“The attackers are not waiting for you to make the decision. Attackers will continue to attack. And just because you are not able to see it doesn’t mean the attack has not happened.”

That’s the reality ColorTokens CEO and co-founder Rajesh Khazanchi lays out in this conversation with Karissa A. Breen, founder of KBI Media and host of KBKast: The Voice of Cyber.

Rajesh breaks down what it really means to be breach ready, as a practical way of running a secure business. He explains how organizations must move beyond hoping to stop every attack and instead design systems that can contain, recover, and continue operating when a breach does happen.

The discussion moves from boardroom awareness to front-line realities, where breaches often start with a single click, and explores how businesses can shift from perimeter defense to containment architecture. Rajesh also explains why microsegmentation, paired with existing EDR tools, forms a critical shield against sophisticated, AI-driven attacks.

Throughout the episode, he returns to one clear message: breach readiness isn’t a goal, it’s a discipline. From hospitals recovering within 40 minutes to manufacturers protecting production lines, the difference lies in design, awareness, and speed.

Full Transcript: “Being Breach Ready Is More Than a Mindset”

Karissa Breen: Joining me now is Rajesh Khazanchi, CEO and co-founder at ColorTokens. Today, we’re discussing how being breach ready is more than just a mindset, it’s about implementation. So, Rajesh, thanks for joining me and welcome.

Rajesh Khazanchi: Thank you for having me.

Karissa Breen: Okay, so Rajesh, I’m really curious to know, given your position and your role as the co-founder, ColorTokens often leads with Be Breach Ready, as I’ve worked a lot with your team over the years.

So perhaps I want to get into the mindset and tell me, what does this mean to you as a CEO?

Rajesh Khazanchi: Absolutely. See, from ColorTokens’ point of view, breach ready means an organization’s ability to continue operating securely even after an attacker has gained access. That’s the foundational principle we operate against. And this is by minimizing impact, preventing lateral movement, and isolating your critical assets, your crown jewels, in real time.

This is the foundational principle behind being breach ready. Think of it from the perspective of three or four core concepts. One is the assume breach mindset, because most traditional systems focus on preventing attacks. ColorTokens operates on the belief that breaches are inevitable and it’s all about minimizing the damage.

So being breach ready means designing your systems and controls to limit your blast radius, contain those threat factors, and recover quickly. That’s essentially the key part of being breach ready.

Karissa Breen: Okay, there’s a couple of things in there that you mentioned. Even ten or so years ago, everyone in the industry was like, “Hey, let’s try to mitigate all of the things. Let’s not try to make it happen.” Now we’re at a stage where it’s like, “All right, it’s probably inevitable, it’s going to happen.”

To your earlier point, would you say, given your role and the customers you’re speaking to on the front line, do they have that mindset of “Hmm, I am sort of breach ready, Rajesh”? Or where does that sit with you when I ask that question?

Rajesh Khazanchi: They’re still understanding what this entire concept means, but they’re very much aware that attacks happen. Let’s try to understand how an attack happens: an unknowing user accesses email, clicks a link, or thinks it’s a general link. Clicks that link, boom, the attacker is inside the system.

Generally, most employees have either VPN access, granted access, or they’re inside their offices. That system is compromised, and this can happen over and over again. This is not a malicious user trying to create damage. This is an ignorant user.

When you actually have that core concept and say, “Okay, now I’m in this situation,” we’ve seen so many customers who, when an attack happens, just don’t know what needs to be done. They’re extremely panicked. All they think about is bringing systems down.

But when these systems are down, their business is down. You might have seen so much information about manufacturing plants or financial-services companies being out of business for two or three days before they can recover.

So when we talk to customers about this mindset, how do we get there, there’s a gap in knowledge and understanding of how to become breach ready, and we actually help them foundationally bridge that gap.

The assume breach mindset, foundationally putting in Zero Trust control segments, context aware controls, fast recovery, and continuous compliance and visibility are the key constructs we operate against with our customers.

Karissa Breen: So would you say, when a CISO, for example, is communicating to his board or senior executives “Okay, we can just assume a breach is going to happen” how does that narrative sit, given some board members aren’t traditionally from a tech or cyber background? They might not want to hear, “Hey, we could be breached.”

