Join or Sign in

Register for your free asmag.com membership or if you are already a member,
sign in using your preferred method below.

To check your latest product inquiries, manage newsletter preference, update personal / company profile, or download member-exclusive reports, log in to your account now!
Login asmag.comMember Registration
https://www.asmag.com/project/gallagher_evolving_beyond_access_control/
INSIGHTS

SIs must become ‘trusted advisers’ as AI raises new cybersecurity challenges: Asimily CEO in exclusive interview

SIs must become ‘trusted advisers’ as AI raises new cybersecurity challenges: Asimily CEO in exclusive interview
Shankar Somasundaram, CEO of Asimily, identifies bigger players’ hunger for hard-to-build OT/IoT data and vertical-specific credibility as main drivers of the consolidation trend in IoT cybersecurity
The cybersecurity industry is seeing a wave of consolidation, with Armis becoming part of ServiceNow and Drago becoming part of Accenture after two blockbuster acquisitions in the past couple of weeks.
 
Shankar Somasundaram, CEO of Asimily, identifies bigger players’ hunger for hard-to-build OT/IoT data and vertical-specific credibility as main drivers of the trend. In an exclusive interview with asmag.com, however, he also highlighted that the unabated need of customers for “best-of-breed solutions” opens new opportunities for players regardless of size who address the most important contemporary challenges successfully— the shift from visibility to actual risk mitigation, new exposure created by AI agents, and the operational challenge of implementing segmentation at scale.
 
According to Somasundaram, the role of system integrators is also changing, regardless of whether their focus has thus far been on physical security, IoT or the overall IT landscape. As "trusted advisers," they need to stay broadly informed across a fast-consolidating landscape rather than staying narrowly focused on established vendors. They also need to advise customers broadly and continuously, and stitch together best-of-breed infrastructures.
 
Admittedly, this is challenging, especially for small firms, who need to forge find their niche and fill it with specific expertise.
 
Shankar Somasundaram, CEO, Asimily
“Smaller SIs can neither focus only on integrating systems made up of devices from one or two vendors, nor can they cover the whole market amid increasing challenges posed by AI," Somasundaram said. "Smaller ones that are thriving have evolved into trusted advisers instead. They’re investing more in training so their people are more knowledgeable about the ecosystem. They’re expanding from traditional integration work toward advisory roles and consulting."
 
In times of consolidation in the cybersecurity field, customers may face a trade-off: Acquisitions can mean bundled services and broader coverage, but they can also slow the pace of innovation customers have come to expect from independent vendors.
 
"Historically, every time there's been an acquisition in this space, it has generally slowed the acquired company down, at least for a while," Somasundaram said. "The good news for customers is there's still a healthy mix—some vendors get acquired, others stay independent—so customers can choose which way they want to go."
 
Asimily has been focused on delivering solutions for providers in healthcare, industrial, cities, and other industries where the increasingly broad landscape of IoT, OT and IoMT has moved past the question of simple device visibility toward the more pressing problem of prioritizing and mitigating risk, as AI-driven attacks increasingly target critical infrastructure.
 

Beyond visibility: Risk prioritization and segmentation

As more IoT devices and classes of devices have become part of the systems of individual organizations, the focus has in the past few years been on visibility—seeing what devices are connected to the network, their individual status and exposure profile. However, as practices have matured, the continuous assessment of different risk classes has moved to the center.
 
“Visibility used to be the main topic. Three or four years ago, organizations started shifting toward vulnerability prioritization, because the sheer number of vulnerabilities being flagged was starting to explode," Somasundaram said. "Now the conversation has moved again—customers focus less strongly on what visibility can tell them and care more about how to actually mitigate the risk."
 
In a constantly evolving field, however, the advent of AI—and especially AI agents as a new class of credential holders—has complicated the visibility issue again.
 
"With traditional OT and IoT devices, you could largely control your supply chain — a PLC from an established manufacturer came from a company whose every supplier and process you could hold accountable," Somasundaram said. "AI agents don't offer that same assurance. The underlying models are often built by small companies, nobody fully controls where a given model has been embedded, and there's a real fear that an agent could behave unpredictably. So visibility into what these agents are doing becomes a new problem on top of the one you thought you'd solved."
 
Meanwhile, Somasundaram also sees the focus shifting toward segmentation—an architectural approach that seeks to create distinct areas of a network that can be cordoned off if necessary, with tightly controlled, policy-governed access between them. In such “zero-trust” infrastructures, a compromised device—for example an IP surveillance camera or sensor—can only communicate within its own segment of the network, which prevents it from reaching sensitive systems elsewhere on the network, even if an attacker gains a foothold on it.
 
"Segmentation isn't new—it's been part of best practice since the earliest literature on limiting blast radius, and it's in guideline from NIST to more recent regulations," Somasundaram said. "The problem is organizations have always said they want to do it, but few of them actually did. Most already own NAC and firewall infrastructure that supports segmentation, however. What's different now is that AI agents have made the blast-radius risk concrete enough that segmentation has finally become a real project instead of lip service."
 
Asimily's own answer to that gap is Segmentation Orchestration, a capability the company launched earlier this year. The tool ties device-level risk intelligence directly to policy enforcement on an organization's existing cybersecurity infrastructure, and maps how each device actually communicates, prioritizing which connections carry the greatest risk, auto-recommends the right policies, lets teams simulate a policy's impact before it goes live, and audits the policies after the policies have gone live. Thereby, Segmentation Orchestration addresses organizations’ concerns that zero-trust architectures may disrupt operations, even in the event of a minor event.
 

Final thoughts: Harnessing the power of data

The gap between visibility and enforcement reflects a longer-running shift in how organizations structure not just security, but data itself. Here the trend has moved beyond the integration toward data “normalization” across the whole system.  A decade or so ago, Somasundaram said, physical and operational security typically sat under facilities or operations, separate from IT security. Today, in the verticals Asimily serves, most of that responsibility has moved under the CISO.
 
It's a trend worth watching for at least two reasons. The other is that physical security systems generate a wealth of operational data that, once part of a unified system, becomes far more useful to AI-driven risk analysis than it ever was as a siloed feed.
 
The recent consolidation trend confirms this, and it may unlock new opportunities for providers of adjacent services, such as integrators.
 
"Look at who's buying whom—a services firm buying a software company is a classic move, because they want recurring revenue, not just project fees," Somasundaram said. "The best system integrators are approaching it similarly. The ones who become trusted advisers, not just installers, build the kind of relationship that keeps customers, and revenue, coming back."
 


Product Adopted:
Medical
Subscribe to Newsletter
Stay updated with the latest trends and technologies in physical security

Share to: