Cisco's executive veep for security Jeetu Patel has predicted that AI will change the infosec landscape, but that end users will eventually pay for the privilege of having a binary brainbox by their side when they go into battle.
Speaking at the Asia Pacific incarnation of the Cisco Live event today, in Melbourne, Australia, Patel offered the infosec maxim that attackers only need to get it right once, but defenders need to get it right every time.
That reality means that security teams today focus on defence and response.
Patel thinks that as analysis of cyberattacks increases, AI will mean defenders can be armed with tools that let them predict attackers' behaviour.
Automated responses can then kick in to deflect attacks.
That shift will make life harder for providers of point solutions for security.
Patel argued, evolved because users could not acquire or operate security systems that offered visibility of all at-risk resources.
They gave themselves the harder task of managing multiple overlapping tools.
Cisco wants to tame that mess by ingesting alerts from multiple products, and applying AI to understand how seemingly unrelated mid-level alerts that might each be ignored together represent a severe threat worthy of investigation.
Patel asserted that Cisco's scale will mean it can build a platform that can deliver, and that probably only Microsoft and Palo Alto Networks will be able to follow it.
Vendors of specialist security products will feed their wares' outputs to the larger cyber-AI platforms, relieving IT pros of the need to manage multiple products.
Cisco's first lash at this stuff is an AI Assistant for Firewall Policy that assesses firewall rules and, using a natural language interface, allows admins to identify policies that could usefully be tweaked or removed.
A demo shown to The Register saw a user prompt the Assistant to identify firewall policies applied to an enterprise application, an act that produced a summary of those policies and identified those that are duplicates or sub-optimal.
Cisco has also used AI to identify traces of malware activity in encrypted traffic.
That tool was delivered in version 7.4.1 of the OS for Cisco's Secure Firewall family.
Cisco hasn't announced prices yet, because it doesn't have a sufficient sample of user behaviour to understand usage patterns that will let it understand the costs of such services.
This Cyber News was published on go.theregister.com. Publication date: Wed, 06 Dec 2023 04:43:05 +0000