ColorTokens demonstrated agentless microsegmentation by integrating existing EDR telemetry, enabling rapid visualization, insights, and deployment without agents within an hour.
Tight EDR integration reduces agent fatigue, shortens time to value, adds application context, and enables faster breach detection and containment.
Future plans include AI-driven modeling, MITRE and NVD integration, impact analysis, ransomware defense, and broad EDR coverage across major vendors.
Agnidipta Sarkar: Hi, my name is Agni and I’m the ChiefEvangelist for color tokens. I have been, uh. CISO and an auditor in previouslives. But here I’m at Color tokens and I’m talking about, um, cybersecurity andbreach readiness. And I have Harish with me. Harish.
Harish Akali: Hi, um, hi Annie. How are you? Hi, uh, this is Isha Ali. Um, uh,I have around 30 years of experience building, uh, it operations product.
Harish Akali: I was in Oracle for a very long time, built many products forthem. Security compliance is my, uh, specialty. I’ve also done a small startupand now I’m working with Color Token as CTOI run engineeringand product management.
Agnidipta Sarkar: So, uh, you know, I’m hearing this buzz now. Agentless,microsegmentation implementation done in one day.
Agnidipta Sarkar: What’s this all about?
Harish Akali: So I’ll start with. Um, one of the recent experience, so we were ata customer, they were looking at different products and then we said, you know,give us a chance. Um, and we asked for like, you know, one hour meetingwhere we said that we want to give a pitch and they gave us, uh, one hour andwe said that we would like to make sure that we do the demo on their data.
Harish Akali: They were saying, what does that mean? Typically, we give youa small setup. We have to set up things. I don’t think they wanted to do that. Wesaid, uh, we just need one hour where we can actually show you the value.Typically, the way it works is, uh, the vendors come in and although they mayhave improvised on how you do the installation of their platform, and, and theysaid, oh yeah, I can do in one day.
Harish Akali: Half a day I can do an installation. And then theysaid, oh, we, we did something great. But from customer point of view, all youhave done is install your product only on the platform side. Then comes thechallenging part because now you have to think about how to deploy the um,agents on all the, where the workloads are.
Harish Akali: Then you collect the all the network telemetry and then try tomake sense of it. So they were thinking that we are gonna show them in onehour that we can do platform. As you know that we run on ses. So platforminstallation is like, we don’t even do that. We did not even ask them to deploy anagent. All we asked them, we worked with it guys beforehand, and then we saidthat we’d like to, they were using, uh, one of the ideas.
Harish Akali: So we said, okay, we just want to get access to your ED, uh, datathat is already being collected. You don’t have to make any changes. And thenduring the meeting, which we had not done any configuration prior to themeeting. We, we invited the IT guy from the other side and he came in. Wewere able to configure their EDR so that we can collect the networktelemetry.
Harish Akali: While we were giving the pitch on what our solution,
Agnidipta Sarkar: you mean why the solution was being discussed.
Harish Akali: We were discussing the solution and we said that, you know, wehave been talking to your IT guys and, and he’s available and now we haveaccess read on the access to your. To your object store where all the networktelemetry is.
Harish Akali: That’s all we ask for, nothing much. So it’s a very simple APIconfiguration after that thing is done. Then we said we want to give the productthen, and then we started the product demo on their data and they were amazed.They said like, where is this data coming from? So this is your live data that wehad never seen, right.
Harish Akali: Within half an hour while we were working, we are giving thepitch, standard pitch. We were able to collect the data, their assets,their network telemetry, and then we started to ask about what are theseapplication we were even able to get the tags that they have defined and nowyou go to visualizer and we were able to show them some of the insights thatthey had, they were not even aware of.
Harish Akali: All during one minute, one hour. Typically you just do the pitchand then you are asking for time to do the platform. Then you go, or I wantworkloads, I want to deploy agents, and this cycle goes on and on and on. Youhave been a cso, you know how this works, right? A, a normal machine, aserver will have an EDR, will have a DLP, will have vulnerability management,law collection and so on.
Harish Akali: There’s so many agents. I have yet to come across a vendor whosays that my agent is heavy. No one says that. Everybody says that my agent islightweight and it is intelligent. It doesn’t take any CPU. You have an agent. Ofcourse, it goes by thing that you have optimizer. Everyone does that, right? People do not understand that.
