CISOs today are drowning in alerts from an average of 76 different security tools, each generating its own dashboards, false positives, and escalation procedures. Breaches succeed simply because the actual attack was buried under thousands of false positives that desensitised the team. In an exclusive conversation, Govind Rammurthy, CEO & Managing Director, eScan, tells Rajneesh De, Group Editor, CXO Media & APAC Media that CISOs start by assuming you are already breached and work backwards from your most critical assets.
What are the verticals where eScan is witnessing maximum traction, and what are the prevalent use cases? How many customers are there for managed security services and from which verticals?
Government, defence and banking lead our deployments – sectors where a single breach triggers regulatory penalties or compromises national security. Since India’s DPDP Act took effect and the wave of extortion attacks hit enterprises, our Enterprise DLP solution has seen explosive demand.
The problem is simple: users share everything with ChatGPT, Claude, and other AI interfaces without understanding the repercussions. We have seen source code, customer databases, M&A strategies, and confidential research all pasted into chat windows. Enterprises finally realise they need intelligent guardrails, not blanket bans that employees will circumvent.
We serve over 220,000 corporate clients globally, with managed security strongest in BFSI (40%), government (30%), and manufacturing (20%). 2026 will be the year of DLP deployments – everyone’s asking, “how do we let employees use AI productivity tools without accidentally leaking our intellectual property?”
With work from anywhere now prevalent in the industry, how has this impacted network security measures and infrastructure management, particularly remote access and what role eScan is playing here?
Home networks have become the enterprise perimeter – and 30-40% of home routers globally still use default credentials.
During Operation Sindoor in May 2025, attacks tracked led to specifically targeting remote workers’ home infrastructure, turning compromised routers into attack platforms. Our DLP now monitors clipboard transfers across platforms like WhatsApp and collaboration tools, blocking data leakage before VPN connections even establish.
The challenge is not purely technical – it is organisational. CISOs must now enforce security policies in employees’ living rooms without making security so intrusive that users find workarounds. We have added features like bidirectional clipboard control and application-level monitoring because traditional perimeter security simply doesn’t work when the perimeter is someone’s kitchen table. Nobody’s going back to the office full-time, so security must follow them home intelligently.
How does eScan today differentiate itself in the highly competitive cybersecurity solution provider landscape?
We are profitable, debt-free, and over 25 years old – which means we will answer the phone when ransomware hits at 2 AM on a Sunday. While competitors chase funding rounds and pivot based on investor preferences, we have focused on solving actual customer problems: clipboard control for ChatGPT data leakage, barcode detection in DLP to prevent document photography through smartphones, and bidirectional WhatsApp monitoring for both personal and business accounts.
Our 300+ R&D team builds features customers request, not features that look impressive in pitch decks. We also price for Indian enterprises realistically – world-class protection without Silicon Valley assumptions about IT budgets. When AIIMS got hit twice in seven months, they needed solutions that work within actual government procurement cycles and budget constraints. Plus, we are not telling customers to rip-and-replace their entire infrastructure – we integrate with what they already have.
What are the challenges CISOs are facing today in terms of information overload as well as siloed and distributed data?
CISOs are drowning in alerts from an average of 76 different security tools, each generating its own dashboards, false positives, and escalation procedures.
One CISO told us his SOC team spends 50% of their time investigating alerts, with only a small fraction being genuine threats. It is like trying to spot a real fire alarm when 75 other alarms are ringing randomly throughout the building.
The problem compounds with multi-cloud sprawl – IBM data shows 34% of Indian breaches involve public cloud data, but security teams lack unified visibility across AWS, Azure, Google Cloud, and on-premises systems. Each environment has different logging formats, alert thresholds, and management consoles. Alert fatigue is not just an efficiency problem; it is genuinely dangerous. When analysts are overwhelmed, critical warnings get missed in the noise. We have seen breaches succeed simply because the actual attack was buried under thousands of false positives that desensitised the team.
