Co-founder, Airgap Networks
Founder · Engineer · Zero Trust
Ritesh Agrawal
He spent almost two decades making networks faster. Then he quit to assume every device on them was already infected.
He spent almost two decades making networks faster. Then he quit to assume every device on them was already infected.
Ask Ritesh Agrawal how many doors your network has, and he will tell you four. Then he will ask why you spent five thousand dollars locking two of them and left the other two wide open.
That question - blunt, slightly annoying, impossible to un-hear - is the whole company. In 2019 Agrawal walked away from a comfortable run at Juniper Networks to build Airgap Networks around a single uncomfortable assumption: every device on your network is already compromised. Not might be. Is. Plan accordingly.
Most security spending goes to the doors everyone can see - the device reaching out to the internet, the device reaching into a private app. Agrawal went after the doors nobody locks: device talking to device, the quiet hallway where ransomware actually does its damage. Stop the lateral movement, and an intruder who gets in finds every other room sealed.
It worked well enough that in April 2024, Zscaler bought the company and made it the foundation of its Zero Trust Branch. Agrawal now runs that strategy as a VP of product management. The four-doors pitch is no longer a startup's contrarian bet. It ships at enterprise scale.
We do not trust any device. Our assumption is that all the devices are infected.
Ritesh Agrawal, on Airgap's Zero Trust IsolationAgrawal's favorite analogy, drawn out. Industry money piled onto the first two. Airgap built for all four - and aimed hardest at the ones left open.
The hard part of zero trust is not the laptop. It is the badge reader, the MRI machine, the factory PLC, the camera in the ceiling - the unmanaged devices that will never accept a security agent and will never get patched. Conventional approaches simply skip them. Agrawal built for them first.
Airgap's microsegmentation is agentless and identity-based: it isolates every endpoint without asking anything to be installed, and authorizes each transaction on its own. The result is a network where lateral movement - the move that turns a single infected machine into a company-wide ransomware event - has nowhere to go.
In 2023 the team folded generative AI into the core of that architecture with ThreatGPT. Because full microsegmentation already gives you a complete picture of assets, traffic, and history, the model has unusually rich data to learn from. The intelligence rides on the segmentation, not bolted beside it.
Treat every device as hostile. Authorize every transaction. Allow no unauthorized lateral communication. The breach gets in and finds itself alone in a locked room.
Zscaler made Airgap the foundation of Zero Trust Branch - extending agentless, identity-based segmentation across LAN environments without the usual rip-and-replace.
If you have four doors and bought $5,000 locks for two doors and the remaining two are unlocked, I would rather distribute $500 on locks for each of the four doors.
Ritesh Agrawal, VentureBeat Q&AGetting zero trust strong needs to start by applying microsegmentation to every network endpoint at scale.
Ritesh AgrawalA non-profit Agrawal co-founded to back and mentor early-stage founders - turning his own path into a runway for the next set of builders.
Before critical-infrastructure defense, an earlier co-founding stint. The founder instinct showed up long before the security one.
A regular voice at industry conferences on networking and cybersecurity - the four-doors analogy gets a fresh audience each time.