“We are try­ing to be the sin­gle pane of glass for large en­ter­prises”

Srini­vas Rao, Co-Founder and CEO of Au­jas Net­works traces its ori­gin and elab­o­rates on its so­lu­tion port­fo­lio

PCQuest - - CONTENTS - Jy­oti Bha­gat jy­otib@cy­ber­me­dia.co.in

What has been the ori­gin of Au­jas and how has it evolved over the years?

We started in 2008 and have com­pleted 10 years. Pri­mar­ily when we set up the busi­ness, we felt that this space of cy­ber se­cu­rity is un­der­served. There were not too many peo­ple who were fo­cused on this. In fact, it still is. There are ob­vi­ously a lot of large prod­uct com­pa­nies; how­ever the ser­vices were kind of ne­glected. We felt there was a mar­ket op­por­tu­nity for us to lever­age. Cy­ber se­cu­rity was go­ing to be more and more crit­i­cal and would be­come a kind of de facto re­quire­ment.

If you an­a­lyze that within cy­ber se­cu­rity, there are some com­pa­nies who are playing out on the perime­ter level and some with iden­tity

man­age­ment. What ini­tially was the fo­cus of Au­jas?

When we set out, we said we want to help peo­ple pro­tect iden­ti­ties, ap­pli­ca­tions and data. That was our premise and es­sen­tially the in­tent was to en­sure we help or­ga­ni­za­tions to man­age and mit­i­gate IT risks. We started off fo­cused on Pro­fes­sional Ser­vices. Our foun­da­tional ser­vice in­cludes risk and com­pli­ance, iden­tity & ac­cess man­age­ment and threat man­age­ment ser­vices. Th­ese are the three pri­mary fo­cus ar­eas of Au­jas. We have also added some new ca­pa­bil­i­ties; we in­tro­duced se­cu­rity in­tel­li­gence and op­er­a­tions, in the last 12 months, we have added se­cu­rity en­gi­neer­ing ser­vices and dig­i­tal se­cu­rity.

Typ­i­cally each of our ser­vice lines would have con­sul­tancy, de­ploy­ment, sus­te­nance and op­ti­miza­tion piece. We have strat­egy and de­sign which typ­i­cally con­sul­ta­tive, and then we have im­ple­men­ta­tion/de­ploy­ment, which is to roll­out pro­gram and third part is sus­te­nance. For ex­am­ple, if you are un­der­tak­ing a data pro­tec­tion pro­gram, we would first un­der­take a con­sul­ta­tive exercise in terms of Iden­ti­fi­ca­tion of data, data flow anal­y­sis, data clas­si­fi­ca­tion rules. Af­ter which we de­ploy the DLP tool which could be a com­mer­cially off the shelf tool. Then there is the op­ti­miza­tion, which is how you make the data pro­tec­tion pro­gram truly ef­fec­tive and de­liver out­comes.

More re­cently in the last 12 months, we added two new ser­vices one of which is Dig­i­tal Se­cu­rity and the other is Se­cu­rity En­gi­neer­ing. API econ­omy is one such area in which dig­i­tal se­cu­rity is cru­cial. For ex­am­ple, if you are a travel por­tal you need to in­te­grate with banks, pay­ment gate­ways and so on. The en­tire in­for­ma­tion ex­change is done through the API. Since se­cur­ing those API have be­come a big is­sue, we built a solid prac­tice to­day around API se­cu­rity. Sec­ondly, we are also do­ing a few pi­lots around Se­cu­rity on Pri­vate Block chain for Banks in ar­eas like re­mit­tances.

And across your ser­vices, do you work with all ven­dors?

We tend to be ven­dor neu­tral; we are not bi­ased to any par­tic­u­lar ven­dor. How­ever, hav­ing said that, there are some part­ners who we work with a lit­tle bit more. For ex­am­ple, in the risk ad­vi­sory space, we tend to do a lot of work with Archer from RSA. In the Iden­tity and Ac­cess space we have done a lot of work with IBM, CA and with Sail­point. Sim­i­larly, in the se­cu­rity in­tel­li­gence and op­er­a­tions space, we’ve worked with IBM and RSA.

What kind of use cases, or de­ploy­ments in se­cu­rity do you do?

What we are do­ing is, just like in the app world. When you say App world, if you take your hand held de­vice, ev­ery­thing is emerg­ing in the form of apps. Sim­i­lar shifts are tak­ing place in se­cu­rity space. If you look at the large ven­dors, whether it is an IBM, or whether it is Splunk, etc, they are try­ing to be­come a sin­gle source of truth. So for ex­am­ple if you take IBM, they have this plat­form known as QRadar. One of the things they are try­ing to do is en­sure this be­come the sin­gle pane of glass for large en­ter­prises which mul­ti­ple point tools within the en­ter­prise. For ex­am­ple, if you have an end point de­tec­tion & re­sponse tool, data leak pre­ven­tion tool, or if you have a threat-hunt­ing plat­form, how do you in­te­grate what this tool does into the pri­mary plat­form which is the SIEM / SA Plat­form. We are ac­tu­ally in do­ing lot of se­cu­rity en­gi­neer­ing work with prod­uct ven­dors in­te­grat­ing their plat­forms with the larger, SIEM / Se­cu­rity An­a­lyt­ics Plat­form like Splunk and QRadar.

We have done about a dozen de­ploy­ments here with or­ga­ni­za­tions who have built DLP ( Data Loss Pro­tec­tion ) tools, threat-hunt­ing plat­forms tak­ing those plat­forms and in­te­grat­ing with SIEM / SA Plat­form like IBM QRadar and Splunk. Th­ese are large prod­uct ven­dors, so we are do­ing the equiv­a­lent of OPD work, but purely fo­cused on se­cu­rity.

SRINI­VAS RAO, Co-Founder & CEO, Au­jas Net­works

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.