In this exclusive interview with Express Computer, Sunil Sapra, Co-founder and Chief Growth Officer, Eventus, shares the journey of Eventus and its pioneering approach to next-generation cybersecurity. He shares insights into Eventus’ strategic focus on managed security services and its commitment to staying ahead of evolving threats. Sapra also discusses the company’s innovative use of AI, particularly GenAI, and how Eventus effectively manages the dual role of AI in cybersecurity. He also highlights success stories, challenges, and Eventus’ ambitious goals for continued growth and impact in the cybersecurity industry.
Can you provide us with a brief overview of Eventus and its journey so far?
We officially started in 2017, but the real action began about four years ago after solidifying our groundwork. Our sole focus from the get-go has been crystal clear: we aim to establish ourselves as a top-notch managed security services provider. No diversions into distribution, reselling, or systems integration—just pure-play managed services, with a particular emphasis on SOC as a service. Over the past four to five years, we’ve witnessed remarkable growth. Starting with a modest team of four, we’ve now expanded to over 200 dedicated professionals. And the revenue trajectory tells an equally compelling story. In our first year, our revenue was a fraction of what it is now, having surged by 30x.
We’re on a consistent path of doubling our workforce and revenue annually, showcasing the soundness of our chosen direction. Initially, there were doubts, scepticism about whether a managed security company from India could achieve such success. But with over 150 customers today, spanning regions like India, the Middle East, Asia, and the US (with Europe on our radar), those doubts have been decisively silenced. Our clientele includes esteemed names like banks and large enterprises, further affirming our prowess in the field.
Looking back, our focused approach has paid off handsomely. With offices established across India, Dubai, Riyadh, and Singapore, we’ve truly made our mark on the global stage. While the US office is still on the horizon, it’s just a matter of time before we expand our footprint there as well. It’s been an incredible journey so far, and we’re excited to continue this upward trajectory.
How does Eventus approach next-generation cybersecurity, and what advancements or trends are you particularly excited about in this field?
So, right from the outset, our aim was to steer clear of being just a peripheral player. By “peripheral,” I mean simply doing a task and moving on, without really adding substantial value. We were resolute in our vision to establish a company that delivers indispensable services, highly valued by clients, and founded on a serious, collaborative partnership between us and our customers. Our initial and most significant step in this direction was the decision to offer SOC-specific services. Understanding that the SOC (Security Operations Centre) serves as the nerve centre of a company’s cybersecurity operations, we recognised its pivotal importance. If the SOC falters, everything else falters with it; it’s where the entire intelligence of a company’s cybersecurity resides.
Hence, our first serious endeavour was to build our own SOC. We established a Cyber Defence Centre in Ahmedabad, which we expanded significantly last year. This centre now houses over 100 analysts, a substantial number by any measure. Our commitment was crystal clear – to be indispensable to our clients, and in turn, to ensure our clients are indispensable to us. This led us to offer SOC as a service, and within the SOC, we made an early strategic investment in XDR (Extended Detection and Response) powered SOC.
Even when XDR wasn’t the buzzword it is today, we recognised its potential. Three years ago, when we initiated our SOC services, we made it a point to offer only XDR-powered SOC. Why? Because traditional SOCs are inundated with alerts, many of which are false positives, leading to information overload. With XDR-powered SOC, the number of alerts dramatically decreases, by as much as 90 percent, and each alert becomes actionable. We’ve been steadfast in our stance: unless a client has XDR in place, we decline to manage their SOC.
This strategic approach has enabled us to transform data into actionable intelligence. Our Cyber Defence Centre offers a suite of services built around XDR, including red teaming, breach attack simulation, incident response, and threat intelligence. When we present findings to our clients, it’s not just raw data; it’s actionable insights with clear prioritisation and recommendations. We’ve automated our playbooks to streamline execution, leveraging the latest advancements in technology, including AI.
Staying ahead of the curve is imperative in an ever-evolving threat landscape. We’re committed to leveraging the latest advancements, including cutting-edge technologies like GenAI, to ensure we remain not just relevant, but indispensable, in safeguarding our clients’ interests.
Cybersecurity threats are constantly evolving. How does Eventus stay ahead of these threats to ensure the security of its clients?
Research, research, research—scientific research is paramount. One aspect where we distinguish ourselves from other Managed Security Service Providers (MSSPs) of similar stature is our robust research team. We boast a team of 30 to 40 researchers, a significant resource allocation in our endeavour. We engage in both internal threat research and subscribe to leading threat intelligence providers to ensure we stay abreast of the latest developments.
Staying ahead of evolving threats demands continuous research to discern patterns and anticipate future challenges. Reactivity is not an option; we must remain proactive to maintain our edge. Consequently, we invest heavily in research efforts. As evidence of our commitment, I invite you to visit our website, where you’ll find over 1000 threat advisories. These advisories are just one facet of our proactive approach to safeguarding our customers’ interests and staying ahead of the curve in the ever-evolving landscape of cybersecurity threats.
Are you currently leveraging the benefits of GenAI?
While we’re witnessing this recent surge in AI, it’s worth noting that AI has actually been around for quite some time. I recall studying artificial intelligence back in college from 1990 to 1994. Indeed, it was during the 1990s when we saw the first instances of AI being applied, such as in the playing of chessboard games. Chatbots, too, have been part of the landscape for a while now. I still vividly remember studying the subject of Artificial Intelligence back in 1992. Fast forward to 2024, and here we are, discussing a resurgence in AI. Every technology experiences inflection points, and AI is no exception. Particularly, we’re witnessing a boom in GenAI, though predictive AI will take some time to mature.
