Live from RSAC 2026, Rajesh Khazanchi, CEO and Co-Founder of ColorTokens, joins CyberRisk TV to discuss how security leaders are approaching breach readiness in an AI-driven threat environment. The conversation is part of the RSAC coverage distributed across CyberRisk Alliance platforms, including SC Media.
Rajesh focuses on how AI has accelerated intrusion cycles and reduced the effort required to exploit modern environments. He focuses on what happens after initial access, specifically how far an attacker can move and what determines whether that movement leads to business disruption.
He examines the gap between perceived resilience and actual operational readiness. Many organizations have invested in detection and visibility, but lack the ability to quantify exploitability, restrict lateral movement in real time, or isolate compromised systems without affecting operations. This gap directly translates into measurable business risk.
Breach readiness is outlined as an operational discipline. It includes enforcing least privilege through microsegmentation, isolating compromised assets quickly to reduce Mean Time to Contain, and continuously adapting security policies using AI-assisted recommendations aligned to evolving environments and threat intelligence.
He also explains how microsegmentation changes the outcome of an attack. By limiting east-west movement and enforcing granular controls across workloads, organizations can reduce blast radius, protect critical systems, and maintain operational continuity during an incident.
If you are a CISO, security leader, or architect navigating AI-powered cyber threats, this session provides a clear, operational perspective on how to move from detection-driven security to measurable risk reduction through breach readiness, containment, and resilient architecture.
If you are heading to RSAC 2026, visit us at Booth 1933 to explore how breach readiness is operationalized across your environment.
Doug White: Welcome back to Day to RSAC 2026. I’m Doug White, and joining me today is Rajesh Khazanchi:. Yeah, I got it on the second try of the CEO and cofounder you at color tokens. It’s great to have you here. Thank you for having me. We were talking while we were waiting a little bit and it was so awesome because, uh, this, the topic here was, was about breach readiness for measurable risk reduction in the age of ai.
Doug White: And there are so many things in that title.
Rajesh Khazanchi: Yes.
Doug White: I think we could talk about every word of that title for about an hour a piece and still not be done. But I, we’re gonna try to do it in a, in a little, in a short format. Um. I know that your company, you focus on breaches and about helping people try to manage this process.
Doug White: I mean, what, what is the impact right now for CISOs around breach?
Rajesh Khazanchi: See, very significant. I’ll just, uh, tell you in the last five years, people are starting to realize that breaches are inevitable. Some ignore employee clicking on something gets compromised. Um. Third party vendors, external parties coming in very, very difficult.
Doug White: Mm-hmm.
Rajesh Khazanchi: Uh, to really contain that part.
Doug White: Yes,
Rajesh Khazanchi: you can be, you can have a very good hygiene, you can be secure and you can have the best in class products, but at the end, one small mishap can actually bring in catastrophe. Our philosophy is that if and when, if attack happens, how do you make this a small incident rather than a business cata.
Rajesh Khazanchi: That’s our core philosophy. So being breach ready means that as an organization, if and when a breach happens, then how do you make sure that you have a containment philosophy? You have an isolation philosophy, that, that it just becomes one single entity that is compromised. Mm-hmm. And you make sure that rest of the ecosystem, uh, is not compromised and that core technology is microsegmentation.
Rajesh Khazanchi: Okay. Be it on the data centers, be it on the cloud infrastructure, be it on applications, or be it on OT devices, be it on plants, manufacturing sites or grid stations, nuclear stations. Mm-hmm. And we just want to give a one single platform where customers can really feel that they have a platform where they can actually isolate these particular breaches.
Doug White: Okay.
Rajesh Khazanchi: That’s the core philosophy. Okay. Now. Obviously in the beginning you have, um, basic hygiene. You don’t want to have flat networks. You wanna make sure that your, your wheel lands, your subnets are completely secured. But today, if you look at most of the organizations, they have firewalls. They do a good job, not bond traffic.
Rajesh Khazanchi: They have detection response. They have, you know, EDR technologies like CrowdStrike, Sentinel, defender, you know, all these technologies. And then they have, you know. SOC knock operations to mm-hmm. Look at all the alerts and notifications. Right. Then they have cloud security solutions. Right. And then they have SASS e architectures, which is like to the tune of the common SASS e vendors.
Rajesh Khazanchi: Right. But attacks is still happening because anytime a compromise happens, they get inside, then they have. Unfettered access. Yes. Within the networks.
Doug White: Right.
