From crisis to constant: How CISOs must adapt to AI-powered cyber threats

Fortinet’s Vishak Raman urges CISOs to adopt AI-driven, integrated platforms for predictive, resilient cyber defense.

As artificial intelligence transforms both cyber offense and defense, Chief Information Security Officers across India and Southeast Asia find themselves at the epicenter of an unprecedented security evolution. The traditional reactive approach to cybersecurity is rapidly becoming obsolete, replaced by an urgent need for predictive, intelligence-driven strategies that can counter AI-powered attacks, such as deepfakes, polymorphic malware, and automated reconnaissance.

At the forefront of this transformation is Vishak Raman, Vice President of Sales for India, SAARC, SEA & ANZ at Fortinet, who brings a unique perspective on navigating hybrid cloud environments, Zero Trust architectures, and evolving regulatory frameworks, such as India’s Digital Personal Data Protection Act.

In this exclusive interview, Raman shares critical insights on the most pressing cybersecurity challenges facing modern enterprises, from managing fragmented security tools across multi-cloud environments to transforming Security Operations Centers through intelligent automation. With cyber threats becoming increasingly covert and coordinated, his vision for platform-based security solutions offers a roadmap for organizations seeking to build adaptive, resilient defenses in an era where cyber risk has evolved from crisis to constant.

CISO Forum: How is Fortinet leveraging artificial intelligence to proactively detect and mitigate emerging threats such as deepfakes and AI-driven cyberattacks?

Vishak Raman: AI is no longer just a capability — it’s becoming foundational to both cyber offense and defence. At Fortinet, we’ve embedded AI across our platform to help customers detect, prioritize, and respond to threats in real time. This includes stopping AI-powered attacks, such as deepfake-driven fraud, polymorphic malware, and automated reconnaissance, which are growing at an alarming rate.

Our FortiAI capabilities are built into the Security Fabric, so instead of relying on isolated tools, we offer an integrated approach that spans prevention, detection, response, and learning. Whether it’s tracing the origins of an attack, reducing false positives, or strengthening API and SaaS security, our AI works across the environment to improve protection and resilience.

AI is no longer just a capability — it’s becoming foundational to both cyber offense and defence.

CISO Forum: What are the most critical cybersecurity challenges facing CISOs in managing hybrid and multi-cloud environments today? 

Vishak Raman: Hybrid and multi-cloud environments offer agility, but they also introduce complexity, and that’s where the biggest cybersecurity challenges emerge. CISOs are grappling with fragmented security controls across different cloud providers, inconsistent visibility, and the operational burden of managing multiple tools that don’t speak to each other.

Misconfigurations remain a top concern, often resulting in the unintended exposure of critical assets. Meanwhile, the speed at which cloud services are spun up — sometimes outside of IT’s direct control — makes governance even harder. Add to that a flood of security alerts from disconnected systems, and security teams quickly face burnout and blind spots.

What’s needed is a platform approach that consolidates these fragmented tools and provides unified visibility and control across all environments. Fortinet’s cloud-native platform brings security, networking, and AI-powered intelligence together — helping organizations detect, prioritize, and respond to threats faster, while keeping pace with the scale and speed of modern development cycles.

CISO Forum: In what ways can CISOs transition from reactive security practices to a predictive, intelligence-driven approach to threat management?

Vishak Raman: To move from reactive to predictive security, CISOs need to shift from siloed point solutions to an integrated platform strategy — one that’s built on AI and automation. The volume, speed, and sophistication of today’s threats make it impossible for manual processes or disconnected tools to keep up.

By consolidating their security stack and embracing AI-powered solutions that work across the network, endpoint, cloud, and identity layers, CISOs can detect anomalies earlier, reduce false positives, and respond faster. The goal is to build a security infrastructure that not only detects more but also learns and adapts in real-time, turning intelligence into immediate action. Convergence and automation enable lean teams to stay ahead of complex, multi-vector threats.

Hybrid and multi-cloud environments offer agility, but they also introduce complexity — and that’s where the biggest cybersecurity challenges emerge.

CISO Forum: How mature is the adoption of Zero Trust architectures across India and Southeast Asia, and what common pitfalls should security leaders be aware of? 

Vishak Raman: Zero-trust adoption is accelerating, especially with hybrid work and distributed applications becoming the norm. But maturity levels vary. Many organizations underestimate the complexity of enforcing Zero Trust across cloud, on-prem, and SaaS environments — or try to implement it piecemeal with disparate tools.

The key is integration. At Fortinet, we’re helping organizations converge networking, access, and security into one fabric, making it easier to enforce least-privilege policies consistently. Without this convergence, Zero Trust can become a buzzword rather than a functional security posture.

CISO Forum: With increasing regulatory requirements such as India’s DPDP Act, how can CISOs effectively align their security strategies with evolving compliance demands?

Vishak Raman: Regulations are a strategic opportunity to strengthen the resilience of individual organizations and the entire industry. India’s DPDP Act underscores the importance of data stewardship, risk management, and visibility across digital operations. For CISOs, this is an opportunity to align compliance with broader resilience goals.

We see organizations increasingly using compliance as a springboard to modernize processes, from automating data protection to tightening identity access controls. Fortinet’s integrated platform helps simplify audit readiness while embedding security into business workflows, ensuring teams stay both secure and compliant.

CISO Forum: What role does automation play in transforming Security Operations Centres (SOCs), and how should organizations balance this with the need for skilled human analysts? 

Vishak Raman: Automation plays a critical role in modernizing SOCs — not by replacing human analysts, but by helping them scale. Most organizations today face a dual challenge: a growing volume of alerts and a shortage of skilled cybersecurity talent. In India, for example, only 13% of IT staff are focused on cybersecurity, and just 6% of organizations have specialized SOC teams.

That’s where automation becomes essential. Fortinet’s AI-powered SecOps capabilities — including automated threat detection, triage, and response — have helped reduce incident response times by up to 99%, according to ESG’s economic validation. One customer reduced time spent on incidents by over 200 person-hours per week, while improving accuracy and threat coverage.

This doesn’t eliminate the need for skilled analysts — instead, it allows them to focus on high-value investigations, threat hunting, and strategic decision-making. The future SOC is not just about more tools or more people — it’s about smarter, integrated operations that combine human expertise with machine-driven speed and precision.

CISO Forum: Looking ahead to 2025, what key priorities should CISOs focus on to defend against persistent and multi-vector cyber threats?

Vishak Raman: In 2025, CISOs will need to rethink their priorities as cyber threats become more covert, complex, and coordinated. The attack surface is expanding rapidly, with AI-generated phishing, supply chain compromises, cloud misconfigurations, and IT/OT convergence all presenting significant risk. These aren’t isolated events anymore; they’re part of multi-vector campaigns designed to bypass siloed defences and exploit blind spots across infrastructure layers.

To stay ahead, CISOs must prioritize reducing fragmentation and accelerating detection and response. That starts with consolidating vendors to simplify operations and close integration gaps. AI-powered platforms that can correlate signals across endpoints, networks, identities, and cloud workloads are becoming essential. Identity security, SASE adoption, and cloud-native application protection are all emerging as strategic investment areas.

Additionally, visibility into OT environments is becoming increasingly crucial. As cyberattacks extend into physical systems, organizations need tools that can monitor and secure industrial networks with the same rigor as IT environments. The overarching goal is to build an adaptive, intelligence-driven security posture that’s built for scale, speed, and resilience — because in today’s environment, cyber risk is no longer a crisis; it’s a constant.

CISO Forum: How does Fortinet’s acquisition of Israeli SaaS security firm Suridata enhance its AI-driven threat management capabilities, and what implications does this have for the integration of advanced SaaS security solutions within the Fortinet Security Fabric?

Vishak Raman: Suridata strengthens our Unified SASE portfolio by providing deep visibility and control over SaaS applications, which remain a significant blind spot for many organizations. As more businesses adopt SaaS-first strategies, SSPM becomes essential for managing misconfigurations, enforcing policies, and detecting risks at scale.

Suridata’s AI-driven SaaS Security Posture Management integrates seamlessly into the Fortinet Security Fabric, enhancing our CASB capabilities and ensuring consistent protection across users, apps, and data. This is a strategic step in our commitment to deliver end-to-end, platform-based security for today’s hybrid enterprises.