Join us as we return to New York on June 5 to collaborate with leaders to explore comprehensive methods for auditing AI models for bias, performance, and ethical compliance in diverse organizations. Find out how you can attend here.
Attacking organizations’ endpoints, infrastructure and threat surfaces with existing cyber defense systems does not always identify or stop the goals of the world’s deadliest attackers. From cybercrime gangs using AI and machine learning (ML) experts to adversaries of nation states who recruit the best and brightest from their universities To participate in the global cyber fight, today’s organizations must equally aggressively pursue resilience.
Resilient networks are now a priority at the board level, according to several CISOs VentureBeat spoke with at RSAC 2024 who requested anonymity. Boards want evidence of progress against risk management objectives. A takeaway from RSAC 2024 CISO discussions is their need for greater infrastructure-wide efficiency and greater visibility at the container and core level.
“There is overconfidence in the ability to manage cyberattacks, with 80% of companies feel confident in their preparation, but only 3% are really prepared. The negative effects of lack of resilience are tragic. We need to move on to creating a first generation of something completely new,” Jeetu Patel, executive vice president and general manager of security and collaboration at Cisco, told VentureBeat, citing the findings of the study. Cisco Cybersecurity Readiness Index 2024.
VentureBeat’s conversations with CISOs during RSAC support Patel’s view. Their primary concerns are improving the resiliency of their cloud infrastructure, securing software supply chains, improving software invoice compliance (SBOM), and securing the myriad connections with partners and customers. suppliers against the incessant flow of new professions from attackers.
VB event
The AI Impact Tour: The AI Audit
Join us when we return to New York on June 5 to engage with top leaders and dig deeper into strategies for auditing AI models to ensure fairness, peak performance, and ethical compliance across diverse organizations. Ensure your participation in this exclusive, invitation-only event.
Request an invitation
Redefining cybersecurity for an adversarial AI world
“What we need to do is make sure we use AI natively for defense, because you can’t go out and fight these AI weapon attacks launched by adversaries on a human scale. You have to do it at machine scale,” Patel explained.
Patel explained the many challenges organizations face in becoming more resilient to faster and more sophisticated cyberattacks. Cisco views the challenges of keeping infrastructure up to date, staying current with patch management, and containing breach attempts through strong segmentation as difficult challenges that all organizations face today. Leaving them on for too long creates weak threat surfaces that attackers will inevitably find and exploit.
Most organizations procrastinate before installing patches and only increase their efforts after a breach. Ivanti recent report on the state of cybersecurity found that fixes impacting critical systems are assigned the highest urgency 61% of the time. The majority of IT and security professionals, 71%, view patching as too complex and time consuming. Additionally, 57% of these same professionals say remote work and decentralized workspaces make patch management even more difficult, with 62% admitting that patch management takes a back seat to other tasks.
Segmentation is known to be one of the most difficult aspects to pursue a zero trust security framework despite its innate ability to prevent attackers from moving laterally across the infrastructure. There is also the challenge of updating the infrastructure itself, including firewalls and networking equipment, which is often slow due to limited change control windows. Without a more automated approach to keeping infrastructure up to date, critical systems become outdated and vulnerable.
Why Cisco says cybersecurity needs to change
Defending against AI-based adversary attacks and the torrent of new professional attackers is creating requires a new approach to cybersecurity. Cisco’s Patel and Tom Gillis, senior vice president and general manager of Cisco Security, told VentureBeat. Cybersecurity must take full advantage of native AI, kernel-level visibility, and hardware acceleration, leading to more resilient, self-upgrading security systems.
Patel and Gillis expanded on this vision and explained why now is the time to reinvent cybersecurity in their co-presented keynote: Now is the time: redefining security in the age of AI. Cisco is emphasizing native AI as a core part of its future cybersecurity strategy. It starts with the recently introduced HyperShield, their new hyper-distributed framework that acts as an enterprise-wide security framework.
“It’s extremely difficult to go out and do something if AI is seen as a complementary tool; you have to think about it. The key word here is that AI is used natively in your core infrastructure,” Patel emphasized during the keynote.
Gillis told VentureBeat that he sees a need among their clients to reimagine cybersecurity to support more intelligent, context-aware segmentation, automated patch management, and a more efficient, more secure way to maintain security. up-to-date infrastructure.
“We’re talking about infrastructure that improves itself. HyperShield can apply compensating controls, protect known vulnerabilities, and then remove those controls once patched, providing lifecycle management,” Gillis said. “It’s not just about making sure we’re building the next version of something that already exists. It’s about building the first version of something completely new. And it’s a completely redesigned architecture for hyper-distributed security,” Patel added.
Three technological changes are changing cybersecurity
“Three key technological shifts are occurring that will fundamentally change how we solve these problems. The first is AI, the second is kernel-level visibility, and the third is hardware acceleration,” Patel said. Patel says these three technology changes form the foundation of Cisco’s next generation of hyper-distributed cybersecurity frameworks, starting with HyperShield.
Patel and Gillis explained the technological changes and their implications on why and how cybersecurity needs to be reinvented. Here is a summary of each shift:
AArtificial Intelligence (AI). Gillis and Patel predict that AI will drive incremental gains in security operations center (SOC) accuracy and performance. This is why having native AI is integral to the success of any cybersecurity platform. “These AI tools are remarkable for what they can do when it comes to security. This is not a small improvement, but a quantum leap in efficiency. We will always build them in a way that earns the user’s trust. They all have some sort of semi-automatic mode where they will present to the user, ‘I’m about to make this decision, and here’s my reasoning,'” Gillis told VentureBeat.
Core-level visibility. “You can’t protect what you don’t have visibility against. That’s why I think Extended Berkeley Packet Filter (eBPF) will be a very critical technology, which will allow you to go look inside the server and the operating system and see what is happening without actually being inside the operating system,” said Patel at VentureBeat.
Gillis added: “eBPF gives us the ability to look at the application, understand its inner workings and find out if it has changed. Has the app been updated? Is this a new version? Has anything changed so that we know, “Hey, loosen these restrictions,” and then tighten them again? The deeper our understanding of the application, the more confidently we can say whether or not these rules are accurate.
Hardware acceleration. Gillis and Patel see the rapid advancements in graphics processing units (GPUs) and data processing units (DPUs) as a catalyst that will continue to drive the reimagining and redefinition of cybersecurity. “We talked about hardware acceleration with GPUs. Also think about DPUs… you can have massive throughput acceleration for security operations and I/O operations… connection management and encryption that can be done a thousand times faster than you could do before” , said Patel. He continues: “With hardware acceleration, things like DPUs, which are specialized subsystems for computing I/O operations and repetitive network functions like connection management or encryption, allow us to provide an environment that can be a thousand times more efficient than traditional means. .”
