Enterprise networking and security giant Cisco has responded to its own surveillance findings by unveiling its latest addition to the Security Cloud platform: the Cisco AI Assistant for Security, powered by artificial intelligence.
According to Cisco Talos Incident Response (CTIR), ransomware and extortion attacks have accounted for 20% of its engagements in 2023. Talos, the company’s threat intelligence unit, has also reported a surge in sophisticated attacks on networking devices over the past year, particularly by state-sponsored actors.
In light of these developments, Cisco emphasized the need for advanced defenses to combat the escalating speed and sophistication of malicious activities.
Cisco launches Zero Trust assessment tool to help SMBs with cybersecurity
Cisco to train over 6 million people in cybersecurity, digital skills in APAC
“This advancement will help tip the scales in favor of defenders, empowering customers with AI deeply integrated into the Cisco Security Cloud,” said Jeetu Patel, executive vice president and general manager of Security and Collaboration at Cisco.
Large data sets
Leveraging extensive datasets, Cisco trained its AI Assistant for Security, utilizing machine-driven telemetry to analyze over 550 billion security events daily across various domains like web, email, endpoints, networks, and applications.
The company highlighted that the new feature includes capabilities such as understanding event triage, impact and scope analysis, root cause identification, and policy design.
“Through this data, the AI Assistant aims to bridge the gap between cybersecurity intentions and their actual outcomes,” Cisco said, underscoring that all AI capabilities adhere to Cisco’s Responsible AI Framework, ensuring robust security measures.
More new features
The initial rollout of the Cisco AI Assistant for Security will occur within the Cisco Cloud-delivered Firewall Management Center and Cisco Defense Orchestrator. This aims to address the significant challenge of establishing and maintaining complex policies and firewall rules. Administrators will now have the ability to employ natural language queries to discover policies and receive rule recommendations. This enhancement intends to mitigate issues like duplicate rules, misconfigured policies, and intricate workflows, while providing heightened visibility and expediting troubleshooting and configuration tasks.
Today, a majority of data center traffic is encrypted, raising concerns about the inability to inspect such traffic securely. Addressing this, the 7.4.1 Operating System, now available across the entire Cisco Secure Firewall family, introduces the Encrypted Visibility Engine. This leverages an extensive database comprising billions of samples, including sandboxed malware instances, to determine if encrypted traffic carries malware. Remarkably, it can identify the operating system and client application generating the traffic without the need for decryption, addressing operational, privacy, and compliance concerns associated with inspecting encrypted traffic.