Rajesh Khazanchi: And our job, our focus is how do we make sure that they don’t have unfettered access? If a particular application or a user has to connect to something, they only have grant access to that and nothing else.
Rajesh Khazanchi: Okay. So things that they don’t need to know.
Doug White: Mm-hmm.
Rajesh Khazanchi: They just don’t have access to that.
Doug White: Makes
Rajesh Khazanchi: sense. And the whole philosophy is microsegmentation there.
Doug White: I mean, I mean I think that that’s emerged out of the Zero Trust, you know, concepts. Yes. The core of
Rajesh Khazanchi: Zero Trust.
Doug White: Do you think there’s been a shift? I mean, when I first started doing that kind of thing with the disaster stuff, the general attitude from a lot of upper management was, this doesn’t apply to us.
Rajesh Khazanchi: Mm-hmm.
Doug White: And it did shift to, does this apply to us? To now, I think most people are acknowledging that this does apply to us.
Rajesh Khazanchi: Yes, there’s been a big tectonic shift in the last five, six years.
Doug White: Mm-hmm.
Rajesh Khazanchi: And predominantly a lot of the attacks are sophisticated attacks.
Doug White: Right.
Rajesh Khazanchi: They are not run of the mill. Some configuration change here happened and they entered into the.
Rajesh Khazanchi: Today, attack vectors are actually happening through approved parts.
Doug White: Mm-hmm.
Rajesh Khazanchi: So someone stole someone’s identity, it’s 400 bucks, you pay for an identity stealing and then you can get in. Yep. Previously they used to do DDoS attacks and they used to really try to break the door. You don’t need to break the door, you just get, uh, somebody’s identity and you.
Rajesh Khazanchi: You get in and you are welcome to enter into their networks, and then you can steal that tetro shift. When people see that type, those type of attacks happening, then they say, okay, it can happen to my industry, my vertical, or my company. How do I prevent it? And that’s where this kind of awareness is, is not applicable to, oh, I need to think about it.
Rajesh Khazanchi: Yeah. Then they go into, they double click on it and they say, this can happen to me as well. Yeah. And that awareness we are seeing not only there is an earlier reluctance on the CIOs and CSO saying that, no, not, not applicable to me. Now forget about them. It is about even board is starting to ask them very hard questions, saying that, can you prove it to me?
Rajesh Khazanchi: Can you show it to me? Right. And still there’s a lot of handwaving happening, especially on that front. Right.
Doug White: I mean, I, I think, and, and I’ll see if you agree with this. I think we’re at the point where, so the, the, the things you talked about DDoS attacks and brute forcing and all these things that we used to teach people to look for.
Doug White: Yes,
Rajesh Khazanchi: yes.
Doug White: Which they should still look for.
Rajesh Khazanchi: Absolutely.
Doug White: But when I teach intrusion detection, a lot of the stuff there relies on this kind of overt
Rajesh Khazanchi: Yes.
Doug White: You know, somebody’s banging on the wall and you’re listening for the bangs and going, somebody’s at outside. Yes. You need to be worried. That has shifted to this very subtle Yes.
Doug White: Under the waves kind of thing. Should we just go ahead and assume now that we are going to be breached?
Rajesh Khazanchi: Your main philosophy should be assume breach.
Doug White: Yes.
Rajesh Khazanchi: And then how do I go about working through that entire path? So case in point, we have a very large supply chain logistics. The only reason they actually picked us, because they have 330 30 service centers across North America.
Rajesh Khazanchi: And their entire philosophy was if one service center gets compromised, they just want to run business as usual.
Doug White: Mm-hmm.
Rajesh Khazanchi: So their 328 or 29 service centers should be functioning completely. So in a connected world. It’ll take you less than five minutes to compromise all 330 service centers. Absolutely.
Rajesh Khazanchi: Less than five minutes. Yeah. So first breach attack to actually laterally moving into other service centers takes literally no time.
Doug White: Yes.
Rajesh Khazanchi: So their entire philosophy was, assume a compromise happens. How do I quarantine and isolate that then and there? That’s why this breach study, construct, and segmentation concept is becoming mainstream.
Rajesh Khazanchi: So assume breach, and then start operating and defining these principles irrespective of what industry you are in. That’s essentially the core philosophy in a way, kind of zero trust as well. They say trust nobody. And then build that entire philosophy of implementing zero trust principles.
Doug White: So, so some of the modern things like this sort of evolving network structure, you know, I mean, there was a time when my breach world was one room.
Rajesh Khazanchi: Yep.
