In this exclusive conversation, Vaibhav Dutta, Vice President and Global Head of Cybersecurity Products and Services at Tata Communications, shares with Anannya Saraswat, Reporter (Public Sector & Leadership) at CXO Media, how the company is responding to today’s fast-evolving cyber threat landscape.
He discusses Tata Communications’ end-to-end cybersecurity portfolio, the growing impact of AI-driven attacks, and how GenAI-powered SOCs, zero trust, and managed security services are helping enterprises protect trust, stay compliant, and remain operational in an increasingly borderless digital world.
What are the key cybersecurity products and services in Tata Communications’ current portfolio and the problems each is designed to solve?
Tata Communications’ cybersecurity portfolio spans Strategy & Architecture, Security Transformation & Integration, and Managed Security Services across six core domains—Network & Edge Security, Cloud & Infrastructure Security, Identity Security, Data Security, OT Security, and Risk & Compliance— providing protection across IT, OT, and hybrid environments. Grounded in proprietary IP, strong technology partnerships, and over a decade of experience with enterprises worldwide, Tata Communications’ Anticipate–Defend–Respond (ADR) methodology enables proactive cyber protection while ensuring business continuity in the event of an attack.
Our Managed Detection & Response (MDR) service provides 24/7 monitoring, AI-assisted threat detection, proactive threat hunting, and rapid response, powered by an advanced SIEM (Security Information and Event Management) with 2,000+ use cases and threat intelligence from 65+ global feeds, significantly improving visibility and response times against sophisticated multi-vector attacks.
Security is further embedded into our global digital fabric, where network, cloud, and security converge. Together through our globally distributed SASE (SDWAN+SSE) & further enhanced Edge Distribution Platform (EDP) architecture, we deliver Zero Trust Network Access (ZTNA), secure web and cloud application protection, DDoS mitigation, endpoint protection, and identity-aware controls—securing users, workloads, and data closer to where they operate.
Complementing this, our Risk & Compliance and Cyber Resilience services help enterprises align with regulations such as India’s DPDP (Digital Personal Data Protection) Act and global data sovereignty requirements while strengthening preparedness, response, and recovery—this is supported by localized CSOCs (Cyber Security Operations Centres) and the TCx platform providing unified, real-time visibility across the enterprise ecosystem.
What are the biggest cybersecurity challenges your enterprise customers face currently, and how do you address them?
Three primary challenges that confront enterprise customers today are escalating AI-enhanced threats, the complexity of hybrid/multi-cloud environments, and the increasing pressure of compliance with legal & regulatory standards.
AI is now a significant factor in both offensive and defensive strategies. Deepfakes, Agentic AI, and advanced social engineering are contributing to the trust crisis, with attackers impersonating executives and performing mass amounts of credential harvesting automatically via bots. Our GenAI-powered SOCs provide a solution to this problem by triaging alerts in an automated manner, correlating signals across the customer’s cloud/network infrastructure, and providing recommendations for responsive action.
The next challenge is security management across distributed and perimeter-less architectures. Businesses face visibility issues when it comes to API security. According to one report, 99% of Businesses encountered some form of an API security breach. Tata Communications’ MDR platform provides XDR capability that is aligned with the MITRE ATT&CK Model, over 950 pre-built connectors to facilitate the integration of 3rd party security tools/technologies, and complete API security governance via continuous discovery & authentication hardening.
Compliance complexity and regulatory requirements (The EU Data Act and India’s DPDP Act) require enterprise businesses to balance data sovereignty, resiliency, and business continuity with the need to foster innovative solutions. Our localised CSOCs and compliance-aligned managed service offerings help trade organizations achieve this balance.
What is the current split between Indian and global clients for your cybersecurity business, and how do the needs of these two groups differ?
The fundamental difference lies in maturity, scale, and regulatory context. Global enterprises, particularly in North America and Europe, typically have mature security programs with established SOC operations, advanced threat hunting capabilities, and board-level cyber risk governance. These organizations prioritize vendor consolidation, AI-driven automation, and integrated SASE architectures that unify security and network functions.
Indian enterprises, especially mid-tier companies outside the top 10 metros, face a different reality. They’re experiencing rapid digital transformation while contending with increasing attack volumes. In Q2 of 2025, India ranked among the top 5 most targeted locations for DDoS attacks. These organizations require localized, compliance-aligned strategies that address DPDP Act requirements and can scale with business growth. Many are still transitioning from perimeter-based security to Zero Trust models and need managed services that bridge expertise gaps.
Both groups, however, are converging on common priorities: API security, identity-centric controls, and AI-native detection capabilities that address the velocity and sophistication of modern threats.
Which major industry sectors do Tata Communications’ cybersecurity offerings cater to today, and how do these sectors contribute proportionately to your overall cybersecurity business?