Harish Akali: It is not the process of taking the bids and putting it onto yourcomputer. There is lot that goes. With respect to getting approvals, aligning thetimelines. You have been a CSO in a regulatory environment. You tell me, howwas it when a new vendor comes in and says, I have an intelligent agent. Ittakes, it does not take memory.
Harish Akali: It does not take CPU. Let me deploy it onto your box. And bythe way, I’m running SM super user. I’m collecting some data. What would bethe bar? Technically it can be done in a day, but what would be the bar if youwere to deploy it on your thousand workloads?
Agnidipta Sarkar: No, there, there is a bar, there is disruption, there is, thereare operations that you need to, that you cannot disrupt.
Agnidipta Sarkar: So it’s not that easy to think of, you know, suddenlydeploying, but I’m still, you know, getting my head around that number. Howlong did you say it took? One hour.
Harish Akali: Uh, less than that.
Agnidipta Sarkar: Oh.
Harish Akali: So most of the time was, okay, we need to create an API on theEDI side so that we can get access to it. After you give us the API, the read onlyaccess, we were able to make API calls from our platform to the EDR platform.
Harish Akali: Pull in the assets, pull in the text, understand the application,collect the network telemetry, and, and now the data is available on our sidewhere you can, you can see the full visualization. You can see communication between what are the assets, what are the applications, what are the roles within the applications, who is talking to what, and go deeper into it.
Harish Akali: Now you have the entire play down within no time, no installation required. And this,
Agnidipta Sarkar: this was riding on top of an EDR, which is already deployed and working.
Harish Akali: The fortunate thing is, um, almost all the EDRs, they also collectnetwork telemetry for their own reasons, but they make this data available for vendors like us.
Agnidipta Sarkar: Oh, that’s brilliant. That’s brilliant. In fact, in fact, now thatyou say, so it was EDR because EDRs are, are basically detect and respond. Soit means that what you essentially did was to combine the power of detect andrespond to the ability to stop lateral movement. Um, that seems to be verypowerful from a cyber defense perspective.
Agnidipta Sarkar: I mean. I’m getting very excited with this and that too, in,in, in an hour, which is amazing. But, uh, so, so how, how long has this journeybeen? I mean, how long have you been doing this and was it easy because it, itsounds quite complicated.
Harish Akali: It is. You know, if it was easy, everybody else will be doing it.But the way we look at this, uh, we want to build products where we take the complexities on our side.
Harish Akali: Make sure it is easy for the customer. This is also true from thevalue point of view. So, uh, if you are a buyer and when you are looking at aproduct, you are typically looking at total cost of ownership. What would be thecost? And then you have to go to your executives and board and justify thething.
Harish Akali: Like once we go through all this thing and then when we arelooking at things that I can control on my end, I want. If you are my buyer andyou were in your past life, I want to make sure that you are a hero. We make,we want to make sure you shine, and what can we do to make you shine in frontof your management?
Harish Akali: We give you three things. We give you the maximum value, wegive you the least amount of time that we take to take you to the value. We wantto make sure that the hassel. To get to that value, the least amount,the time is also less or none. If I’m able to give you these three things and youare able to realize the value in very less time, you are a hero.
Harish Akali: If you are successful, we are successful, then we can talk abouthow we Yeah. But
Agnidipta Sarkar: it is not only time, it is also, it is also the factor that when a,as a ciso, the moment you, you approach your leadership in saying that, youknow, I’m working with color tokens and I’m trying to implement, uh,microsegmentation, it’s just a switch off.
Agnidipta Sarkar: But if I’m able to now show value saying that, you know,we invested in EDR. And now we are trying, and you know, there are, there is awhole lot of things happening across the world in terms of people doing EDRbypass or, or other mechanisms. Or there could be a change management issue.Somebody might not have configured it correctly.
Agnidipta Sarkar: I mean, remember the Delta situation, uh, at theend of the day, they realize that it is, it’s a, it’s a human error, right? That that’swhat caused the whole thing. So. There is going to be all these risks at all times.But then what is, what I’m now, what you’re now giving me as a value is I cango back to my leadership and say, you know what?
Agnidipta Sarkar: By connecting these two technologies, the EDR and colortoken X Shield, I am now able to go ahead and do far more than I would’vedone with either of them because I’m getting a combined power and, and that tome is far more exciting because. When I go to the leadership asking for money,at the end of the day, the question is, what am I paying for?