Whereas a better narrative in their minds, for shareholders or investors, might be different. How does that sit, would you say, in terms of that conversation of “We need to be breach ready regardless,” but again, people might not want to hear that?

Rajesh Khazanchi: It’s a great question you’re asking. That was exactly what was happening five to six years back. Board members didn’t want to hear that. They would just say, “We have operations and security teams; they should be able to control and manage it.”

But they’ve been consistently hearing this from other board members or within their organizations. There’s been a lot of maturity over the last few years, especially among board members, where they’re saying, “No, this is extremely important. We understand attack vectors can come from different places. Let’s have a conversation and understand what needs to be done.”

So in board conversations today, it’s more about preparation: If this happens, give me exactly the set of things you would do.

There are SEC guidelines now. In some cases you have 48 hours, in others 72 hours, to report back to the board on your mitigation plan. And a lot of times, within 72 hours, you don’t even know what has happened. You’re just scrambling to understand the first attack vector itself.

So yes, there’s been a tectonic shift over the last three or four years, and the maturity level of board conversations has improved. We’re seeing board members asking these questions: What is your readiness plan if breaches happen? What are you doing to reduce the blast radius, minimize the attack, and give us that plan of action?

Karissa Breen: And you mentioned before a gap in knowledge. What would you say is the biggest gap at the moment that you’re seeing when you’re speaking to these people out in the field?

Rajesh Khazanchi: There are three core constructs, especially in being breach ready.

First is understanding and getting your head around the fact that breaches are inevitable and that you must assume a breach. Anyone inside the network should be treated as if they were outside the network. That entire construct is very difficult for people because it flips the whole idea upside down.

When you actually have that foundational construct, you look at each and every attack vector in a completely different paradigm. So there is a foundational knowledge gap in shifting from “outside is not trusted but inside users, devices, employees are trusted.” That trust factor has completely changed. There’s a very big tectonic shift for users.

Then, when you start implementing these controls, you need a foundational understanding and visibility across your entire environment. Shifting from perimeter protection to a containment architecture is very important.

The perimeter model is like a fort model, outside is not trusted, inside is trusted. That is one big gap we see. Visualizing your current state and current attack surface is another area. It’s a well-understood concept, but then comes the construct of creating secure controls so that any time an attack vector happens, do I have a mechanism for quarantining it, do I have a mechanism for isolating it?

Let’s say a particular system is compromised. You should understand whether that system is connected to your crown jewels directly or indirectly, and if it is, what are the isolation and containment techniques.

These are the three or four areas where we see people have built constructs that are very EDR-centric, endpoint detection and response-centric, meaning the attack is happening, let me try to defend it. Or firewall-centric, meaning outside is untrusted and inside is trusted. If I’m allowing it, that’s the gate I have.

Now, when you shift your entire construct from perimeter protection to containment protection, you must visualize your entire attack surface and design and enforce your security policies in such a way that any time an insider is attacked, you still have a containment philosophy to defend yourself or at least minimize your blast radius. That’s where we see a lot of the knowledge gaps.

Karissa Breen: This is interesting. I want to go into this a little bit more because I think it’s quite important.

Given what you’re saying and, having worked in this space myself, historically organizations have not architected ways to contain and recover from a breach. If you’re looking at a bank, it’s quite traditional, with legacy systems. It’s not as easy to say, “Hey, this looks amazing in terms of our architecture and design.”

How can people get beyond that? Sometimes we just need to accept where we’re at and then move forward. What does that look like now, given what you’ve mentioned about how people can start to get to a point where they can contain it more, irrespective of how old-school their environment may be?

Rajesh Khazanchi: Traditionally, if you look at today’s architectures, most are designed so that they have DMZ environments, demilitarized zones, or firewalls in place. Internally you have VLAN segmented areas, but not fully segmented environments. They’re more or less flat networks.

Then they have detection and response solutions like CrowdStrike, Microsoft Defender, or SentinelOne, which are EDR technologies. The main philosophy there for EDR technology is breach protection or ransomware protection. Any time an attack happens, they defend it. They have remediation controls for it, and they do a really good job.

