CYBERVAHAK
Comprehensive Cybersecurity Program · Platform-Led · Five-Year Engagement
CYBERVAHAK
CYBERVAHAK
×
TKIL
Cybervahak proposes a five-year engagement, priced on a Year 1 base with a published 9% YoY escalation, that secures TKIL's full operating footprint, corporate IT, multi-cloud, SaaS, and the engineering and plant-floor systems behind your Sugar, Cement, Open-Cast Mining & Bulk Material Handling, and Industrial Boilers & Power businesses. All twenty mandated capability areas are delivered through one integrated security fabric, automating operations and producing the evidence your auditors, regulators, and board ask for on demand.
TKIL Industries Pvt. Ltd., formerly thyssenkrupp Industries India, has been designing, manufacturing, and commissioning industrial plants for nearly eight decades. From a Mumbai registration in 1947, it now spans two large manufacturing campuses, four regional offices, and active project sites at customer plants nationwide. The cybersecurity program below is engineered around exactly this footprint, not a generic enterprise template.
Cybervahak has run baseline assessments across TKIL's IT estate, firewall rule review, network architecture review, end-user device review, Microsoft 365 audit against the CIS Foundations Benchmark, phishing simulation, and a VAPT scoping pass. The phases, quick wins, and targets below are calibrated against numbers we have already measured, not against a generic enterprise template.
Phase 1 of the program closes the largest of these gaps inside the first 90 days. Phases 2 through 4 mature what is in place across the five-year horizon. The commercial in Section 10 is sized to this footprint, anchored on a Year 1 price with a published 9% YoY escalation.
Platforms over people. Automation over headcount. Evidence on demand.
These six convictions were not invented for this proposal. Cybervahak was built around them, and our nine-product fabric is the most direct expression of them in the Indian market. TKIL's cybersecurity posture is engineering-IP-centric, not generic IT security. The fabric is built around protecting engineering intellectual property, proprietary technical assets, critical business knowledge, engineering repositories, and crown-jewel data.
Every governance, operational, and technical requirement in this program is addressed through a deployed platform, never through a pool of analysts running manual processes. Our fabric is the only way we deliver.
Day one of go-live, your team has admin access to every dashboard, can run any report, trigger any workflow, and review any finding without raising a ticket with us.
You get a small, senior team of platform engineers and advisors, not a managed-services workforce. We deploy, tune, transfer knowledge, and stay on as your second-line expert bench.
Every deliverable across the program is platform-generated. No reports assembled by hand. DPDPA, IT Act, ISO 27001:2022, NIST CSF 2.0, the evidence is collected continuously and produced on a click.
MTTD, MTTR, control coverage, vulnerability posture, repeat-finding rates, all auto-tracked from go-live. Year 5 vs Year 1 deltas are inarguable, because the platform produced both.
Plant-floor and engineering networks are addressed only after independent risk and safety assessment, with a non-intrusive monitoring approach throughout, uptime and safety integrity always come before security telemetry.
Each risk has a named vector, a TKIL-specific impact, and the exact fabric components that mitigate it.
A heavy-engineering business with multi-site plants, EPC project sites, deep supplier networks, and crown-jewel design IP has a particular threat surface. Click any card to see how the fabric handles it.
One coordinated attack. Twenty-three platform actions, automated. Four SOC clicks, total.
A concrete walkthrough, a BEC and executive-impersonation attempt against TKIL Finance during EPC milestone month, traced end-to-end through the fabric. Real timing, real components, real outcomes.
09:14 IST, a Tuesday in late May. TKIL Finance is processing the second-quarter milestone payments on a 240-cr cement-plant EPC for a long-standing customer. The CFO is travelling between the Pune campus and a project site. Three weeks earlier, the CFO's personal email password surfaced on a credential-leak forum; Darkweb Breach Guard logged it but no compromise had occurred. An attacker, inside that three-week window, has built a careful payload.
A controlled phishing exercise across TKIL's active mailbox population produced these numbers. HR-themed and authority-fear lures pushed credential submission to 18 to 25%. The fabric components below are sized to that measured behaviour, and to a tenant baseline currently at 36% compliance against the 107 CIS Microsoft 365 Foundations controls.
