  diversified security challenges customers had. And the third biggest learning for me was that large companies ended up becoming a monolith,  non-agile structure where they had a lot of offerings to the customer,  that could actually meet the requirements that customers had. However, it was left for the customer to integrate it. However, it was left for the customer to answer three fundamental security questions of whether they are secured, whether they are compliant and should there be a breach, how to identify one very quickly, and how to then resolve it in time with minimum or no damage at all. When it came to this code security questions, I found that large setups and big players of that time had this problem left for the customer to solve. So they had all the technology available. They were experimenting with ml’s of the world and all these different new things that were happening. However, this core answers were left to the customer and that to me became a big inspiration to see how I can come up with a startup that can help customers simplify security, solve this problem of,  you know, multi technologies, or reduce the footprint of technologies that they would get. And at the same time look at future generation, you know, footprints when it came to designing and developing new products. So we decided to take bet on three things. First is whatever we do, we help customers bring a single pane visibility and a single console through which that entire environment can be looked at, so they get a view of what’s happening in their environment in real time all the time. The second thing we decided was,  do I as the core foundation to whatever we design? Like I said, it used to be ML at that point, and it was a big bet for a startup like us,  at that point in time out of India.

Kevin Rosenquist: Yeah. You were kind of.

Kevin Rosenquist: New to the I mean, that wasn’t really big then.

Kevin Rosenquist: Yeah, it.

Anand Naik: Was not big. And not many players were. I mean, a lot of people I later realized had these projects under, you know, under the,  under the hood. And they were experimenting with it. But,  out there in the market, we were trying out in the open. So,  that was another big bet. And the third thing I realized is in this journey of protecting customer environments and mentioned simplifying security for them. We had the potential to create a big impact on the overall ecosystem in terms of building talent, in terms of creating market opportunities for youngsters and making sure that customers has all the options available, both in terms of resources, technology and tools that can help address this problem. So that’s what kind of led to this journey from a corporate to a first generation entrepreneur ship transition. It’s been 11 years now and very happy that, you know, we have been able to at least make an impact to close to 2000 odd people.

Kevin Rosenquist: That’s awesome. Yeah. You started to kind of talk about some of the core offerings you guys have. The first one I wanted to bring up was was percept XDR  which helps companies keep an eye on all their devices and systems, from laptops to cloud services, using AI to spot anything unusual or potentially harmful before it becomes a problem. And to your point, earlier all in one spot so you can see everything. Considering that data is in so many places these days cloud, internet of things, traditional networks and systems, how are you able to keep it flexible enough to adapt as companies keep adding new tech into their workflows? I mean, that’s got to be a challenge.

Anand Naik: Not perfect. You’re absolutely right. It’s a big challenge. And,  we took,  three simple approaches to this entire offering and the value proposition we created. So like I said earlier, we created everything that was AI powered. So all our offerings, including the percept XDR and SIM,  is AI powered. We made everything cloud native. So cloud was already in adoption at that point in time and continued to grow. We decided we will offer everything as a SaaS offering for our customers. And as you pointed out, it would give you a single comprehensive visibility, but we brought in three different elements to this entire AI powered, cloud native and,  simplified visibility approach. We said that we will create an open and modular architecture so that we can coexist with everything that the customer has. So one of the big problems in security industry, even today, I see with large players is if you want to adopt a particular brand or a particular offering, you got to go and displace all the other things the customer has. So there is a lot of takeout cost and takeout technology headache that the customer has to deal with. So we decided we will keep an open and modular architecture that can coexist and complement whatever the customer.

Kevin Rosenquist: Has.

Anand Naik: So that their investment stays protected, and it is pretty easy. We sit on top of whatever the customer has and start bringing in this visibility. The second piece we did is our offerings today have what we call a defense in breadth and a defense in depth,  approach. And for that, we created this continuous threat exposure management platform that has basically four different offerings that address the customer’s environment. So an example analogy would be, you know, the forest and the trees. So forest akin to an enterprise or a corporation where we said defense in breadth would be a good approach, where we took two different products or offerings that we have percept XDR and SIM that gives you threat detection, threat visibility, remediation and response in real time, and percept compliance manager that focuses on vulnerability assessments and  configuration and,  governance and risk. So at an enterprise level, you are protected against attacks that happen in your environment. You are able to respond to these attacks, and you are able to then create compliance and detect all the vulnerabilities and mitigate those risks arising out of vulnerabilities there.

Kevin Rosenquist: Okay.

Anand Naik: While the defense was in depth, we focused on the trees within that forest, which is the devices and the users. And so we have percept EDR that focuses on protecting the endpoint and the devices, and percept identity governance administration IGA that focuses on protecting the identities and access,  for all the individuals within the organization. So as you move towards this new generation of,  what they call identity is a new,  perimeter, and identity is the new,  single biggest security threat,  because identities are compromised,  almost every day basis and almost everywhere.  so,  we believe that this defense in breadth, defense in depth, coupled with coexistence give customers that confidence of starting from wherever they want to start and build the stack, as they want to build it.

