Skip to main content
From cyberdefense history to innovation – discover it at Black Hat 2025!
Learn More
Request a Demo

Cyber Defense TV: A Smart Approach to Threat and Risk Management

Balaji Yelamanchili interview on cyber threats and risk quantification

In an exciting episode of Cyber Defense TV, Gary Milievsky was joined by ThreatConnect’s CEO, Balaji Yelamanchili. Known for his invaluable expertise in cybersecurity and his significant role in helping companies like Symantec flourish in the tech industry, Yelamanchili shares the importance of threat and risk intelligence in any business’s cyber defense strategy.

Click here to show transcript

Gary Milievsky:
Welcome back to another exciting episode of Cyber Defense TV. I’m your host, Gary Malevsky, and the publisher of Cyber Defense magazine. I’m very honored today to have this amazing special guest. Balaji Yelamanchili is the CEO of ThreatConnect. This man has incredible expertise in cybersecurity, helping grow companies like Symantec. And now he’s he’s been at ThreatConnect for three years doing some amazing transformation to really solve the issues of threat management and risk management. Balaji, welcome to the hot seat.

Balaji Yelamanchili:
Thank you, Gary. Appreciate it.

Gary Milievsky:
So what is threat and risk intelligence, and why is it so important that we have actionable results as quickly as possible?

Balaji Yelamanchili:
Yeah. No. That’s a very good question. So I cannot think of the threat and the risk as as two sides to the same coin. You know, obviously, at the end of the day, uh, we, uh, in any business or for that matter, government agency or, you know, public corporation, whatever it is, we’re trying to protect our cyber our digital assets, uh, from any type of a cyber cyberattacks. And in order to do a really a good job, uh, we certainly need lots of tools and technologies that the people use today, whether that is at the endpoint level, network level, uh, web level, application level, etcetera. But there are really two important contextual things that almost every cyber defender needs. One is to understand what the threat landscape looks like that’s relevant to them. Right? And so you need to know who the threat actors are and, um, what they’re trying to do as it relates to your company or business and your your, uh, uh, entity. The second thing at the same time is you need to understand the risks associated with your business if in case of a breach, in case of an attack. Um, that means you need to have a strong understanding of what your crown jewel applications are, what kind of data that you’re actually holding, and what happens to this data if it actually gets breached. What what is the type of the risk? Is it a financial risk? Is it a reputational risk? Um, is it a regulatory risk? And so when when we think about, um, you know, cyber defense today, we believe that almost every company and every entity has actually invested quite a bit of time and money in people, processes, and tools and the technologies. But to get the best out of those investments, you really need to have this, you know, contextual understanding of what the threat landscape is and what the risks that you have within your company as it relates to the threat landscape. And that’s what I mean by the two sides to the same coin. And that’s really what I consider is the last mile problem that I think we’re all dealing with, and that’s really where, um, ThreatConnect really is focused on. Um, we’re focused on really getting the best return on the investments that you already made rather than trying to come in and say, you know, we have the the we have something else different. Uh, you see what I’m saying? So

Gary Milievsky:
Yeah. And, you know, everyone’s talking about that single pane of glass and that that risk quantification score. Can we actually pull this off? I know a lot of people have been challenged at learning about FAIR Institute and the models for risk quantification. What are your thoughts on that?