But take this analogy: let’s say I’m someone trained as a commando and I’m physically fit. I can do a lot of defensive maneuvers. Think from that perspective, the bullets are constantly coming. EDR is that commando skill you have; you want to prevent yourself from those bullets, and you’re dodging them. But one bullet can take a life, one bullet.

If you have these additional controls, especially segmentation controls with EDR technology, that means EDR is predominantly focusing on stopping your active attacks, but you have prevention controls too. For a commando, if you have bulletproof jackets and shields, that’s your microsegmentation.

So if you now have a solution like microsegmentation along with EDR, that becomes a very strong defense. Even if a bullet comes through all the EDR technologies you have, and it does happen, you still have a shield to prevent further damage.

This is the tectonic shift we’re seeing right now. Any organization that has EDR technologies, ColorTokens will be able to provide a solution on top of EDR and implement microsegmentation with it.

So you have a perimeter defense and also a containment strategy as part of the entire solution.

If you look at today’s attacks, they’re highly sophisticated. Earlier, they were non-state-sponsored; now they’re state-sponsored and moving toward AI-driven. AI-driven attack vectors are significantly more sophisticated, and to hope that EDR technologies alone are going to prevent them is just not possible.

That’s why we feel that with EDR technology and microsegmentation technology, you have the best of both worlds coming together to prevent these attacks.

Karissa Breen: So would you say that people are realizing they’ve got to do more than just EDR? Like you said, the best of both worlds — are people thinking more about just a defense-only strategy? Are they there in terms of mindset? Are they getting it, or are they just starting to understand they need to do more than just EDR?

Rajesh Khazanchi: They absolutely are getting it. They recognize it. They understand there’s a need; they just don’t know how to go about doing it.

It’s like knowing you need to be physically strong but not knowing the path to get there. That recognition is happening significantly. ColorTokens provides that entire mechanism and workflow to take you toward that path, EDR to stop breaches, microsegmentation to contain breaches, the killer combination of both solutions.

We see significant recognition that they need to follow Zero Trust principles. The core principles of Zero Trust, access control, segmentation controls, and identity controls, are what people are absolutely following.

Karissa Breen: Do you think, in terms of a timeline, when this mindset started to shift, even if we go back a couple of years ago when COVID happened, people worked from home, worked virtually, worked remotely. A lot of big organizations have remote teams now. Do you think maybe that was the inception of the mindset shift, where people said, “We’ve got to think a little beyond”?

Because I started to see companies really change their approach, not just to security, but to their architecture, to how they’re working, and how they’re securing this remote workforce. Would you say, from then onward, people started to think more deeply about this problem?

Rajesh Khazanchi: You are absolutely right. As soon as COVID hit, people started realizing they needed perimeter-less, boundary-less security. It started with Zero Trust Network Access and Identity and Access Management. These two were the first wheels that came in. That’s why you saw Zero Trust Network Access solutions really catch momentum, and identity solutions did as well.

But now we’ve gone well past that, because working from home and working remotely was the first stage. Now we’re seeing the tectonic shift toward segmentation, because that’s the third pillar of Zero Trust. So you’re spot on.

When COVID hit, a lot of organizations weren’t ready. It took them a few years to really catch up to Zero Trust Network Access, so they controlled network access and identity. Now they’re heading toward controlling their systems, devices, servers, and critical assets. That was when it all started, especially with the “work from anywhere” model.

Karissa Breen: So now I just want to zoom out and talk about the business side for a moment. I interviewed one of your other colleagues, Agnidipta Sarkar (Chief Evangelist, ColorTokens), earlier this year. He focused a lot on business continuity. Obviously, when something happens and you can’t operate your business, you’re losing money and customers.

What I’m starting to see now, given the caliber of people like yourself that I interview on this show, is that people aren’t willing to wait days and days for a company to recover and get back online. People aren’t as loyal anymore. They’re impatient. As soon as there’s even a slight inconvenience, they take to Twitter and start posting online.

