Cisco has launched a new security product that it claims will use AI to help protect critical systems. Named ‘HyperShield,’ the enterprise technology firm describes the new service as capable of transforming multiple IT assets into security enforcement points, including virtual machines and Kubernetes clusters in public clouds. Deployment of the new product, Cisco added, would allow users to more easily block application exploits and hackers from laterally moving through systems to mount more extensive cyberattacks.
“The power of Cisco HyperShield is that it can put security anywhere you need it – in software, in a server, or in the future even in a network switch,” said Jeetu Patel, Cisco’s executive vice president and general manager for security and collaboration. “When you have a distributed system that could include hundreds of thousands of enforcement points, simplified management is mission critical.”
HyperShield automates several network security tasks
Cisco said that HyperShield was developed using the open-source eBPF standard typically used to protect hyperscale cloud workloads, having acquired one of the leading providers of enterprise eBPF products earlier this month. The new security product, the firm claims, uses hardware acceleration provided by data processing units (DPUs) installed in network hardware to identify, analyse and “respond” to anomalies it detects in network traffic or application behaviour. HyperShield’s detection ability, Cisco continued, is supplemented by the firm’s usage of Nvidia’s ‘Morpheus’ AI cybersecurity framework and the chipmakers’ GPU and DPU accelerators.
Additionally, Cisco claims that HyperShield can react to discoveries of new software vulnerabilities by testing and then deploying solutions across client networks “in minutes.” This capability also extends to standard software upgrades, which are assessed in a digital twin before their wider rollout. Additionally, HyperShield performs network segmentation autonomously.
AI-powered cybersecurity
HyperShield’s debut accompanies growing interest among IT departments and hackers alike about how AI might be leveraged in cybersecurity. Similar AI-powered network security services include VMware’s ‘Private AI’ service and HPE’s Aruba Networking Central, which the firm claims taps into dedicated large language models to deliver a steady stream of analysis about the user’s cyber defences.
The development of solutions like HyperShield is necessary in an era when the time between the discovery and exploitation of a network vulnerability can be as little as four days, Cisco’s Patel told CNBC. AI could potentially reduce that time to just minutes, he added. “Previously, you had to work on the assumption that a breach had happened [and that] once someone was in, there was lateral movement that you had to identify before you could respond,” said Patel. “We need to move to a position where we can predict and respond.”
Cisco’s cybersecurity highs and lows
Cybersecurity has become an increasingly important revenue source for Cisco in recent years as it attempts to augment its networking equipment manufacturing business. This commitment led to its acquisition of Splunk last year for $28bn, along with access to its network observability software and 15,000 corporate customers. At the time, Cisco chief executive Chuck Robbins hailed the deal as a vital contribution toward its goal of building AI-powered security systems. “From threat detection and response to threat prediction and prevention, we will help make organisations of all sizes more secure and resilient,” he said.
Meanwhile, Cisco itself continues to prove vulnerable to cyberattacks. This week its Cisco Duo division warned customers that threat actors had managed to steal SMS logs from the third party it uses to issue multi-factor authentication messages. While users were assured that the internal content of messages remained invisible to the hackers, sensitive information was nonetheless disclosed. Another breach in October 2023, meanwhile, saw Cisco warn that over 40,000 of its devices had had backdoors installed by hostile actors, advising that this would afford attackers “full control of the compromised device.”