AI as cybersecurity ally

Dave West

Cisco’s Dave West —Contributed photo

Most organizations in the Philippines are “underprepared but overconfident” when it comes to cybersecurity.

Only one out of every 100 companies here is deemed “cyber-resilient” and yet, nearly four out of every five are overconfident in dealing with such risks, based on the latest Cybersecurity Readiness Index of tech conglomerate Cisco.

If it’s any consolation, the country is not too worse off than the rest of the world. While only 1 percent of onshore companies could be classified as cyber-resilient, it’s not too far from the 4 percent average for Asia-Pacific and 3 percent for the whole world.

“All of this comes into play as companies digitize and they need to digitize to be competitive in the market. They need to use technology to be able to provide better service and understanding of what they’re delivering to their customers. They want digital insights and analytics,” Dave West, Cisco president for Asia-Pacific, Japan and Greater China, says in an interview with the Inquirer.

“In short, the sophistication and the scale of cybersecurity threats are actually moving faster than how the companies are preparing for the cybersecurity risks,” adds Zaza Nicart, Cisco Philippines managing director.

To address all these, Cisco believes that the crux is to deliver a combination of hardware, software and services to provide greater agility, insights and visibility of threats, West explains.

The business of AI

“Everyone thinks about AI (artificial intelligence) as being generative AI, but there’s a lot of work that needs to happen at the back-end to build the next-generation infrastructure to mine data and build the right language models for AI to ensure that you’re able to scale and provide the services to customers,” West says.

This means spending tremendous amount of time and money to scale and deliver AI workloads.

When one throws a question to ChatGPT, for instance, he says it’s like pulling data from a large language model that would have to be converted quickly and handed back to the user, in turn requiring a convergence of a multiple array of high-speed processors.

For its part, he says Cisco has been in the AI business for a decade. With generative AI, West says the firm is now able to use natural language models. When a cyberthreat incident occurs, for instance, it can be used to determine the trigger: where there may be threats and vulnerabilities.

“Instead of just seeing a specific activity, now we can use AI to probe and provide a lot more deeper understanding,” he says.

“We have an AI assistant for almost everything we do— AI system for networking, AI assistant for WebEx, AI assistant for security,” he says.

A few years from now, West says an AI assistant may be able to help anyone manage email, calendar, work, life or every task every day.

Business resilience

Last March, Cisco completed the acquisition of software maker Splunk.

“It’s so well known for what it does around security orchestration, automation and response, and security incident event management,” he says. In those areas, Splunk ranks No. 1, according to Magic Quadrant, a series of market research reports published by IT consulting firm Gartner.

“It can sort of find that needle in the haystack, using AI and other tools to be able to determine where the threats and risks are,” he says.

With the acquisition of Splunk, Cisco has become one of the world’s largest software companies.

Furthermore, Cisco launched in April a new security architecture called Hypershield—built with technology originally meant for hyperscale public clouds but now made available for enterprise IT teams of all sizes.

Described as “more a fabric than a fence,” Hypershield enables security enforcement to be placed everywhere it needs to be: every application service in the data center; every cluster in the public cloud; every container and virtual machine. It can turn every network port into a high-performance security enforcement point, bringing completely new security capabilities not just to clouds, but to the data center, on a factory floor, or a hospital imaging room.

With these, Cisco is confident in tipping the scales in favor of cyber defenders. After all, Hypershield enables security outcomes beyond what has been possible with humans alone.

“Traditionally, you have a data center and you put a couple of firewalls and that protect everything in the data center. The problem is that once an attacker gets past those firewalls, then they can be able to laterally move across the data center, all your applications and services,” West says.

“You’ve got to be able to embed yourself deeply into the kernel of all of those microservices and to be able to determine where things change, where there are anomalies that occur, and be able to do that at cloud scale.”

Using segmentation, West says IT teams can now have control points at the port or within an application layer sitting on a server or within an application itself.

“With Hypershield, we’re able to run two data planes. So we have basically a digital twin of one data plane and another. We’re able to provide patches on the shadow data plane, be able to make sure it works and run policies against it, before we ever implement it, so nothing goes down,” he says.

While “data is the new gold,” West says IT teams must know how to mine them to be ahead of the curve.

“The bad actors are also using AI, and they’re using AI to find mechanisms to attack the enterprise and gain access to systems and services and users and devices. And so, this may be an opportunity for us as defenders to have potentially the upper hand against the attackers: to use AI against AI.”

Read more...