Today we launched probably the most consequential safety product in Cisco’s historical past: Cisco Hypershield. It’s a cloud-native, AI-powered method to extremely distributed safety for AI-scale knowledge facilities that’s constructed into the material of the community.
It’s probably the most radically completely different safety innovation I’ve been part of in my profession. Part of the Cisco Security Cloud, Cisco Hypershield actually turns the community safety mannequin the other way up, bringing the ability of hyperscaler safety and connectivity to the enterprise.
Security for the Age of AI
AI is ushering in an period of digital abundance. When each particular person in each job operate has AI assistants and organizations are transferring at machine scale, our world of 8 billion will really feel like now we have the capability of 80 billion.
To accommodate the extra digital capability required, our private and non-private knowledge facilities are being reimagined. And Cisco is on the coronary heart of how knowledge facilities are being reimagined: how they’re linked, how they’re secured, how they’re operated, and the way they’re scaled.
And knowledge facilities are altering in two main methods. Infrastructure is altering: CPUs are being supplemented with GPUs and DPUs focusing on features like AI workload processing and I/O operations at throughput ranges that fashionable AI-scale knowledge facilities want. And purposes are altering: they’re being damaged into 1000’s of microservices that run in several containers and clouds – extremely distributed, all speaking to one another.
In this new world, we have to reimagine safety at AI scale. And we have to do it now, as a result of this evolution of knowledge facilities and purposes isn’t ready for us.
How can we reimagine safety?
Billions spent on cyber safety, and we’re nonetheless falling behind in some ways.
The reality is, securing every little thing is tough. And the unprecedented scale of contemporary purposes, AI workloads, and units simply makes every little thing tougher. For occasion, I used to be just lately in India and the nation is rolling out 250 million sensible energy meters, every of which has the potential to be exploited. This is only one instance of scale that creates tactical challenges for securing every little thing. Consider the challenges:
- Segmentation is tough when purposes develop into hyper-distributed and are regularly altering.
- Patching is tough as a result of it takes a very long time to check, schedule, and deploy a patch to take away a vulnerability. And it’s getting tougher to maintain up as a result of attackers are compressing the time between after they learn about a vulnerability to after they begin exploiting it; it’d take only a few days and even much less.
- Upgrades are arduous as a result of, like patches, they contain guide testing and deployment. Upgrades are particularly arduous after they contain mission-critical infrastructure like an oil rig or a medical robotic, a few of which might’t even be upgraded.
Now, think about you had an answer that might perceive every little thing your purposes are doing. Then you can have AI outline granular segmentation guidelines for you and hold them up to date as issues evolve.
Imagine you had a method to discover vulnerabilities and routinely protect them from being exploited. You’d be protected even earlier than you get the prospect to patch.
Imagine your safety infrastructure might improve itself. You’d save numerous hours and eradicate the coordination and downtime of improve testing and deployment home windows.
We designed Cisco Hypershield to do all this and extra. It is constructed for the age of AI, for the cloud, in software program, and with a distributed structure which means you may put safety wherever it’s good to….within the cloud, within the knowledge middle, on a manufacturing facility flooring, or a hospital imaging room.
Cisco Hypershield is constructed on fashionable constructing blocks like eBPF, {hardware} acceleration, and AI.
- Co-created by our new teammates from Isovalent together with Meta, eBPF permits a light-weight agent to see into the center of the working system, with out really being there. It sits within the person house however has a kernel-level impact. This offers Cisco Hypershield full visibility into each software program course of and each I/O operation your distributed purposes are operating in any Kubernetes container or VM. It’s the default mechanism for connecting and defending cloud-native workloads utilized by the hyperscalers.
- Hardware acceleration. Cisco Hypershield takes benefit of DPUs and different {hardware} accelerators in servers and different community infrastructure. This means you may place high-performance safety management factors not simply in distributed containers and VMs, however in {hardware} that sits near the workloads they’re defending.
- By designing Cisco Hypershield from the bottom as much as leverage the ability of AI, it’s orders-of-magnitude extra autonomous than different safety options. With this AI-first focus in thoughts, we’re enthusiastic about our partnership with NVIDIA. We are working collectively to co-create security-specific AI fashions, and we’re optimizing our Cisco Security merchandise for NVIDIA’s know-how.
Bringing safety to the workloads
What the Cisco Hypershield structure delivers is a coordinated material of 1000’s of distributed safety enforcement factors all through your whole atmosphere, throughout each private and non-private clouds. It brings safety to the workloads, not the opposite manner round.
And this structure permits us to do some actually unimaginable use circumstances that weren’t attainable till now, comparable to:
- Autonomous segmentation that pulls upon ongoing visibility of community flows, course of behaviors, and software adjustments to outline granular segmentation guidelines that may defend in opposition to lateral motion. And as issues change over time, Cisco Hypershield refines and updates these guidelines dynamically.
- Distributed exploit safety that determines when you have a high-risk vulnerability in your atmosphere and delivers a compensating management that may be deployed to dam attackers from exploiting the vulnerability – earlier than you will have an opportunity to patch, and possibly even earlier than you already know concerning the vulnerability.
- Self-qualifying upgrades that use a shadow knowledge path to check upgrades and coverage adjustments in opposition to a mirror of reside site visitors, evaluate and ensure the outcomes utilizing AI, and transfer all of the flows to the newest model – all with none downtime.
I’m extremely excited concerning the launch of Cisco Hypershield. I’m so happy with our group for delivering this unimaginable innovation that may assist make the world a safer place.
To be taught extra about it, please learn Tom Gillis’ weblog concerning the know-how and the important thing buyer use circumstances we’re fixing for. And hold your suggestions coming!
Additional sources
Share: