Cisco Enhances Cybersecurity Defence, Introduces AI Assistant For Security
The AI assistant will help organisations make informed decisions, improve existing capabilities and automate complex tasks.
In a step towards making artificial intelligence pervasive in the Security Cloud — Cisco's unified, AI-driven security platform — the company has launched Cisco AI Assistant for Security. The AI assistant will help enterprises make informed decisions, improve their tool capabilities and automate complex tasks, Cisco said.
As cyberattacks continue to evolve, the organisations’ defences must too. Ransomware and extortion attacks made up 20% of Cisco Talos Incident Response engagements in 2023, according to a report. Talos also observed an increase in sophisticated attacks on networking devices in 2023, particularly by state-sponsored actors. The increased speed and sophistication of malicious actors requires the adoption of machine-scale defences.
The new AI assistant is trained on one of the largest security-focused data sets in the world, which analyses more than 550 billion security events everyday across web, email, endpoints, networks and applications, according to Cisco. It can understand event triage, impact and scope, root cause analysis and policy design. With this data, the AI assistant aims to close the gap between cybersecurity intent and outcomes.
“To be an AI-first company, you must be a data-first company. With our extensive native telemetry, Cisco is uniquely positioned to deliver cybersecurity solutions that allow businesses to confidently operate at machine scale,” said Jeetu Patel, executive vice president and general manager of security and collaboration at Cisco.
AI Assistant For Firewall Policy
The AI assistant will first go live within the Firewall Management Centre and Defense Orchestrator — the company’s cloud-based solution for managing security policy changes — to solve the challenge of setting and maintaining complex policies and firewall rules, Cisco said. Administrators can use natural language to discover policies and get rule recommendations, eliminating duplicate rules, misconfigured policies and complex workflows with increased visibility, along with accelerating troubleshooting and configuration tasks.
AI-Powered Encrypted Visibility Engine For Firewall Models
Most data centre traffic is encrypted, and the inability to inspect it is a major security concern. Decrypting traffic for inspection is resource-intensive and fraught with operational, privacy and compliance issues.
Cisco said the 7.4.1 Operating System will now be available across the entire Secure Firewall family. Using AI, Cisco’s Encrypted Visibility Engine will leverage samples, including sandboxed malware, to determine if the encrypted traffic is transporting malware. It can identify which operating system the traffic is coming from and what client application is generating it, without the need for decryption, the company said.