This surge in GenAI has its pros and cons. While there are significant positive applications, we also see emerging threats associated with AI. In response, we’ve leveraged a mix of commercial and open-source technologies. However, recognising that the SOC is the core of our company’s operations, we’ve embarked on building our own platform, called the Eventus platform. This platform serves as the backbone for our Cyber Defence Centre (CDC), integrating various intelligence sources, including SIM, SOAR, threat intel, and data from XDRs. It incorporates automation, playbooks, and breach attack simulation. Notably, GenAI plays a pivotal role in this platform. With a dedicated team of 40 individuals, we’re fully committed to harnessing the positive impacts of GenAI.
Our Eventus platform is continually evolving, with early feedback from customers indicating positive outcomes. While I look forward to sharing more details in the coming months, I can confidently say that our platform, powered by GenAI, is effectively identifying, responding to, and mitigating threats. This integrated approach is our primary focus moving forward.
How do you balance the risk of AI being both a threat and a means to mitigate cyber risks?
Yes, every technology indeed presents new avenues for vulnerabilities, and the key lies in maintaining strict discipline in identifying and addressing these vulnerabilities. It’s crucial to continuously test your APIs and applications, relentlessly seeking out any potential vulnerabilities and ensuring they’re addressed promptly. This proactive approach is vital in safeguarding your platform against potential threats.
On the brighter side, we’re channelling our efforts into leveraging the positive aspects of AI to counterbalance its negative implications. By prioritising continuous testing and staying abreast of the latest advancements and technologies, we can ensure that our platform remains fully compatible and resilient. Testing, testing, and more testing, coupled with a commitment to staying updated, are the cornerstones of our strategy to fortify our platform against emerging threats.
Can you share any recent success stories or case studies where Eventus has effectively addressed cybersecurity challenges for clients?
As mentioned, our client base comprises over 150 customers, many of whom are engaged in multi-year contracts with us. It’s important to highlight multiple success stories rather than singling out just one, given our wide range of services spanning cyber defence, cyber resilience, and other professional offerings. For instance, we’re currently spearheading a comprehensive end-to-end shock management initiative for one of the largest industrial manufacturing conglomerates in the Middle East. This project marks a significant achievement for us, particularly considering the scale and complexity involved. Notably, such large-scale projects are not commonly undertaken by Indian firms, even within the domestic market.
We’re also proud to provide cyber resilience services to several second-tier banks, among others, encompassing red teaming, penetration testing, and incident response. In some instances, we’ve taken over the cyber resilience responsibilities from major players in the industry, demonstrating the trust our clients place in our capabilities. While I’m unable to divulge specific details here, I’ll ensure that our marketing team, led by Sanjay, shares relevant case studies with you, subject to customer approval.
In the domain of professional services, including XDR implementation and migration, it’s worth noting our status as Trend Micro’s largest global services partner. This partnership underscores the extensive reach and impact of our services on a global scale. These are just a few examples of the numerous success stories we have across our diverse portfolio of offerings, each contributing to our continued growth and reputation in the industry.
Looking ahead, what are Eventus’ goals and aspirations in terms of continued growth and impact in the cybersecurity industry?
When we embarked on this journey, we were faced with two distinct options, each presenting its own set of opportunities and challenges. One path was to establish ourselves as a prominent player within India, offering a range of services and solutions to become a significant cybersecurity SI with a focus on the domestic market, aiming for revenues of 500 crores or even 1000 crores. The alternative route was a more specialised approach, concentrating solely on cyber defence services and cyber resilience, aiming not just for local prominence but for global recognition and impact.
We deliberately chose the latter path. Our decision was rooted in the belief that by excelling in a focused niche, we could make a more significant impact on the global cybersecurity landscape. Looking back, while India has produced numerous outstanding software companies, the number of cybersecurity firms emerging from the country remains limited. Recognising this gap, we committed ourselves to change the narrative by leveraging our collective expertise and experience, totalling over 50 years in cybersecurity.
Undertaking such an endeavour required a considerable amount of conviction and risk-taking capability. We understood the challenges inherent in focusing solely on a niche market, especially in an industry plagued by skill shortages and high turnover rates. Nevertheless, we were driven by the prospect of achieving something unprecedented and leaving a lasting legacy in the cybersecurity domain.
Our journey hasn’t been without its hurdles. It’s been marked by extensive research, relentless determination, and a steadfast commitment to quality. We consciously chose not to be just another player in the market but to carve out a distinct identity by offering unparalleled services on a global scale.
Our efforts have yielded significant results. Over the past few years, we have witnessed remarkable growth, with revenue doubling year on year. This year alone, we anticipate a staggering 200 percent increase in revenue compared to the previous year, with a promising pipeline indicating continued growth in the foreseeable future.
Our expansion isn’t limited to financial metrics alone. We have strategically established a presence in key international markets, with plans to further enhance our global footprint by opening additional Security Operations Centers (SOCs). These endeavours underscore our unwavering commitment to becoming one of the premier MSSPs originating from India, renowned for our excellence in cybersecurity services worldwide.
While our growth trajectory is promising, it’s not without its challenges. As we scale our operations, the availability of skilled personnel remains a pressing concern. However, we are addressing this challenge through strategic investments in automation and technology, enabling us to deliver high-quality services efficiently with a leaner workforce.
As we continue on this journey of growth and innovation, we embrace the evolving landscape of cybersecurity with optimism and determination. Every stage brings its own set of challenges, but it’s these challenges that fuel our passion and drive for excellence, making the journey both exhilarating and rewarding.