Kevin Rosenquist: Yeah.

Kevin Rosenquist: You mentioned percept.  EDR,  focusing on the individual devices.  it’s pretty cool even when they’re offline, the computers and the phones and that’s, that’s really cool. And it uses AI to catch threats like fileless malware,  and also keep systems updated with security patches. Fileless malware lives in the memory, and it’s harder to detect I. That’s terrifying. Are you seeing that becoming a larger issue recently?

Anand Naik: Quite a lot.

Kevin Rosenquist: Yeah.

Anand Naik: So most of the payloads are what they call,  when attackers come and attack you. Um, they use different mechanisms and different ways to attack. One of the ways to attack is exploiting vulnerabilities within your operating system or applications that are running or vulnerabilities in the browser that we use to browse the internet or intranet. So a lot of these fileless attacks happen where you do not have a payload that comes in in the form of a file, as the name would suggest, the payload or the attack comes as a as a process or a small bit of code,  some some hundred bytes or less than 100 bytes. And most of the cases that gets attached to a video streaming file that you are downloading, or the audio file that you want to,  extract on the internet or play on the internet. And those malware gets executed on in the memory as you, as you pointed out. So it is a process getting executed in the memory and then trying to manipulate all your behavior. It could be a simple crypto miner, it could be ransomware, or it could be just somebody trying to capture all your moments on the internet or all your digital footprint,  while you are surfing.

Anand Naik: Right. So my fileless malware is big, but EDR does a little more than that. What it does is it goes back to this philosophy that I was mentioning earlier of simplifying security. So what we do in EDR is with a single agent, we do six things. We discover vulnerabilities in real time. Of course it is an EDR with AI based Base protection, which is in real time. So as things get executed, you protect it. It is. It offers you application whitelisting. So you run only what you want to run. So you just whitelist the things that you know you want to run. And for large corporations,  you know, it’s a it you are reducing the attack surface by whitelisting what you want to run or what you allow your users to run. And then finally it has patching. So for the vulnerabilities that are discovered as and when an OEM or a Microsoft or anybody else releases patches, you want these patches to be applied as early as possible, causing minimum damage to your environment. So EDR does all of these within a single footprint of 70 MB sitting in your machine and or does it all in real time?

Kevin Rosenquist: That’s awesome. And then you also mentioned precept or sorry, precept IGA, which makes sure that people in a company only have access to the data they need. It uses AI to spot unusual activity, keep everyone’s access rights up to date, especially as roles change. I could see employees being hesitant about something like this, only because of fears of having to jump through hoops to access what they need. How does a product like IGA balance locking things down with making sure it’s still easy for employees to do their jobs?

Kevin Rosenquist: Yeah.

Anand Naik: So we believe, like I mentioned earlier, we believe in this philosophy of minimum disruption. So when it comes to employees now you look at employees today and most of the corporations there are three different types of employees. One is a full time regular employee. Then nowadays you have part time employees,  working with these organizations, and then you have vendor contract and contractors who work there. Now each of these different types of employees have access to most of the critical assets of organizations. For example, you have outsourced your IT work to some outsourcing provider, and suddenly you have code system access available to a vendor contractor, leading to a supply chain issue or a supply chain attack related challenges. So what IGA does is it takes this entire employee lifecycle of when a person joins, depending on the role and the responsibility. It creates an access control matrix on its own, and it discovers what are the applications that this particular set of employee or that particular department needs, and then creates the entire, you know, access for that employee in a seamless manner and then provides employee and a way to self-service So that it takes this fear away of whether somebody is manipulating, or so the employee gets a view of what they have access to and what they want access to. So it takes this entire thing away from all locked environment to the keys available with the employee, but they have to go and request using a self-service option. So when they request, they justify the reason why they need a particular access or whatever the things are. So instead of pushing it top down, you are now empowering the employees to do self-service,  in access management and at the same time keeping compliance and data, tamper data that you receive, tamper proof, make it tamper proof.

Kevin Rosenquist: That’s really cool. That’s really, really cool. Yeah. So I feel like every day I see new cyber threats, some new thing to be worried about. I, in the metaphorical Oracle sense. What keeps you up at night? I mean, I hope you sleep well. As a general rule. But in the metaphorical sense, like, what are you what what what, like is on your mind when it comes to cybersecurity being you’re so close to it.

Anand Naik: Yeah. So there are a lot of, you know, the constant fear in cybersecurity is you are chasing the bad guys always. And nowadays a lot of these bad guys are state sponsored actors. So the moment they become state sponsored actors, you are dealing with infinite resources on the bad guys side or the bad actors side. And therefore, you will see a lot of sophistication in the way they drive attacks. So you see very diverse attack vectors being combined in a single attack method. So for example, somebody can use a phishing email targeted to a supply chain company of a large provider. And through that phishing email, put in a keylogger or a crypto jacker or something, get into the target organization coming through a supply chain and then,  you know, deploy the payload in the form of a ransomware or in the form of some data theft or,  what have you. So, very high sophistication and therefore tracking this over a period of time and tracking this in real time is a big challenge. So there is a constant evolution that one needs to keep doing. The second piece, I feel,  you know, that we are always on the edge always is this AI being used by attackers?