What are the key pillars on which eScan GTM strategy rests in India? What are some of the key initiatives under this strategy?
Direct government engagement, deep channel partnerships, and solving India-specific problems that global vendors ignore. We work closely with CERT-In, defence procurement teams, and state cybersecurity cells – which means understanding tender cycles measured in years, not quarters, and compliance requirements that change with every new regulation.
Our channel strategy emphasises serious training – VARs need to understand not just product features but compliance nuances for GDPR, DPDP, sector-specific RBI and IRDAI regulations. Recent initiatives include localised DLP policies specifically for Indian data protection laws, pricing models that acknowledge rupee economics and Indian IT budget realities, and expanded presence in tier-2 cities where enterprises are growing but lack access to sophisticated security expertise.
We are also aggressively expanding our MSP program because mid-market enterprises increasingly want “security as a service” rather than products they must staff, maintain, and update themselves.
What is the overall channel structure that eScan currently follows in India? How are these differentiated between distributors, MSPs, ISVs and SIs?
Cybersecurity has become genuinely complex – not just the technology, but the compliance landscape. Between DPDP, sector-specific RBI and IRDAI requirements, and evolving CERT-In guidelines, even mapping baseline compliance needs to product features is challenging. Training internal teams is hard enough; keeping channel partners current on regulatory changes, technical capabilities, and compliance mapping is, honestly, difficult. Good cybersecurity professionals are scarce and expensive, so we have structured (and trained) our channel to provide meaningful first-level support rather than just order-taking.
For SMB solutions, we work with regional and zonal distributors who handle straightforward deployments – endpoint protection, basic DLP, standard configurations. These are productized offerings where the implementation path is well-defined.
For enterprise solutions, we partner with Systems Integrators and Value-Added Distributors who can architect complex environments, customise policies for specific compliance requirements, and provide the technical depth large deployments demand. MSPs fit into our ecosystem primarily for standardised, repeatable solutions where operational management matters more than custom architecture.
ISV partnerships are selective – we integrate with complementary technologies like SIEM platforms and collaboration tools rather than trying to be everything to everyone. The structure reflects reality: different customer segments need different levels of expertise, and we’d rather partner with specialists than pretend a single channel model works for both a 50-person company and a 10,000-employee enterprise.
What are the best practices that you recommend for CISOs for focusing on proactive defence instead of being in a perpetual firefighting mode?
Start by assuming you are already breached and work backwards from your most critical assets.
Map your actual attack paths – how would someone reach your customer database, IP repository, or financial systems? Then block those specific routes rather than trying to defend everything equally with the same intensity.
Automate ruthlessly: patching, log correlation, basic alert triage. Your skilled analysts shouldn’t spend half their time investigating false positives or applying routine patches. Consolidate tools aggressively – if two products provide 80% overlapping functionality, pick one and get rid of the other. The complexity itself becomes a vulnerability. Run tabletop exercises quarterly, so when ransomware actually hits, your team is not reading the incident response (IR) plan for the first time while attackers are encrypting files.
Measure what matters: detection time and containment speed, not just prevention statistics.
What are going to be eScan key focus areas in the next 12-18 months?
AI-powered threat detection that actually reduces alert noise rather than generating more of it—using AI to intelligently filter and correlate, not just create additional dashboards.
Expanded DLP coverage for collaboration platforms beyond ChatGPT and Claude; every new AI tool and productivity platform creates new data leakage paths that employees will find. Deeper integration with SIEM and XDR platforms because customers are consolidating their security stacks and need everything to communicate properly.
We are investing heavily in supply chain risk assessment capabilities – after the M&S/TCS breach demonstrated how third-party vendors become attack vectors, enterprises need continuous visibility into vendor security postures, not just annual questionnaires.
Finally, simplified deployment for mid-market customers who want enterprise-grade protection without enterprise-sized IT teams or six-month implementation projects. Security solutions can’t require a PhD to deploy anymore; threats aren’t waiting for organisations to hire specialists or complete lengthy RFP processes.