The sender appears to be the EPC project manager. The message asks for an urgent revised wire of 3.2 cr to a new escrow account, citing "client-direction" urgency. The From-domain reads project.lead@tk1l.com, the digit "1" replacing "i" in TKIL. A forwarded invoice is attached. The tone is reasonable; the pressure is moderate. To the recipient, this is plausible.
Guardian Email Threat Defence analyses the message in flight. A look-alike-domain check fires (Levenshtein distance 1 from a known-legitimate domain). DMARC fails on tk1l.com. Urgency-language and payment-redirection patterns match a TKIL-specific BEC profile we trained on the past 24 months of finance-team-targeted attempts. The email is held in quarantine before reaching the user's inbox.
The email-security event hits Guardian SIEM. Within four seconds the correlation engine pulls in three context signals: Darkweb Breach Guard's three-week-old finding (the CFO's personal credentials on a leak forum), UEBA's 30-day pattern (the TKIL finance team has been targeted by four similar BEC attempts), and the source IP's reputation across the threat-intel feeds. Composite risk score: Critical.
The SOAR playbook executes without analyst involvement: tk1l.com blocked at all four firewalls (Refine pushes the rule via API to Fortinet, Cisco, Palo Alto, and the EPC-site Fortinet); MFA re-challenge forced on the recipient's account; GRC Navigator opens an incident at severity Critical; the SOC distribution and the designated CISO contact are paged via Slack and SMS; Vendor Risk Manager adds the typo-squat to the watchlist for ongoing monitoring.
The TKIL SOC analyst opens Guardian. The full attack narrative is pre-built on a single screen, typo-squat domain, DMARC fail, three-week-old credential leak link, the 30-day finance-team targeting pattern, and a timestamped list of all five auto-actions taken. Two clicks to confirm severity, one click to escalate to legal for the typo-squat takedown via the partner registrar, one click to publish the customer-impact-zero classification to the engagement steering team.
Incident closed in GRC Navigator. The auto-generated CAPA ticket is filed in the same workflow: "Add typo-squat-domain pattern to next quarterly phishing simulation." LMS · Aware auto-enrols the TKIL Finance team in a 12-minute BEC-refresher module, due in 14 days. The evidence vault holds the email, headers, full DMARC report, blocked IP/domain artefacts, and timestamped traces of all five auto-actions, auto-collected, audit-ready. The CERT-In 6-hour reporting timer was not triggered (no data exposed), but a reporting-ready package is retained against future audit.
Without the fabric, this scenario typically plays out across three or four days, three or four teams, and a coin-flip on whether the cross-correlation signals connect. The "₹0 lost" outcome is what the platform-led model exists to deliver, not as a brochure promise, but as the quantitatively measurable result of pre-wiring the response.
A finding in one platform surfaces consistently across every other, automatically.
Each product below is a first-class platform on its own. Together they share the same identity, asset, and risk context, so TKIL teams stop chasing data across consoles. Click any product to see use cases, key features, integration, and the standards it maps to.
Guardian is a modular platform. Clients may begin with a focused module and expand into the full Guardian security fabric over time, calibrated to subscription tier and security maturity.
All twenty native Cybervahak. One vendor accountable for every capability area.
A platform-led program is only credible if every capability area has a named product behind it. Filter by capability domain, search by area or platform, or click any row to see scope and integration approach.
Telemetry from every TKIL environment in. Evidence, dashboards, and decisions back out.
A documented integration architecture is what separates a fabric from a checklist of tools. The high-level view is below; a detailed control-plane diagram with API specifications and authentication mechanisms is provided in Annexure A of the technical proposal.
Visible posture improvement before the first quarterly review.
A four-phase, five-year plan with overlapping execution. Phases 1 to 3 run inside the first 24 months; Phase 4 covers the long-tail Optimise & Mature horizon through Month 60. Each phase has explicit deliverables and shifts more operational autonomy to TKIL teams.
We engineer the platforms. You operate them. Knowledge transfer is contractual.
Two columns below: what we do, and what TKIL does. The line is drawn deliberately. We advise on tuning and emerging risk; your SOC analysts run day-to-day triage on the dashboards we deploy.
Continuous evidence, not point-in-time audits.
Compliance for an Indian heavy-engineering enterprise is not a single framework, it is a constellation. The fabric ships pre-mapped to each one of these, with continuously collected evidence and dashboards aligned to the way auditors and regulators actually ask for it.
Manually assembled reports get stale before they are read.
Every deliverable below is sourced directly from a deployed platform, with analyst commentary added only where interpretation is required. Board readiness, audit readiness, regulator readiness, on demand.
Baselines above are drawn from Cybervahak's pre-engagement assessments of TKIL between Q1 and Q3 2025. They will be reconfirmed in the first 30 days of the engagement and locked as the official baseline in the program steering charter.
Year 1 is what TKIL commits to today. Every subsequent year escalates at 9% per annum, transparently.
A complete platform-led cybersecurity program, anchored on a Year 1 price and a 9% per-annum escalation across a 60-month engagement. The Year 1 figure is the only commitment TKIL makes today; Years 2 through 5 follow a published formula, so there are no hidden renewal jumps. Every line maps to a specific platform or service. Final pricing is firmed in the contracting phase against the TKIL asset and headcount snapshot; the figures below are realistic indicative ranges for a mid-large industrial enterprise.
Three lenses that explain TKIL's Year 1 commitment of ₹8.73 cr to the CFO, board, and customers. The argument is not feature-per-rupee; it is risk-asymmetry.
The choice TKIL faces is not "what should we spend on cybersecurity." It is the same choice TKIL already makes on plant safety systems, fire insurance, and EPC liquidated-damages clauses. You are buying down the right tail of a probability distribution where the bad tail is large enough, and likely enough, to make the trade obvious. The quantifiable upside in Panel B is bonus. The strategic preservation in Panel C is bonus. The argument is the asymmetry in Panel A.
Five years from now, the question will not be "did we commit ₹8.73 cr in Year 1 to this." It will be "are we glad we did, or do we wish we had." An 80, 90% probability says glad.
All figures in INR crore, exclusive of applicable taxes. The Year 1 column is what TKIL commits to today and is the only year priced in this proposal. Recurring components (platform licensing, managed monitoring, assessments, training) escalate at 9% per annum across Year 2 to Year 5. Deployment and knowledge transfer are Year 1 only, with no recurring cost from Year 2 onwards.
| # | Cost component | Year 1 | Year 2 to 5 behaviour | Share of Year 1 |
|---|---|---|---|---|
| 1 | Platform licensing across all 20 capability areas | 6.93 | 9% YoY on Year 1 base | ~80% |
| 2 | Platform deployment, integration & configuration | 0.90 | One-time, Year 1 only | ~10% |
| 3 | Knowledge transfer & TKIL team enablement | 0.20 | Year 1 only; Year 2 to 5: nil | ~2% |
| 4 | Managed monitoring & expert advisory | 0.45 | 9% YoY on Year 1 base | ~5% |
| 5 | Assessments: VAPT, risk assessments, compliance reviews | 0.20 | 9% YoY on Year 1 base | ~2% |
| 6 | Training & awareness programs | 0.05 | 9% YoY on Year 1 base | ~1% |
| Year 1 total | 8.73 | Year 1 commitment, all components | 100% | |
All twenty mandated capability areas, mapped to their platform and Year 1 licensing cost. Year 2 to 5 escalate at 9% per annum on each Year 1 line. TKIL can pick or remove any line; the program scales accordingly.