Kevin Rosenquist: Um, and.

Anand Naik: And therefore I also to be used from a defense perspective. And, nowadays we all talk about generative AI and large language models. So how do you bring resilience? How do you bring optimal performance while using these tools on JNI and small language models.To make sure that you continue to provide very efficient protection.  for the customers.

Kevin Rosenquist: How confident are you that the good guys with the big AI and programing brains can keep the bad guys with the big AI and programing great brains at bay?

Anand Naik: I think,  you know, nation state actors on the bad side may have infinite resources, but they are more good company.  countries and more good nations,  who are willing to protect. So there are infinite resources available on the good side as well.  and, and the beauty is that there is a lot of innovation happening on the good side as well. So I’m pretty confident,  companies like us, lot of startups who are in this space,  try to reimagine, imagine, and redefine the space. So, for example, it was unimaginable to do threat protection or a virus protection without a signature. 20 years back, it was unimaginable to protect against a virus attack without heuristics ten years back or 12 years back. And today we are talking about real time protection. We just discussed fileless. We just discussed,  things like zero day. This happened in real time. And you are able to protect in real time, right? So there will always be, you know, threat actors trying to exploit more things. I think the weakest link in this entire,  equation is,  you know, stupidity that,  that individuals get into, right?

Kevin Rosenquist: I mean.

Anand Naik: You just don’t need to click everything that you see. And I think more awareness like that. And the more awareness you create around users, the more education that you do.and, and some very good programs that hear us government is doing. I just attended a seminar where the head of CIS, Jen, was talking about a four point program for all US citizens and very, very simple, easy to understand,  four steps that she said that if we as,  you know,  citizens here are able to,  follow it should give you a good protection against some of this stupidity and, and therefore lead to major attacks. Right. So I think they are,  the good will always prevail over whatever we see. And I am a firm believer in that.

Kevin Rosenquist: Some are worried about quantum computing, computing and the the incredible speed and power and how when if that gets in the wrong hands, how that could add this bigger layer to. Does that concern you or is it kind of the same thing? You still believe that the good guys will keep up? Be ahead.

Kevin Rosenquist: Oh.

Anand Naik: So quantum, um, will change the entire equation. As per what? What the industry talks about and whatever,  little that I understand around it.

Kevin Rosenquist: Whatever you understand, I understand less, believe me.

Anand Naik: Yeah, but quantum has the capability to change the way we look at computing and the power that computing can unleash. Again, the good thing about quantum is a lot of innovation is happening today.  keeping security in the center. So unlike the previous generations of computers,  that was created like cloud or before that, the data centers and everything else. Quantum keeps security at its core,  in lot of design aspects of it. And hopefully that should help us overcome some of the challenges that may come in in quantum. I think the current and present threat are more than quantum. Quantum is a near threat.  but the current and present threat is more about IoT devices. And,   you know, devices that are today in the,  in our pipelines or in our supply chain,  in water, water supply systems or electric grids.  you know, IoT is something that is a real threat today.  and quantum,  definitely is something that one needs to watch out for.

Kevin Rosenquist: Yeah. You’re right about the IoT that they, you know, we all think of a lot of people think of IoT as our personal homes and stuff like that, our fridges and things like that, you know? But yeah, those water supply, power supply grids, all that stuff, that is. That’s where the real dangers can be.

Anand Naik: Yes, yes. You know, a country can be just brought down on its knees,  critical infrastructure,  that,  that country has today. You look at financial systems, you look at oil supply, energy supply systems,  water supply and,  you know, every single critical system that you look at,  from a home perspective, traffic management, governments, all of this is digitized and all of it has IoT components sitting there. So, yes, IoT is something that,  that is here and now,  issue.

Kevin Rosenquist: Do you find that to be a bigger threat? Like, is that the biggest threat in your mind as far as, as far as the major ones evolving?

Anand Naik: The good thing with IoT is,  most of these are what we call air gapped networks. So most of these systems don’t connect to the internet. So it becomes difficult for people to get into,  those systems. Okay. And more often than not, these systems are not interconnected. So even if you go and create a damage in.

Kevin Rosenquist: One.

Anand Naik: Place, it is not necessary that it will go and create damage all across the environment though, it is changing big time. But the inherent architecture and the deployment,  kind of becomes a saving grace here.  When you look at IoT,  related threats.

Kevin Rosenquist: Okay.

Kevin Rosenquist: All right. Interesting. Interesting stuff. Well, Anand, thank you so much for being here. I really appreciate your time. And,  yeah, best of luck with secure tech. It’s amazing what you guys are doing.

Anand Naik: Thank you so much. And thank you for having me.