As cyber threats migrate beyond traditional perimeters into third-party clouds, social platforms, and open APIs, enterprises face a critical challenge: visibility. Setu Parimi, Co-Founder & CTO of RiskProfiler, is at the forefront of solving this complexity through unified external threat exposure management. Combining attack surface monitoring, digital risk protection, and AI-driven automation, RiskProfiler transforms how organizations detect and respond to risks—from deepfake fraud and supply-chain compromises to vendor drift and identity-based cloud abuses. In this exclusive conversation, Parimi unpacks emerging threat trends, the role of intelligence-led defense, and why India’s cybersecurity innovation is commanding global attention.
Co-Founder & CTO
RiskProfiler
CISO Forum: What’s driving the shift toward unified external threat exposure management platforms like RiskProfiler?
Setu Parimi: The nature of cyber risk has changed. Your data now resides in third-party clouds, your brand is active on social media, and your customers complete transactions over open APIs. This external spread has surpassed traditional boundaries. Organizations are also dealing with “silo fatigue.” Multiple tools create fragmented visibility, increase costs, and overlook contextual threats.
Meanwhile, new regulations, such as DORA and NIS2, require continuous supplier monitoring and operational resilience. These factors are pushing a clear shift towards unified external threat exposure management platforms. These platforms combine attack surface monitoring, digital risk protection, and third-party risk management into one clear view. You can’t manage external risk with separate systems. Unification is now vital for clarity and speed.
CISO Forum: How are AI and automation transforming how enterprises detect and respond to cyber risks?
Setu Parimi: AI and automation are transforming cybersecurity from a reactive approach to a proactive one. Today, AI allows for the independent discovery of unknown assets, impersonations, and data leaks. These issues were often unnoticed until after an incident occurred. With correlation models that connect leaks to assets, vendors, and potential damage areas, organizations can understand the impact in real-time. Automation accelerates the triage and takedown processes, enabling quicker resolutions without compromising human judgment. At RiskProfiler, for example, AI reduces the time from “found it” to “fixed it.” This helps analysts concentrate on making decisions instead of performing manual detection.
CISO Forum: What emerging trends do you see shaping the external threat landscape in India and globally?
Setu Parimi: In India, we are witnessing a significant increase in UPI and fintech-related fraud. There has also been a rise in deepfake-driven social engineering, prompting CERT-In to issue a high-severity advisory on deepfakes recently. Worldwide, supply-chain compromises in open-source and JavaScript ecosystems, identity-based cloud abuses, and ransomware targeting healthcare and third-party providers are significant concerns. The message is clear: the perimeter isn’t gone; it has simply shifted outward to your vendors, APIs, and brand presence. As external dependencies grow, continuous monitoring and proactive exposure management have become essential for resilience.
CISO Forum: How can organizations better manage vendor and supply-chain risks in an increasingly interconnected ecosystem?
Setu Parimi: Managing vendor and supply chain risk begins with visibility. Organizations need a unified external risk graph that connects assets, vendors, identities, and data flows. This illustrates how an issue upstream can impact downstream processes. Monitoring leading indicators, such as changes in domain ownership, leaked credentials, and vendor drift, helps identify early signs of compromise. Running “what-if” exposure simulations ensures that budgets are allocated to areas with the highest risks. In a world where a weakness in one supplier can cause widespread disruption, proactive risk forecasting and ongoing vendor evaluation are crucial for maintaining smooth operations.
CISO Forum: In what ways does intelligence-led defence strengthen enterprise cyber resilience today?
Setu Parimi: Intelligence-led defense turns data into actionable insight. By combining external threat intelligence with internal control telemetry, organizations can focus on what really matters: the risks that impact the business. The actual value comes from closing the loop: detect, investigate, act, verify, and report. This process changes intelligence from static information into measurable risk reduction. Ultimately, intelligence-led defense enhances resilience by enabling companies to shift from reacting to incidents to continually validating and improving their cybersecurity posture.
CISO Forum: How do you view India’s growing influence and innovation in the global cybersecurity arena?
Setu Parimi: India is becoming a leader in cybersecurity innovation. The country’s extensive digital infrastructure, from UPI to ONDC, runs at high volumes. This creates complex security challenges and develops world-class expertise to tackle them. With an API-first product culture and a strong talent pool, this environment is producing scalable and affordable security solutions that the world is starting to adopt. India is where security on an internet scale meets talent on an internet scale. Its expanding global presence shows both innovation and resilience that come from scale.
