Skip links

Cisco intros AI to find firewall flaws, warns this sort of thing can’t be free

Cisco’s executive veep for security Jeetu Patel has predicted that AI will change the infosec landscape, but that end users will eventually pay for the privilege of having a binary brainbox by their side when they go into battle.

Speaking at the Asia Pacific incarnation of the Cisco Live event today, in Melbourne, Australia, Patel offered the infosec maxim that attackers only need to get it right once, but defenders need to get it right every time.

That reality means that security teams today focus on defence and response.

Patel thinks that as analysis of cyberattacks increases, AI will mean defenders can be armed with tools that let them predict attackers’ behaviour.

“We will go from defend and respond to prediction,” he said. Automated responses can then kick in to deflect attacks.

That shift will make life harder for providers of point solutions for security. Such vendors, Patel argued, evolved because users could not acquire or operate security systems that offered visibility of all at-risk resources. By doing so, they gave themselves the harder task of managing multiple overlapping tools.

Cisco wants to tame that mess by ingesting alerts from multiple products, and applying AI to understand how seemingly unrelated mid-level alerts that might each be ignored together represent a severe threat worthy of investigation.

That sort of prediction won’t be easy to make. Patel asserted that Cisco’s scale will mean it can build a platform that can deliver, and that probably only Microsoft and Palo Alto Networks will be able to follow it. Vendors of specialist security products will feed their wares’ outputs to the larger cyber-AI platforms, relieving IT pros of the need to manage multiple products.

Cisco’s first lash at this stuff is an AI Assistant for Firewall Policy that assesses firewall rules and, using a natural language interface, allows admins to identify policies that could usefully be tweaked or removed.

A demo shown to The Register saw a user prompt the Assistant to identify firewall policies applied to an enterprise application, an act that produced a summary of those policies and identified those that are duplicates or sub-optimal. Users could then instruct the AI to address issues. The Assistant is available in preview.

Cisco has also used AI to identify traces of malware activity in encrypted traffic.

That tool was delivered in version 7.4.1 of the OS for Cisco’s Secure Firewall family.

Patel warned such services won’t be free.

“There is a cost to run the compute services for generative AI,” he said.

“We will have a certain amount of AI available in the suite, but beyond that we will have to monetise.”

Cisco hasn’t announced prices yet, because it doesn’t have a sufficient sample of user behaviour to understand usage patterns that will let it understand the costs of such services.

“You can assume there will be some monetisation,” Patel said. “Today we will have AI assistants. As we learn more, we will have a much better idea so we can associate the right level of costs.”

He pledged the costs won’t be “an impediment” to using AI. “We want to get to broad usage and adoption.” ®

Source