A non-traditional approach to cyber defense: DruvStar on its expanding capabilities

With new technological advances comes new threats to cybersecurity. So how do igaming companies keep up with a changing landscape? This is where DruvStar comes in.

Speaking with SBC Americas, Manjit Gombra Singh, CEO and Founder at DruvStar, walks us through the launch of several new products and the ways this is enabling gambling operators to combat ever-changing cybersecurity threats.

SBC: First of all, can you begin by telling us about DruvStar’s vCISO Service – how will this help your partners in the igaming industry to strengthen their cybersecurity defenses?

Our vCISO service is a comprehensive cybersecurity solution to establish and strengthen the cybersecurity programs of our clients. The vCISO team provides strategic guidance on cybersecurity, assisting in setting up a robust governance framework and security policies that are customized to defend the clients’ enterprise.

Beyond that, our vCISO service optionally can strengthen operational resilience with Business Continuity preparedness. It includes executive and board reporting, proactive risk management, compliance assurance, and incident response readiness.

In essence, our vCISO service acts as an extension of our client’s in-house team, providing expert support and guidance when and where it’s needed. DruvStar vCISO’s broad range of services enables casinos & resorts, igaming and sport wagering operators and gaming suppliers to proactively address cybersecurity challenges and enhance their overall security posture using the industry’s best practices.

SBC: What are the key benefits to outsourcing your cybersecurity capabilities to a third party such as DruvStar?  

Outsourcing cybersecurity to a specialized entity like DruvStar brings several advantages to the table.


DruvStar has an extensive breadth and depth of cybersecurity expertise across various sectors including gaming, healthcare, government, retail, and sports wagering. With a combined gaming experience of 100 years, we offer an unparalleled view of best practices in the sector. 

Supported by our certified Security Operations Center (SOC) based in Vegas and employing AI/ML-based technologies, provide modern cybersecurity solutions. This expertise is difficult for most organizations to replicate in-house.

DruvStar is the only company which focuses solely on cyber defense for gaming clients. Defending our clients is our sole focus, it’s not a side business, rather it’s our main business.


Maintaining a dedicated fully staffed in-house cyber security department is costly and resource intensive, especially when you account for staff recruitment, training, and retention. By choosing DruvStar’s products, organizations receive a cost-effective alternative without compromising on the quality of service. This model allows businesses to invest their resources in their core competencies, while leveraging premier cyber security services for their business affordably.

Proactive Approach:

Unlike traditional security approaches that focus on reacting to threats, DruvStar takes a strategic and proactive stance on cybersecurity. We work closely with our clients to develop a bespoke cybersecurity program that aligns with their business goals. Our service extends to continuous monitoring, threat intelligence analysis, and proactive data safety measures designed to anticipate and mitigate potential risks before they impact the business. This proactive approach helps organizations stay one step ahead of cyber threats.

SBC: Something you noted upon the launch of vCISO Service is that it is “simplifying compliance” – can you elaborate on this? As more markets open up to a regulated igaming framework, has the world of compliance become too complicated?

Compliance, indeed, has become increasingly complex in the igaming and sports wagering industry, particularly as markets expanded rapidly. This is where DruvStar’s expertise in the gaming industry has helped in developing new technologies and security practices which provide multi-jurisdictional security compliance requirements in an innovative approach.

Most companies today are spending more money to simply stay in place, barely able to meet individual jurisdictions requirements. Forward progress in such a model is very expensive.

Our solutions are multi-jurisdictional, which brings consistency, lowers the cost of providing cyber security while meeting each jurisdiction’s individual requirements.

But our effort doesn’t stop there. As cyber threats rapidly evolve and compliance regulations continuously change, we are likely to implement defenses across multiple jurisdictions faster than is possible using individual jurisdictional approaches.

