More than any technology in cybersecurity history, AI is redrawing the lines between defender and attacker. For the first time, I believe the scales are tipping in favor of the defenders because of a data advantage. With AI, we can correlate data on a massive scale, see more attacks, and contain attacks faster to minimize damage.
At Cisco Live Melbourne, we shared how we’re making AI pervasive across the Cisco Security Cloud and our entire portfolio. The combination of our AI and our access to massive amounts of data will reframe how customers think about cybersecurity outcomes – from detection and remediation to prediction and prevention.
There are three ways we’re using AI across our simplified Security portfolio:
Assist Security Teams
For decades the security industry has struggled with the talent gap – both in terms of the staggering number of unfilled positions and the competition for highly specialized talent. We’re using AI to assist and “level up” existing talent in the organization. Basically, we’re using AI to give security analysts superpowers, helping your organization operate at machine-scale.
At Cisco Live we announced our all-new Cisco AI Assistant for Security. It’s a generative AI-powered assistant that helps admins through complex tasks, saves them time, and eliminates errors and misconfigurations.
We demonstrated the AI Assistant for the use case of firewall policy management, which is going live within the Cisco Cloud-delivered Firewall Management Center and Cisco Defense Orchestrator. Firewall administration is an area that’s notorious for requiring highly specialized talent and a large learning curve for understanding the context and complexities of a company’s full firewall environment.
Using natural language, an administrator can iterate with the AI Assistant to do things like discover and identify all the policies that control access to an application, define a new policy or rule for the administrator, and implement the policy. The AI Assistant can also identify duplicate or misconfigured security policies from amongst thousands of existing policies and make recommendations for resolving them. To me, this is mind-blowing because this is a level of intelligence that just isn’t possible without AI.
One Fortune 500 customer shared the following findings after leveraging our beta product:
- 49% of rules were mergeable
- 13% of rules were shadowed or duplicated
- 3% of rules were expired, disabled, or overlapping
- 66% of rules were misconfigured
Consider the worker hours that could be saved for your organization. This is what we mean by operating at machine-scale.
Augment Human Insight
We’re also augmenting human insight with AI-powered detections and insights on another level. One example is in Cisco XDR, which correlates data across email, web, process, and network domains to detect a real attack with more accuracy. It works at scale to identify patterns and potential attacks that humans might miss because of alert fatigue or if they’re only looking at one domain in isolation. Each small signal adds up to a bigger signal.
Another augmentation example is the Encrypted Visibility Engine in the 7.4.1 Operating System for the Cisco Secure Firewall family. It can analyze encrypted traffic to identify indicators of malicious behavior that humans can’t, and it does so without decrypting and all the associated overhead and performance impacts. For instance, an insulin pump that’s running certain operating systems cannot run an end-point client. If it gets attacked by malware that communicates with the outside world via encrypted traffic, you can lose control of the insulin pump. With Encrypted Visibility Engine, you can now block this at the firewall.
Automate Complex Workflows
And last but certainly not least, we’re using AI to automate actions and workflows. Automation is woven into every aspect of how we deploy AI to our customers. For example, if you attempt to deploy a misconfigured rule, AI recognizes the misconfiguration and recommends a better version. Almost like how we all use auto-correct every day.
We’re also using automation in ransomware recovery. When a new CVE (Common Vulnerability or Exposure) finds its way into an environment, our XDR leverages the deep learning models deployed by Talos to detect the threat and trigger a snapshot of the environment. If the threat turns out to be ransomware, there is a point of immediate recovery, and no data is lost. This means that even if defenders aren’t right every single time, the damage is minimized if an attack somehow gets through.
Our Stance: Responsible AI is Non-Negotiable
When it comes to AI, trust is paramount. Ultimately, our customers trust us with their data because we view data privacy as a fundamental human right. That’s why we built governance tools that measure our data management, data provenance (where data originated and its movement), and how it’s being leveraged in the models.
None of the outcomes listed above matter if there is a lack of transparency, because that leaves the door open for privacy loss, algorithm bias, and data manipulation. Any customer using AI should be asking the questions: “What data sets are you training your AI on?” and “Does any of my data become public domain because of your use of AI?”
Cisco AI Assistant accesses an unparalleled amount of data to help you work faster, safer, and smarter.
Explore the Cisco AI Assistant
Learn more about how we are making AI pervasive in the Security Cloud: