Cisco Doubles Down on Generative AI, SSE, Cloud App SecurityEVP & GM Jeetu Patel on Simplifying Secure Access, Private Cloud Security Controls
Cisco wants to strengthen protection in the cloud and provide customers with a more integrated platform by abstracting security from the public cloud providers.
See Also: Preventing Insider Threats with UEBA
The San Jose, California-based networking giant unveiled its Cisco Security Cloud vision a year ago and took its first major step toward realizing that vision at RSA Conference 2023 with the introduction of a new extended detection and response platform. The next set of enhancements around generative AI, secure access and defending applications across multiple clouds debuted Tuesday at Cisco Live 2023 (see: Cisco's New XDR Tool Emphasizes Robust Telemetry Correlation).
"If you think about the security industry today, the innovation is very much based on patchwork, said Jeetu Patel, Cisco's executive vice president and general manager of security and collaboration. "I've personally been waiting for today for two-and-a-half years because there's a lot of innovation that we have that's coming to fruition right now."
"'The company that built the VPN is going to kill the VPN."
– Jeetu Patel, executive vice president and general manager, Cisco
Here's a look at the biggest bets Cisco is making around the future of cybersecurity.
Cisco Policy and SOC Assistants Prove Value of Generative AI
Capitalize on generative AI to reduce policy complexity by incorporating natural language rather than forcing users or administrators to go through layers of menus, Patel told Information Security Media Group. Along with taking instructions in natural language, Cisco's policy assistant can converse and reason with users and ask second-level questions such as when a particular policy should be deployed.
By laterally creating a level of reasoning, Patel said, organizations can more cleanly define their policies. Once the policy assistant completes what it can using natural language, it will turn to a prompt interface infused with GUI to receive further direction from users. Cisco's policy assistant will be available by the end of 2023 and can be used by organizations to manage their firewall policies as well as secure access.
"You no longer have to be a power user for every single task that needs to happen," Patel said. "You could be an occasional user and be able to get a very sophisticated task done."
Cisco also plans to debut a Security Operations Center assistant to increase the ability and speed by which organizations can detect threats. The SOC assistant can tell companies exactly what happened during a security incident, contextualize issues across multiple systems and generate a clear, written summary that can be sent to satisfy investigations into what happened. It will be available in mid-2024.
Artificial intelligence is nondeterministic in nature as compared to most other security technologies, meaning that companies need to experiment until it starts working and that unique data sets are a must to generate differentiated insights, according to Patel. He said the acquisition of Armorblox announced last week will be "hugely accretive" to this effort (see: Cisco Buys Armorblox to Bring Generative AI to Its Portfolio).
Cisco Secure Access Provides Common Experience for All
Applications residing on the public cloud increasingly need to access resources in the private cloud like an inventory database, but the security controls needed in each setting are different since private clouds have IP addresses and are protected by firewalls while public clouds are not, Patel said.
But users accessing a business application today have different experiences depending on the device they're using, whether the app is public or private, and whether their network is secure or unsecure, according to Patel. Going forward, Patel said, users will have the exact same, consistent experience connecting to an application regardless of what security controls are needed on the back end.
Cisco's Secure Access security service edge offering will go into private preview June 30 and be generally available in October, providing zero trust, least privileged access without any friction, according to Patel. The offering will use zero trust network access wherever possible and enable VPN for applications that aren't ZTNA-ready, but Patel said all of that complexity will be hidden from users.
"The tagline over here is, 'The company that built the VPN is going to kill the VPN,'" Patel said.
Cisco Multicloud Defense Applies Controls to Private Cloud
Cisco Multicloud Defense extends protection to retail applications sitting in the private cloud to thwart adversary access to development environments, staging environments or sandboxes, Patel said. The tool delivers zero trust access for users connecting to applications as well as applications connecting to the public or private cloud, ensuring that policies persist as workloads go to AWS, GCP or Microsoft Azure.
The offering builds on the capabilities acquired from Valtix in February, though Patel said the technology is all managed by Cisco's policy engine and operates with a common design language and framework. Cisco Multicloud Defense is available today and ensures traffic will be inspected all the way through with everything blocked by default except for what users need to fulfill their job responsibilities, Patel said (see: Cisco to Buy Startup Valtix to Guard Workloads Across Clouds).
Cisco this fall will extend its cloud defense capabilities from cloud workload protection to cloud security posture management to give customers visibility into their entire inventory of cloud assets, including Kubernetes clusters. The company will also roll out advanced attack path analysis to help security teams quickly identity and remediate potential risks across cloud infrastructures, according to Cisco.
Integrating with Cisco's observability portfolio will help organizations prioritize business risk by providing security and developer teams with the visibility, control and actionable intelligence needed to protect cloud applications and infrastructure. All told, Cisco said the new platform will help teams identify risks easily, address alerts that matter most first and remediate vulnerabilities with attack path analysis.