Balaji Yelamanchili:
Yeah. No. No. Another very good question. And I think, uh, we can spend a lot of time talking about risk quantification from philosophical standpoint, from a standpoint of the math and the models, etcetera. I I think the the most important thing and FAIR certainly has done a great job, in our opinion, in terms of highlighting the need for quantifying the risk, particularly the cyber risk for the businesses. But, really, in order to really do a great job with the quantification, you need to have you need to feed those that that quantified quantification models with the best data possible. Um, where where I think the, uh, we really needed to come at it is it’s really about the data. And it’s making sure that and and the data has to be fed into the model in a more automated way as opposed to in a manual way. Because anytime you do this manually, it becomes very subjective. And anytime it is subjective, any number that should come up with is going to be questioned, and you have to defend yourself. And it is not easy to do that. And so one of the things that we have actually done is we believe that, you know, number one, um, it should be it should be the modeling and the any type of algorithmic approach that you use to quantify the risk, um, needs to be based on comprehensive data, and that data in itself should be really based on the existing set of controls, the vulnerabilities, the assets, and also the threat landscape that you’re dealing with. Right? And if that data is comprehensive enough and that data in turn is fed into these quantification models, not only you have the better precision in terms of loss magnitude, one of the key things that risk quantification models do, a likelihood, um, the impact, all the different scoring and all the different things that you come up with, you is is actually have a high precision. But most importantly, when you actually start presenting that to, you know, the practitioners who really in turn have to react and respond, cyber practitioners, defenders in this case, or their, um, management teams who are the ones who actually have to make the trade offs in terms of investment decisions or the boards. When they ask, you know, how did you come up with this number? You now have a defensibility. You can actually say this number is this number because here is the data that actually went behind it, and thereby, this data is actually then supports that quantification. And so so let a lot of companies that have actually tried to do this, um, particularly smaller companies, but but without a a a strong, um, access to the threat data and that, um, and that, um, what what we call, uh, the the asset and the and the control data, we believe that, um, you know, it could be garbage in, garbage out. You you you see what I’m saying? And that’s really where it becomes very indefensible. And so so we we have taken the approach that number one, it is data driven. Number two, it has to be, you know, it’s not something that you can actually use. Algorithms are such that today, it has to be machine based. Um, and this is why we actually applied machine learning, um, AI from pretty much day one, way before people start talking about AI in the last year or two years with the generative AI and all the, um, hyperbole that exists. Um, we have actually been at this problem for the, uh, you know, last four or five years. Um, and but we started with the data, and we then kind of applied, you know, models on top of the data. Uh, and and then the last but not least, a very important thing here is, uh, the models have to have datasets not only that actually, uh, include the threat, uh, data threat landscape data and also what your company, uh, uh, posture looks like, but also the models need to have, um, a a training data. And and and so what we did over the years was we collected and curated, uh, forty years worth of loss data, the private loss data, um, collected from the insurance companies and from other places where there is a, um, you know, for example, if there was a breach at Target eight years ago, you know, what was not only the breach, but what was the security posture that allowed that breach to happen? Right? And so so that lost data coupled with the threat data that the company faces coupled with the current security posture the company has is really what we use to train the models. And thereby, the models become smarter and smarter and then also have a better precision. And so that, we believe, is actually the key to making sure that the risk quantification has both precision and credibility. And we if and if you do that and if you apply that the learnings of that to really then come back and say, here is where my gaps are. Here are the the most important gaps you need to first address, and thereby, here is the things that you need to prioritize. Now I can go to the cyber defenders, security operations teams, um, and or the the the security teams in general and say, look. This is what you gotta fix first. You may you may have 10 priorities, but here is the top priority that you gotta do. Right? And then I can also then go to c staff, c level executives, and say, here is why you need to invest when the security teams come and ask you for this. And then I can also go to the boards and the audit committees in the boards and say, here is your loss exposure right now, and here is how we’re actually mitigating this loss. And here is how you can sleep well. Right? And so on. So Log in. Log in.

Gary Milievsky:
It’s no. That’s amazing. Uh, defensible risk quantification. If we drill down a little further, uh, the ThreatConnect platform really, I would assume, for the cyber first responders for resiliency, accelerates the meantime to detect, speeds things up in detection and response?

