Cisco aims for AI-first security with Armorblox buy

Cisco plans to buy Armorblox, a six-year-old AI vendor, to help create “an AI-first Security Cloud.”

“Leveraging Armorblox’s use of predictive and Generative AI across our portfolio, we will change the way our customers understand and interact with their security control points,” wrote Raj Chopra senior vice president and chief product officer for Cisco Security in a blog announcing the pending acquistion.

[ Related: Cisco acquisitions history at a glance ]

While securing email was Armorblox’s first application of its AI techniques, they might also be applied to attack prediction, rapid threat detection, and efficient policy enforcement, Chopra wrote. “Through this acquisition though, we see many exciting broad security use cases and possibilities to unlock.”

The Armorblox team will join Cisco’s Security Business Group, to help bring generative AI capabilities to Cisco’s security portfolio, Chopra stated.

Founded in 2017, Armorblox employs 126 people and has raised a little over $46 million in funding. The deal is expected to close by the end of Cisco’s FY23. No price was announced.

According to Chopra’s blog, the purchase is “an exciting step forward in executing our plans for an AI-first Security Cloud.”  Further details will be forthcoming at the vendor’s Cisco Live! event next week.

Chopra didn’t define AI-first Security Cloud, but for about a year Cisco has been developing Cisco Security Cloud, which includes network-as-a-service (NaaS), Cisco firewalls, Cisco Umbrella cloud security, Cisco Duo zero-trust security, and threat intelligence from Cisco Talos.

Cisco describes Security Cloud as cloud-native and cloud-delivered, featuring a unified dashboard, flexible trust policies, and open APIs to encourage third-party integrators, and says that it will “be a fast learner.”

The design goal of the Security Cloud is to sit horizontally as a layer on top of the infrastructure across a customer’s cloud services—the major ones being Azure, AWS and GCP and then they probably have some level of private data center—to protect all of the core applications, Cisco said.

Armorblox and email security

According to Armorblox’s website, it can protect “against data loss and targeted email attacks like Business Email Compromise, vendor fraud, and account takeovers.”

According to a recent report by  researchers at Maximize Market Research, AI technologies are expected to play a crucial role in combating business email compromise (BEC) attacks by enabling advanced threat detection, analysis, and prevention mechanisms. “Machine-learning algorithms can analyze large volumes of data and identify patterns, anomalies, and indicators of BEC attempts, helping organizations detect and respond to potential threats more effectively,” the report said.

[ Related: Cisco acquisitions history at a glance ]

AI-powered solutions also enhance email security by implementing robust authentication and verification. Advanced email-filtering systems use AI algorithms to detect and block suspicious emails, phishing attempts, and forged sender addresses, reducing the risk of successful BEC attacks, according to the researchers.

Armorblox says it also integrates with existing security stacks via APIs and leverages large language models, such as GPT, deep-learning algorithms to detect targeted threats, “protect key business workflows, and reduce manual work for security teams through automated processes.” Large language models are computer algorithms that process natural-language inputs and predict the next word based on what they’ve already seen.