Agnidipta Sarkar: So, am I paying for more security tools, which I don’tunderstand how it works, but now I can tell them that I’m going to make you,uh, more, uh, prepared for the next breach. And you would now know if, see ifsome, uh, breach has crossed a particular, you know, micro segment.And if it is going ahead and, and we can stop it immediately using.
Agnidipta Sarkar: The, the new combined power of the two tools. So yeah,it’s, it’s of great value to me. But, but tell me your story. I mean, uh, you, you were on the telling that it was tough, but you read somewhere.
Harish Akali: Yeah. Um, before I go into the specifics of I, um, I’ll go over the philosophy of how we build product. Like typically, we know that I spent 30years building products for IT ops.
Harish Akali: Right, the best of the breed products where they say that I am the best solution, but I work in isolation does not work. You have to think about that. When somebody is managing a complex environment, they, they’re, the product exists, there’s an ecosystem around it, right? So now you already have invested into products, not only from the license point of view, but understanding applications, setting up texts, uh, setting up logs, and you want to make sure.
Harish Akali: Opening up service tickets and these kind of things, all those things are there. Now. One very important aspect for any product to be successful enterprise is how well you work well with other guys. If you are ableto have a cohesive story where all the work that has been done, you can makeuse of the thing you work, you fit better in the ecosystem, then you have muchbetter chance of long-term success.
Agnidipta Sarkar: Yeah, that’s true.
Harish Akali: Are they demo not right?
Agnidipta Sarkar: cause I don’t think there is a lot of people who are thinking about ecosystem. I think ecosystem is very, very important because that would mean less operational overhead and, and from what you’re telling me, it means there’s just a delta step ahead. Of the EDR investment and it, it, it sort of makes sense to A CFO as well saying that, okay, I invested X amount of dollars in EDR, now you are trying to take that investment forward by introducing a capability to do breach segmentation.
Harish Akali: And this ecosystem thing is not that. We are the only one who thinks about that. If you look at our competition, they also think about that the first level of ecosystem where most of the vendors actually do it. They say that I do the initial discovery based on our, your Service Now, so I can pull data from there.
Harish Akali: You’re using cloud. I can get discovery and text from there.Everybody does it. Like we are going above and beyond. We are saying, okay,these things are the table stake. Everyone does it. We also do it. We think we are slightly better. But keeping that aside, everyone does it. Right now. We are trying to say how to get more value, how to be more integrated, which is where I think we have an edge, because now we are thinking you have an EDR.
Harish Akali: So by integrating with EDR, we are able to get two things. First,we are able to make sure that. The journey, the difficult long journey for deploying the agent, even to collect the telemetry and understand what those things are and how they’re talking to each other. Sometime take months in aregulatory environment, that’s for sure.
Harish Akali: We talk to some of the customers in the past and then it take, we can say that agent deployment take two minutes, but by the time you go to the end. Uh, endpoint, it may be six months because you don’t get approval from everyone to deploy agent, agent for, so we are able to reduce, shrink that time to make sure that there’s no agent deployment.
Harish Akali: We can give you the visibility I talked about. The second important, which you kind of touched upon, is the breach defense point of view.Now by integrating with EDR. We can get the network telemetry just by talking to the API, but the more important security benefit that you get is if EDR is able to detect that there is some breach.
Harish Akali: There is an IOC from EDR. Because we are tightlyintegrated at the EPI level, we can react to it much quicker, in much elegantway. So not only we make operationally easy for you to do, deploy and movefast, we also are giving you a lot more value. This is the second level ofintegration where we believe they’re
Agnidipta Sarkar: saying that you can do containment much faster than anyother, uh, mechanism that is available because it’s coming natively to yousaying that there is a breach.
Agnidipta Sarkar: EDR is detecting it early.
Harish Akali: I, I think the, that you said is,
Agnidipta Sarkar: uh, so which means, sorry. So, which means that that, that the value that you are, you’re basically now bringing is, is way beyond whatever we just discussed. It’s, it’s not only reduced time, it’s not only that it’s a delta move, it is also that it’s a great way to stop ransomware and it’s, it is about.
