All security eyes are on San Francisco this week as the RSA Conference kicks off. One vendor with some early news is Cisco Systems Inc., which unveiled a salvo of new offerings in its Cisco Security Cloud. Designed to support and safeguard artificial intelligence, the features aim to help companies protect their applications, devices, users and data.
In a briefing ahead of the announcement, Tom Gillis, senior vice president and general manager of Cisco Security, discussed the changes that AI has brought on. “The changes that are afoot in the industry, powered by AI, really cannot be understated,” he said. “So the way we think about AI is that we have security to protect AI-scale data centers. So, as you look at the amount of computing going into the data center — the density of that compute — we think there’s an opportunity to rethink how we deliver security. And it’s much more like the hyperscalers do.”
He added that the company is also thinking about how users connect to apps running in the data center—from anywhere, on any device, at any time. “AI is making this process much more sophisticated, much more intelligent — and that’s manifested in our breach and user protection suite,” he said. “Lastly, the ability to do anomaly detection, to see new classes of data than we have been able to see before to start driving responses closer and closer to real-time — this is getting a huge step forward with our AI capability, and that’s implemented in our breach protection suite.”
Here are the details of what Cisco announced:
The SOC of the future
Cisco is leaning on Splunk to help with threat prevention, detection, investigation, and response. Elements of the SOC of the future include:
- The integration of Cisco’s XDR system with Splunk Enterprise Security will enable alerts and detections from Cisco XDR into Splunk ES. The combination lets enterprises pick elements from the two to bolster their defenses.
- Continuous asset discovery and compliance monitoring with Splunk Asset and Risk Intelligence so security teams gain visibility (something teams are sorely lacking), which is essential for effective protection.
- Enabling security analysts to respond to evolving threats by providing contextual insights, guided responses, recommended actions, and automated workflows with Cisco’s AI Assistant for Security. The AI Assistant lets analysts make decisions regardless of skill level by providing contextual insights, responses, and action recommendations.
- New capabilities in Cisco’s Cloud Detection and Response that will detect and alert security teams to emerging threats within cloud applications. With AI and machine learning included in Cisco’s Panoptica CNAPP, teams will also get prescriptive guidance.
Hypershield AI-scale data center
After introducing Hypershield last month, Cisco is rolling out new features to identify and prevent attacks originating from unidentified vulnerabilities within real-time workload environments. Plus, Cisco can isolate potential malicious workloads to minimize the impact of vulnerabilities.
Cisco Hypershield secures data centers and cloud environments while addressing the growing challenges to information technology infrastructure posed by AI.
Protecting users
Cisco’s Identify Intelligence aims to stop identity attacks in a simpler user experience.
Duo Passport aims to minimize authentication issues with streamlined access for employees, while ensuring high security levels. Cisco Identity Intelligence in Duo is designed to bolster workforce identity security with AI analytics.
Cisco is moving fast in security
Cisco is a company searching for accelerated growth, and there is no bigger needle-moving opportunity than security. It is a massive, highly fragmented market that has never had a “de facto standard,” with no vendor holding more than low teens market share.
For Cisco, it doesn’t need to be the top dog. However, if you talk to Executive Vice President Jeetu Patel, that’s certainly where the company is aiming, but capitalizing on its massive network and now Splunk’s installed base could easily double or even triple security revenue.
Timing is on Cisco’s side as the security industry is changing. My research shows that 73% of enterprise-class companies are looking to consolidate the number of security vendors they have as the 30, 40 and even 50-plus vendors is now untenable. In fact, the chief information security officer of one of the three-letter U.S. government agencies told me it currently has more than 200 security vendors and rationalizing down to under 10 is his goal.
This tips the scales to the security platform vendors, of which Cisco is one of a handful. The other “big shift” is the move to AI-enabled security. As Patel has stated in the past, “If you want to be a world-class security company, you need to be a world-class data company.” When cyber, network and Splunk data are combined, Cisco arguably has more security-relevant data than any other company.
One aspect of these announcements I liked is how fast Cisco announced integration with Splunk. While I believe Splunk benefits almost every business unit within Cisco, the biggest bang for the buck is with security because, as I outlined above, the opportunity is so big and relatively untapped.
That said, the vision of the security platform isn’t unique; Palo Alto Networks Inc., Fortinet Inc., CrowdStrike Holdings Inc., Zscaler Inc. and others have oriented their go-to-market around consolidation and convergence of security. Cisco arguably has a data advantage over the field because of Splunk and the network, but it needs to move fast to capitalize on the opportunity.