Cisco unveiled a number of security updates at its Cisco Live conference, including the integration of its Splunk acquisition with Cisco Security, a new series of firewalls and new native AI management for its Cisco Security Cloud.
Cisco unveiled a number of security updates on Tuesday, including the integration of its Splunk acquisition with Cisco Security, a new series of firewalls and new native AI management for its Cisco Security Cloud.
The new offerings are part of a major Cisco initiative around AI and security that is at the center of the Cisco Live! conference to be held this week in Las Vegas.
Jeetu Patel, executive vice president and general manager of security and collaboration at Cisco, told an audience of analysts and journalists that security is a data problem, although companies are working to correlate more of data to gain insights, especially with the growth of AI.
(Related: Cisco Unveils $1 Billion AI Startup Investment Fund and New AI Partnership with Nvidia)
“There are a few things we’re doing on AI that are very important to keep in mind,” Patel said. “First, our fundamental philosophy is to assume that the attacker is in your environment and has already infiltrated it. What we need to do is make sure we can prevent any lateral movement. Because when an attacker wants to steal credit cards, he does not directly access the credit card system. They come in, they keep jumping and moving through your network. Where does this movement occur? This happens on the network. Who is best qualified to provide telemetry and data about what’s happening on the network? Cisco.
Cisco wants to ensure that lateral movements are contained as quickly as possible, in near real time, and that if a vulnerability is actually exploited or exposed, it will be fixed as quickly as possible, Patel said.
“But this update usually takes between 42 and 49 days,” he said. “So what we need to do is make sure that we have a mechanism from the time the vulnerability is exposed to the time it’s patched to prevent an exploit from happening, because an exploit usually takes about three days. … We need to make sure that we not only expedite patching, but also provide a mechanism up front to say how to put this compensating control in place, so you can wait 45 days. without fear of exposure and ensure infrastructure updates are carried out regularly.
Integrating Splunk into Cisco Security
Cisco acquired security and observability company Splunk in March This is a major step in the push to leverage Cisco’s security telemetry to help businesses build better SOCs, or security operations centers, Patel said.
“So far we have very rich telemetry. …For any organization, regardless of its level of sophistication, if you are a business that does not have a SOC, we have a solution for you,” he said. “If you are a business with the most sophisticated SOC, we have a solution for you. If you are a company that starts off without a SOC and wants to create a very sophisticated SOC very quickly, we have a solution for you.
All of this is built with AI at the heart, Patel said.
“There is a Cisco AI assistant, and it will be a skills-based architecture,” he said. “You can plug in a Splunk skill. You can incorporate a networking skill. You can plug in an observability skill. You can integrate a security skill, a collaboration skill. And all of these skills can be correlated with each other so that you can gain meaningful insights that you didn’t have before.
Splunk offers Cisco a new integrated platform with a networking cloud, a security cloud, an observability and data cloud and a collaboration cloud, Patel said.
“All of these are loosely coupled or tightly integrated,” he said. “You don’t have to buy them all to start profiting from them. And when you buy them together, the magic starts to happen. And that’s essentially the priority to bring a Cisco Security Cloud vision to the market, now empowered by Splunk.
Cisco Hypershield Updated and More
Cisco on Tuesday unveiled a significant expansion of Cisco Hypershielda software technology launched in April that protects applications, devices and data in public and private data centers, clouds and physical locations.
Cisco Hypershield will support DPU AMD Pensandowith targeted availability on Cisco UCS servers and other server vendors expected by the end of 2024. Cisco will also support Intel Infrastructure Processing Units (IPUs) as the availability of this technology will be announced in the future.
Cisco also updated its Cisco Secure Firewall family with the new Cisco Firewall 1200 Series, which the company says delivers up to three times the performance of comparable competing firewalls. The 1200 Series Firewalls are compact, SD-WAN-enabled firewall security appliances that Cisco says will eliminate the need for multiple appliances for switches, routers and firewalls in branch offices. the company. The first shipments are expected to begin in October.
Also new this week: version 7.6 of Firewall Threat Defense (FTD) software, available for all Cisco physical and virtual firewalls. New software release uses AI to prevent zero-day threats and extends application control to more than 70 GenAI applications to secure sensitive information and helps streamline branch network deployments with SD-WAN models and of predefined firewalls, Cisco said.
The company also introduced Cisco Security Cloud Control to unify its Cisco Security Cloud management. Cisco Security Cloud Control will initially work with Cisco’s network security framework, including Cisco Secure Firewall, and offer an AI-native approach to proactively deliver actionable insights and automate remediation in hybrid environments, a Cisco said. It is expected to be available starting in September and initially supports Secure Firewall Threat Defense, Secure Firewall ASA, Multicloud Defense, and Hypershield.
