Organizations worldwide are dealing with short-staffed security operations, and a security parasol that stitches together numerous single-point solutions and hampers threat visibility.
At its LIVE 2023 event in Las Vegas this week, Cisco revealed an array of solutions, paving stones on its path to a platform strategy called Cisco Security Cloud. Jeetu Patel, executive vice president and general manager of security and collaboration at Cisco, said simplicity was key to Security Cloud, describing it as a secure way for users to connect to any application they have in a frictionless way.
“It’s about zero trust and zero friction – providing the least privileged access with the least amount of friction to the user,” said Patel.
Cisco also unveiled several generative AI products, visibility tools and collaborations at the event that advance upon the announcements it made at the RSA conference 2023 in April, which focused on its extended detection and response cloud service.
In an interview with TechRepublic about Cisco LIVE 2023, Patel said the new technologies addressed a need to simplify security operations and address security considerations caused by the shift to hybrid work. “It’s the most amount of innovation we’ve had in a decade,” he said.
Patel said three key products advance the company’s move to Cisco Security Cloud:
Cisco’s talking points in Las Vegas this week put large language model interfaces in bold, showing how AI can make it easier for security teams to deal with the proliferation of apps, data and threat surfaces.
Cisco Secure Access
A key focus at Cisco LIVE was its approach to simplifying authorization and access through a new security service edge solution, designed to enable hybrid work experiences and simplify access across any location, device and application. The new platform, called Cisco Secure Access:
- Delivers a single, easy way to access all applications and resources that, in part, use AI to steer traffic to private and public destinations without end-user intervention.
- Converges multiple functions into one solution, giving administrators and analysts a single interface for traffic, policy settings and analysis of security risks.
- Includes analysis from Cisco Talos AI-driven threat intelligence.
“With Cisco Secure Access, any user can go to any application, whether it’s cloud SaaS or an order management system or (a media platform). Usually, if you want to do that, you have to use VPNs, zero-trust network access for applications or even the web,” said Patel.
“We think this makes no sense and realized we needed to remove all of that complexity for the user. Our job is to create the most obvious experience for the user with the least cognitive overload.”
Cisco Secure Access launches with limited availability starting in July 2023 and is generally available in October 2023.
Integration with Cisco ThousandEyes
As part of the Cisco Secure Access launch, the company announced that the solution will be integrated with its ThousandEyes visibility engine for digital experience management.
SEE: Here are some of the upsides to observability.
“ThousandEyes gives us end-to-end seamlessness, so, when the user experience goes sideways — perhaps the internet is not working, there is friction access, or there are other issues the user can’t identify — we can detect it and fix it,” said Patel.
Firewall focuses on hybrid work and cloud
The new Secure Firewall 4200 series is, according to the company, designed to address the move to hybrid work, with new cryptographics and AI and machine language-based encrypted threat blocking.
SEE: Hybrid work creates a wide-open threat surface.
The firewall uses zero-trust network access with threat inspection and policy for each application, and new security protocols addressing traffic from remote offices to applications in hybrid data centers.
Cisco said the Secure Firewall 4200 series will be generally available in September 2023 supporting the 7.4 OS, which will be generally available for the rest of the Secure Firewall appliance family in December 2023.
Extending the firewall to the cloud
On the heels of its acquisition of Valtix, Cisco launched Cisco Multicloud Defense for the SaaS multicloud environment. The new system, available now, lets IT operations manage security across AWS, Google Cloud Platform, Microsoft Azure and Oracle Cloud Infrastructure with a single policy in real-time from one SaaS platform. In addition, teams can rapidly spin up security for any cloud environment.
“Multicloud Defense allows you to take any application running in any cloud environment and access only precisely the data that you want, and the environment that you want,” said Patel.
He added that the system applies zero-trust — and a “least privileged access” paradigm — to data and systems. “We want to give customers the least access you need to get the job done, to make sure that, say, an application a customer built in the cloud is able to access this specific data in their data center and nothing else.”
According to Patel, Cisco Multicloud Defense will use the same management console as the new Cisco Secure Firewall 4200 series. “You now have a platform that lets you add each new solution, and every subsequent piece gets to be less of an effort to plug into your ecosystem,” he said.
New AI-powered solutions from Cisco
AI Policy Assistant
Cisco revealed a new AI system designed to automate security policies across numerous interfaces. The company said the AI Policy Assistant will enable teams to describe policies at the granular level and evaluate how to best implement them across different aspects of their security infrastructure.
At Cisco LIVE, the company showed how the assistant can “reason” with a firewall policy and help IT generate and implement rules using Cisco’s Secure Firewall Management Center.
Patel said the solution addresses an inherent flaw in the proliferation of security solutions. “On average, most companies have 50 to 70 vendors in their cyber stack; that’s 70 policy engines, 70 places where contention can occur, and before you know it you have 70 different cracks in the system,” he said.
“Applications can have millions of lines of policy for a firewall. Our policy engine will have reasoning and natural language capability,” said Patel. “Administrators can therefore request access for a person using natural language, using generative AI to interface with the policy engine, have a conversation with it, and make suggestions to administrators about how to simplify the policy rules.”
SEE: Study shows tech leaders are investing big in AI.
AI SOC Assistant
Cisco said the generative AI SOC Assistant is designed to lighten the load on endemically understaffed security teams by parsing alerts across the Cisco Security Cloud platform, and making natural language recommendations on whether to act upon issues as they arise.
According to Cisco, the SOC Assistant will provide broad situation analysis, relaying potential impacts with the goal of reducing threat response time.
Cisco, which is previewing a generative AI solution for Webex at Cisco LIVE 2023, said AI summaries for Webex, policy management and SOC Assistant will be available by the end of 2023, with additional SOC Assistant features available in the first half of 2024.
Collaborations with Apple, AT&T
At LIVE 2023, Cisco announced collaborations with mobile device vendors to enhance users’ experiences. With Apple, it will incorporate zero-trust access through Cisco Secure Access into a native experience on iOS and macOS.
In addition, Cisco announced a partnership with AT&T aimed at hybrid workforces. The partnership is meant to enable Cisco’s Webex Calling and SD-WAN solutions to work with AT&T mobile networks to “let businesses offer employees a simple, secure, consistent experience to thrive in any setting.”