Agnidipta Sarkar: You know, um, supply chain, uh, resilience,because now if you, if you are an organization which is sitting in between, uh,in a, in a digital supply chain, if you have done your microsegmentation correctly, if you’ve got EDR and you detect, as you said, your time to detect, uh,uh, uh, breach is much faster because it’s coming natively to you through theintegration.
Agnidipta Sarkar: Is that what you’re saying?
Harish Akali: It’s actually more than that. So if you look at the previous generations of product who are not tightly integrated, right? And maybe the integration is only at the ServiceNow or, or the cloud tech kind of thing for the initial discovery, then you define your microsegmentation, right?
Harish Akali: And, and there’s an EDR and these, assuming it’s in a differentsilo because the integration has not happened, uh, in the older generation of products, then if there is a breach, um, EDS, they do a very good job. They detect there’s a breach happening. They provide a signal, right? But EDRs don’treally know the notion of applications and what is important.
Harish Akali: We kind of put an extra layer on EDR will say that,yeah, this machine is showing some symptoms. I’m gonna take this machine off,but it does not know how this machine is impacting your overall business. What are the pieces that are tying or what are making a bigger application and so on.So they can’t determine what is the impact of the application context
Agnidipta Sarkar: less.
Harish Akali: They’re context less. We bring the context, but more importantly in the older generation, because these things are in different silos, even though,um, you may be able to identify that EDR identified some problem, now you have to make sure that this data goes into some same, and so, and now you have to write code.
Harish Akali: It is not only latency. Now you have to say that. This thing has happened on one machine. There is an IOC saying that the breach is happening or something bad going on on this machine. I take this machine off. That data eventually goes to your sim and soul, and now you have to write code.You have to write scripts to react to it.
Harish Akali: So it’s not only the latency, first, it goes to multiple hops. There is a latency involved. Second, you have to do work. You have to make sure that now you’re investing into, so you have to make sure that you’re investing into admins who understand, uh, what the logical layer for an application and, and what to do from the network segmentation point of view so that you can contain the breaches.
Harish Akali: So the value realization is tremendous. Now we can actually do cyber defense, model it and achieve it because we are tightly integrated with rs.
Agnidipta Sarkar: I think what you just said, you know, is also something very new. You said you talked about modeling. So what you’re saying is now it is possible using the platform to, uh, customize it context on the basis of the context of the organization and, and therefore build models much before the cyber attack happens.
Agnidipta Sarkar: And then when that model, the requirement for that model,uh, is met by the EDR. Then you can build in capability so that you’re able tocontain that attack in that particular micro segment. Is that, is that possible now?
Harish Akali: Yes.
Agnidipta Sarkar: Wow.
Harish Akali: Exactly. So in our system, as you know, we let you create thelogical applications.
Harish Akali: We let you create the modeling. Uh, we, we let you create models so that you can see that if I had this template, this goes on, what would be the impact? That functionality has been there. Now we are closing the gap to make sure that. When the things actual bad things are happening, we can react fast. So this way now you get end to end real implementation.
Harish Akali: It’s, it’s no longer just that I can model it, actually make it happenwithout requiring soap, without requiring more efforts into automating all of these things. We are possible to do it, but time consuming and they cost money. And remember, I want you to be the hero. I want you to make sure that you realize the value as soon as you can.
Harish Akali: That’s where we put all the efforts. And it is not easy, but the mantra is, take all the difficulties, take all the complexities on our end so that it’s easy on your end. We know that you have to do. So the more
Agnidipta Sarkar: complex engineering, the more simpler is the user interface and
Harish Akali: Exactly.
Agnidipta Sarkar: And I understand that part, but, um, so, so where are yougoing from here?
Agnidipta Sarkar: What’s next? What is new and coming? How, how, how does a customer. I mean, I, I know the value that you’re showing me is, istremendous. I mean, you’re implementing it very fast. It’s a combination of, um, the EDR and microsegmentation capabilities. You’re now able to containbreaches. You’re able to be prepared for ransomware.
Agnidipta Sarkar: You’re able to, um, you know, address, uh,supply chain management, maybe contribute a little bit to, you know, uh, thirdparty risk management. Um, but, but I think, uh, and, and then you said you’redoing modeling, which means, and that gives me a big idea, you know, if it ispossible, and I, I know as a CISO it was never possible at my time, but if it ispossible to do modeling, then I’m in cyber defense modeling.
