Cisco uncorks AI-based security assistant to streamline enterprise protection

Cisco has unveiled its natural language-based AI Assistant for Security aimed at helping enterprise customers better assess security situations, eliminate configuration errors and automate complex tasks.

The Cisco AI Assistant for Security will first be implemented as part of the vendor’s cloud-based Firewall Management Center and Cisco Defense Orchestrator services. Cisco’s Firewall Management Center is a centralized platform for configuring, monitoring, troubleshooting and controlling Cisco Firepower Next-Generation Firewalls. The orchestrator platform lets customers centrally manage, control and automate security policies across multiple cloud-native security systems.

Among the goals of the AI Assistant are to reduce the time it takes for customers to respond to potential threats and simplify the entire security process.

“Using natural language, an administrator can iterate with the AI Assistant to do things like discover and identify all the policies that control access to an application, define a new policy or rule for the administrator, and implement the policy,” said Jeetu Patel, executive vice president and general manager of security and collaboration at Cisco, in a blog about the news.

“The AI Assistant can also identify duplicate or misconfigured security policies from amongst thousands of existing policies and make recommendations for resolving them. To me, this is mind-blowing, because this is a level of intelligence that just isn’t possible without AI,” Patel stated.

In addition, Patel said the security assistant will let customers describe and contextualize events across email, the web, endpoints, and the network to tell security operation center analysts exactly what happened, the impact, and best next steps to take to remediate problems and set new policies.

Cisco first talked about the security assistant at its Live event in June, saying an AI-based assistant will provide easy-to-use situation analysis for network and security teams, correlating intelligence across the Cisco Security Cloud and relaying potential impacts; going forward, customers “won’t need to have a Ph.D. to manage a firewall policy,” Cisco stated.

In addition to the Assistant, Cisco added a new security feature across its firewall family that lets security teams see into traffic to look for malware without having to decrypt it first. 

“Decrypting traffic for inspection is resource-intensive and fraught with operational, privacy, and compliance issues,” Patel stated. With the 7.4.1 Operating System, which is now available, the system can analyze encrypted traffic to identify indicators of malicious behavior that humans can’t, and it does so without decrypting, Patel stated.

“For instance, an insulin pump that’s running certain operating systems cannot run an end-point client. If it gets attacked by malware that communicates with the outside world via encrypted traffic, you can lose control of the insulin pump,” Patel wrote. “With Encrypted Visibility Engine, you can now block this at the firewall.”