Avatar

At its core, a firewall is a shield that protects your network from malicious traffic. Sounds simple, but those who work with firewalls every day know the reality: An average firewall has thousands of rules governing how traffic should be handled, many of which may be outdated, redundant, or contradictory. In fact, a Cybersecurity Insiders report revealed that 58% of organizations have more than 1,000 firewall rules, but we know of customers with highly complex environments where their firewall rules number in the millions. Not only is this a complexity issue, but a security risk. Gartner asserted that misconfigurations would cause 99% of all firewall breaches through 2023. 

It’s no surprise, then, that when we spoke to our customers, there were a few challenges we heard over and over: (1) Checking configuration details is hard, (2) Troubleshooting is hard, (3) Optimizing the ruleset is hard. So, when we got to work on our AI Assistant for Firewall, those were the three use cases we focused on: assist (policy identification and reporting), augment (troubleshooting) and automate (policy lifecycle management).

Built inside Cisco’s cloud-delivered Firewall Management Center (cdFMC) and leveraging the latest large language models (LLMs), we created a generative tool designed to simplify firewall management for both seasoned admins and novice users. Utilizing advanced natural language processing (NLP) and machine learning (ML), it provides answers in seconds rather than forcing an administrator to spend their time sorting dependencies, network maps, and documentation. A change ticket that might have taken two hours to close in the past, can be resolved in a fraction of the time — we’re talking minutes — thanks to the context-based AI.

Below are a few examples of the Cisco AI Assistant for Security in action.

Assist policy identification and reporting

Imagine this scenario: Someone from the SecOps team reaches out to the firewall admin because they’ve noticed suspicious activity. It appears some data is being exfiltrated from SalesApp, representing a potential data breach. Going forward, SecOps wants all outbound traffic to be blocked from this application.

To start, the firewall admin wants to understand what policies are already in place for SalesApp. With the AI Assistant, the admin doesn’t have to sort through thousands of existing rules manually, but instead, they can ask the AI Assistant and get the answer in seconds.

Screenshot of the AI Assistant panel, providing a list of policies controlling an app so that the Security team can update the firewall policy

Now that they’ve seen the existing policies in place, they can ask the AI Assistant to add a rule blocking outbound traffic. The AI Assistant recommends a rule, which can be approved before being implemented.

Screenshot of the AI Assistant, helping a Security Team add a rule to block outbound traffic from an app

Augment troubleshooting

Next, let’s imagine your firewall rule engine keeps restarting for an unknown reason. The assistant can detect this issue and recommend resolution steps – in this case, updating the Vulnerability Database (VDB). Not only does this eliminate the need to search through documentation or create a support ticket, but the Assistant is taking proactive actions.

Screenshot of the AI Assistant prompting Security teams about a known issue, recommending a course of action, and linking to a field notice for more information

Automate policy lifecycle management

Lastly, the policy analysis and optimization features built into the AI Assistant can find duplicates and suggest a course of action to help with policy hygiene. On average, our customers found that 29.7% of their rules need adjustment. For one customer, that equaled over 17,000 rules. 

Assuming an admin could manually find and resolve these issues within one hour at $56/hr, this organization stands to save $971,040 over manual optimization efforts and 8.3 years of time.

Screenshot of the AI Assistant policy analysis and optimization screen, which evaluates rules and highlights duplicate, fully shadowed, and fully redundant rules. The AI Assistant also makes recommendations for taking actions on the duplicate rules, easily prompting users to either disable or delete all

Optimize through feedback

To provide the best quality experience for customers, we are also focused on optimizing the AI Assistant through user-provided feedback — helping the AI Assistant learn and improve over time. 

Screenshot of the option to give feedback in the AI Assistant chat window

More AI innovations ahead

The AI assistant is more than just a convenience; it represents a paradigm shift in how we configure, manage, and ensure efficacy for firewalls — the true backbone of network security.

While this is the first instance of the AI Assistant for Security, it won’t be the last. We are injecting Generative AI and unifying telemetry across all Cisco Security solutions to create a more effective experience and safeguard our customer’s business.

The Cisco AI Assistant for Security will be Generally Available (GA) for our Firewall customers in the Spring of 2024 at no cost via the cloud-delivered Firewall Management Center (FMC) and expanding to other management tools in the future. Learn more about how the AI Assistant for Security works with our Firewall.

 

Cisco AI Assistant accesses an unparalleled amount of data to help you work faster, safer, and smarter.

Explore the Cisco AI Assistant

 


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social Channels

Instagram
Facebook
Twitter
LinkedIn

 



Authors

Raj Chopra

SVP & Chief Product Officer

Security Business Group