Cisco Hypershield: A New Era of Distributed, AI-Native Security

AI is transformative, driving huge productivity gains. The engine of AI - the data center - will grow substantially, maybe an order of magnitude or more over the coming years.

The industry went through a change like this in the past, when the likes of Amazon, Google and Microsoft got so big they couldn't use enterprise data center systems. Instead, they wrote infrastructure software and embraced a scale out model where that software could run on millions of servers. They had software teams that could write this code themselves, and the public cloud was born.

Now, every enterprise needs to think about how to get to an "AI-scale data center" and traditional appliances won't get there.

I'm proud to announce Cisco Hypershield, the first truly distributed, AI-native system that puts security wherever it needs to be: in every software component of every application running on your network; on every server; and in your public or private cloud deployments.

To be clear, this isn't a new take on an old idea, or the 'next generation' of anything. It's a holistic system that - finally - brings the security advantages of a hyperscale model to enterprises. Think of it as a fabric of security that blankets the whole environment, not a fence blocking one aspect of it.

As the "hyper" in the name suggests, this architecture was inspired by the hyperscale model pioneered by the big public cloud providers.

To handle massive demand, companies like Amazon, Google, Microsoft and Salesforce redefined their applications from lumps of hard-to-manage VMs into highly portable containers that could run anywhere. They did the same for the underlying hardware too, by creating software-defined infrastructure that ran on their servers, rather than firewalls, load balancers and networking hardware in boxes at the edge of the network.

They converted these products into thousands of pieces of software - including security software - that could run on every server. They spent billions on this development but gained the ability to detect and respond to threats far more effectively, and to update and patch it all with remarkably few people.

Hypershield brings many of these advantages to the enterprise, for the first time.

It lets you embed security in VMs or Kubernetes clusters in public clouds, using an open-source technology called eBPF that hyperscalers use to automate patching and other time-consuming jobs. In the future, security can be inserted into servers we call DPUs, and on networking devices such as switches.

We'll also extend Hypershield beyond the data center. Before long, a hospital will be able to secure its medical devices and other operational technology with Hypershield. Manufacturers will be able to do the same with the tech that sits on the factory floor.

Hypershield is a software product with an AI engine we've built from scratch. It makes what was previously thought impossible - possible. As a result, you can get started without having to rip or replace anything you're already using. In fact, since Hypershield was built from the beginning around AI management, we think of it as AI-native, as opposed to an AI layer bolted on top of a traditional product.

Here are a few highlights:

Autonomous segmentation

Companies have been using segmentation for decades to specify which workloads and applications can access which parts of the network. But segmentation is hard. Customers tell us it can take 40 days or more to define segmentation rules for a single application. That's way too slow.

With the AI-native Hypershield, we look beyond the network flows that other products focus on. The full scope of observed behaviors is informed by what's happening across all the environments it's protecting; what Cisco Talos teaches it about behaviors that should never happen, latest attack vectors, techniques, and vulnerabilities; what the system has learned and observed based on best practices that models how the customer modifies recommended policies; as well as model what the customer does when they step-in when under attack.

The result is higher confidence, data-backed recommendations, not based on what might have happened in the past, but what is happening now.

Distributed exploit protection

Vulnerabilities have always existed, but the situation is getting worse. Cisco's Talos threat intelligence discovers hundreds of new vulnerabilities a year, and there are about 80 new CVEs reported each day. Attackers armed with stolen credentials routinely use tools, services, and access points to disguise their activity from traditional security products. Why hack in when you can simply log in?

Rather than rely solely on commercial vulnerability scanning products to uncover areas of concern, Hypershield goes further. It looks to see if a given vulnerability exists in memory or, worse, if it's already being exploited in the wild. Also, it considers the value of the asset being attacked. The AI then assigns a score, to prioritize which of the vulnerabilities poses the gravest risk.

The AI analyzes all potential threats across your environment and prioritizes them so each can be dealt with appropriately with compensating controls, providing protection while giving security teams time to investigate and mitigate.

Continuous updates

Hypershield was designed to be self-upgrading and updating. Because of the distributed architecture, the eBPF agents that send in the telemetry also act as enforcement points, using a patent-pending design that brings the continuous update CI/CD model of the cloud to premises-based systems, whether at the network, workload, file or process level.

You can set the dial for autonomy within the AI too, increasing it as the system earns your trust with its ability to test, record and report everything. This remarkable, almost magical capability is only possible because it was purpose built with AI management, another example of being AI-native.

Ever aware, everywhere

Cisco is uniquely capable of turning Hypershield into a generational product that will change the security industry. Built within the Cisco Security Cloud, Hypershield, plus the processing, protection, and data capabilities within Splunk, will create a transformative hyperscale datacenter that not only leads the AI revolution, but protects it.

We'll share more soon, but for now, you can expect Cisco Hypershield to be generally available in August 2024.

For more technical details, head over to Craig Connor's blog: Cisco Hypershield: Reimagining Security

We'd love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

Public link

Please use the above public link if you want to share this noodl on another website.