Cisco touted new generative artificial intelligence (AI)-powered security capabilities and a security service edge (SSE) solution at this week’s Cisco Live 2023 event in Las Vegas.
Cisco is the latest major security company introducing generative AI-based capabilities to its security portfolio. One AI offering supports security operations center (SOC) teams by giving them the ability to query data collected across the organization to identify patterns and to determine the best approach for remediating the issue. The SOC assistant will be able to describe what happened during a security incident; correlate intelligence and contextualize events for the Cisco Security Cloud platform across email, web, endpoints, and the network; and generate an incident summary afterward, the company said.
The SOC assistant will be available in mid-2024.
The second AI assistant will help security teams describe granular security policies and evaluate how to implement them. By letting the administrator talk through the reasoning behind the desired controls, the assistant could help identify gaps and create cleaner policies. The ability to implement firewall policies this way will be available later in the year, the company said.
Interest in generative AI is high in cybersecurity because it presents an opportunity to simplify security tasks. Analysts and administrators can use natural language to figure out what they need to know or find features without navigating a maze of menus or working through a catalog of various commands.
Cisco is laying down the groundwork to expand its AI capabilities across its security portfolio. Last week the company announced its intent to acquire Armorblox – a security startup specializing in using large language models and natural language understanding.
Also at Cisco Live, the company noted the challenges of securing access to applications in private and public clouds. Users also have different experiences accessing business applications, depending on factors such as the type of device they are using and the network they are on. The point of SSE is to protect access to Web, cloud, and private applications, regardless of the user’s location, device being used, or the application host.
Cisco Secure Access, which will be in limited availability starting in July and generally available in October, will provide zero-trust network access where possible and enable VPN for other connections, but make that invisible to the user. Cisco Secure Access also integrates with the rest of Cisco’s security portfolio, including threat intelligence from Talos, and threat detection, response, and visibility capabilities from ThousandEyes.