Cybersecurity – The guardian of digital transformation
Cybersecurity manages business risks throughout the value chain through processes, policies, and governance methodologies. The technology identifies, detects, protects, responds to, recovers from, and governs against cyber threats. It secures an organization’s entire attack surface — cloud, workplace, IoT/OT, applications, big data, and AI models.
In this paper, we discuss key trends across nine AI subdomains of cybersecurity:
Trend 1 — Developments in microsegmentation enable zero-trust alignment
A major US financial organization, in collaboration with Infosys, is currently engineering a microsegmentation solution. This endeavor is particularly challenging because of the enterprise’s extensive Kubernetes deployment with multiple tenants. Infosys is designing the solution to first establish precise transaction visibility and subsequently apply granular zoning rules across all infrastructure and application workloads.
Trend 2 — Proactive decoys and lures gain prominence for advanced cybersecurity and zero trust
A Belgian government organization worked with Infosys to deploy deception technology using lures at the perimeter and within internal shared services like active directory. This initiative has strengthened the organization’s offensive security with deeper zero-trust integration and earned customer appreciation.
A top German specialty chemical company sought a standardized identity security operation model to proactively detect identity-related threats and vulnerabilities. Infosys helped it establish robust protection control processes using Microsoft tools, including ITDR.
Trend 4 — Verifiable credentials/decentralized identity and passwordless authentication strengthen digital identity ecosystem security
A North American food and support services player aimed to transform its access management user experience through passwordless authentication. Infosys helped the firm design, implement, and roll out Windows Hello for Business (WHFB) for its enterprise users.
Trend 5 — Data security platforms become a necessity to safeguard information
A leading US beverage and bottler manufacturer required a platform to safeguard intellectual property and sensitive information. Infosys helped it implement a robust data protection platform through tools such as AIP data classification, IRM, O365 DLP, and MCAS. The company remarkably enhanced data security, centralized management, reporting, and day-to-day operational tasks. With enhanced visibility, the company makes informed decisions and responds effectively to potential threats in a robust and secure data environment.
Infosys assisted a US health insurer select and deploy a tailored DSPM solution for its multicloud environment. The firm reduced data breach risks, minimized potential regulatory fines, and improved overall security posture. This enhanced trust and confidence among its customers and stakeholders.
Governance, risk management, and compliance
Trend 7 — Organizations increasingly adopt unified control frameworks to strengthen compliance and optimize costs
An American multinational tobacco company collaborated with Infosys to establish a common control framework and control testing (design and effectiveness). The firm used a structured audit schedule to conduct control tests at different intervals (monthly, quarterly, annually) and coordinate tasks with the GRC tool. This enhanced customer visibility, ensured continuous control assurance, improved SOX compliance, and drove efficiencies, resulting in cost savings.
Trend 8 — AI/ML and integrated and quantitative approaches help manage third-party risks
A leading US healthcare provider wanted data-backed, continuous visibility on risk posture, covering internal and third-party environments, with a focus on PHI-related systems. Infosys helped it implement the SAFE security partner solution to quantify breach likelihood scores (and trends) across people, policies, technologies, cyber products, and third parties. This optimized security risks through prioritized remediation from proactive and predictive analytics of aggregated vulnerabilities and external threat intelligence.
Trend 9 — A paradigm shift to microservices-based architecture and API security
A European company adopted an agile application development approach and incorporated security testing tools in its CI/CD pipeline. However, it lacked API security assessments. Infosys helped it set up an automated API security assessment process to precede code deployment to production. The firm conducted security assessments for all APIs in the same sprint they were developed.
Trend 10 — Safeguarding supply chains against cyber threats
A US semiconductor company aimed to standardize supply chain security procedures across its enterprise and establish a software bill of material (SBOM). Infosys helped the firm set up a security tool that identifies SBOM vulnerabilities and establishes effective vulnerability management processes.
Managed security services – threat detection and response
Trend 11 — GenAI-powered security operations gain wider acceptance
A European postal operator wanted to improve its cybersecurity investigations. Infosys assisted by leveraging LLMs to provide context, attribution, and MITRE Att&ck mapping for security alerts. Resultantly, analysts conduct advanced analysis and threat hunting to uncover unknown threats and enhance cybersecurity effectiveness.
Trend 12 — Data pipelines for effective cybersecurity
A US food processing company, in collaboration with Infosys, onboarded a data pipeline solution to optimize data ingestion into its SIEM platform, ensuring flexibility, scalability, and cost effectiveness. This reduced the firm’s EPS subscription by 30%, without missing any critical correlation event.
A major US beverage company aimed to monitor its IT and OT environments from a single interface for enhanced cybersecurity. It previously used an SIEM solution for the IT environment, and separately monitored OT, leading to unnoticed alerts and vulnerabilities. In collaboration with Infosys, it integrated an IT-OT SOC monitoring solution with its existing SIEM and Claroty OT platforms. This streamlined event and alert handling and provided quicker incident responses. The IT-OT SOC team now monitors both IT and OT environments from a single platform that requires less resources.
Trend 14 — Organizations embrace zero-trust security in OT/IoT network
A global manufacturing company with 22 OT plants faced challenges like poor asset visibility, security gaps, and a lack of skilled OT security staff. Infosys helped the firm establish a zero-trust framework by identifying cybersecurity gaps. It prioritized key infrastructure, reduced cyberattack risks, strengthened OT security against targeted attacks, and raised vulnerability awareness. The company also introduced 24/7 security monitoring to spot OT-related threats.
A leading US technology company in conversational commerce and AI software partnered with Infosys to create CNAPP modules on GCP. Infosys ensured cloud security, regulatory compliance, and managed vulnerabilities for GCP’s various workloads, from serverless to containers and Kubernetes.
Trend 16 — Firms secure hyperautomation to future proof their businesses
A German multinational investment bank and financial services company partnered with Infosys to build a GCP-based cloud data leakage prevention (DLP) platform. Infosys used JAVA microservices, Terraform scripts, and hyperautomation. It followed DevSecOps to identify security risks with gating controls in the CI/CD pipeline stages.
Trend 17 — Privacy compliance becomes key to digital transformation
A global company wanted to upgrade its website for enhanced user experience, workflow, and global reach while maintaining privacy compliance. Infosys digitally transformed the website using HubSpot for marketing and communication. The firm tackled consent and privacy compliance challenges for third-party platforms like HubSpot and MS Azure by adhering to GDPR and CCPA standards. This enhanced customer confidence and reliability.
Trend 18 — Customer trust hinges on robust privacy controls
A major Belgian cross-border delivery service provider manages sensitive data across hybrid systems (on-premises and cloud). This necessitates strict adherence to Article 30 of GDPR relating to data governance. The firm, in collaboration with Infosys, established a data platform that categorizes and secures information and helps achieve 100% GDPR compliance. The platform safeguards offshore data through automated masking. Enhanced privacy controls boosted revenue, data integrity, customer trust, and experience.