Cisco is moving to pervasively apply artificial intelligence (AI) in a way that should lower the bar in terms of the level of expertise required to achieve and maintain cybersecurity.
DJ Sampath, vice president of product for AI at Cisco, said Cisco AI Assistant for Security will, for example, take advantage of generative AI to enable cybersecurity teams to employ natural language to discover existing policies and rules for firewalls in addition to automatically creating them as required. The first instance of that capability will manifest in an AI Assistant for Firewall Policy in the Cisco Firewall Management Center and Cisco Defense Orchestrator.
In addition, with the release of version 7.4.1 of the core operating system it uses across its portfolio of cybersecurity platforms, Cisco will provide more visibility into whether malware is present in encrypted traffic without having to first decrypt it. Instead, Cisco will leverage AI models to analyze billions of samples of encrypted traffic for malware using the Cisco Encrypted Visibility Engine, noted Sampath.
The Cisco AI approach to cybersecurity revolves around the analysis of more than 550 billion security events each day using a mix of predictive, causal and generative AI models. Rather than committing to any one AI model, Cisco is applying a mix of them to address specific use cases. For example, a large language model (LLM) for generative AI provides the ability to generate policies and rules via natural language, while other types of AI models make use of different types of machine learning algorithms to analyze network traffic.
The overall goal is to leverage AI to reduce the level of expertise required to achieve cybersecurity in a way that either makes it simpler to fill existing open cybersecurity positions or shift responsibility for those tasks to IT operations teams that can now manage them within the context of an existing workflow, noted Sampath.
It’s not clear what impact AI will have on the way cybersecurity is managed, but in time, legacy dashboards that are used to manage multiple cybersecurity events will give way to dashboards to address a specific attack that will evolve around cybersecurity teams in near-real-time, said Sampath. That approach will enable cybersecurity teams to focus on the threats more narrowly at hand versus being overwhelmed by extraneous data that is not germane to the immediate threat, he added.
In theory, at least, AI should benefit defenders more than attackers, though today, the latter seem to have a decided advantage. Of course, cybercriminals will also look to leverage AI to increase the volume and sophistication of attacks. In effect, cybersecurity teams are now engaged in an AI arms race with adversaries that have no shortage of financial resources.
In the meantime, however, cybersecurity teams should be reviewing workflows today with an eye toward re-engineering them using AI technologies. Many of the tasks that conspire to make cybersecurity more tedious will be eliminated while other capabilities that were once considered impossible are becoming more accessible.
One way or another, the management of cybersecurity is about to fundamentally change. The only issue that remains to be seen is how fast.
Recent Articles By Author