Cisco is taking significant strides to integrate artificial intelligence (AI) more deeply into its cloud security platform with the launch of a new feature called AI Assistant for Security. The move is part of Cisco's ongoing commitment to enhancing organizations' defenses against evolving threats.
The AI Assistant for Security is designed to simplify and strengthen policy alerts within the cloud security platform. Jeetu Patel, Executive VP and GM of Security and Collaboration at Cisco, emphasized "With attacks getting more sophisticated and the attack surface getting larger, the only way to stop these attacks is by operating at machine scale, not human scale."
To address these challenges, Cisco has introduced two new AI-driven tools. The first is an AI-powered assistant for firewall policy, integrated into Cisco's Firewall Management Center and Defense Orchestrator. This tool allows users to input instructions in natural language, providing suitable options for security settings without the need to navigate complex menus.
The second tool, the AI-powered Encrypted Visibility Engine, addresses the challenge of inspecting encrypted traffic. With the majority of data center traffic encrypted, traditional inspection becomes resource-intensive and poses operational, privacy, and compliance concerns. Cisco's solution leverages billions of samples, including sandboxed malware samples, to assess if encrypted traffic contains malware without the need for decryption.
The goal is to reduce the time and resources required for decryption and packet inspection. Patel explained that the tool analyzes the movement of packets to infer anomalous behavior, contributing to more efficient threat detection.
Acknowledging the complexity of security stacks with numerous vendors, Patel highlighted the importance of simplifying security processes and achieving protection at scale. With over 3,500 vendors in the market, Cisco aims to address the increasing number and sophistication of threats by providing simplicity and scalability in security solutions.
The AI Assistant for Security is part of Cisco's broader effort to empower IT administrators, SOC analysts, and security administrators with generative AI-based policy administration tools. These tools enable users to input queries in natural language, redirecting to relevant datasets and offering embedded AI capabilities for practitioners.
To effectively combat the evolving threat landscape, Cisco emphasizes the need for cohesive data. The company believes that by harnessing data more effectively, it can tip the scales in favor of defenders. The AI Assistant analyzes over 550 billion security events daily across various domains, aiming to enhance event triage, impact analysis, root cause analysis, and policy design.
Cisco's approach is geared towards closing the gap between intent and outcome, correlating native telemetry to detect, respond to, predict, and prevent threats. The company envisions coordinated defenses across domains to counter coordinated attacks effectively.
In terms of costs for customers, Cisco plans to make a certain amount of capacity available for AI services within the existing suite, with additional costs determined beyond a specified usage volume. The AI Assistant for Security represents a significant advancement in Cisco's ongoing efforts to fortify organizational defenses and simplify security processes.