Trishneet Arora is a prominent ethical hacker and entrepreneur. Having dropped out of school, Trishneet mastered the skill of ethical hacking as a teenager, and even wrote a book on it titled, “The Hacking Era”. Soon after, he started working on cyber-crime cases for the Indian police, and he was approached by the Punjab police to conduct a training session with them on cyber-crime investigation and forensics.
That was around the same time he also decided to start his venture TAC Security Solutions, which protects corporations against network vulnerabilities and data theft, and cybersecurity training. His company hacks into the systems ethically, penetrating security systems to find out the software vulnerabilities so they can be patched. Today, the company serves numerous Fortune 500 companies and law enforcement agencies around the world, including Bharti Airtel, Reliance Industries, National Payments Corporation of India, HDFC and DHFL Pramerica, Punjab and Gujarat police force and the CBI.
Over the years, Trishneet has risen to become one of the most prominent ethical hackers and is carefully analysing the behaviour and tactics used by malicious hackers to target digital assets of thousands of companies around the world. The rising cyberattacks during the ongoing pandemic is an alarming sign for all digital companies. We connected with Trishneet to know more about the cybersecurity landscape, TAC Security, as well as how it uses data analytics capabilities to support its clients and law enforcement.
Here are the excerpts from the interaction:
What, according to you, are the biggest problems for Indian companies that put them at risk to cyber-attacks?
The convergence of digital technologies and business processes has made the IT infrastructure and systems vulnerable and enhanced the need for businesses to have robust cybersecurity systems in place. The poor visibility of network vulnerabilities has resulted in a growing number of high-profile application breaches. Many organisations do not have the resources and insights needed to identify, prioritise and mitigate the existing and upcoming threats. This has impacted their ability to combat cyber threats efficiently.
What role can AI/ML play in cybersecurity processes?
Artificial intelligence and machine learning have provided new capabilities to detect and resolve security incidents. AI provides insights that can help businesses identify a potential threat quickly and reduce response time. It can process a massive amount of data and use reasoning to determine suspicious addresses and files. AI can also help in securing user authentication and determine if a user is authorised to access a technology device.
Machine learning recognises patterns in data to help machines learn from experience. A key benefit of machine learning is that it detects and responds to an issue almost immediately. Thus, it prevents potential threats from disrupting business operations and makes it faster and easier to counter threats. With the help of machine learning, AI can learn patterns quickly and process huge volumes of unstructured information to provide insights with higher efficiency.
It is also essential to understand that the increasing use of artificial intelligence in cybersecurity also presents challenges for recruiting cybersecurity professionals. Professionals must realise existing technologies as well as newer technologies such as cloud storage. Also, the rapid evolution of the technological landscape can put additional strain on recruitment.
What are the solutions that your company, TAC Security, is using to help companies?
TAC Security follows a proactive approach that leverages security auditing, vulnerability assessment and penetration testing to identify vulnerabilities and information risks in corporate networks. The AI-based vulnerability management platform ESOF (Enterprise Security on One Framework) is a one-of-its-kind dashboard that uses AI-based algorithms to track vulnerabilities and provide real-time security insights and solutions. The platform is also built to serve as a knowledge-sharing resource for seamless exchange of best practices in enterprise security.
We want to ensure that businesses can venture forth into a digital tomorrow without having to constantly look over their shoulders for existing and emerging security challenges. Therefore, we are strengthening our product portfolio and have recently launched ESOF 2.0, a new and improved version of our vulnerability management and application security platform. We also plan to launch more innovative products, such as threat hunting, that cater to evolving market requirements.
How is TAC Security using data and analytics for your solutions? How is automation embedded in your products?
Our on-demand platform ESOF uses complex AI algorithms to calculate the score based on the type, severity, and a total number of vulnerabilities found. The platform enables on-demand testing with the help of data analysis to address changing assessment requirements, adapt to agile development cycles and respond to evolving threats. Users can schedule and reschedule tests according to their requirement. They can view and download test results and share them among team members and departments. They can also access test history and aggregate data for broader testing activity.
Since the data is collected from across the enterprise IT infrastructure, ESOF can also analyse the network security posture in greater depth and present actionable insights that can be seamlessly implemented with a few clicks. Such solutions can help security teams streamline their operations while ensuring more robust threat defence across the board.
Which industry verticals is TAC Security targeting in India and across the globe?
While cybersecurity is vital for all industries, there is a maximum scope of growth in sectors that have witnessed rapid transformation on the back of digital disruption. Fast-growing sectors such as BFSI, education and healthcare must have robust cybersecurity systems to secure their data and operations. Besides, there is a huge growth opportunity for cybersecurity players in IoT security and manufacturing. Service providers that offer digital services and solutions through connected devices are also looking to secure their API integrations and service delivery models.
We have served more than 500 clients across multiple industries. Currently, TAC Security offers its range of cybersecurity solutions to more than 150 domain-leading organisations. Our prominent clients include Bharti Airtel, Reliance Industries, National Payments Corporation of India, HDFC and DHFL Pramerica. We are also working with several national and international government agencies to secure their internal networks and assist in the creation of security-related policies.
What is your hiring and training strategy within TAC Security given there is a lack of enough cybersecurity talent in India?
There is a lack of skilled professionals in the cybersecurity domain. We prefer to hire fresh college graduates as part of our three-step approach to talent management: hire, train and retain. Young professionals are eager to augment their skill set and can, therefore, be trained to learn, unlearn and relearn. Over a period, these professionals imbibe necessary technical skills and gain domain expertise to deal with complex cybersecurity issues.
In addition, we also hire senior cybersecurity professionals on a need-to basis to complement the growing scale of operations. This approach helps to create a sustainable talent pipeline and enables our employees to achieve professional growth in the long term.
We also believe that leading players in the cybersecurity space need to collaborate and take steps to address skill-related challenges. There is a need to create an industry-wide platform to attract and train professionals and help them acquire the necessary skills required in this domain. This can help to ease the shortage of skilled professionals in the industry.
What is the roadmap of TAC Security for the rest of 2020?
We look to consolidate our presence in the cybersecurity domain and build on the success of our sophisticated products and services. The push towards sustainable scale guides our expansion plan and we look to consolidate our presence in key markets such as the US and India. In the coming years, we will also make a dedicated push to gain a firm stronghold in high-growth international markets. We plan to become the preferred cybersecurity partner for more businesses at a global level.
Finally, how can organisations deal with the security challenges in work from home scenario? Are most companies ready to provide safe work from the home setup?
The COVID-19 crisis has compelled all organisations to work remotely in work from home setup, where employees may not operate in a secure network environment. As employees may use insecure connections, the threat of a cyberattack and loss of sensitive data and information looms large.
Hackers and cybercriminals can play with psychological fears due to the coronavirus to invade protected data and systems. Due to imminent threats of a security breach in work from home setup, companies must be extra careful and prepared for malicious attempts. Here are some ways that can help companies deal with security challenges in a remote work setting.
Companies must have a cybersecurity policy that includes remote networking with regular reviews. Security policies must be adequate for multiple workers working remotely and must include the use of personal devices. Companies must also adjust their security tools for a remote work setting.
In case of a security incident, companies must have a clear action plan in place to detect a threat and minimise its impact. Companies must also adopt a suitable backup strategy to secure important data. At the same time, companies must ensure that employees are trained to adhere to security protocols while working remotely.
They must lay clear guidelines and procedures for employees to follow in a remote work setting. Employees must ensure that their home Wi-Fi connection is secure and antivirus software is updated. Personal laptops and devices must have the same security levels and standards as company-owned devices.