Configuration complexity and misconfigurations pose significant risks for organizations managing networks and firewalls. According to Gartner, these misconfigurations will account for 99% of firewall breaches this year. A misplaced hybrid cloud configuration or an improperly set firewall can lead to undetected breaches until severe damage has occurred.
For years, Cisco has been at the forefront of combatting these threats. Their commitment to leveraging AI culminated in the launch of the Cisco AI Assistant for Security and the AI-powered Encrypted Visibility Engine. The AI Assistant analyzes over 550 billion security events daily, drawing from one of the largest security-focused datasets globally.
Cisco has introduced the Encrypted Visibility Engine to inspect encrypted traffic without the usual operational, privacy, and compliance headaches associated with decrypting data. As Jeetu Patel, Cisco's EVP and General Manager of Security and Collaboration, noted, the company aims to integrate AI seamlessly across its security offerings.
Complexity in Firewall Management
Cisco's latest AI-driven cybersecurity suite targets one of the most challenging areas for security teams: firewall management. Configuring firewalls, applying patches, and mitigating vulnerabilities is time-consuming and often overlooked. A complex firewall configuration increases the risk of breaches, with Cybersecurity Insiders noting that 58% of organizations have over 1,000 firewall rules, some even exceeding a million.
As firewalls have been a staple of IT security for decades, they are now primed for innovation. Gartner anticipates that by 2026, over 60% of organizations will deploy multiple types of firewalls, with hybrid mesh firewalls becoming popular. Additionally, the adoption of firewall-as-a-service offerings is expected to rise from under 10% in 2022 to over 30% by 2026.
Streamlining Policies with AI
"Cisco is harnessing AI to redefine cybersecurity outcomes and strengthen the position of defenders," Patel stated, emphasizing the synergy of AI and extensive telemetry across networks, cloud infrastructures, applications, and endpoints. The AI Assistant for Security and Encrypted Visibility Engine were developed in response to customer priorities for efficient firewall management.
Patel highlighted that customers expressed a desire for automation in configuration checks, improved troubleshooting insights, and AI-enabled ruleset optimization. This feedback guided the development focus on policy identification and reporting, troubleshooting augmentation, and automated policy lifecycle management.
By integrating the AI Assistant into the cloud-delivered Firewall Management Center (cdFMC), Cisco capitalizes on advanced large language models (LLMs). As Raj Chopra, SVP and Chief Product Officer at Cisco, explained, this generative tool simplifies firewall management for both experts and novices by providing quick answers through natural language processing (NLP) and machine learning (ML).
The architecture of the AI Assistant reflects Cisco’s intent to expand its AI capabilities across various roles within their Security Cloud. The aim is to enhance automation in security analysis and reporting tasks.
The Role of Human Oversight
While AI assists in managing complex firewall policies and streamlining SOC workflows, human oversight is crucial. Merritt Baer, Field CISO at Lacework, emphasized that AI-driven tools help users navigate security permissions, but effective security still requires human action on the insights provided.
A media analysis reveals that human-in-the-middle workflows are increasingly seen as essential in product design, with AI Assistants like Cisco’s designed to adapt seamlessly to different roles without reconfiguration. Similar adaptability is found in AI solutions from Airgap Networks, CrowdStrike, and others, enabling them to serve various functions within security operations.
Ultimately, the effectiveness of cybersecurity providers in accommodating human input into their AI Assistants will significantly influence their success and long-term impact on organizational security.