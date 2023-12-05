Cisco is making a bid to drive artificial intelligence (AI) deeper into its cloud security platform, launching a new feature, AI Assistant for Security, a cross-domain AI-driven assistant designed to help organizations of all sizes level up their defenses against the rising tide of threats.\n\n\u201cWith attacks getting more sophisticated and the attack surface getting larger, the only way to stop these attacks is by operating at machine scale, not human scale,\u201d Jeetu Patel, executive VP and GM of security and collaboration at Cisco told CSO.\n\nComprising two new tools -- an AI-powered helper for firewall policy and AI-powered encrypted visibility engine for all firewall models -- the goal is to help reduce complexity in setting security policies and assess traffic without decryption.\n\nAI Assistant for firewall policy\n\nThe AI assistant for firewall policy sits within Cisco\u2019s Firewall Management Center and Defense Orchestrator. By enabling users to input their instructions, it will provide suitable options for security settings, without someone needing to learn how to navigate menus and find specific features.\n\nUtilizing the AI-driven security assistant, administrators can use natural language to discover policies, get rule recommendations, and eliminate duplicate rules and misconfigured policies. \u201cWe want to augment the intelligence of people with machine intelligence,\u201d said Patel.\n\nAI-powered Encrypted Visibility Engine for all firewall models\n\nWith the AI-powered Encrypted Visibility Engine for all firewall models, Cisco aims to tackle a challenge that it believes holds up malware detection. Given most data center traffic is encrypted, the inability to inspect encrypted traffic is a key security concern, but it\u2019s resource-intensive and fraught with operational, privacy, and compliance issues.\n\nInstead, the encrypted visibility engine leverages billions of samples, including sandboxed malware samples, to assess if encrypted traffic contains malware. It can tell which operating system the traffic is coming from and what client application is generating that -- all without the need for decryption.\n\nThe goal is to reduce the time and resources typically needed for decryption and packet inspection. \u201cWe have built this tool that\u2019s based on the movement of the packet to infer if it\u2019s anomalous behavior and then do something about it,\u201d Patel said.\n\nCisco goes for simplicity against sophisticated threats\n\nWith more than 3,500 vendors in the market, Patel believes this is an inflection point, where the expanding number and sophistication of threats demands simplicity and protection at scale. \u201cIt gets complicated with 70 or so vendors in your security stack. The efficacy goes down, there can be overlap between policy engines and it\u2019s very complex,\u201d he said.\n\nLooking to lower the complexity and make the economics better, Cisco is going all in on effectively harnessing AI as the answer. And with these tools it aims to simplify security processes and thereby strengthen organizational defenses.\n\nThe company has made significant investments in AI in recent years, but with the launch of ChatGPT, the generative AI piece offered something more to help lift the capabilities of end-users. Not strictly running on ChatGPT, these tools are powered by multiple different AI engines. Users input their queries to the AI Assistant, and behind the scenes, the engine will redirect to the relevant dataset to get the answer and provide it to the user, Patel explained.\n\nAimed at IT admins, SOC analysts and security admins and the like, the generative AI-based policy administration tools offer embedded AI capabilities for practitioners. \u201cWe wanted every persona that uses our products to have an assistant and they should, using natural language, be able to ask the system to do something, but also to reason with them.\u201d\n\nCisco\u2019s AI Assistant aims to close the gap between intent and outcome\n\nData, specifically cohesive data, is needed to fight back against the tide of attacks, Cisco believes. Patel explained that the typical attack anatomy has multiple control points across email, web and network that determine if something is actually anomalous, but it lacks a cohesive picture of how these can all be related. \u201cWhat ends up happening is low-level alerts for web or email can get ignored in isolation,\u201d he said.\n\nBy harnessing data more effectively, the company wants to tip the scales in favor of defenders. With machine-driven telemetry, Cisco\u2019s tool can analyze more than 550 billion security events each day across web, email, endpoints, networks, and applications. The AI Assistant aims to understand event triage, impact and scope, root cause analysis, and policy design.\n\nThe goal is to close the gap between intent and outcome. \u201cIt\u2019s correlating the native telemetry with each other to detect and respond to a threat, but also predict and prevent the threat before it actually happens,\u201d he said.\n\nWhile single solutions may excel in one particular mode, Patel believes that coordinated attacks demand coordinated defenses with correlation across domains. \u201cThe magic lies in correlating native telemetry, so your defenses are coordinated; rather than attacks being coordinated, and defenses being isolated,\u201d he said.