Cisco Beefs Up Its Security Offerings With Splunk, AI Tech
Cisco unveiled a number of security updates at its Cisco Live conference, including integrating its Splunk acquisition with Cisco security, a new firewall series, and new AI-native management for its Cisco Security Cloud.
Cisco Tuesday unveiled a number of security updates, including integrating its Splunk acquisition with Cisco security, a new firewall series, and new AI-native management for its Cisco Security Cloud.
The new offerings are part of a major Cisco push around AI and security that is at the center of the Cisco Live! conference being held this week in Las Vegas.
Jeetu Patel, Cisco’s executive vice president and general manager for security and collaboration, told an audience of analysts and reporters that security is a data problem even as businesses work to correlate more data together to gain insights, particularly with the growth of AI.
[Related: Cisco Unveils $1B AI Startup Investment Fund, New AI Partnership With Nvidia]
“There's a couple of things that we’re doing on AI that are pretty important to keep in mind,” Patel said. “First, the core philosophy that we have is, assume that the attacker is in your environment and has already infiltrated it. What we have to do is make sure that we can prevent lateral movement. Because when an attacker wants to steal credit cards, they don't go straight to the credit card system. They come in, they keep making hops, and they move through your network. Where does that movement happen? That happens on the network. Who is the most qualified to provide telemetry and data on what is happening on the network? Cisco.”
Cisco wants to make sure that lateral movement is contained as fast as possible in near real time, and that if there is a vulnerability that is actually exploited or exposed that it is patched as quickly as possible, Patel said.
“But that patching typically takes 42 to 49 days,” he said. “So what we have to do is make sure that we have a mechanism from the time that the vulnerability is exposed to the time it gets patched to prevent an exploit from occurring, because an exploit typically takes about three days. ... We have to make sure that we not only expedite the patching, but we can actually provide some mechanism up front to say, how do you have that compensating control that can be put in place, so that you can wait for 45 days without worrying that you're going to be exposed and make sure that the updates to the infrastructure happen on a regular basis.”
Integrating Splunk Into Cisco Security
Cisco’s March acquisition of security and observability company Splunk is a major step in the move to take advantage of Cisco’s security telemetry to help businesses build better SOCs or security operations centers, Patel said.
“Until now, we have a lot of rich telemetry. ... For any organization of any level of sophistication, if you are a company that doesn't have a SOC, we got a solution for you,” he said. “If you’re a company with the most sophisticated SOC, we’ve got a solution for you. If you’re a company that actually starts with not having SOC and wants to go out and very quickly build a very sophisticated SOC, we’ve got a solution for you.”
All of this is built with AI at the core, Patel said.
“There's one Cisco AI assistant, and it'll be a skills-based architecture,” he said. “You can plug in a Splunk skill. You can plug in a networking skill. You can plug in an observability skill. You can plug in a security skill, a collaboration skill. And all of those skills can get correlated to each other so that you can have meaningful insights that you didn't have before.”
Splunk gives Cisco a new integrated platform with a networking cloud, a security cloud, an observability and data cloud, and a collaboration cloud, Patel said.
“All of these are loosely coupled or tightly integrated,” he said. “You don't have to buy all of them to start getting value. And when you do buy them together, magic starts happening. And that's essentially the high order bit on delivering a Cisco Security Cloud vision to the market, now supercharged with Splunk.
Updated Cisco Hypershield And More
Cisco Tuesday unveiled a significant expansion to Cisco Hypershield, a software-based technology it launched in April that protects applications, devices, and data across public and private data centers, clouds, and physical locations.
Cisco Hypershield will support AMD Pensando DPUs, with targeted availability in Cisco UCS servers and from other server vendors expected by the end of 2024. Cisco will also support Intel infrastructure processing units (IPUs) as availability of that technology is announced in the future.
Cisco also updated its Cisco Secure Firewall family with the new Cisco Firewall 1200 Series, which the company said delivers up to three times the performance of comparable competitive firewalls. The 1200 Series firewalls are SD-WAN enabled compact firewall security appliances that Cisco claims will eliminate the need to have multiple appliances for switches, routers, and firewalls at enterprise branch locations. Initial shipments are slated to start in October.
Also new this week is the software 7.6 version of Firewall Threat Defense (FTD), which is available for all Cisco's physical and virtual firewalls. The new version of the software uses AI to prevent zero-day threats and extends application control to over 70 GenAI apps to secure sensitive information and helps streamline branch network rollouts with pre-built SD-WAN and firewall templates, Cisco said.
The company also introduced Cisco Security Cloud Control to unify its Cisco Security Cloud management. Cisco Security Cloud Control will initially work with Cisco’s network security fabric including Cisco Secure Firewall, and will deliver an AI-native approach to proactively offer actionable insights and automate resolution across hybrid environments, Cisco said. It is slated to be available starting in September, and initially support Secure Firewall Threat Defense, Secure Firewall ASA, Multicloud Defense, and Hypershield.