Author: Nikhil

Technology is a funny thing. It can create and destroy. The starkest example of this duality is nuclear technology. It was used to annihilate more than 200,000 people in Hiroshima and Nagasaki. Nuclear weapons continue to pose a grave threat to mankind. The same technology is also used to generate electricity. A similar situation exists in the cybersecurity sector, where a lot of technology is used to secure systems and compromise them. The first (and the most obvious) candidate is Artificial Intelligence/ Machine Learning (AI/ML), including Agentic AI, which we have discussed here. Let us look at some other dual-use…

Privileged Access is a double-edged sword. In the right hands, they are useful for modern enterprises to stay functional; they can also be used to bring the company operations to a grinding halt in the wrong hands. Securing access to such accounts is a critical process. The market continues to grow, driven by factors like rising breaches through privileged credentials, expansion of cloud and SaaS workloads requiring new privilege models, regulatory pressure, and a surge in identity/security budgets. Let us look at the likely market trends in 2026. AI/ML incorporation: This one is really a no-brainer, considering the technology being…

The world runs on the cloud. One outage can create a lot of havoc. However, an outage is not the only situation likely caused by humans. The second, and worse situation, is problems arising out of misconfiguration. Why do the issues with configuration arise in the first place? The biggest reason is that the network environment is getting increasingly complex. The increasing number of interconnected systems means increased use of APIs, which are not always properly documented. This lack of visibility leaves the door wide open for the bad actors to barge in. OAuth tokens are another precious resource, as…

I have a theory about the widespread adoption of the agile methodology. It allows companies to release unfinished products to achieve a quicker launch timeline. The beta testing/QC part is left to the customers. The product is “finished” later through multiple patches. This trend makes the situation more dangerous. Software without bugs and vulnerabilities is a dream. We add insufficient testing out of the necessity to release the software early, and the situation becomes grave about zero-day vulnerabilities. There is no need to underline how bad zero-day vulnerabilities are. A stark example of such vulnerabilities is the log4shell vulnerability within…

Security teams across the world are battling severe crises, including personnel shortage and burnout. In addition, the attack surface gets bigger and more complex as new technologies like Artificial Intelligence (AI) and adoption of Software-as-a-Service (SaaS) increases. Wouldn’t it be great if the process, or parts of it, could be automated to give some relief to the analysts? Agentic AI allows you to do just that, i.e. autonomous cyber defense. Agentic AI cybersecurity can function autonomously, reducing the load on the SOC personnel. It can take care of one of the biggest headaches: alerts. Agentic AI allows automation of the…

Despite everyone’s best efforts, DDoS attacks continue to be a nuisance. The emergence of new technologies like AI has allowed bad actors to add teeth to the attacks. Having a DDoS mitigation tool as a part of the security stack is a necessity, not an option. But buying the right product is also a critical process. The product should provide reasonable, if not great, ROI. Matrices comparing various products based on several factors, like customer impact, are a great help in choosing a product that meets your specific requirements. A year-on-year comparison of two matrices helps you refine your search.…

2025 continues with (another) big data breach. This time, it is a lot of big companies, including Google and Cloudflare. Of course, we are talking about supply chain risks following the (continuing) fallout from the Salesloft breach. The attacker uses a third-party tool to get past security. While we have seen a lot of supply chain attacks since 2020. Including spectacular ones like the 2020 one, where the attackers were able to break into various US government departments, including the Treasury Department. While SaaS adoption has a lot of plus points, it also contains vulnerabilities that can be exploited by…

Have you seen the Apple TV+ series “Prime Target?” The series’ premise is that prime numbers apparently have patterns that can be manipulated to defeat every type of encryption. While the series is pure fiction, the part about encryption can become a scary reality owing to a computer that is yet to fully exist. Quantum Computing is a still-emerging technology that has a lot of potential. Unlike traditional computers. It operates on quantum physics laws, which allow it to supersede traditional computers, at a fraction of the time when compared with a traditional computer. While the technology is far from…

Ransomware is a word that brings nothing but dread to anyone’s mind. Imagine logging in to your office or home computer and seeing your valuable data encrypted with a demand to pay up or see the data being nuked in real time. Over the years, the premise has remained the same, but the wonders of technology have transformed it into a different kind of beast. Just like SaaS (Software as a Service), we now have RaaS. It is as deadly as the similarly pronounced Liam Neeson character from Batman Begins. The full form is Ransomware as a Service. The threat…

We have been consistently told for quite some time that AI is going to revolutionize cybersecurity. It has already caused disruptions by automating repetitive, high-volume tasks like log analysis and anomaly detection. But a lot of other tasks, like monitoring and threat hunting, baselining user behavior, and threat response, need a human in the loop. What we can definitely say about the present state of AI-backed security is that it most certainly hasn’t completely freed analysts from the burden of false positives or has detected and stopped that many breaches in real time. What it has done is augment the…