- I replaced my desktop with this MSI laptop for a week, and it surpassed my expectations
- AI networking a focus of HPE’s Juniper deal as Justice Department concerns swirl
- 3 reasons why you need noise-canceling earbuds ahead of the holidays (and which models to buy)
- Unlocking the Future Through the Industrial Strategy: A Policy Blueprint for the UK's Digital Transformation
- Your power bank is lying to you about its capacity - sort of
Cisco Hypershield: Security reimagined — hyper-distributed security for the AI-scale data center
Today we introduced the most consequential security product in Cisco’s history: Cisco Hypershield. It’s a cloud-native, AI-powered approach to highly distributed security for AI-scale data centers that’s built into the fabric of the network.
It’s the most radically different security innovation I’ve been a part of in my career. Part of the Cisco Security Cloud, Cisco Hypershield literally turns the network security model upside down, bringing the power of hyperscaler security and connectivity to the enterprise.
Security for the Age of AI
AI is ushering in an era of digital abundance. When every person in every job function has AI assistants and organizations are moving at machine scale, our world of 8 billion will feel like we have the capacity of 80 billion.
To accommodate the additional digital capacity required, our public and private data centers are being reimagined. And Cisco is at the heart of how data centers are being reimagined: how they are connected, how they are secured, how they are operated, and how they are scaled.
And data centers are changing in two major ways. Infrastructure is changing: CPUs are being supplemented with GPUs and DPUs that specialize in functions like AI workload processing and I/O operations at throughput levels that modern AI-scale data centers need. And applications are changing: they’re being broken into thousands of microservices that run in different containers and clouds – highly distributed, all talking to each other.
In this new world, we need to reimagine security at AI scale. And we need to do it now, because this evolution of data centers and applications isn’t waiting for us.
How can we reimagine security?
Billions spent on cyber security, and we are still falling behind in many ways.
The fact is, securing everything is hard. And the unprecedented scale of modern applications, AI workloads, and devices just makes everything harder. For instance, I was recently in India and the country is rolling out 250 million smart power meters, each of which has the potential to be exploited. This is just one example of scale that creates tactical challenges for securing everything. Consider the challenges:
- Segmentation is hard when applications become hyper-distributed and are continually changing.
- Patching is hard because it takes a long time to test, schedule, and deploy a patch to remove a vulnerability. And it’s getting harder to keep up because attackers are compressing the time between when they know about a vulnerability to when they start exploiting it; it might take just a few days or even less.
- Upgrades are hard because, like patches, they involve manual testing and deployment. Updrades are especially hard when they involve mission-critical infrastructure like an oil rig or a medical robot, some of which can’t even be upgraded.
Now, imagine you had a solution that could understand everything your applications are doing. Then you could have AI define granular segmentation rules for you and keep them updated as things evolve.
Imagine you had a way to find vulnerabilities and automatically shield them from being exploited. You’d be protected even before you get the chance to patch.
Imagine your security infrastructure could upgrade itself. You’d save countless hours and eliminate the coordination and downtime of upgrade testing and deployment windows.
We designed Cisco Hypershield to do all this and more. It is built for the age of AI, for the cloud, in software, and with a distributed architecture that means you can put security wherever you need to….in the cloud, in the data center, on a factory floor, or a hospital imaging room.
Cisco Hypershield is built on modern building blocks like eBPF, hardware acceleration, and AI.
- Co-created by our new teammates from Isovalent along with Meta, eBPF allows a lightweight agent to peer into the heart of the operating system, without actually being there. It sits in the user space but has a kernel-level effect. This gives Cisco Hypershield full visibility into every software process and every I/O operation your distributed applications are running in any Kubernetes container or VM. It’s the default mechanism for connecting and protecting cloud-native workloads used by the hyperscalers.
- Hardware acceleration. Cisco Hypershield takes advantage of DPUs and other hardware accelerators in servers and other network infrastructure. This means you can place high-performance security control points not just in distributed containers and VMs, but in hardware that sits close to the workloads they’re protecting.
- By designing Cisco Hypershield from the ground up to leverage the power of AI, it’s orders-of-magnitude more autonomous than other security solutions. With this AI-first focus in mind, we’re excited about our partnership with NVIDIA. We are working together to co-create security-specific AI models, and we’re optimizing our Cisco Security products for NVIDIA’s technology.
Bringing security to the workloads
What the Cisco Hypershield architecture delivers is a coordinated fabric of thousands of distributed security enforcement points throughout your entire environment, across both public and private clouds. It brings security to the workloads, not the other way around.
And this architecture allows us to do some truly incredible use cases that weren’t possible until now, such as:
- Autonomous segmentation that draws upon ongoing visibility of network flows, process behaviors, and application changes to define granular segmentation rules that can protect against lateral movement. And as things change over time, Cisco Hypershield refines and updates these rules dynamically.
- Distributed exploit protection that determines if you have a high-risk vulnerability in your environment and delivers a compensating control that can be deployed to block attackers from exploiting the vulnerability – before you have a chance to patch, and maybe even before you know about the vulnerability.
- Self-qualifying upgrades that use a shadow data path to test upgrades and policy changes against a mirror of live traffic, compare and confirm the results using AI, and move all the flows to the latest version – all without any downtime.
I’m incredibly excited about the launch of Cisco Hypershield. I’m so proud of our team for delivering this incredible innovation that will help make the world a safer place.
To learn more about it, please read Tom Gillis’ blog about the technology and the key customer use cases we’re solving for. And keep your feedback coming!
Additional resources
Share: