There is no doubt that firewall management can be a highly complicated, high-stakes operation. In a recent breakout session at Cisco Live APJC, Gayathri Nagarajan, a leader in Cisco’s firewall product management team, illustrates that the challenge of enhancing operational efficiency and security is not only an issue of visibility, but also an issue of handling an abundance of data. Firewall administrators constantly work to maintain optimal configurations and peak performance to fight off threats and support large networks. It is crucial that they are quickly identifying and resolving issues before they escalate into major events that could lead to downtime, which Nagarajan mentions can cost businesses an average of $300,000 per hour.
Therefore, Cisco has implemented AIOps to provide customers with predictive insights, improved operational efficiency, and AI-guided remediations for enhanced decision-making. Nagarajan demonstrates its robust capabilities and answers some of the most pressing questions among firewall administrators:
- What are the best practices I should be incorporating?
- What are the most important features I should implement to amplify my outcomes?
- How do I make sure my firewall is performing at its best?
The transformative power of AIOps
Before AIOps, troubleshooting often involved over 20 clicks through the Firewall Management Center and it could take anywhere from two hours to three weeks to pinpoint a problem. It often took expert-level knowledge to navigate the platform and effectively remediate issues, requiring significant operational overhead. Cisco’s AIOps drastically shifts this paradigm, simplifying operations with proactive insights and AI-guided remediations that deliver:
- Single-click issue identification
- Near-zero Mean Time to Detect (MTTD)
- Drastically reduced Mean Time to Remediate (MTTR)
- Proactive insights to anticipate and mitigate issues before they impact operations
Understanding the AIOps engine’s functionality
At the heart of Cisco’s AIOps for firewalls is a sophisticated engine that brings data to life and establishes clarity from complexity. The engine contains features like root cause analysis, pattern detection, automated self-healing, and trend analysis derived from traces, events, logs, performance data, and other metrics. The approach is simple and spans five distinct areas:
- Data Selection: Locating and processing the most pertinent information from configurations, health status, traffic patterns, etc.
- Pattern Discovery: Finding and correlating relationships between events across entities
- Inference: Identifying the root cause and other recurring issues across environments
- Collaboration: Notifying and collaborating with appropriate operators and teams
- Automation: Automating the remediation of issues to minimize or even eliminate downtime
Key benefits of Cisco’s AIOps for firewall
Policy Optimization: Once users have onboarded into Security Cloud Control, their policy is uploaded, and the AIOps engine provides a summary with detailed optimization practices. Inline policy analysis and optimization remediates anomalies such as redundant, hidden, or overly broad rules, further optimizing the policy. Using insights from Cisco’s customer experience engineers, AIOps provides tailored best practice recommendations to guide users to strengthened configurations.
Proactive Problem Mitigation: AIOps forecasts potential issues like elephant flows and uses advanced insights to optimize the flows. The tool uses predictive analytics to identify disparities like dropped connections and compromised performance when monitoring VPN capacity. Additionally, AIOps surfaces real-time insights into risky users and anomalous behavior into an intuitive dashboard categorized by severity and accompanied by root cause analysis and guided remediation steps. With the integration of Cisco ThousandEyes and Identity Intelligence, AIOps will further enhance by providing critical internet insights and visibility into risky users.
Streamlined Operational Efficiency: The Software Upgrade Planner helps administrators plan their upgrades effectively. It understands the current software version of the device and automatically triages relevant PSIRTs and critical bugs impacting the device and proposes a version to move to. This tool significantly reduces the time taken to plan upgrades. The Renewal Upgrade Planner proactively alerts customers about devices reaching end-of-life, suggesting newer Cisco models.
From AIOps to AgenticOps
Nagarajan also gives viewers a sneak peek into the evolution of AI for Cisco Secure Firewall. She introduces the idea of specialized agents: network security, compliance, and operations agents as a first iteration. Each of these agents will be equipped with skills that will help to manage, troubleshoot, and optimize the firewall environment. The idea is to further minimize misconfigurations and downtime while simplifying operations, improving security posture, increasing productivity, and much more.
To learn more about AgenticOps, check out Gayathri Nagarajan’s blog “Autonomous Firewall Evolution: AIOps to AgenticOps”
Learn more by watching the full session
Managing your firewall doesn’t have to be complex. Cisco’s AIOps for secure firewall simplifies the entire process while providing industry-leading tools and support along the way. If you want to learn more about Cisco Secure Firewall or watch Gayathri Nagarajan’s full Cisco Live session, check out the links below.
Cisco Secure Firewall | Security Cloud Control