So give us a picture of the business side now. I interviewed another guest who said the average recovery time for a company after an attack was 24 days. That’s a long time in today’s day and age. Can you paint a picture around this narrative?

Rajesh Khazanchi: You’re absolutely right. Business disruption is one of the leading causes of concern for most industries. Breakout time and business disruption are two very important parameters observed from a cyber defense perspective.

Zero disruption is an ambitious target, but minimizing disruption is a realistic one. When we look at companies that have implemented microsegmentation and Zero Trust, their ability to recover is far better.

We have hospitals whose benchmark is 40 minutes, and they run trial exercises every year. They completely simulate a breach scenario, red teaming, blue teaming, assuming their backup and current systems are compromised. Their benchmark is to get back to business within 40 minutes.

Organizations that have implemented Zero Trust principles, specifically segmentation, can recover within that period. That’s the goal we have for organizations: less than one hour to get back to business. If they have proper practices in place, that’s realistic.

Now, if they want to minimize it even further, it’s great. But achieving recovery within an hour is a strong benchmark any board would accept.

So putting these controls and practices in place means that if a breach happens, you have a containment strategy to minimize the blast radius and resume business within that 40-minute to one-hour window. That’s the key goal, and we’re marching toward that objective.

Karissa Breen: You made a good point. Recently I interviewed someone talking about disruption in aviation. For example, LAX is a major airport. One hour of disruption per airline could cost a million dollars, per hour. And as each hour passes, it gets worse, more expensive, and the blast radius increases.

People get frustrated, lawsuits begin, and there’s reputational fallout. How does that sit with you, in terms of what you’re seeing with customers? Obviously, minimizing disruption is key, but there’s also the long-tail impact of retaining customers and acquiring new ones after a major disruption, which we’ve seen with big businesses in recent years. What are your thoughts?

Rajesh Khazanchi: Gaining trust with customers takes time. Today, when we interact with customers, there’s often skepticism and concerns about whether these massive objectives can really be met. But as we approach and achieve these goals, they can see and test it. That’s where trust is built.

I’ll give you an example. We worked with a hospital chain, it’s a tight-knit community. Once we helped one hospital achieve that 40-minute recovery benchmark, the rest of the chain followed. Now, we’re managing multiple hospitals with a clear north star metric: being breach ready and getting back to business quickly.

There’s now a strong element of trust with these hospitals. The same applies to life sciences, though in a slightly different way. In life sciences, it’s all about intellectual property. If they lose that, they lose everything. Separation of lab environments becomes crucial.

If they lose their intellectual property, they can go out of business. So earning that trust over time in each vertical means understanding what matters most to them.

For life sciences, it’s about protecting chemical compositions or research data from insider threats or external actors. For manufacturing, it’s about production. Loss of production disrupts everything, one day of downtime can be catastrophic.

In aviation, disruption causes widespread ripple effects. In the energy sector, it’s about human safety, controlling a boiler or power grid incorrectly could lead to loss of life.

So for every vertical, we help define their north star metric, whether it’s production, IP protection, or safety, and build trust by aligning to that. That’s why I feel proud of what we do. It’s not just about securing systems. We’re saving lives, businesses, and livelihoods. That’s the mission I’m proud to say ColorTokens is marching toward.

Karissa Breen: Would you say that, right now, businesses in general are facing a more aggressive market? What I mean is that companies, large and medium-sized alike, are being forced to innovate faster because of AI. They have to shift quickly, pivot constantly, and keep customers who now expect faster, cheaper, and better services.

As a result, does that put more pressure on IT and security teams to keep systems running? The potential revenue loss is huge. You mentioned airlines losing millions per hour, that’s revenue lost immediately and downstream. Do you think this dynamic is putting greater pressure on security departments to protect uptime and resilience?

Rajesh Khazanchi: It definitely is putting a lot of pressure on IT and security teams. Expectations are much higher.

If you look back 20 or 25 years, the ratio between a system administrator and servers was one to twenty or one to thirty. Now it’s one to thousands. Automation solutions have evolved, but so have attack surfaces. Expectations have become incredibly aggressive.

