- Nile unwraps NaaS security features for enterprise customers
- Even Nvidia's CEO is obsessed with Google's NotebookLM AI tool
- Get these premium Sony Bravia home theater speakers for $500 off during Black Friday
- The best Black Friday soundbar and speaker deals: Save on Bose, Sonos, Beats, and more
- One of the best pool-cleaning robots I've tested is $450 off for Prime Day
Cisco marries AI and security with cloud-based data center offering
“This dataplane supports two data paths: a primary (main) and a secondary (shadow). Traffic is replicated between the primary and the secondary,” Connors wrote. “Software updates are first applied to the secondary dataplane, and when fully vetted, the roles of the primary and secondary dataplanes are switched. Similarly, new security policies can be applied first to the secondary dataplane, and when everything looks good, the secondary becomes the primary.”
The idea is to allow software upgrades and policy changes to be placed in a digital twin that tests updates using the customer’s unique combination of traffic, policies and features, then applying those updates with zero downtime, Connors wrote.
Underpinning Hypershield is the extended Berkeley packet filter (eBPF) connectivity technology that Cisco picked up with its recently closed acquisition of open-source, cloud-native networking and security firm Isovalent.
eBPF is an open-source Linux operating-system kernel technology that lets programs run securely in a sandbox within the kernel of the OS. This allows customers to incorporate security, observability and networking features quickly and easily without requiring them to modify kernel source code or deal with network overlays or other tedious programming tasks.
In addition, eBPF is the underpinning for Isovalent’s widely used open-source, cloud-based Cilium and Tetragon software packages. Cilium uses eBPF to support networking, security, and observability for containerized Kubernetes workloads, while Tetragon lets users set security policies using eBPF. Both services are subsets of Hypershield, Ellis said.
Hypershield was designed to be self-upgrading and updating, Ellis said. “Because of the distributed architecture, the eBPF agents that send in the telemetry also act as enforcement points, using a patent-pending design that brings the continuous update CI/CD model of the cloud to premises-based systems, whether at the network, workload, file or process level.”