From rising SIEM costs to alert fatigue and architectural sprawl, enterprises are grappling with how to secure growing volumes of data without overwhelming their security teams.
Kash Shaikh, President and CEO of cybersecurity firm Securonix, shared his perspective on these challenges in a conversation with Frontier Enterprise — touching on customer priorities, the limitations of full-stack consolidation, and where generative AI is already making a difference.
What has the transition from Dell, HPE, and Cisco to Securonix been like?
Coming from large public companies like Dell, HPE, and Cisco — where I served as general manager of a large business unit that grew at a 28% CAGR over four years — I learned a great deal about enterprise needs and how to address them through infrastructure, software, and cybersecurity. I also learned how to grow a business profitably in an environment where performance is closely monitored — including financial results, customer retention, and growth.
One of the most important lessons from that experience is that growth starts with the customer. If you can identify their challenges early on and begin building a relationship from the pre-sales stage — through solution design, deployment, training, and customer success — the rest tends to follow. That long-term relationship is what creates real value, both for the customer and for the company.
You have to start with the customer, whatever business you’re in. Some of these companies — Cisco and Dell, for example — have been successful because they’re very customer-centric. They understand that the customer drives the business. That’s one of the key lessons I took from working at these very organised and disciplined public companies — the Fortune 50 types.
When it comes to growth, I’ve learned that the best approach is to understand your customer’s challenges and design your product around those needs — rather than starting with the product and trying to figure out the market fit later.
We’ve also been investing in AI and generative AI, although we were using AI and machine learning even before it was cool. The company has a history of using these technologies to detect anomalies and deliver analytics that stand out. Now, we’re taking that further with generative AI.
For example, we’ve developed something called the Insider Intent Agent, a generative AI-based tool that looks at the language people are using within the organisation. If someone searches for something like “What is the safest way of stealing company information,” the system can pick up on that intent and alert the security team, who can then coordinate with HR to investigate.
It’s a similar concept to the Tom Cruise movie Minority Report — stopping threats before they happen based on intent. Because once the crime has already been committed, it’s too late — the information is gone.
Is generative AI helping reduce false positives for customers like Alberta Health?
Absolutely. We work very closely with Alberta Health — they’re one of our largest customers. They’ve reported saving up to US$600,000 per hour by avoiding certain threats. In a healthcare setting, patient data and other personally identifiable information (PII) are incredibly sensitive. If compromised, it could affect millions of people. That’s part of our broader mission: to help enterprises protect their operations and data.
We also support many customers in the financial sector. One example is the largest private bank in India — they have 120 million customers and 240,000 employees. We’re helping them protect their transactions at scale.
In Singapore, one of our customers has brought their false positives down to zero. The benefit to the customer is that their security team can focus only on alerts tied to real anomalies. Whether it’s detecting an employee exhibiting risky behaviour or identifying threats before they materialise, the system filters out the noise.
That’s especially important given the ongoing shortage of cybersecurity talent. When your team is tied up investigating false positives, that’s not an effective use of limited resources. CISOs want their teams focused on high-value tasks — on real threats.
Another challenge customers face is that their budgets aren’t increasing by 40% year over year, but their security data is — rising by 30%, 40%, even 60% in some cases. They can’t keep spending more on cybersecurity vendors unless the tools help them manage that scale.
To address this, we developed a data pipeline manager that’s already in production at the largest bank in India. It’s not just about giving them technology, it’s about helping protect the business and identity of 120 million clients.
The idea behind the data pipeline manager is that as security data grows, not all of it needs to be sent to the SIEM for real-time detection. Some data, especially logs kept only for compliance, can go into more cost-effective storage.
This is particularly useful for highly regulated industries like finance and healthcare, where auditors and regulators often require logs to be stored for five to seven years. By directing only high-value security data to the SIEM, while archiving compliance data separately, customers can reduce costs by up to 30%.
How do you view SIEM pricing in the age of AI?
Our view is that while doing business is important, the priority should always be addressing the customer’s challenges. It’s not sustainable for a CISO to keep increasing their security budget by millions each year. Of course, in some cases, price increases are justifiable, especially when they reflect ongoing investment in technology, but they need to be reasonable. You can’t simply lock in customers or back them into a corner.
Some vendors may be capable of building something like our data pipeline manager, but they choose not to, because it would impact their revenue. My view is this: if you don’t address a customer’s pain point, someone else will. You can’t keep exploiting the situation. Eventually, the customer will find an alternative, so why not be the one to solve it for them?
What’s your take on solution sprawl and platform consolidation in cybersecurity?
I do think there are cases where having a heterogeneous environment can be beneficial. Some degree of consolidation makes sense, but not all consolidation is right for every enterprise.
For example, we recently acquired ThreatQuotient, an external threat detection company, as part of our broader growth strategy, but that kind of integration depends on the specific use case. Using the same vendor for everything, like your firewall and your SIEM, can actually be a disadvantage. In a uniform environment where the endpoint, SIEM, and firewall all come from the same vendor, you may miss threats that originate outside that ecosystem.
Consolidation can work in the SOC, where analysts often manage multiple technologies, but if your endpoint security and SIEM are from the same vendor, that vendor may have blind spots. So while some consolidation helps streamline operations, other forms of consolidation may limit visibility.
Our advice to customers is to ensure their strategy reflects the complexity of their own environment. Not all SIEM platforms can support diverse infrastructures, especially when you’re dealing with different endpoints, firewalls, and data sources.