| Area | Platform · module | Scope | Year 1 cost |
|---|---|---|---|
| 2 · 18 | Cybervahak Guardian · SIEM, SOAR, UEBA | Log ingestion, correlation, automated response, behavioural analytics, threat hunting | 0.83 |
| 3 | Cybervahak Guardian · Endpoint module (EDR) | Endpoint detection, ransomware protection, device control, SOAR-driven isolation | 1.93 |
| 4 | Cybervahak Guardian · Email Threat Defence | Inbound and outbound filtering, sandboxing, DMARC enforcement, email DLP, quarantine | 0.40 |
| 8 | Cybervahak Guardian · Database Activity Monitoring | Query monitoring, privileged-user tracking, anomaly detection, forensic timeline | 0.28 |
| 9 | Cybervahak Guardian · Data Loss Prevention | Classification-driven enforcement across endpoint, network, cloud, email, and collaboration egress paths. | 0.53 |
| Guardian family Year 1 subtotal | 3.98 | ||
| Area | Platform · module | Scope | Year 1 cost |
|---|---|---|---|
| 6 | Cybervahak Refine · Firewall Governance | Multi-vendor rule lifecycle, change simulation, segmentation validation | 0.17 |
| 5 | Cybervahak Refine · Vulnerability Management | Infrastructure and application scanning, EASM, configuration baseline, posture trending | 0.37 |
| 7 | Cybervahak Refine · File Integrity Monitoring | Real-time file monitoring, cryptographic baselining, change-ticket correlation | 0.17 |
| 10 | Cybervahak Refine · Cloud Posture | Misconfiguration, IAM risk, IaC scanning, drift monitoring across multi-cloud | 0.33 |
| 11 | Cybervahak Refine · Container Security | Image scanning, Kubernetes runtime, admission control, CI / CD integration | 0.22 |
| 15 | Cybervahak Refine · Resilience (Backup posture) | Backup job visibility, failure alerting, restore testing, immutable monitoring | 0.23 |
| 16 | Cybervahak Refine · Resilience (DR Orchestration) | Recovery workflow automation, RTO / RPO measurement, drill management | 0.35 |
| Refine family Year 1 subtotal | 1.84 | ||
| Area | Platform · module | Scope | Year 1 cost |
|---|---|---|---|
| 1 · 20 | Cybervahak GRC Navigator | GRC, Privacy Suite, evidence vault, audit workflows, DPDPA / ISO / CIS pre-mapped | 0.33 |
| 12 | Cybervahak Asset Manager | Auto-discovery, classification, lifecycle, criticality, shadow-IT detection | 0.20 |
| 13 | Cybervahak Vendor Risk Manager | Tiering, assessment workflows, continuous monitoring, SLA tracking | 0.13 |
| 14 | Cybervahak LMS · Aware | Role-based learning, phishing simulation engine, human risk scoring | 0.12 |
| 17 | Cybervahak BAS | Scenario orchestration, CAPA tracking, coverage maps, MITRE-tagged scenarios | 0.18 |
| 19 | Cybervahak Darkweb Breach Guard | Credential leak detection, brand abuse, executive monitoring, takedowns | 0.15 |
| Governance, People & External Intelligence Year 1 subtotal | 1.12 | ||
The lean services component. Each card shows the Year 1 cost and how that line behaves across the 5-year horizon: one-time, front-loaded, or recurring with 9% YoY escalation.
Tied to delivery, not calendar. No large upfront commitments.
The fabric is the differentiator. Everything else follows from there.
All twenty capability areas, detection, posture, governance, and resilience, are native modules of the Cybervahak fabric. No OEM licensing dependency, no third-party support escalations, no integration risk between primary platform and bolt-on tools. A finding surfaces consistently across every console because the fabric was built on a shared context graph from day one, not stitched together with middleware. One vendor accountable, one pane of glass, one audit trail.
Guardian reduces tool fragmentation and console fatigue by centralising operations into one application. It acts as the fabric's central command layer for visibility, correlation, response, evidence, and reporting.
DPDPA 2023, IT Act, SEBI CSCRF, RBI master directions, MeitY guidelines, every framework is shipped pre-mapped in GRC Navigator with current control libraries. No quarter-long onboarding to localize policies.
Our Guardian-OT extension uses passive monitoring through SPAN/TAP only, no active scanning of plant systems. We bring an independent pre-assessment partner (Dragos / Claroty / Nozomi as TKIL prefers) to conduct the safety assessment before any inclusion.
By month 12, we commit to having TKIL operators certified on every deployed platform. Our continued engagement after that point is exclusively expert advisory and platform engineering, not operations. This is in writing, with measurable handover criteria.
Our headquarters is in Mumbai, Office 917-918, Ajmera Sikova, LBS Marg, Ghatkopar West. All data stays in India. All response is in IST. All escalations go to a senior who you've already met. No follow-the-sun runaround.
Sugar refineries, cement kilns, mining/bulk-handling fleets, and boiler/power plants each carry their own protocol mix, Modbus, OPC-UA, IEC 61850, IEC 60870, Profinet, and their own safety constraints. Our Guardian-OT extension and pre-assessment partner network are tuned to exactly these verticals, not to generalized "OT" theory.
We are prepared to walk TKIL's evaluation panel through any of the twenty platforms in a live demonstration environment, share customer references in comparable industrial enterprises, and respond to clarifications within one business day.