Balaji Yelamanchili:
Yes. I mean, ultimately, it’s, uh, it it does boil down to couple of those metrics, whether it’s MTTD, MT MTTR, etcetera. But it’s also, um, not about, uh, detection and the response. It’s also prevention. Right? It’s all in other words, it’s proactive and reactive. It cannot always be reactive. And and and that doesn’t I mean, we all know that however much we do, we still have to respond or react when things happen, and so we wanna be efficient. But to great extent possible, if you can actually be proactive in in, uh, in making sure that you identify your most important assets, both business assets and also the technical assets that actually hold those business assets. And you identify, you know, the most important exposures and the vulnerabilities of those those assets. And then you make sure that you have proper controls. And those controls are configured properly on an ongoing basis and continuing to be refined, then your loss exposure continues to be lower and lower. Right? And so the measurements around that is as important as the measurements around detection and the response. And so so we we continue to feel that our the best way to look at threat connects, effectiveness, not efficiency, but effectiveness, has to be both based on the proactive metrics, but also the reactive metrics.

Gary Milievsky:
Absolutely. You you allow companies to take more risk, uh, and grow their businesses, which expand the the the risk posture by, as you say, get proactive and and increase their resiliency against the latest threats.

Balaji Yelamanchili:
That’s right.

Gary Milievsky:
Yeah. And and I assume you’ve got plug ins for everything. You’re easily integrated and deployed. How quickly can we get up and running with ThreatConnect?

Balaji Yelamanchili:
Yeah. No. That’s a that’s a another very important question because we what we do requires us to sit at the intersection of a large ecosystem. Right? Because we don’t sit in isolation. As I said at the beginning, we are the we are the last mile solution. In order for us to be a last mile solution, we have to integrate and operate within an existing ecosystem with all the tools and technologies that the companies actually deploy. And so the integrations become the most important thing for us. Um, and so we spend a lot of our r and d dollars in making sure that not only we can integrate broadly across a broad range of, you know, cybersecurity stack. Right? Whether that is endpoint security, network security, web security, application security, developer security, etcetera, etcetera, but also, you know, security operations tools like SIM, MDR, NDR, EDR, SOAR, etcetera, etcetera. So we spend a lot of time, and we also integrate to the external threat threat data. We also integrate to a lot of the risk, um, data that as I mentioned earlier. Um, so so we we actually, number one, do a lot of time and make put a lot of time and effort on r and d to to broadly integrate to them, but also deeply. So the breadth and the depth is very important for us. Um, and we can do that through brute force. And so we spend a lot of time and effort, including right now, today, applying, uh, taking advantage of some of the, uh, AI related, um, work. I mean, like, for example, in the past when we did the integrations, you know, we all did integrations through the APIs. But but in addition to doing the API, you have to have, um, data mappings properly done. And in the past, we would use business analysts on both sides to do the data mapping, hard coding. I mean, you know, here is the scheme on this side. Here is the scheme on our side. How do you really map those schemas? But today, we can actually teach an AI model to kind of learn the schemas on this side and the schemas on this side and then actually do an automated mappings, etcetera. So we continue to innovate in our integration r and d. Um, and and by doing that, what we do is when we actually try to deploy to a customer, all we do is we ask the customer for the, um, the tokens required to kind of connect to those their APIs to their systems that they selected, and then often go with run. And so we’re talking a matter of days, not matter of months, not matter of years to kind of get it get ourselves up and running. Um, and then as soon as we kind of connect to these systems, um, the data starts getting populated into our system, which in turn is then used, um, to kind of get to our models. And then our models actually then start providing very, very useful insights right off the bat. We provide out of the box things like what’s your existing threat landscape looks like, okay, based on your firmographic information, you know, about your company. Um, we provide, out of the box, a number of dashboards. We provide even connectors from playbooks and the automations that we do we provide for the response and the remediation. And then we actually provide a lot of the datasets that we, um, we use to kind of provide you with the risk posture that you may actually have more out of the box. And we can do this in a matter of days and weeks as opposed to months and years because of all the work we need to put in r and d that I mentioned earlier, but also always trying to stay on top of the latest technologies and advancements like what we see with the AI today.

Gary Milievsky:
What an amazing threat and risk intelligence platform you’ve put together. Yeah. Easily deployed, uh, connecting to what is so important. It’s all these sources of noise and to find the needles in the haystack before you get breached proactively. Balaji, is there anything we haven’t covered that you’d like to share with our viewers and listeners?