Our vCISO service includes quarterly reviews of risk register, incident response plan, business continuity preparedness, and executive status. In these reviews, our team of experts identifies emerging threats, assesses vulnerabilities, and provides strategic recommendations tailored to organizations. This continual review and adjustment process ensures clients remain resilient and compliant amidst a changing cybersecurity landscape. 

SBC: What would you say are the most common cybersecurity threats that igaming companies have come up against in 2023?

iGaming and Sports wagering companies in 2023 have continued to face an array of cybersecurity threats, which range from sophisticated phishing attacks and ransomware to DDoS attacks that can bring down their platforms.

The most dominant attack patterns eventually result in a data breach, where data is stolen, and sometimes unavailable even to the owners of the data. These attacks manifest in a ransomware or patron account take-over, often resulting in several million dollars of damage to the clients, sometimes exceeding $4M of cost. Often stolen credentials are used to penetrate or escalate privileges and launch an attack.

During 2022, we found 14,000 security issues, of which nearly 20 were of critical nature and could have resulted in tens of million-dollar losses if those had been left unattended.

SBC: Looking at the DruvStar Threat Insights Product, why is it so important that companies take a different approach to cyber defense depending on the different stages of a business cycle? Does the cybersecurity for a start-up differ to that of a more mature business?

The cybersecurity needs of a startup company are different from that of a mature business. For instance, the threat surface area of smaller companies is very different from mid-size and large organizations.  

Startups need to focus on establishing a solid cybersecurity foundation and tune their approach to the threat surface. Also, we use automation and AI algorithms to create an affordable solution for smaller companies. Mature businesses must focus on operational excellence, scaling their security practices with internal teams and best technologies available on the market. 

Our solution is modular, with a custom observability for networks, endpoints, data, and systems – enabling us to match the Threat Insights product capabilities to the needs of the business.

DruvStar is the only company that has a solution specific for startups in the gaming industry, it’s called Threat Insights for Startups. Similarly, we have Enterprise and Premium versions of DruvStar Threat Insights for larger businesses, tailoring to their large threat surface and exposure.

SBC: Why was now the right time to strengthen the DruvStar Threat Insight Product even further? 

The primary reason is that the digital landscape is constantly evolving, and so are cyber threats.

The US gaming industry has seen more digital products introduced in the past 5 years than in the previous 2 decades. This has caused a massive expansion of the industry’s threat surface area. This includes Sports wagering, iGaming, cashless gaming, digital marketing systems, and casino and resort management systems.

DruvStar is keeping with the evolution in the gaming industry, by strengthening our product portfolio with the addition of the following products:

  • DruvStar vCISO Service
  • DruvStar iGaming Security Assessment
  • DruvStar Data Asset Audit in compliance with ISO 27001
  • DruvStar Threat Insights for Endpoint Detection and Response (EDR)
  • DruvStar Threat Insights for Network Detection and Response (NDR)
  • DruvStar Threat Insights for Startups (MDR)

DruvStar’s expanding product portfolio is attempting to meet the demands that the gaming businesses face in building effective cyber defenses.

SBC: How important is it that igaming companies are carrying out regular data safety audits? 

Given that data is the most precious asset in a business and the bad actors are primarily aiming at stealing an enterprise’s data, the importance of data safety audits for any gaming company cannot be overstated.

DruvStar’s Data Asset Audit service is an innovative product where we use AI/ML algorithms to quickly quantify assets, discover their users and report anomalous and concerning behavior. We are offering our rich and patented DataVision product in the form of an audit to expose hidden data-related risk.

This audit has the additional benefit that it helps meet a multitude of requirements from ISO 27001, GLI33, and PCI-DSS around data access and safety.

The industry is stuck in decades’ old practice of relying on data backups. As is evident from the large number of cyber-attacks and data-breaches, that strategy has proven to be insufficient and has failed.

It’s necessary for an organization to know where their assets are and who is accessing them.  We believe no organization should risk their data and this audit would be the first step for them to get visibility on their risk.