New AI-driven tools aim to simplify and bolster policies, alerts and prevention to reduce complexity when setting security policies and assessing traffic without decryption.
Cisco is making a bid to drive artificial intelligence (AI) deeper into its cloud security platform, launching a new feature, AI Assistant for Security, a cross-domain AI-driven assistant designed to help organizations of all sizes level up their defenses against the rising tide of threats.
“With attacks getting more sophisticated and the attack surface getting larger, the only way to stop these attacks is by operating at machine scale, not human scale,” Jeetu Patel, executive VP and GM of security and collaboration at Cisco told CSO.
Comprising two new tools — an AI-powered helper for firewall policy and an AI-powered encrypted visibility engine for all firewall models — the goal is to help reduce complexity in setting security policies and assess traffic without decryption.
AI Assistant for firewall policy
The AI assistant for firewall policy sits within Cisco’s Firewall Management Center and Defense Orchestrator. Enabling users to input their instructions will provide suitable options for security settings without someone needing to learn how to navigate menus and find specific features.
Utilizing the AI-driven security assistant, administrators can use natural language to discover policies, get rule recommendations, and eliminate duplicate rules and misconfigured policies. “We want to augment people’s intelligence with machine intelligence,” said Patel.
AI-powered Encrypted Visibility Engine for all firewall models
With the AI-powered Encrypted Visibility Engine for all firewall models, Cisco aims to tackle a challenge that it believes holds up malware detection. Given most data center traffic is encrypted, the inability to inspect encrypted traffic is a key security concern, but it’s resource-intensive and fraught with operational, privacy, and compliance issues.
Instead, the encrypted visibility engine leverages billions of samples, including sandboxed malware samples, to assess if encrypted traffic contains malware. It can tell which operating system the traffic is coming from and what client application is generating that without decryption.
The goal is to reduce the time and resources typically needed for decryption and packet inspection. “We have built this tool based on the packet’s movement to infer if it’s anomalous behavior and then do something about it,” Patel said.
Cisco goes for simplicity against sophisticated threats
With more than 3,500 vendors in the market, Patel believes this is an inflection point, where the expanding number and sophistication of threats demands simplicity and protection at scale. “It gets complicated with 70 or so vendors in your security stack. The efficacy goes down, there can be overlap between policy engines and it’s very complex,” he said. At the same time, there’s a security talent shortage across the board, meaning organizations need to drive more from their tools and solutions to help with filling the gap.
Looking to lower the complexity and make the economics better, Cisco is going all in on effectively harnessing AI as the answer. And with these tools it aims to simplify security processes and thereby strengthen organizational defenses.
The company has made significant investments in AI in recent years, but with the launch of ChatGPT, the generative AI piece offered something more to help lift the capabilities of end-users. Not strictly running on ChatGPT, these tools are powered by multiple different AI engines. Users input their queries to the AI Assistant, and behind the scenes, the engine will redirect to the relevant dataset to get the answer and provide it to the user, Patel explained.
Aimed at IT admins, SOC analysts and security admins and the like, the generative AI-based policy administration tools offer embedded AI capabilities for practitioners. “We wanted every persona that uses our products to have an assistant and they should, using natural language, be able to ask the system to do something, but also to reason with them.”
Cisco’s AI Assistant aims to close the gap between intent and outcome
Data, specifically cohesive data, is needed to fight back against the tide of attacks, Cisco believes. Patel explained that the typical attack anatomy has multiple control points across email, web and network that determine if something is actually anomalous, but it lacks a cohesive picture of how these can all be related. “What ends up happening is low-level alerts for web or email can get ignored in isolation,” he said.
By harnessing data more effectively, the company wants to tip the scales in favor of defenders. With machine-driven telemetry, Cisco’s tool can analyze more than 550 billion security events each day across web, email, endpoints, networks, and applications. The AI Assistant aims to understand event triage, impact and scope, root cause analysis, and policy design.
The goal is to close the gap between intent and outcome. “It’s correlating the native telemetry with each other to detect and respond to a threat, but also predict and prevent the threat before it actually happens,” he said.
While single solutions may excel in one particular mode, Patel believes that coordinated attacks demand coordinated defenses with correlation across domains. “The magic lies in correlating native telemetry, so your defenses are coordinated; rather than attacks being coordinated, and defenses being isolated,” he said.
In terms of costs for customers, Cisco has said a certain amount of capacity will be made available for AI services within the existing suite. It will review usage patterns to decide on additional cost beyond a certain usage volume at a later point.