Identity is the new perimeter

As attackers evolve like swiftly agile startups, and AI enhances both the attack surface and our defence capabilities, Group CISO Dr. Yusuf Hashmi of the Jubilant Bhartia Group explains how the conglomerate embraced behavioural analytics, Zero Trust and machine-speed SOC responses to not just keep up, but stay ahead.

In the last 12-18 months, what major changes have you seen in attacker behaviours, and which parts of your security stack are least able to keep up?

In the last 12-18 months, we have seen a marked increase in multi-phase, identity-centric attacks, including MFA fatigue, token theft, and initial access brokerage via infostealers. Adversaries now operate like nimble start-ups—reusing infrastructure and iterating campaigns in real-time.

The part of our stack moved the least? Traditional SIEM and static detection definitions which simply unable to keep up with the evolving TTPs. We increasingly prefer behavioural analytics, identity protection platforms, and playbooks through automation for the agility to respond to and detect events.

How is your SOC preparing for the era where AI is used by both attackers and defenders?

AI has become a double-edged sword. Attackers are quickly leveraging LLMs for phishing at scale and using tools like WormGPT for evasion. On the defence side, we are doing the following to continue to enable our SOC to defend against similar threats:

• Adding AI detection capabilities and User and Entity Behaviour Analytics (UEBA) capabilities to search for anomalies at early stages.
• Training analysts to leverage AI-generated data, as opposed to manually correlating and analysing data.
• Adding Machine Learning (ML) capabilities to risk alerts, while suppressing noise.

Our priority is machine-speed response with human trust, especially for auto-containment and identity abuse.

What operational challenges have you encountered in implementing Zero Trust?

The biggest challenge in a large, distributed environment is identity segmentation and access governance at scale.

Zero Trust isn’t a switch—it’s a continuous policy enforcement model. Our struggles include:

• Legacy applications that don’t support modern auth.
• Users with overlapping roles and exceptions that break policy engines.
• Resistance from business units due to perceived friction.

We’re tackling it with identity risk scoring, Just-in-Time (JIT) access, and ZTA pilots per business unit—not a one-size-fits-all rollout.

What’s driving alert fatigue in your environment, and how are you managing it?

Alert fatigue stems more from overlapping tools and poor context sharing than volume alone.

We streamlined our toolset and now rely on:

• Cross-tool telemetry correlation via XDR.
• Alert scoring models that factor in context (user, asset criticality, threat intel).
• Feedback loops between the IR team and engineering to tune noise.

Success metric: Mean Time to Prioritise (MTTP)—we reduced it by 40% in the last two quarters.

How are you approaching identity-centric security in 2025?

In 2025, identity is the new perimeter, and behavior is the strongest defense. Behavioral analytics and Identity Threat Detection and Response (ITDR) are core to our roadmap.

We’re deploying tools that:

• Monitor lateral movement via anomalous session access
• Detect entitlement creep and service account abuse
• Integrate with IAM and EDR for identity-centric kill chains

This year, we plan to extend these controls into OT environments where identities are often overlooked.

If the board asked you today, “Are we breach-ready?”, what would your one concern be?

If the board asked that today, my biggest concern would be: “Our recovery speed and decision clarity post-breach.”

The breach-readiness question isn’t just technical — it’s cultural and procedural too.

While we’ve invested heavily in detection and containment, playbook realism, cross-functional crisis drills, and legal/regulatory alignment under pressure still need maturity. We’re working on tabletop exercises tied to specific business impacts, not just a generic ransomware response. The breach-readiness question isn’t just technical — it’s cultural and procedural too.

aanchalg@cybermedia.co.in