Cisco Systems Inc. is holding the Asia-Pacific, Japan and China version of Cisco Live this week in Melbourne, Australia, where the highlight was the security news, as the company gave its cyber portfolio a shot of artificial intelligence.
Historically, Cisco and security have had somewhat of an on-again, off-again relationship – like Cardi B and Offset. Sometimes, you think they have it figured out, and then they don’t. This all changed about 18 months ago when the company announced its extended detection and response or XDR strategy and followed that up with its Security Cloud portfolio, which greatly simplifies the deployment of security technology compared with the mishmash that most companies have.
My research shows that enterprise-class companies have, on average, 32 security vendors. This is the average, and I’ve seen some companies with many more than this. I did some work with one of the government agencies, which had more than 200 vendors. One of the engineers there confessed there is so much paranoia around security that they deploy almost every point product from every startup to be more secure. The problem is, with security, more isn’t better, as keeping policies up to date is impossible across dozens of vendors.
This was the problem Cisco had. Although the company could market as a single vendor, its portfolio was a collection of point products. Duo, Umbrella, Talos and others are all great products, but more products do not provide better-in-class threat protection.
The new security leadership, which includes Executive Vice President Jeetu Patel, Senior Vice President and General Manager Tom Gillis and Senior Vice President and Chief Product Officer Raj Chopra, have quickly turned the Cisco Security ship around with its security cloud, comprising three suites. Breach, User and Cloud protection are the core of the strategy and the firewall is foundational to the clouds as it provides much of the data used by the suites.
At Cisco Live APJC, Cisco announced its new AI Assistant for Security, making AI pervasive across the Cisco Security Portfolio. This is critical for Cisco customers as attackers have used AI to stay ahead of businesses. “Our job at Cisco, as is the job of all security vendors, is to ensure that the scale tip in favor of defenders, and AI is the key to that,” Ambika Kapur, senior vice president of security marketing at Cisco, said in a prebriefing.
On the call, DJ Sampath, vice president of product and AI for Cisco Security, talked about the AI Assistant playing three roles – assist, augment and automate. Sampath talked about each of these.
“Assist changes the user experience where they can interact with Cisco Security using a natural language interface enabling our engineers to manage complex systems,” he explained. “With augment, we are creating the ability to add machine-driven insights to human intelligence to detect attacks faster. The automation capabilities can eliminate the mundane tasks an administrator needs to perform, enabling them to focus on more important tasks.”
It’s worth noting that Cisco designed the AI Assistant not to replace security engineers but, as the name suggests, to assist them, make them smarter, and enable them to operate faster. Modern security is largely data-driven, and there is far too much data for even the most seasoned security professional to understand. Machines can, and the AI Assistant makes the data more accessible.
The AI Assistant for Security is being launched within the Cisco Cloud Firewall Management Center and Cisco Defense Orchestrator to solve the monumental problem of managing and maintaining firewall rules. One might think this is straightforward, but I’m unaware of any company that does this well. Administrators create rules because of specific threats or other purposes. Then, another is created, but no one ever eliminates them or checks their validity out of fear something bad might happen.
Administrators can use the AI Assistant to discover policies, eliminate duplicate rules, get rule recommendations and speed up troubleshooting. During the call, Sampath went through a scenario where data was being exfiltrated, and without the assistant, the administrator would need to tweak a bunch of settings. With the AI Assistant, the administrator can request natural language.
Cisco also introduced its AI-powered Encrypted Visibility Engine for all its firewalls. It’s well-known that almost all traffic is encrypted today, which makes the firewall blind to the payload. One option is to decrypt the traffic for inspection, which has massive privacy and compliance implications and is also extremely processor-intensive.
Customers can find malware in encrypted traffic with the 7.4.1 Operating System, now available for the entire Cisco Firewall family. The new capability uses AI to sample billions of data points, including sandboxed malware, to understand the slight nuances of infected versus clean traffic. It can also tell which operating system the traffic is coming from and what client application is generating it, all without decrypting it.
Many think security is shifting to an AI-led industry, but that’s only partially right. I expect all the security vendors to have effective AI algorithms, which means data is the key differentiator, and this is where Cisco can flex its muscles. Because of its massive network footprint, Cisco can bring more data to the AI party than anyone.
Patel summed it up accurately: “To be an AI-first company, you must be a data-first company. With our extensive native telemetry, Cisco is uniquely positioned to deliver cybersecurity solutions that allow businesses to confidently operate at machine scale, augmenting what humans can do alone.”
Cybersecurity has been a long, winding road for Cisco, filled with starts and stops. After years of being marketing-led, Cisco security is now being driven by good, quality products that simplify the deployment of security technology. This leads to better threat identification and remediation, which is where Cisco’s focus should be.