Our cybersecurity solutions serve enterprises across diverse sectors, each facing distinct security challenges that require tailored approaches. Financial services is a critical vertical, a focus area recently recognized through our India Technology Excellence Award for Cybersecurity in this sector. The zero-tolerance for downtime, where outages can have severe business consequences, makes robust DDoS protection and rapid incident response essential.
Manufacturing and industrial operations increasingly require OT security as cyber-physical systems become attack targets. Our comprehensive OT security offering provides deep operational technology insights, real-time threat detection, and 24×7 monitoring, delivering unmatched visibility and control across industrial environments. These organizations need security solutions that understand industrial protocols and operational workflows without disrupting production.
Telecommunications, retail, and e-commerce organizations demand integrated SASE and SSE solutions that secure distributed workforces while maintaining seamless user experiences. These sectors face heightened bot-driven threats—requiring intelligent threat detection that distinguishes malicious traffic from legitimate users. While specific revenue proportions remain confidential, our diverse sector coverage ensures resilience and positions us to address industry-specific threat landscapes with specialized expertise.
How are AI and automation changing cybersecurity operations at Tata Communications?
AI and automation have fundamentally transformed our cybersecurity operations from reactive defense to proactive threat anticipation. Modern threats demand modern solutions, and we’ve embedded intelligence across every layer of our security fabric. Intelligent automation drives operational efficiency at unprecedented scale.
AI-driven threat intelligence combines automated analysis with human expertise. We integrate feeds from 65+ sources and leverage AI-based pattern matching to correlate complex signals and deliver actionable insights. Our advanced SIEM platform, powered by 2,000+ use cases, uses behavior and anomaly analysis with auto-enrichment to proactively detect and mitigate advanced DDoS and zero-day attacks by identifying subtle indicators of compromise before they escalate.
Continuous adaptation ensures our AI models evolve with the threat landscape. As DDoS attacks have transcended into highly sophisticated, AI-powered threats targeting critical digital infrastructure, our defenses learn and adapt. We leverage AI to perform profile-based testing that examines potential vulnerabilities within API ecosystems, creating detailed behavioral profiles and reinforcing security where it’s needed most.
What role does zero trust play in your current security architecture?
Zero trust represents a fundamental shift in how we approach security—moving from “trust but verify” to “never trust, always verify”. This isn’t just a technology decision; it’s a strategic imperative that addresses the dissolved network perimeter reality enterprises face today.
Zero trust forms the foundation of our SASE architecture, which converges networking and security with continuous posture assessment, threat inspection, and access enforcement. Whether it’s a remote employee accessing SaaS applications over public Wi-Fi or a user from a branch office accessing sensitive files, our approach assumes breach and verifies everything. Security decision-making moves closer to users and devices, ensuring protection is always-on and dynamically adapted to risk context.
ZTNA eliminates the vulnerabilities inherent in traditional VPNs that often grant excessive network-level access, creating blind spots and expanding the attack surface. One compromised credential should not provide lateral movement opportunities. Our ZTNA solution enforces strong authentication through Single Sign-On and Multi-Factor Authentication, coupled with micro-segmentation that limits access to specific applications rather than entire networks.
Micro-segmentation enables granular control across cloud workloads and on-premises environments. We automate micro-segmentation to protect workloads and enforce zero- trust policies while providing full visibility across clouds. This approach closes security gaps without requiring heavy capital investments, enabling seamless transitions to zero trust architecture.
Adaptive trust and continuous monitoring ensure security policies evolve with changing contexts. Our zero- trust implementation integrates real-time analytics, authentication, and comprehensive monitoring to validate every access request based on user identity, device posture, location, and behavior. This dynamic evaluation prevents implicit trust from creating vulnerabilities while maintaining user productivity and experience.
What trends will shape enterprise cybersecurity over the next decade?
Enterprise cybersecurity over the next decade will be defined by AI-driven defenses, zero- trust architectures, and resilience-first strategies that assume breach and continuously adapt to risk. AI will become both the primary weapon and shield. Attackers are already deploying intelligent botnets and low-and-slow campaigns that mimic legitimate behavior, while defenders will rely on machine learning for behavioral analytics, anomaly detection, and automated response at scale.
Zero trust will shift from aspiration to baseline requirement, replacing VPN-centric models with granular ZTNA, micro-segmentation, and continuous authentication as users, applications, and data become permanently distributed across clouds and devices. APIs will demand specialized protection as they become the backbone of digital business, requiring behavioral baselining and abuse detection to counter the dramatic surge in API-targeted attacks.
The fundamental objective will evolve from “staying secure” to “remaining operational under attack”—cyber resilience will prioritize rapid recovery. Vendor consolidation will accelerate as CISOs demand integrated security platforms that converge networking, security, and observability with single-pane-of-glass visibility across cloud, OT, and edge environments. The future belongs to organizations that combine intelligent automation, identity-centric controls, and platform approaches to manage complexity while maintaining operational continuity against persistent, sophisticated threats.
