VentureBeat Q&A: How Airgap CEO Ritesh Agrawal created an progressive cybersecurity startup

VentureBeat sat down (nearly) final week with Ritesh Agrawal, CEO and cofounder of Airgap Networks, to achieve insights into how he and his crew are creating one of the vital progressive startups within the cybersecurity trade.

Agrawal leads a crew of specialists who’ve constructed profitable infrastructure merchandise for the provider, industrial and enterprise sectors. He has over 20 years of expertise in networking, safety and cloud options. Underneath Agrawal’s management Airgap Networks has achieved a number of milestones, together with successful three prestigious World InfoSec Awards on the RSA Convention in 2023.

The next is an edited excerpt from VentureBeat’s interview with Ritesh Agrawal: 

VentureBeat: Are you able to inform us about your background and the way you bought concerned within the cybersecurity trade?  

Ritesh Agrawal: I’ve a background main the Juniper Community Safety enterprise, the place I primarily centered on Telcos and enormous enterprises. I acknowledged the trade was shedding the cybersecurity battle, with safety infrastructure spend rising every year, but breaches and damages persevering with to rise. Realizing the necessity for a extra sustainable resolution, I noticed a possibility to use VC-led innovation to the trade.

And that all the time begins with a transformational structure, not only a new function set. We noticed the effectiveness of the cell/telco structure in stopping malware from spreading chilly even when a tool is contaminated and at a fraction of the price of enterprise choices. The title “Airgap” comes from our ambition to supply this similar stage of excellent isolation, safety and cost-effectiveness for all enterprises throughout IT and OT.

VB: As CEO of Airgap, what insights have you ever realized in regards to the cybersecurity trade? 

Agrawal: First, the risk panorama is extremely dynamic, so solely the nimblest organizations will adapt and thrive. For this reason you see so many profitable startups in cybersecurity — it’s exhausting for bigger organizations to innovate as quick as attackers can, and clients can’t afford to fall behind.

For instance, Airgap has six important patents with extra [pending] approval, and we simply gained three main innovation awards at RSAC, as our clients depend on us to maintain them forward of adjustments within the risk panorama.

Second, to intention excessive. It is a busy house with lots of competing options, so incremental innovation and have sharpening aren’t going to displace any incumbents. I’ve all the time believed that as a startup it’s best to ship a completely new structure, not only a product, otherwise you shouldn’t launch.

Lastly, to attempt to internalize that each community safety crew is admittedly stretched on time and funds proper now. They want fast, simple wins that don’t require new abilities. Simplification and speedy time-to-value is a enterprise gamechanger. Don’t automate complicated safety processes — remove them with a greater structure. At Airgap, for instance, we didn’t merely make conventional community segmentation plumbing “simpler,” it’s simply gone.

VB: How do you see the risk panorama evolving over the subsequent a number of years?

Agrawal: Assaults are about to change into much more refined. For instance, social engineering assaults utilizing a mix of AI and the wealth of on-line details about us and our employers will punish networks that lack robust authentication and id controls.

State actors and crime-as-a-service are probably going to play a bigger position, and meaning extra assaults that aren’t about ransomware however as an alternative trigger important injury to core networks and property.

It’s half of a bigger development that I consider alerts the top of perimeter-based safety pondering, and in some ways the top of the getting older core community structure itself. And why clients corresponding to Flex, Tillys and Kingston Applied sciences are actively adopting Airgap as their defensible structure for business-critical infrastructure.

VB: What ought to cybersecurity leaders do to get forward of this curve?  

Agrawal: First, acknowledge the necessity to prioritize defending business-critical networks, property and identities with a defensible community structure. Everybody has their very own distinctive “crown jewels.” They drive the enterprise and operational processes that should keep secured, even when breaches are occurring elsewhere within the community. And that’s Airgap.

Perimeter-based firewall structure isn’t sufficient, and I’m pleased to debate any firewall vendor on this. Everyone seems to be spending extra and getting breached extra; that’s not what successful seems to be like.

