Cisco reimagines cybersecurity with AI and kernel-level visibility at RSAC 2024

Using existing cyber defense systems to attack an organization's endpoints, infrastructure, and threat surfaces may not always be able to identify or stop what the world's deadliest attackers are targeting. not. Today's organizations are just as active, from cybercrime organizations leveraging AI and machine learning (ML) expertise to nation-state adversaries recruiting the brightest talent from universities to join the global cyber war. We need to pursue resilience.

Resilient networks are now a board-level priority, according to several CISOs VentureBeat spoke to at RSAC 2024 who requested anonymity. Boards want evidence of progress on risk management objectives. A notable takeaway from his CISO discussion at RSAC 2024 is the need for increased effectiveness across the infrastructure and increased visibility at the container and kernel level.

“There is overconfidence in their ability to deal with cyber-attacks, with 80% of businesses confident in their preparedness, but only 3% are truly prepared. The fallout from not being resilient is tragic. “We need to move to creating the first generation of something completely new,” said Jeethu Patel, executive vice president and general manager of security and collaboration at Cisco. he told VentureBeat, citing research from the Readiness Index.

VentureBeat's conversations with CISOs during RSAC support Patel's point. Their top concerns include increasing the resiliency of their cloud infrastructure, securing their software supply chain, increasing software bill of materials (SBOM) compliance, and increasing the resiliency of their partners and suppliers against constantly new techniques from attackers. Connection protection.

Redefining cybersecurity for a hostile AI world

“What we have to do is use AI natively for defense, because we can’t fight AI weaponized attacks from adversaries at human scale. We need to do it at machine scale. '' explained Patel.

Mr. Patel detailed the many challenges organizations face in becoming more resilient to faster and more sophisticated cyberattacks. Cisco views the challenge of keeping infrastructure up to date, patch management up to date, and containing breach attempts with strong segmentation as difficult challenges facing all organizations today. . If left too long, it creates a vulnerable threat surface that attackers will inevitably find and exploit.

Most organizations put off patching and only redouble their efforts after a breach occurs. According to Ivanti's recent State of Cybersecurity Report, patches that impact mission-critical systems are assigned the highest level of urgency 61% of the time. The majority (71%) of IT and security professionals believe patching is very complex and time-consuming. Additionally, 57% of these professionals say remote work and distributed workspaces have made patch management more difficult, and 62% admit that patch management has taken a backseat to other tasks. I am.

Segmentation is known to be one of the most challenging aspects of pursuing a Zero Trust security framework, despite its inherent ability to limit attackers from moving laterally within the infrastructure. I am. There is also the challenge of updating the infrastructure itself, such as firewalls and network equipment, which often takes a long time due to limited change management windows. Without a more automated approach to keeping infrastructure up to date, critical systems become obsolete and vulnerable.

Why Cisco says cybersecurity needs to change

Defending against adversarial AI-based attacks and the torrent of new tradecraft created by adversaries requires a new approach to cybersecurity. Cisco's Patel and Cisco Senior Vice President and General Manager of Security Tom Gillis spoke to VentureBeat. Cybersecurity must take full advantage of native AI, kernel-level visibility, and hardware acceleration to enable more resilient, self-upgrading security systems.

In their joint keynote, “The Time Is Now: Redefining Security in the Age of AI,” Patel and Gillis expanded on that vision and explained why now is the time to rethink cybersecurity. Cisco is strengthening native AI as a core part of its future cybersecurity strategy. It starts with his recently introduced HyperShield, a new hyper-distributed framework that acts as an enterprise-wide security fabric.

“If AI is thought of as an afterthought, it's very difficult to go out and do something about it. You have to think about it. the AI ​​used,” Patel emphasized in his keynote address.

Gillis told VentureBeat that we need to rethink cybersecurity to support more context-aware and intelligent autonomous segmentation, automated patch management, and more efficient and secure ways to keep infrastructure up to date. He said that customers are aware that there is.

“We're talking about infrastructure that automatically upgrades. HyperShield applies compensating controls, protects against known vulnerabilities, removes those controls after patching, and provides lifecycle management. You can,” Gillis said. “This is definitely not just building the next version of something that already exists. We're building the first version of something entirely new. And that's a completely reimagined architecture for hyper-distributed security,” Patel said. added.

Three technology shifts will transform cybersecurity

“There are three important technological changes happening today that will fundamentally change how we solve these problems: AI, kernel-level visibility, and hardware.” wear acceleration,” Patel said. Patel said these three technological changes form the foundation of Cisco's new generation of cybersecurity hyperdistributed frameworks, including HyperShield.

Mr. Patel and Mr. Gillis discussed changes in technology and their impact on why and how we need to rethink cybersecurity. A summary of each shift is as follows:

aArtificial intelligence (AI). Gillis and Patel predict that AI will incrementally improve the accuracy and performance of security operations centers (SOCs). Therefore, implementing native AI is essential to the success of any cybersecurity platform. “These AI tools do great things when it comes to security. It's not a small increase, it's a huge increase in efficiency. We're always building in a way that users can trust. They're all kind of It has a semi-automatic mode that says to the user, 'I'm about to make this decision, and here's why,'” Gillis told VentureBeat.

Kernel-level visibility. “You can't protect what you can't see. That's why I think Extended Berkeley Packet Filter (eBPF) is going to be such an important technology. It allows us to look into the heart of the server and the operating system and see what's going on,” Patel told VentureBeat.

Gillis adds, “eBPF allows you to examine your application to understand its inner workings and find out if there have been any changes. Has the app been updated? Is this a new version? Has anything changed since then that you can tighten the restrictions again? The better you understand your application, the more confident you can be in saying whether these rules are accurate. ”
hardware acceleration. Gillis and Patel see rapid advances in graphics processing units (GPUs) and data processing units (DPUs) as catalysts that will continue to reimagine and redefine cybersecurity. “We talked about hardware acceleration with the GPU. Think about the DPU as well…it can significantly accelerate the throughput of security operations and I/O operations…connection management that can run 1,000 times faster than before Encryption is possible,” Patel said. He goes on to say that “hardware acceleration, such as his DPU, a subsystem specialized in computing I/O operations and repetitive network functions such as connection management and encryption, makes him more efficient than traditional means.” “We will now be able to deliver an environment with 1,000x higher performance.”