Inside India’s cyber DNA shift: How behaviour became the new identity

Old-guard security methods, tracking assets via usernames, device IDs, or static IPs, are rapidly becoming obsolete. Today, enterprise environments include a mix of cloud workloads, ephemeral containers, microservices, autonomous scripts, and Application Programming Interfaces (APIs). This diversity and transience undermine any model based purely on identity labels. As a result, Indian organisations are shifting towards behaviour-based profiling, constructing a “Cyber DNA” for each asset. This technique emphasises a system’s actions over its declared identity, improving the detection of anomalies and hidden threats.

Global Perspective Mirrors Local Change

This shift is not unique to India. Mandar Kulkarni, National Security Officer for Microsoft India and South Asia, outlines Microsoft’s global approach. He said, “Security underpins everything that we build and do at Microsoft. In an increasingly cloud-native and connected world, embedding cybersecurity into the very DNA of digital assets is essential. Identity is the new perimeter, and understanding behavioural patterns of users and assets is foundational to effective threat detection.”

Kulkarni notes that Microsoft analyses over 84 trillion security signals daily, establishing behavioural baselines from which deviations are flagged. Technologies like Microsoft Defender, Entra ID, and the Artificial Intelligence (AI)-driven Copilot for Security automate detection, investigation, and response, shifting focus from reactive to predictive measures.

India’s Cyber Threat Landscape Spurs Adoption

India’s expanding digital infrastructure, especially in Banking, Financial Services, and Insurance (BFSI) and government sectors, faces growing cyber risks. In April 2024, Indian Computer Emergency Response Team (CERT-In), Computer Security Incident Response Team – Financial Sector (CSIRT-Fin), and SISA Information Security (SISA) released the Digital Threat Landscape 2024 report. The document highlighted the need for behaviour-based intelligence to detect threats in real time. Additionally, the Reserve Bank of India’s Digital Payments Intelligence Platform (DPIP) was introduced to monitor transaction telemetry and identify suspicious patterns during live flows, early evidence of national-level behaviour-based security. These initiatives reflect an increasing preference for methods that prioritise behavioural insights.

Indian Vendors Build Homegrown Solutions

Domestic vendors are adopting Cyber DNA principles in product design. Honeywell applies behavioural fingerprinting in industrial contexts. Praveen Shetty, VP Engineering for Honeywell Connected Enterprise India, explains, “Each asset’s communication behaviour, protocol use, and traffic patterns are continuously analysed to establish a dynamic behavioural baseline. This solution reveals intent, not just signatures. Maintaining this level of accuracy is a challenge. We use patented machine learning models that adapt to changes while suppressing noise from normal operational variance.”

Shetty emphasises behavioural baseline tracking across both Information Technology (IT) and Operational Technology (OT) systems, aligning with privacy and compliance through encrypted telemetry and Service Organisation Control 2 (SOC 2) / General Data Protection Regulation (GDPR) governance.

At ManageEngine (Zoho Corp), Sujatha S Iyer describes a lightweight AI agent deployed on endpoints to collect telemetry and establish baselines: “Through user and entity behaviour analytics (UEBA), we dynamically map assets and their expected behaviour patterns, enabling us to validate their authenticity and purpose even in transient or ephemeral environments.”

Sectoral Progress and Maturity Gaps

Indian organisations show varied maturity in adopting behaviour-based security. Amit Patil, Senior Director at Publicis Sapient, observes, “Traditionally, security was perimeter-focused. Indian enterprises are increasingly recognising that identity is the new perimeter, and user behaviour is the new signal for trust. BFSI and IT/ITeS (Information Technology / Information Technology Enabled Services) are ahead, with others like manufacturing and retail catching up.”

This assessment is echoed by Vinod V Jayaprakash, Cybersecurity Leader at GDS Consulting, who points to a growing awareness of the limitations of security based solely on perimeter models. He highlights the role of AI and ML (Machine Learning) in identifying anomalous behaviour and notes that GDPR and India’s pending Personal Data Protection Bill are prompting enterprises to adopt behaviour-driven models.

PwC India’s Sundareshwar Krishnamurthy further confirms that highly regulated sectors have made the most progress: “We are witnessing a clear shift among Indian organisations towards identity- and behaviour-driven security, but it’s uneven. Highly regulated sectors like banking, insurance, and healthcare are leading the way. The most effective approaches involve layering behavioural signals onto existing identity systems and integrating these insights with security operations to cut false positives and respond faster to real threats.”

He also points to improved user experience by reducing intrusive checks where behaviour aligns with norms.

Scaling Efforts Beyond Pilots

What began as isolated projects has now become mainstream in India’s BFSI and infrastructure sectors. CERT-In and Ministry of Electronics and Information Technology (MeitY) have initiated training programmes focused on behavioural analytics, dynamic baselining, and adaptive risk modelling. These efforts form the backbone of a public-private framework, supporting the integration of behaviour-based identity into core enterprise security architectures.

India’s National Cybersecurity Strategy (2024–2025) explicitly prioritises telemetry-driven identity models, continuing the shift from perimeter defences to adaptive behavioural monitoring and threat response.

Roadblocks and Balancing Acts

Implementing Cyber DNA in large-scale, production environments introduces significant challenges. Processing massive telemetry volumes requires infrastructure and expertise. Machine learning models must be finely tuned to prevent false positives, and periodic drift in asset behaviour demands ongoing recalibration.

Privacy is another critical factor. Telemetry must be anonymised and used within policy bounds. As Sujatha S Iyer emphasises, “Privacy is built into our approach from day one. Only essential telemetry is collected, strictly anonymised and stripped of any personally identifiable information, minimising unnecessary data movement.”

A New Identity Paradigm

India’s transition towards Cyber DNA reflects a profound shift: assets are no longer defined only by certificates or static labels. They are defined by behaviour. Monitoring “what something does” rather than “what something is” offers a more robust blueprint for cyber defence, especially in hybrid, cloud-native, and fast-evolving environments.

As Indian enterprises continue building these behavioural security models, combining national programmes, vendor tools, and domain expertise, they redefine the perimeter of trust. Assets endowed with digital fingerprints become not just identifiable, but contextually accountable, setting a new benchmark for adaptive security in the digital age.