Second, aggressively drive belief and assault floor out of your community. Set up zero-trust segmentation between your business-critical infrastructure and your commonplace company IT community, in addition to for all units inside shared networks, to verify threats can’t unfold. And shut the hole between id and endpoint safety with a devoted safe entry resolution, as conventional VPN options don’t remove the legacy trusted connections that attackers know how you can breach.

And you may’t safe what you don’t find out about or can’t discover, so leverage network-centric asset discovery and intelligence like Airgap that’s designed for low latency and no community congestion.

And third, prioritize cybersecurity options that don’t require coronary heart surgical procedure to your operating community. Apply this litmus check to each safety resolution vendor: Inform me what adjustments to my community, tech stack or infrastructure do I’ve to make? How a lot coaching do I would like? How lengthy will it take? Airgap deploys in hours, which is nice for time-to-value, however extra importantly it does this as a result of the contact to the operating community is so mild. Any resolution that forces gear upgrades, community readdressing, ACL/NAC adjustments or community downtime longer than a couple of microseconds ought to severely be prevented.

VB: Why are OT networks a selected focus for attackers, and what particular precautions ought to OT community house owners take?

Agrawal: OT networks weren’t initially designed for safety, however as an alternative for velocity and scale. OT networks have lengthy life cycles, are patched occasionally, and are considerably accessed by suppliers and distant assist technicians. They usually have manner too many units sharing the identical community phase. They’re stuffed with outdated Home windows servers and headless units, so all of the agent-based options designed for company IT networks simply plain don’t work. It’s like a safety Swiss cheese however for a lot of OT networks it may be extra holes than cheese.

The very very first thing I like to recommend for OT community house owners is to create a devoted layer of visibility and management (we name it an Airgap) between your company IT community and your core/OT community. The Airgap Zero Belief Firewall, or ZTFW, prevents any threats from spreading from IT down into the core community, and vice versa, in order that security of operations might be maintained even when larger community layers are compromised.

Airgap ZTFW depends on three important capabilities to securing this devoted layer. The primary is agentless segmentation, as a result of outdated Home windows servers and headless machines are frequent. The second is safe entry with full MFA (multifactor authentication) in your distant engineers and technicians, as a result of VPNs belief manner an excessive amount of. And the third is network-based asset intelligence with correct, real-time stock, as a result of OT networks are very dynamic.

VB: As soon as an enterprise absolutely segments and secures entry to its community, how does asset intelligence assist maintain it secure?

Agrawal: Staying safe and in compliance on Day 2 and past is a significant downside going through the trade. Earlier than Airgap started delivering same-day segmentation, enterprises would put in six months or extra of exhausting work to stock and phase their community, solely to observe it begin to unravel once more the very subsequent day.

First, contemplate that actual networks are extremely dynamic. Whether or not the adjustments are from acquisitions, new campuses, refreshes or simply cell gear shifting between flooring, most enterprises haven’t any clear concept what they’ve or the place it’s. All the things begins with real-time accuracy, and meaning the community. 

Prioritize options that leverage community context and community habits evaluation whereas guaranteeing low latency and no community congestion, which have been key design objectives for Airgap with our ZTFW. Insist on having techniques that may present full visibility of each site visitors circulation, together with lateral flows. Don’t accept techniques which have in depth packet inspection and polling, as they will simply congest overloaded networks.

VB: Airgap simply introduced ThreatGPT, a ChatGPT integration with the Airgap Zero Belief Firewall. What does this do for purchasers, and the place do you assume AI-assisted cybersecurity goes?

Agrawal: We’re tremendous enthusiastic about ThreatGPT. As a result of we set up full microsegmentation, we now have a wealth of details about the community, property and site visitors historical past accessible. As a result of ThreatGPT is absolutely built-in into the core of the ZTFW structure, you should use all accessible information to coach the fashions, and I consider we’re first to market with this.

ThreatGPT, based mostly on the GPT-3.5 structure, provides clients the data-mining intelligence of AI coupled with a straightforward, pure language interface. It’s fairly jaw-dropping; it would ferret out dangers anyplace in your community by simply typing in easy questions.

For the longer term, I see AI extra as driving human productiveness and never as an alternative to human intelligence. I’m happy Airgap is main the market right here — it’s a game-changer by way of danger administration.