Doug White: You know, okay, a cable fails and all the terminals go down. That’s a pretty simple scenario. Yeah. Everybody hang on, gimme five minutes. I’ll find the cable, replace it. We’ll be back in business. Boom. But now we’ve expanded to cloud and, and other. Prim. Yes. Not just my prim, but somebody else’s prim. And all those things are interrelated and if even one piece of those things fails mm-hmm.
Doug White: In that long chain of this thing, talking to that thing through this thing and those over there, we suddenly see a disaster emerged. That is not as simplistic as these old right old things that we were looking at. How do we deal with that?
Rajesh Khazanchi: Uh, great question, by the way. Um, I’ll give you an example of a hospital chain.
Doug White: Okay.
Rajesh Khazanchi: They came, uh, actually really managed well. They came, they said that they do this exercise once in three months, where they just want to be up and running within 40 minutes. Okay. That’s their cutoff time.
Doug White: Okay?
Rajesh Khazanchi: And they do, they do these particular bread teaming, blue teaming, plug it out and really see.
Rajesh Khazanchi: Wow. How data recovery happens. How, how they can actually bring up the, you know, E-H-R-E-M-R applications up and the maximum time is 40 minutes
Doug White: and they know that,
Rajesh Khazanchi: yes. 40 minutes.
Doug White: That they know that
Rajesh Khazanchi: I, I was so delighted to see that. But during that entire conversation, what happens is if data gets encrypted mm-hmm.
Rajesh Khazanchi: What do you do then? Okay. Let’s say you have storage.
Doug White: Mm-hmm.
Rajesh Khazanchi: You’ve stored the data.
Doug White: Right?
Rajesh Khazanchi: And they store it at a particular frequency.
Doug White: Right?
Rajesh Khazanchi: And they encrypt that data for last two days.
Doug White: Okay.
Rajesh Khazanchi: So they can go back to the D minus one. Okay. Or minus two or minus three, whatever you Right. But then lot has changed the last two days.
Rajesh Khazanchi: Think about it.
Doug White: Mm-hmm.
Rajesh Khazanchi: So then they actually created a technology. They said encrypted data needs to be managed separately. How do I put a double encryption on top of it? The long story short philosophy is you start really looking at each and every element in the cyberspace and say, if this breaks, what happens?
Rajesh Khazanchi: If that breaks what happens? Mm-hmm. And it’s a continuous philosophy. Yes. You can’t actually build a robust cyber practice just saying that, okay, let me have a firewall, let me have detection response. Let me do an application security. And I’m done. Yeah, those are tools. They cannot actually give you a complete security unless, and until you have core design principles.
Rajesh Khazanchi: Mm-hmm. Same philosophy for, um, production, ser production applications and plants. So most of the plants that we go, they say we are isolated because we have firewall in front. I said, how many policies do you have you applied in the firewall? Sometimes it’s thousands.
Doug White: Yeah.
Rajesh Khazanchi: And sometimes it’s any, any somewhere located and you’re done.
Rajesh Khazanchi: You toast.
Doug White: Yeah. I
Rajesh Khazanchi: those and those particular things still happen.
Doug White: Oh
Rajesh Khazanchi: yeah. So how do you apply a core principle philosophy of being compliant, having architectures, which are Purdue models? 6, 2, 4, 4, 3. Compliance on the, you know, production plants. And make sure that you’re consistently running and operating and saying that, let my team now actually think about what if switches are off completely?
Rajesh Khazanchi: What happens then? So you can’t do it on your production environment, but you can mimic certain environments and run these particular exercises. That’s the only way to actually have a robust, and it cannot be, uh, you know. One thing applies to everybody. It has to be industry specific. It has to be like hospitals.
Rajesh Khazanchi: Majority of the attacks in hospitals happen because of unpatched HVAC systems. How do you decouple? How do you really create that architecture, which is it, ot, separation of it, ot, creating environments, making sure your, um, medical device, isolation scenarios are there, ma making sure your radiology is not connected to the main systems so that even if one particular department.
Rajesh Khazanchi: Is compromised. It doesn’t quickly move to the other department. You are just trying to make sure that at a layer by layer, you’re reducing that breach impact and creating it to a unit of one.
Doug White: Right.
Rajesh Khazanchi: That’s all what your philosophy is.
Doug White: No, you, you want it down to the smallest little box.
Rajesh Khazanchi: Absolutely.
Doug White: I mean, it’s hard to get to the smallest little box,
Rajesh Khazanchi: but you are constantly iterating through half.
