In the realm of network and firewall configuration, the complexity of settings and adherence to rules present inadvertent yet potent risks for organizations. According to Gartner’s forecast, 99% of firewall breaches in the current year are anticipated to result from misconfigurations. This scenario underscores the opportune application of AI to demonstrate its value to Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs). Failure to achieve the correct configuration in a hybrid cloud setup or encountering a misconfigured firewall could lead to a security breach that remains undetected until it is too late.
Cisco, a stalwart in combating such risks on behalf of its clientele, has embraced AI wholeheartedly to address these challenges. The recently unveiled Cisco AI Assistant for Security and the AI-powered Encrypted Visibility Engine showcase the company’s commitment. The AI Assistant undergoes training on one of the most extensive security-focused datasets globally, analyzing over 550 billion security events daily.
The Encrypted Visibility Engine, a product of Cisco’s profound network expertise, is designed to inspect encrypted traffic without the usual operational, privacy, and compliance issues associated with decrypting traffic for examination.
Jeetu Patel, Executive Vice President and General Manager of Security and Collaboration at Cisco, emphasized in a recent interview, “We wanted to ensure that AI becomes integral to the core fabric of Cisco security cloud and every aspect of our security efforts.”
Firewall Complexity: A Lethal Challenge
Cisco strategically targets the significant threat surface with its comprehensive AI cybersecurity release for the close of 2023. Configuring firewalls, maintaining current patches and policies, and addressing potential Common Vulnerabilities and Exposures (CVE) are acknowledged by CISOs as time-consuming tasks that often go overlooked.
The adage “complexity kills” holds true, especially in the realm of firewalls. Increased complexity correlates with a higher likelihood of a breach. A survey by Cybersecurity Insiders reveals that 58% of organizations have over 1,000 firewall rules, with some extending into the millions.
Gartner’s projection for 2026 suggests that over 60% of organizations will deploy more than one type of firewall, leading to the adoption of hybrid mesh firewalls. Additionally, over 30% of new distributed branch-office firewall deployments are expected to be firewall-as-a-service offerings, a significant increase from less than 10% in 2022.
Bringing Order to Policy Chaos with AI
Cisco aims to reshape organizations’ cybersecurity outcomes by leveraging AI to tip the scales in favor of defenders. Combining AI with extensive telemetry across networks, private and public cloud infrastructure, applications, internet, email, and endpoints, Cisco introduces the AI Assistant for Security and the AI-powered Encrypted Visibility Engine.
The AI Assistant for Security, housed within the cloud-delivered Firewall Management Center (cdFMC), utilizes advanced natural language processing (NLP) and machine learning (ML). Raj Chopra, SVP and Chief Product Officer of the security business group at Cisco, states, “We created a generative tool designed to simplify firewall management for both seasoned admins and novice users.”
Furthermore, the architecture of the AI Assistant for Security reveals Cisco’s intent to integrate more assistants across various roles within its Security Cloud. The goal is to build a cross-domain security platform with AI assistants automating security analysis and reporting tasks.
AI and the Human Touch
A common thread unites the rush to address complex firewall policy issues and streamline SOC team workflows with AI Assistants: the need for continual learning and course correction with human input. Merritt Baer, Field CISO at Lacework, emphasizes the importance of users understanding permissions and interacting effectively with security insights.
In most briefings on AI Assistants, the integration of human-in-the-middle workflows is deemed essential. Cisco’s AI Assistant for Security aligns with this paradigm, supporting standard configuration roles at launch. Like other AI assistants in the market, it seamlessly transitions between different roles in security operations centers (SOC) without requiring re-configuration.
The effectiveness of cybersecurity providers in anticipating and addressing the human-in-the-middle dynamics of their AI Assistants will directly impact their adoption and long-term contribution to securing organizations.
