Cisco boosts security wares with AI-driven access control, identity management

Cisco is updating elements of its overarching Security Cloud platform to help enterprise customers better protect widely distributed resources.

The enhancements include a new service called Identity Intelligence that brings together information from the vendor’s existing security products, such as its Duo authentication software and XDR threat detection platform, and adds AI-based behavioral analytics to help strengthen network authentication and protect against identity-based attacks.

Identity Intelligence sits on top of customers’ disparate directories and identity tools to provide visibility into how identities are being actively used and automatically enforce policies. The idea with Identity Intelligence is that, from a single dashboard, enterprise security operators can see their entire network, spot and fix questionable accounts, detect questionable behaviors, and block access where necessary by utilizing existing products, said Raj Chopra, senior vice president and chief product officer of Cisco’s security group. 

Security Intelligence is a pervasive layer that will now permeate through all of Cisco’s portfolio, added Chopra. “Until now, identity and access have been pretty static with regards to what applications or resources users have access to. But that just won’t work anymore – we can now monitor behaviors and other network intelligence and automatically determine in real time whether that conduct is deemed too risky for the enterprise to be allowing access.”

According to the Cisco Talos 2023 Year in Review report, compromised credentials were responsible for a quarter of Talos Incident Response engagements.

The ability to control and block access quickly is important, because for enterprise customers, the number of connections – driven by a highly distributed and diverse web of applications, devices, and users – continues to grow exponentially, according to a blog about the news written by Vikas Butaney, senior vice president and general manager, Cisco SD-WAN, multicloud, and industrial IoT , and Joe Vaccaro, vice president of product at Cisco ThousandEyes.

“This level of complexity increases as organizations rely more heavily on multicloud services, software-as-a-service (SaaS), and infrastructure-as-a-service (IaaS), with technologies like generative AI,” Butaney and Vaccaro stated. “There are billions of interdependencies that can suffer outages or other degradation, touchpoints that bad actors can exploit, and many more things to protect and optimize as organizations see their attack surface expand.”

Cisco AI Assistant added to SSE platform

In addition to the new Security Intelligence service, Cisco is also bringing its AI Security Assistant to its secure service edge (SSE) package, Secure Access. 

Cisco Secure Access includes zero-trust network access (ZTNA), secure web gateway (SWG), cloud access security broker (CASB), firewall as a service (FWaaS), DNS security, remote browser isolation (RBI) and other security capabilities. It’s designed to secure any application via any port or protocol, with optimized performance and continuous verification and granting of trust, according to Cisco.

In bringing the AI Security Assistant to the SSE package, Cisco is looking to offer enterprise customers the ability to use genAI to streamline SSE policies using natural language prompts, Chopra said. Among the goals of the AI Assistant are to reduce the time it takes for customers to respond to potential threats and simplify the entire security process.

The Cisco AI Assistant for Security was first implemented as part of the vendor’s cloud-based Firewall Management Center and Cisco Defense Orchestrator services. Cisco’s Firewall Management Center is a centralized platform for configuring, monitoring, troubleshooting and controlling Cisco Firepower next-generation firewalls. The orchestrator platform lets customers centrally manage, control and automate security policies across multiple cloud-native security systems.

Cisco has also added AI-based email threat detection support through its Email Threat Defense offering, using AI to evaluate different portions of an incoming email for markers of malicious intent.

Cisco adds to observability platform

Cisco also made a number of security enhancements to its Full Stack Observability (FSO) platform, which is designed to collect and correlate data from application, networking, infrastructure, security, and cloud domains to provide a clear view of what’s going on across the enterprise and make it easier for enterprises to spot anomalies, preempt and address performance problems, and improve threat mitigation.

The enhancements include:

• Digital Experience Monitoring (DEM) capabilities for both hybrid and cloud environments. The FSO DEM application includes Real User Monitoring (RUM) and Session Replay modules for deep insights into browser and mobile applications performance and efficient resolution of session-level issues. In addition, the package ties into Cisco ThousandEyes and Accedian to help customers determine if the root cause of a digital experience problem is the application, network or cloud infrastructure.
• FSO now supports observability for Kubernetes workloads using the lightweight Linux kernel utility, extended Berkeley Packet Filters (eBPF). Operating at the kernel level allows operators access to granular visibility into network activity, resource utilization, application dependencies and misconfigurations impacting network performance, without the need for multiple tools, cross-team collaboration and manual dependency mapping, Cisco stated.
• FSO now supports an AI  natural language interface for troubleshooting. Operators can use conversational dialogues instead of a structured query language to perform common tasks during troubleshooting, thereby increasing productivity.

A new Cisco AIOps application simplifies real-time business health monitoring and reduces noise from events and alerts to automate IT processes. The application unifies data from Cisco AppDynamics, Cisco ThousandEyes, Cisco DNA Center, VMWare, Zabbix and ServiceNow (ITSM, ITOM and CMDB) and offers dynamic thresholds-based alerting on metrics and events and multiple anomaly-detection tactics.