Cisco today launched a framework that leverages artificial intelligence (AI) to test a software patch in a digital twin running on an endpoint to make sure an application doesn’t break before actually deploying it.
Jeetu Patel, executive vice president and general manager for security and collaboration at Cisco, said Cisco Hypershield makes use of extended Berkley Packet Filtering (eBPF) running in the kernel of the Linux operating system to deploy an AI inference engine that analyzes the application environment. If the patch passes tests conducted by the digital twin of the application environment, it will automatically apply the patch to remediate a vulnerability, he added.
Scheduled to be available in August, Cisco is in effect creating a parallel data plane for managing cybersecurity. Cisco late last year acquired Isovalent, a provider of network virtualization software based on eBPF, to build and deploy Cisco Hypershield on hardware accelerators such as data processing units (DPUs) to offload security processing from processors running application code.
As part of that effort, Cisco is working with NVIDIA on a Morpheus cybersecurity AI framework to detect anomalies using software based on a microservices-based architecture, dubbed NIM, for running inference engines on endpoints.
That capability will enable Cisco to apply cybersecurity policies across an autonomous segmented network to any endpoint running Cisco HyperShield in a matter of minutes, noted Patel. It is designed to continuously observe and evaluate cybersecurity polices using a reasoning engine embedded in the AI inference engine.
The goal is to embed advanced security controls into servers and the network to create security fabric versus applying another overlay that requires a separate security operations (SecOps) team to deploy and manage, noted Patel.
That’s critical because before long vulnerabilities will soon be exploited in minutes and hours after being disclosed, versus the several days it now takes cybercriminals to create an exploit, he added.
As every cybersecurity team knows, patch management is contentious. Application development teams are hesitant to apply updates to code that might break an application without first testing it. The longer it takes to apply that patch, however, the more likely it becomes a vulnerability that will be exploited. Cybersecurity teams have long lobbied for an ability to automatically apply patches, a capability that Cisco is now enabling by leveraging AI to automate the testing process. Ultimately, however, defenders will benefit more from AI than cyberattackers, said Patel.
It’s not clear how many organizations are running a version of Linux that supports eBPF, but as distributions of operating systems are updated more organizations will be able to take advantage of Cisco HyperShield. Microsoft has also pledged to add support for eBPF to its Windows operating systems.
One way or another, the overall state of cybersecurity should steadily improve in the age of AI. The one thing that is certain, however, is there will still be a need for cybersecurity teams to ensure that AI is working as expected versus creating a whole new set of cybersecurity challenges to be resolved.
Recent Articles By Author