Ramprakash Ramamoorthy, Director of AI Research, ManageEngine chats about the industry shifts around security and data affecting modern CISO roles in this catch-up with CIO Influence:
____________
Tell us in brief about ManageEngine’s journey in SaaS and IT and about the latest product enhancements being introduced to end users?
ManageEngine began its journey into SaaS as the IT management division of Zoho and has steadily grown to help businesses manage their IT operations more efficiently, securely, and flexibly. With a strong in-house R&D foundation, we’ve built over 60 enterprise IT products spanning IT service management, operations, security, and analytics.
The vision behind this journey has been to empower businesses to work better from anywhere. Our solutions are designed with contextual integrations and flexible deployment modelsโacross cloud, on-premises, and MSP environmentsโto meet diverse enterprise needs.
Also Read:ย CIO Influence Interview with Dhanesh Pai, VP of Engineering at PrimeSoft Solutions
Our latest enhancements bring the power of generative AI into observability and IT operations. With generative AI, users can interact through ChatOps to get real-time insights, navigate features effortlessly, and receive contextual help. It simplifies root cause analysis, breaks down exception logs and thread dumps, and summarizes key reports to highlight patterns and issues. With knowledge graph integration in Site24x7 and the ongoing development of agent-based support in ServiceDesk Plus, we’re delivering deeper intelligence to everyday IT workflows.
How can modern CISO’s and security teams work more collaboratively to reduce security threats and risks given today’s modern day threat issues?
CISOs and their security teams need to collaborate closely to establish strong, unified security frontiers. Over the years, their roles have shifted from reactive responders to proactive and strategic enablers, supported by AI to secure endpoints and data at scale.
AI cannot exist in silos and neither can the CISO. Security practices must be implemented across all departments, from HR to Legal. A coordinated approach between CISOs, DevSecOps, and security teams is critical, as security needs to be embedded throughout the product life cycle, from design to deployment.
Code reviews by DevSecOps, compliance checks by security teams, and staying up to date with central cyberthreat resources, such as Information Sharing and Analysis Centers (ISACs), can help keep threats at bay.
How is AI enhancing security protocols across the board, a few examples from recent threat activities you can call out?
AI is significantly enhancing security protocols through an adaptive and proactive approach. By analyzing massive datasets in real time, AI can detect emerging threats before they escalate. It identifies and predicts vulnerabilities likely to be exploited and, during security incidents, can isolate affected systems and block further malicious activity.
With its adaptive thresholds, AI continuously learns from user and network behavior to flag anomalies, including zero-day attacks that traditional tools often miss.
However, attackers are also leveraging AI to increase the sophistication of threats. Many phishing emails crafted with AI now sound highly convincing, making credential theft more successful. Deepfakes are used to impersonate senior executives through realistic voice and video, tricking employees into authorizing fraudulent actions. Some malware now uses AI to rewrite itself and evade detection. This underscores the need to use AI defensively to combat AI-driven threats.
What tips and best practices would you share when it comes to automating least privilege policies?
Automating least privilege policies should be done right to avoid workflow disruptions and security incidents. To begin, implement role-based access control (RBAC), which simplifies access management by assigning permissions to roles rather than individuals.
Also Read:ย CIO Influence Interview with Daniel Spurling, SVP, Product Management at Teradata
For flexible and rapidly changing environments, use policy-based access controls to automate who can access what, based on criteria such as their role, department, and the sensitivity of the data. Integrating tools such as identity and access management (IAM) and privileged access management (PAM) ensures access is granted or revoked automatically, while reiterating least privilege rules across cloud, SaaS, and on-premises environments.
Continuous monitoring and auditing help maintain detailed access logs, support compliance, and enable early detection of anomalies. Least privilege policies require ongoing review and adjustments to respond to emerging threats and organizational changes.
What are some of the common security lags affecting modern IT and Security teams?
Common security lags in modern IT and security teams often stem from outdated practices, siloed operations, and limited visibility. According to theย World Economic Forum, globally, 54% of large organizations state that in supply chain management, they lack visibility into the security practices followed by their vendors, which increases risk exposure.
Moreover, the rise of generative AI has also contributed to a 42% increase in phishing and ransomware attacks, further fueled by deepfakes and sophisticated AI-driven phishing campaigns. Maintaining consistent security policies, timely patching, and real-time monitoring across hybrid environments remains a persistent challenge.
Fragmented and outdated cybersecurity regulations across departments complicate compliance efforts and drain security resources, widening governance gaps. Finally, a critical shortage of cybersecurity professionals with adequate training continues to hinder many organizations, leaving them under-prepared to respond to evolving threats.
A few thoughts on how the future of CISO roles and IT team structures will play out as AI becomes more critical to these workflows?
As AI becomes more central to cybersecurityย and IT operations, the CISOโs focus will need to shift toward developing strategies for AI-integrated security systems, requiring a blend of technical expertise and business acumen.
IT teams will become more cross-functional, working alongside cybersecurity, DevOps, and data science teams to manage and govern AI tools effectively. Routine tasks like patching and monitoring will be automated, freeing up teams to focus on threat analysis, incident response, and AI system training.
CISOs will shift more towards following governance rules, managing risks, and aligning security initiatives with business objectives, while AI supports compliance audits and vulnerability assessments. With more AI regulations that emphasize transparency and accountability, CISOs will also be responsible for ensuring that AI systems are explainable, auditable, and ethically deployed.
[To share your insights with us as part of editorial or sponsored content, please write toย psen@itechseries.com]
Thank you, Ramprakash, for sharing your insights with us.
Ramprakash Ramamoorthy leads the AI and blockchain efforts for ManageEngine, a division of Zoho Corporation and a leading provider of enterprise IT management solutions. He is in charge of implementing strategic, powerful AI features to help provide an array of IT management products well-suited for enterprises of any size. Ramprakash is a passionate leader with a levelheaded approach to emerging technologies, and a sought-after speaker at tech conferences and events.