At the same time, we as vendors have to live up to those expectations. If we’re managing these systems, we must ensure IT and security organizations have automation, visibility, and resiliency built in, so they can preserve their key north star metric, whether that’s production, customer trust, or intellectual property.

You’re absolutely right, resilience become a competitive advantage. We’re already seeing that. I was interacting with a very large bioenergy company. They’re using security resilience as a differentiator against competitors, proving that they’re far more secure.

They gained significant valuation and investment because of it. Customers started trusting them more because they could demonstrate it. So it’s not just about securing the business, you can actually grow your business if you can prove you’re more resilient than others.

Karissa Breen: And then would you say, to extend on this a little more, it’s going to force big companies, because big corporations can take ages to make decisions. What I’m seeing now, and maybe you can talk a bit about this, are they making decisions faster?

It’s not like we can sit around a room and do all these risk assessments and get everyone’s approval, because we need to move faster. We want that competitive advantage. We don’t have time to do all these spreadsheets and processes like we used to twenty years ago. We’ve got to get ahead.

Are you seeing now that people are willing to take calculated risks to maintain that moat around their business and stay ahead? How are you seeing this shift internally in decision-making?

Rajesh Khazanchi: It is improving, no question about it, but it could be better. Organizations still take six to nine months, especially large ones, to make decisions they could make in a couple of months.

In some cases, it used to take a year or more, so it has gotten better. The metric is improving, but it’s still not where it should be.

It’s not about selling. It’s about the decision-making process of getting everyone on board and going through procurement. It definitely could be better.

My only request to them is this: the attackers are not waiting for you to make the decision. Attacks will continue to happen, and just because you don’t see them doesn’t mean they’re not happening. I wish organizations could make decisions faster, because in some cases businesses have been completely disrupted and, in others, trust has been lost. I wish it were better than what it is right now.

Karissa Breen: I want to switch gears and talk about microsegmentation as a definition. Would you say that people out there have different versions in their minds of what this means? Because perhaps they’re thinking of it in a more traditional way, based on how microsegmentation used to be done. Can you talk through this?

Rajesh Khazanchi: Yes. Microsegmentation is now a very well-established space. It wasn’t a few years back. Five or six years ago, when we talked about microsegmentation, it was mostly educational because people often confused it with network segmentation or VLAN segmentation.

We don’t face that problem anymore. It’s now a well-understood space, and people understand its value.

One big challenge, though, has been that it’s historically been hard to implement. Many organizations worry about how to deploy it, because think about it. You’re in a hotel, and each room has a lock you need to program. That can run into thousands of policies.

That was, and still is, a big concern for many organizations, how to implement and manage it.

But over the last few years, what we’ve done at ColorTokens is build value through speed and simplicity. We can implement full microsegmentation in 30 days for medium-sized deployments and 90 days for large ones.

We’re able to do this because we’ve built AI solutions that visualize and understand traffic patterns, adapt to them, and continuously monitor them.

This used to be done manually. Not anymore. Now you can analyze and understand traffic, adapt to it, and constantly monitor it.

People understand microsegmentation as a tool to secure systems, but they’ve worried about scale, “Can I do this across 40,000 or 50,000 servers?” Now they can, because of the scale and velocity that AI provides through deep learning and continuous adaptation.

Karissa Breen: On that point, would you say people are a bit fatigued? Because a lot of people are now saying, “We want to reduce tool sprawl. We want to focus on platformization. We want fewer tools and vendors.”

How does that conversation go for you? What’s the response you get?

Rajesh Khazanchi: I think that’s a fair point. Tool proliferation, too many tools, too many agents, is a real problem across the industry. Not just in cybersecurity, but also in configuration management and monitoring.

The way we handle it is that customers don’t need to add any other agent to achieve better security or resilience with ColorTokens. If they already have an EDR technology — any mainstream one like CrowdStrike, Microsoft Defender, or SentinelOne — they can achieve microsegmentation through those same agents.

That’s big news for our customers because they don’t want more tools or agents, but they do want better security.

As I mentioned earlier, when you look at CrowdStrike or SentinelOne, their focus is on stopping breaches, but not containing them. That containment philosophy doesn’t exist there.