Balaji Yelamanchili:
Well, I I think, uh, maybe a good way to wrap it up is this. Right? I mean, we kinda think the world in the context of the defenders and the attackers. Right? And and for us, really, it’s all about as a defender, how do you maintain your advantage? Um, you know, the attackers have their advantages. Right? Obviously, uh, and there is also the saying that people always talk about. The attackers have to get it right once, where the defenders have to get it right every time. Right? And, uh, and so so and and then in the midst of all of this, um, we as a, uh, human race, we we do not wanna be slowed down by the attackers and the defenders. Um, we wanna continue to innovate, whether that is um, digitization, cloud, AI today, etcetera, etcetera. All these things are to kind of continue to empower the human race, continue to empower businesses to do better and cheaper and, uh, um, more innovative ways. And so we do not want to slow them down. We do not wanna slow the businesses. And so so our you know, philosophically, where we come at it is what can we do to help the defenders to maintain that advantage while the attackers have their advantages? How do we make sure that that exposure gap is continues to be as small as possible for the defenders? And and to do that, we believe that fundamentally comes down to a strong understanding of their landscape, both external threat landscape and the internal risk landscape. Right? And, uh, and and by making sure that that gets overlaid properly on top of their infrastructure, on top of their security stack, we feel, um, that we think that we can actually help the defenders maintain their advantage. And if we can do that, right, we have done our job, we feel, because we’re coming in and saying, how do you get the best out of what you did and do it in a way where you can continue to innovate your business?

Gary Milievsky:
Balaji Yelemanchili, the CEO of ThreatConnect, you heard it here first. Folks, he’s given you great advice. Get threat connected one step out of the latest threats with risk and threat intelligence quantifiable that really matters and defendable so that you can grow your business and reduce risk with cyber resiliency. Get that today, and then come back next time for another exciting episode of Cyber Defense TV.

Automated Voice:
Cyber Defense TV and Cyber Defense Radio have launched 24 by seven by three sixty five live streams. Visit them online today at cyber defense dot TV and cyberdefense.radio with your host and globally recognized cybersecurity expert and my good friend, Gary Milievsky.

 
Yelamanchili views cyber threat landscape and cyber risk management as two sides of the same coin. The objective is to protect digital assets against potential cyber attacks. To do so effectively, businesses need not only advanced tools and technologies, but also an understanding of their unique cyber threat landscape and business-related risks. The latter includes implications of potential data breaches such as financial, reputational, or regulatory risks. 

Understanding these two aspects – the cyber threat landscape and internal risk –is vital in making the best out of investments in cyber defenses. According to Yelamanchili, ThreatConnect focuses on helping businesses maximize their return on such investments.

When it comes to managing cyber risk, Yelamanchili notes quantifying risk is vital. However, risk quantification must be based on comprehensive and accurately mapped data to avoid the issue of “garbage in, garbage out.” Instead of a manual approach, machine-based models trained with a diverse range of data – threat landscape information, the company’s current security posture, and curated loss data – offer better precision and credibility. This data-driven approach gives businesses a clearer picture of potential risks, enabling them to prioritize mitigating measures. 

The goal of ThreatConnect’s last-mile solution is not just about enhancing detection and response time, but also increasing businesses’ proactive measures to build resiliency against cyber threats. By staying on top of companies’ threat landscapes and varying risk factors, Threat Connect helps businesses remain on the front foot against potential attacks.

Easy deployment and integration are other critical features of ThreatConnect. As a solution designed to operate within existing ecosystems, it can connect to a broad range of cybersecurity tools and technologies. The use of automated data mapping, in a matter of days, hastens the deployment process and maximizes resources.

ThreatConnect aims to provide defenders with an advantage in a landscape where attackers theoretically only need to get it right once, and defenders need to get it right every time. By ensuring a strong understanding of the external threat landscape and internal risk landscape, businesses can make the best out of their cyber defenses and continue innovating without slowing down due to cyber threats.