Cisco goes all in on AI to strengthen its cybersecurity strategy

Configuration complexity and rules are among organizations’ most lethal, accidental risks when configuring networks and firewalls. Gartner predicts that misconfigurations will cause 99% of all firewall breaches this year. It’s the perfect use case for AI to prove its value to CISOs and CIOs. Not getting a hybrid cloud configuration right or a misconfigured firewall can lead to a breach no one has discovered until it’s too late. 

Cisco has been battling these risks on behalf of its customers for years. They’ve decided to go all in with AI and take on these challenges with their recently announced Cisco AI Assistant for Security and the AI-powered Encrypted Visibility Engine. The AI Assistant is trained on one of the largest security-focused data sets in the world, which analyzes more than 550 billion security events daily.

Cisco leveraged its deep network expertise by launching its Encrypted Visibility Engine. As the company told VentureBeat it’s designed to inspect encrypted traffic without the operational, privacy and compliance issues typically associated with decrypting traffic for inspection.

“One of the things that we wanted to do was make sure that AI was pervasive as part of the core fabric of Cisco security cloud, and every aspect of what we do in Cisco security, that’s what we’ve been working on,” Jeetu Patel, executive vice president and general manager of security and collaboration at Cisco told VentureBeat during a recent interview.

When it comes to firewalls, complexity kills 

Cisco chose the right threat surface to go after with its most comprehensive AI cybersecurity release to close out 2023. Any CISO and members of their teams will admit that configuring firewalls, keeping the current patches and policies in place, and staying on top of any potential common vulnerabilities and exposures (CVE) is time-consuming and often gets ignored.

The greater the complexity of a firewall, the greater the chance it will get breached. Complexity will kill even the most effective cybersecurity strategy and well-implemented tech stack. Cybersecurity Insiders found that 58% of organizations have more than 1,000 firewall rules, with some extending into the millions. 

As a technology category that’s been around for decades, firewalls are ripe for more innovation. Gartner predicts that by 2026, more than 60% of organizations will have more than one type of firewall deployment, prompting the adoption of hybrid mesh firewalls. By that same year, more than 30% of the new deployments of distributed branch-office firewalls will be of firewall-as-a-service offerings, up from less than 10% in 2022.

Bringing policy chaos under control with AI

“Cisco is harnessing AI to reframe how organizations think about cybersecurity outcomes and tip the scales in favor of defenders. Cisco combines AI with its breadth of telemetry across the network, private and public cloud infrastructure, applications, internet, email, and endpoints,” Patel said.

Cisco based their AI Assistant for Security and AI-powered Encrypted Visibility Engine development efforts on their customers’ high priorities of streamlining firewall management. Patel said that when he and his team spoke with customers they kept hearing of the same challenges.

Patel added that customers wanted a more automated approach to checking configuration details, more insight when troubleshooting and an AI-based approach to optimizing rulesets. Patel explained that customer needs drove the three use cases the DevOps and engineering teams concentrated on. They include assisting (policy identification and reporting), augmenting (troubleshooting) and automating (policy lifecycle management). 

Cisco chose to develop the AI Assistant for Security inside their cloud-delivered Firewall Management Center (cdFMC) so they could leverage the latest large language models (LLMs). 

Raj Chopra, SVP and Chief Product Officer of the security business group at Cisco writes, “We created a generative tool designed to simplify firewall management for both seasoned admins and novice users. Utilizing advanced natural language processing (NLP) and machine learning (ML), it provides answers in seconds rather than forcing an administrator to spend their time sorting dependencies, network maps, and documentation.” 

What’s also evident from how AI Assistant for Security is architected is that Cisco will integrate more assistants across a wide spectrum of roles in their Security Cloud. The goal is to build out their cross-domain security platform with AI assistants available for automating security analysis and reporting tasks. 

AI still needs to have a human-in-the-middle to work 

There is a common trait across the rush to solve complex firewall policy problems and automate and streamline SOC team workflows with AI Assistants. That trait is the need for all of these tools’ models to keep learning and course correcting with human input while providing contextually useful information.  

VentureBeat spoke with Merritt Baer, Field CISO, Lacework, whose company recently introduced Lacework AI Assist. She told VentureBeat that AI-driven engines designed to parse policies help internal users understand their permissions better and that external users can better interact with their security insights and analytics. 

“Security product folks hope that these types of reasoning and query capabilities will allow users to better understand what might be layers of policies, which can be hard for humans to reason about— and product folks hope that this can help to do security more effectively. It’s no panacea—you still need to do something with that information. And folks should still ask their vendors about their internal security policies when using custom LLMs like this,” says Baer. 

On a broader scale, VentureBeat observes in most briefings on AI Assistants that the human-in-the-middle workflows are now table stakes in their product design. That’s evident in how well they are architected to flex between different roles. Ciscos’ AI Assistant for Security follows this paradigm and supports several standard configuration roles at launch.  

Just as AI assistants from Airgap Networks, CrowdStrike with Charlotte AI, Google Cloud Security AI Workbench, Lacework AI Assist,  Microsoft Security Copilot, Zscaler, and others can be configured for various roles, Cisco’s AI Assistant can flex from one role to another in security operations centers (SOC) with no re-configuration needed. 

CrowdStrike’s Charlotte AI also supports role-based AI-defined workflows and can integrate multiple best-of-breed AI models from third-party, open-source, or in-house development, ensuring the most appropriate LLM is used for a given task. Lacework AI Assist is also designed to scale across different roles, typically in a SOC. LaceWork AI Assist is unique in its ability to tailor and personalize insights while scaling between novice and expert cybersecurity professionals who can rapidly interpret and act on complex security data. 

Bottom line: How effective cybersecurity providers are at planning for the human-in-the-middle dynamics of their AI Assistants will directly impact their adoption and long-term contribution to securing organizations.  

Source