Agnidipta Sarkar: That is not the threat modeling, but to model, where can an attack be, uh, you know, intercepted and defended against, uh, defended that. If that kind of modeling can be done, then I think what organizations could do is use that as a base and then build a process around it. Which can be called like,you know, a breach ready playbook, which says, okay, if you notice this kind of an indicator of an attack, in that case you need to call up, uh, you know, uh, this stakeholder or that stakeholder and tell them that there has been an attack, but we’ve contained it in that micro segment.
Agnidipta Sarkar: But you are, one of your systems is in that micro segment.So, you know, those systems will not be available now while communicating to the rest of the world saying that. We have an attack, we’ve been able to containit within one micro segment, which means the rest of the business is as usual,you are increasing, it’s a contradictory statement.
Agnidipta Sarkar: You are increasing the minimum viable digital business,which is great.
Harish Akali: Right? And this, uh, the thought of trying to add more value, likewe said that in the previous generation, the thought was, okay, it’s a local hostfirewall kind of solution that lets you create segments. Yeah, we do it. Others doit too, right?
Harish Akali: What’s the thing? But that’s not where the value is. The value isin the integration. The value is making sure that you understand the business.The value is making sure that when the breach does happen, then you use thetools, which is local firewall, post firewall, and those kind of things,which everybody does that to Uplevel and bring it to the place where you, youare able to react and make sure you contain the damage in case there’s a breach.
Agnidipta Sarkar: So what’s the future? Where do you vision this report? Um,will, will AI or something like that, play a role in it somewhere? Yeah.
Harish Akali: I think you touched upon ai. Uh, one of the thing that we, thatwe are coming out very, very far, very, very quickly now is, uh, we are again,uh, understanding that we are not. We don’t have a product in isolation.
Harish Akali: We have to play well with other ecosystem. One of the otherthing where, uh, the industry, uh, if we don’t make use of it properly, is thingsthat are coming from Mitre, CS a and the nvd. These guys spend a lot of time intrying to make sure they make people aware of what the bad things are. Um,NVD publishes the Vulner Liberties.
Harish Akali: Uh, miter has all the TTPs on how people are able todo lateral movement and things like that. And Seaside Advisory is the one thatactually tells you what are the bad things that bad guys are exploiting. Yeah,
Agnidipta Sarkar: they have what profiles?
Harish Akali: Yeah, so we bring all of these things together, uh, thanks to ai.Now we can process a lot more data.
Harish Akali: So now you can ask questions. I will releasing very soon whereyou can, our product is aware of Mitre and CSA and uh, NBD. So when you aremodeling or when you want to look at some impact, let’s say somebody, you arethe CISO and you hear, you wake up in the morning and you know that. Thereis a problem like log four J or something like that, right?
Harish Akali: All you want to do is like, I have this system where I’ve investedso much money and time and effort into, I want to know what my impact is. Inthe older generation, they were working in isolation. They did not think aboutmany of these things that these things are important for cso, right?Because those are the real problem that you’re trying to solve.
Harish Akali: We are bringing thanks to ai, a lot of these capabilities. So nowyou can say, I heard about this thing. Tell me what it is. What is the impact?Does this show me the assets where I’m exposed
Agnidipta Sarkar: Does this affect me? Does this situation affect me? Um, onelast question. One last question, and that is, uh, I, I just want to summarizewhatever we discussed and you, you did talk about.
Agnidipta Sarkar: If you, if you connect an EDR to, uh, microsegmentation, itmakes sense. And, and the value is not only reduced agent fatigue, the value isalso the, the combined, uh, cybersecurity coverage that somebody would get, uh, the ability to address, uh, supply chain risks and third party risks andransomware. I, I see a whole host of those benefits.
Agnidipta Sarkar: But, uh, one, one last question and that is thereare too many eds in the market. Um, will you be, do you have a roadmap tocover most of them, some of them? What’s the plan
Harish Akali: I think we can cover, uh, majority of them probably like put 70% of the market share we can cover. Um, that’s
Agnidipta Sarkar: brilliant.
Harish Akali: The main one is already done.
Harish Akali: The other ones are work in progress. Hopefully in a month,month and a half, we will have coverage for majority of the top three.
Agnidipta Sarkar: Harish, thank you so much for a quick chat and I’ll catch upagain with you.
Harish Akali: Sure. I enjoy the chat.
Agnidipta Sarkar: Thank you for being here. Thanks.