If you look at some of Gartner’s data, they’re saying that because of AI-driven attacks, EDRs and firewalls are not capable of handling everything. Gartner expects proactive security, through cyber resilience programs, to account for 50% of cybersecurity investments in the next three to four years. It’s currently just 5–10%. That’s a massive shift.

As attacks get more sophisticated with AI, EDRs alone can’t handle it. Proactive, preemptive, AI-driven containment will be the way forward.

And to your point on platformization, ColorTokens technology doesn’t add to tool sprawl. It actually empowers EDRs to implement microsegmentation. The CrowdStrike agent, for example, is enough for us to deliver microsegmentation without adding new agents. That’s the comfort we give our customers.

Karissa Breen: So effectively, ColorTokens, to use an analogy, swims alongside these EDRs, whether it’s CrowdStrike or others, so people don’t have to worry about deploying another agent. Because that’s often what makes them anxious. Would you say that’s right?

Rajesh Khazanchi: You’re absolutely right. A CrowdStrike-type agent is enough to implement it, and we program those agents to achieve the objectives of microsegmentation. You’re spot on.

Karissa Breen: So, looking forward, we’ve covered a lot of ground today. When you sit back at the end of your week and think about the industry and microsegmentation, what are your thoughts as of today, and as we roll into next year? What’s happening in this space right now?

Rajesh Khazanchi: AI will drive a lot of activity on both sides. AI from the attack vector side, and AI from the defense side. I mentioned earlier that there will be a significant focus on proactive and preventive security.

Because if today you’re facing five MITRE techniques, tomorrow you’ll face thousands. The sheer variety and sophistication that AI-driven attackers can bring will overwhelm traditional detection and response systems.

The only way to defend yourself is to be proactive. And design your systems, networks, and controls up front for that inevitable situation.

AI will drive much of this shift. Another clear progression we’re seeing is in operational technology. Five or six years ago, OT wasn’t considered a major attack vector. Now it’s front and center.

Manufacturing plants, critical infrastructure, aviation, pharmaceutical, life sciences, and hospitals are all getting attacked, not because of laptops or servers, but because of medical devices, proprietary systems, boilers, non-standard operating systems, HVACs, or logistics platforms.

These are easy entry points for attackers in any vertical. If your critical infrastructure goes down, so does your country. Power grids, water supplies, these are foundational systems.

So it’s getting serious. Attackers are getting more sophisticated through AI, and defenders must respond with AI-driven containment and proactive security strategies. Those will become essential.

These are the three or four core trends we’re watching over the next two to three years.

Karissa Breen: Lastly, Rajesh, are there any final thoughts you’d like to leave our audience with today?

Rajesh Khazanchi: I just want everyone to be aware that cyber is here to stay. Keep yourself safe and stay informed. The principles we’re talking about aren’t meant to scare you, they’re to make you aware.

Understand your environment. It could be your network, your bank accounts, or your devices, just be aware. Awareness solves a lot of problems.

From an organizational perspective, design thinking and security-by-design concepts apply everywhere, in your home, finances, and infrastructure.

For example, at home, you might have 40 or 50 devices connected to the internet. Be aware of what’s happening with them. Comfort comes at a price. If your cooking tops, refrigerators, or other devices are connected to the internet, ask yourself, do they need to be? And if they do, is there a secure way of doing it?

Be conscious and stay educated. That’s my message for everyone, kids, adults, and especially older people who may not be as aware.

On the organizational side, I’d say this: having design principles in place pays off. Being aware of what your infrastructure is and designing controls up front will save you a lot of money later.

Just relying on detection, response, EDR, and firewalls is no longer enough against new generations of attackers.

If you’d like to understand your organization’s real breach impact and containment capability, 
connect with our security advisors or request a Breach Readiness & Impact Assessment today.

The post How Microsegmentation Powers Breach Readiness and Cyber Resilience appeared first on ColorTokens.

*** This is a Security Bloggers Network syndicated blog from ColorTokens authored by ColorTokens Editorial Team. Read the original post at: https://colortokens.com/blogs/microsegmentation-breach-readiness-cyber-resilience/