Cisco reimagines cybersecurity at RSAC 2024 with AI and kernel-level visibility

Attacking organizations’ endpoints, infrastructure and threat surfaces with existing cyber defense systems can’t always identify or stop what the world’s most lethal attackers strive for. From cybercrime gangs utilizing AI and machine learning (ML) experts to nation-state adversaries who recruit the best and brightest from their universities to join in the global cyber fight, today’s organizations need to just as aggressively pursue resilience.  

Resilient networks are now a board of director-level priority, according to several CISOs VentureBeat spoke with at RSAC 2024 who requested anonymity. Boards want proof of progress on risk management goals. A noteworthy takeaway from RSAC 2024’s CISO discussions is their need for greater efficacy infrastructure-wide and more visibility to the container and kernel level. 

“There’s overconfidence in the ability to handle cyber-attacks, with 80% of companies feeling confident in their readiness, but only 3% are truly prepared. The downside effects of not being resilient are tragic. We must shift to creating a first generation of something completely new,” Jeetu Patel, executive vice president and general manager of Security and Collaboration for Cisco, told VentureBeat citing findings from the 2024 Cisco Cybersecurity Readiness Index.   

VentureBeat’s conversations with CISOs during RSAC support Patel’s point. Their top concerns are improving the resilience of their cloud infrastructure, securing software supply chains, improving software bill of materials (SBOM) compliance and securing the myriad of connections with partners and suppliers against attackers’ relentless stream of new tradecraft.  

Redefining cybersecurity for an adversarial AI world 

“What we have to do is make sure that we use AI natively for defenses because you cannot go out and fight those AI weaponization attacks from adversaries at a human scale. You have to do it at machine scale,” Patel explained.

Patel elaborated on the many challenges facing organizations in becoming more resilient against faster, more sophisticated cyberattacks. Cisco sees the challenges of keeping infrastructure current, staying current on patch management, and containing breach attempts with strong segmentation as difficult challenges all organizations are facing today. Letting them go too long creates weak threat surfaces that attackers will inevitably find and exploit.  

Most organizations procrastinate about patching and only double down their efforts after a breach. Ivanti’s recent cybersecurity status report found that patches that impact mission-critical systems are assigned the greatest urgency 61% of the time. The majority of IT and security professionals, 71%, see patching as overly complex and time-consuming. In addition, 57% of those same professionals say remote work and decentralized workspaces make patch management even more of a challenge, with 62% admitting that patch management takes a backseat to other tasks. 

Segmentation is known to be one of the most challenging aspects of pursuing a zero-trust security framework despite its innate ability to limit attackers from moving laterally through infrastructure. There’s also the challenge of updating the infrastructure itself, including firewalls and network equipment, which is often slow due to limited change control windows. Without a more automated approach to keeping infrastructure current, essential systems become outdated and vulnerable.

Why Cisco says cybersecurity needs to change 

Defending against adversarial AI-based attacks and the torrent of new tradecraft attackers are creating requires a new approach to cybersecurity. Cisco’s Patel and Tom Gillis, senior vice president and general manager of Cisco Security, told VentureBeat. Cybersecurity needs to take full advantage of native AI, kernel-level visibility, and hardware acceleration, leading to more resilient, self-upgrading security systems. 

Patel and Gillis expanded on that vision and explained why now is the time to reimagine cybersecurity in their co-presented keynote, The Time Is Now: Redefining Security In the Age of AI. Cisco is doubling down on native AI as the core of its go-forward cybersecurity strategy. It starts with the recently introduced HyperShield, their new hyper-distributed framework that acts as an enterprise-wide security fabric. 

“It’s extremely hard to go out and do something if AI is thought about as a bolt-on; you have to think about it. The operative word over here is AI being used natively in your core infrastructure,” emphasized Patel during the keynote. 

Gillis told VentureBeat that he is seeing the need in their customers for cybersecurity to be reimagined to support more contextually intelligent, autonomous segmentation, automated patch management and a more efficient, secure way of keeping infrastructure current.

“We’re talking about infrastructure that upgrades itself. HyperShield can apply compensating controls, shield known vulnerabilities, and then remove those controls once patched, providing lifecycle management,” Gillis said. “This isn’t just making sure that we build the next version of something that already exists. It’s building the first version of something completely new. And what that is is a completely reimagined architecture for hyper-distributed security,” added Patel. 

Three technological shifts are changing cybersecurity 

“There are three key technological shifts that are occurring, which are going to fundamentally change how we solve these problems. The first is AI, the second is kernel-level visibility, and the third is hardware acceleration,” Patel said. Patel says these three technological shifts form the foundation of Cisco’s new generation of cybersecurity hyper-distributed frameworks, starting with HyperShield.   

Patel and Gillis explained the technological shifts and their implications on why and how cybersecurity needs to be reimagined. Here is a summary of each of the shifts: 

Artificial Intelligence (AI). Gillis and Patel predict AI will lead to stepwise gains in security operations center (SOC) accuracy and performance, which is why having native AI is integral to any cybersecurity platform’s success. “These AI tools are remarkable in what they can do for security. Not a small increment but a leap forward in efficiency. We’ll always build them in a manner that they earn the trust of the user. They all have a kind of semi-automatic mode where they’ll present the user with ‘I’m about to make this decision, and here’s my reasoning why,’” Gillis told VentureBeat. 

Kernel-level Visibility. “You can’t protect what you don’t have visibility against. That’s why I think extended Berkeley Packet Filter (eBPF) is going to be a very critical technology, which allows you to go out and look in the heart of the server and the operating system and see what’s happening without actually being inside the operating system,” Patel told VentureBeat. 

Gillis added, “eBPF gives us the ability to look into the application and, understand its inner workings and then know if it has changed. Was the app updated? Is this a new version? Did something change so that we know, ‘Hey, ease up on these restrictions,’ and then tighten them up again. The deeper our understanding of the application, the more we can say with confidence if these rules are accurate or not.”​
Hardware Acceleration. Gillis and Patel see the rapid gains in graphics processing units (GPUs) and data processing units (DPU) as a catalyst that will continue to drive the reimagining and redefinition of cybersecurity. “We talked about hardware acceleration with GPUs. Think also about DPUs… you can have a massive acceleration of throughput for security operations and I/O operations… connection management and encryption that can be done a thousand times faster than what you could do before”, Patel said. He continued, “With hardware acceleration, things like DPUs—which are specialized subsystems for computation for I/O operations and repetitive network functions like connection management or encryption—allow us to provide an environment that can be a thousand times more performant than traditional means.”