HomeArtificial IntelligenceCisco Reimagines Cybersecurity with AI and Kernel-Level Visibility at RSAC 2024

Cisco Reimagines Cybersecurity with AI and Kernel-Level Visibility at RSAC 2024

Attacking enterprise endpoints, infrastructure, and threat surfaces with existing cyber defenses cannot all the time discover or stop what the world's deadliest attackers seek. Out of Cybercriminal gangs use AI and machine learning (ML) experts. to nation-state opponents who recruit one of the best and brightest from their universities To join the worldwide cyber fight, today's organizations have to be just as aggressive about their resilience.

Resilient networks at the moment are a priority on the board level, in line with several CISOs VentureBeat spoke with at RSAC 2024 who requested anonymity. Boards want evidence of progress toward risk management goals. A notable takeaway from the RSAC 2024 CISO discussions is their need for greater efficiency across the infrastructure and more visibility on the container and kernel levels.

“There is an overconfidence in the power to cope with cyber attacks 80% of corporations are confident that they’re ready, but only 3% are really prepared. The negative effects of a scarcity of resilience are tragic. “We must move to making a first generation of something completely recent,” Jeetu Patel, executive vp and general manager of security and collaboration at Cisco, told VentureBeat, citing the study’s findings 2024 Cisco Cybersecurity Readiness Index.

VentureBeat's conversations with CISOs during RSAC support Patel's point. Their primary concerns are improving the resilience of their cloud infrastructure, securing software supply chains, improving Software Bill of Materials (SBOM) compliance, and securing their countless connections with partners and suppliers from the relentless stream of latest business activity from attackers.

Redefining cybersecurity for an adversarial AI world

“What we want to do is be certain that we use AI natively for defense, because you possibly can't exit and fight these AI weapon attacks from human-scale adversaries.” “You must do it at machine scale,” Patel explained.

Patel explained the various challenges organizations face as they seek to turn out to be more resilient to faster and more complex cyberattacks. Cisco sees the challenges of keeping infrastructure up thus far, staying current with patch management, and containing security breach attempts through strong segmentation as difficult challenges that every one organizations face today. If you allow them lively for too long, weak threat areas arise that attackers inevitably find and exploit.

Most corporations delay patching and only redouble their efforts after a breach. Ivantis Current cybersecurity status report found that patches affecting mission-critical systems received the very best priority 61% of the time. The majority of IT and security professionals (71%) view patching as too complex and time consuming. Additionally, 57% of those same professionals say that distant work and distributed workspaces make patch management even tougher, and 62% admit that patch management takes a back seat to other tasks.

Segmentation is notoriously one of the crucial difficult features of implementing a Zero Trust security framework, despite its inherent ability to forestall attackers from moving laterally through the infrastructure. Added to that is the challenge of updating the infrastructure itself, including firewalls and network equipment, which is usually slow as a result of limited change control windows. Without a more automated approach to keeping infrastructure up thus far, critical systems turn out to be outdated and vulnerable.

Why Cisco says cybersecurity needs to alter

Countering adversarial AI-based attacks and the flood of latest artisanal attackers requires a brand new approach to cybersecurity. Cisco's Patel and Tom Gillis, senior vp and general manager of Cisco Security, told VentureBeat. Cybersecurity must take full advantage of native AI, kernel-level visibility, and hardware acceleration, leading to more resilient, self-updating security systems.

Patel and Gillis expanded on this vision, explaining of their joint keynote why now’s the time to rethink cybersecurity. Now is the time to redefine security within the age of AI. Cisco is increasingly counting on native AI because the core of its future cybersecurity strategy. It starts with the recently launched HyperShield, their recent hyper-distributed framework that acts as an enterprise-wide security structure.

“It is incredibly difficult to do anything when AI is seen as a complement. you’ve to give it some thought. The operative word here is that AI is deployed natively in your core infrastructure,” Patel emphasized through the keynote.

Gillis told VentureBeat that he sees a necessity amongst their customers to reimagine cybersecurity to support more contextually intelligent, autonomous segmentation, automated patch management, and a more efficient and secure technique to keep infrastructure up thus far.

“We are talking about an infrastructure that updates itself. “HyperShield can apply compensating controls, shield known vulnerabilities, after which remove those controls once a patch is in place, enabling lifecycle management,” Gillis said. “This isn’t nearly ensuring we construct the following version of something that already exists. It's about constructing the primary version of something completely recent. And this can be a completely reimagined architecture for hyper-distributed security,” Patel added.

Three technological shifts are transforming cybersecurity

“There are three vital technological shifts going down that may fundamentally change the best way we solve these problems. The first is AI, the second is kernel-level visibility and the third is hardware acceleration,” Patel said. According to Patel, these three technological shifts form the muse for Cisco's recent generation of hyper-distributed cybersecurity frameworks, starting with HyperShield.

Patel and Gillis explained the technological changes and their impact on why and the way cybersecurity must be reimagined. Here is a summary of every layer:

AArtificial Intelligence (AI). Gillis and Patel predict that AI will result in incremental improvements in security operations center (SOC) accuracy and performance, which is why native AI is critical to the success of any cybersecurity platform. “These AI tools are remarkable for what they will do for security. Not a small step, but a step forward in efficiency. We will all the time construct them to achieve the user's trust. They all have some form of semi-automated mode where they tell the user, “I'm about to make this decision, and here's my reasoning for it,” Gillis told VentureBeat.

Kernel-level visibility. “You can’t protect what you possibly can’t see against. Therefore I feel prolonged Berkeley packet filter (eBPF) might be a vital technology that permits you to look into the center of the server and the operating system and see what is going on without actually being within the operating system,” Patel told VentureBeat.

Gillis added: “eBPF gives us the power to look inside the appliance, understand its inner workings after which see if it has modified. Has the app been updated? Is this a new edition? Has something modified in order that we all know, “Hey, loosen these restrictions,” after which tighten them again. The higher we understand the appliance, the more confidently we are able to say whether these rules are correct or not.”​
Hardware acceleration. Gillis and Patel see rapid advances in graphics processing units (GPUs) and data processing units (DPUs) as a catalyst that may further reimagine and redefine cybersecurity. “We talked about hardware acceleration with GPUs. “Also take into consideration DPUs… you possibly can achieve huge acceleration in throughput for security operations and I/O operations… connection management and encryption that will be done hundreds of times faster than anything you can do before,” Patel said. He continued: “Thanks to hardware acceleration, things like DPUs – that are specialized subsystems that compute I/O operations and repetitive network functions resembling connection management or encryption – allow us to offer an environment that will be hundreds of times more powerful than traditional means.” .”

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Must Read