Doug White: You have to. And, and it, it starts with just what do I have? And a long, there were many companies we talked to that couldn’t even tell me that.
Rajesh Khazanchi: Yeah. I
Doug White: completely agree. You know, I’m like, so what’s connected to your network? And they’re like, um, I think there’s a lab down there. And maybe there was those guys that used to work down in the other building and they don’t even know.
Rajesh Khazanchi: They have no understanding about how the networks are actually, how, I have one more, I have one more comment. Oh,
please.
Rajesh Khazanchi: Like, I’ll give you an analogy of a hotel.
Doug White: Okay.
Rajesh Khazanchi: When you enter into the hotel. And so many people enter into that hotel.
Doug White: Mm-hmm.
Rajesh Khazanchi: Loads and loads of people. Right. How do you make sure that you have a containment philosophy in a hotel, in case of an eventuality?
Rajesh Khazanchi: So you’ll first basically say, let me secure elevators.
Doug White: Mm-hmm.
Rajesh Khazanchi: Then that’s the card readers.
Doug White: Yeah. Then
Rajesh Khazanchi: you say, let me secure floors.
Doug White: Mm-hmm.
Rajesh Khazanchi: Then you say, let me secure. Most critical floors where a lot of people stay. Right? And then you say, let me secure each and every room.
Doug White: Yes.
Rajesh Khazanchi: That’s the core philosophy of segmentation,
Doug White: right?
Rajesh Khazanchi: We are those locks in each and every room in case an eventuality happens and some attack happens. You just want to contain it to one particular room and nothing else. The, and you iterated through, you say, um, elevators, floors. Then certain core ballrooms where hundreds and sometimes thousand people can be there.
Rajesh Khazanchi: Containment, philosophy, going all the way up to one unit.
Doug White: I, I like the analogy. I’m gonna steal it. I mean, I, I think that’s, that’s really important. Another question I wanted to ask you, how, how critical is it for us to not just ask ourselves about these things, but to actually exercise these
things?
Rajesh Khazanchi: Yes.
Rajesh Khazanchi: So I have many examples where I’ve seen. Their questionnaire. Do you have firewalls?
Doug White: Yes.
Rajesh Khazanchi: Yes,
Doug White: of course.
Rajesh Khazanchi: That means you’re covered.
Doug White: Yep, we’re good.
Rajesh Khazanchi: The next level is how many policies have you applied? So
Doug White: Thousand.
Rajesh Khazanchi: Long story short, you, you cannot do without actually ex, you know, proper exercises and experiments.
Rajesh Khazanchi: There’s no way.
Doug White: Yeah,
Rajesh Khazanchi: so I love when people talk about tabletop, but that is one on 10. That’s what I’ll give. I won’t give anything more than that. Tabletop exercise are important. Nice to have, but it’s not gonna help you much. No. You need to get into the philosophy of, let me really understand traffic patterns.
Rajesh Khazanchi: Let me see which system is connected with whom. Why is it connected? Why can’t I have a containment philosophy? Where is it that I can actually isolate these traffics? These are foundational questions for security, and it applies, by the way, it’s a common sense, guys. It’s not complicated. We have made it complicated.
Doug White: Yeah.
Rajesh Khazanchi: It’s just, if you just apply a core philosophy of security, everything that we talk about is common sense.
Doug White: Yeah. It’s just actually getting there and then I think testing it,
Rajesh Khazanchi: executing it. Yeah.
Doug White: Getting to the details. I’ve seen that what you’re talking about, the checklist so many times because I’ve, I literally have just seen that and I, we started saying, okay, do it.
Rajesh Khazanchi: Yeah.
Doug White: You know, just the first item here, like, okay, show me the firewall. Yes. Let, does it work? Wait, is it even plugged in? No, it’s not. Wait, why is it not plugged in? And they’re like, oh, well it didn’t work, so we bypass, you know? And, and I mean, and it’s like, okay, the whole thing is busted from right there.
Rajesh Khazanchi: Correct? Correct.
Doug White: Well, I can certainly talk to you the rest of the afternoon. Uh, unfortunately, uh, I can’t, but, but geez, thank you for joining us so much today. It was my pleasure to get to talk to you. Uh, if you wanna learn more about color tokens, which you should. Uh, please visit security weekly.com/color tokens R sac, and for all of our RSAC 2026 coverage from Cyber Risk Alliant, visit Security weekly, uh.com/r sac.
Doug White: And if you’ll hang around, I got more interviews for you after the breaks, we’ll see you there.
