Cisco announces AI-based Hypershield, a self-upgrading security fabric that's designed to protect distributed applications, devices and data.
Cisco is tying together the intelligence of AI with the power of the cloud to deliver a system it says will proactively protect distributed applications, devices and data located across public and private data centers and clouds.
The new architecture, called Hypershield, is comprised of AI-based software, virtual machines, and other technology that will ultimately be baked into core networking components, such as switches, routers or servers. It promises to let organizations autonomously segment their networks when threats are a problem, gain rapid exploit protection without having to patch or revamp firewalls, and automatically upgrade software without interrupting computing resources, according to Tom Gillis, senior vice president and general manager of Cisco Security.
Hypershield implements a self-managing fabric that puts security right where it is needed – on a network component, a workload, a server or virtual machine, Gillis said. “Think of it as a security fabric that blankets the whole environment, not a fence blocking one aspect of it,” he said.
Core to Hypershield is an cloud-native AI engine, which will be available in August, that runs on a central host console. Embedded agents in distributed enterprise components, such as VMs, Kubernetes clusters, firewalls, load balancers and network components, provide constant feedback on the state of applications and the network.
In addition, Cisco expects to embed Hypershield in DPUs and GPUs as well as network routers and switches in the future, Ellis said. Cisco is currently working to utilize the Nvidia Morpheus cybersecurity AI framework for accelerated network anomaly detection, as well as Nvidia NIM microservices for powering custom security AI assistants for the enterprise, Gillis said.
Once in place, Hypershield sets up two maps, or a dual dataplane – basically a production environment and a digital twin of the environment, according to Craig Connors, vice president and CTO for the Cisco Security Business Group, who wrote a blog about Hypershield.
“This dataplane supports two data paths: a primary (main) and a secondary (shadow). Traffic is replicated between the primary and the secondary,” Connors wrote. “Software updates are first applied to the secondary dataplane, and when fully vetted, the roles of the primary and secondary dataplanes are switched. Similarly, new security policies can be applied first to the secondary dataplane, and when everything looks good, the secondary becomes the primary.”
The idea is to allow software upgrades and policy changes to be placed in a digital twin that tests updates using the customer’s unique combination of traffic, policies and features, then applying those updates with zero downtime, Connors wrote.
Underpinning Hypershield is the extended Berkeley packet filter (eBPF) connectivity technology that Cisco picked up with its recently closed acquisition of open-source, cloud-native networking and security firm Isovalent.
eBPF is an open-source Linux operating-system kernel technology that lets programs run securely in a sandbox within the kernel of the OS. This allows customers to incorporate security, observability and networking features quickly and easily without requiring them to modify kernel source code or deal with network overlays or other tedious programming tasks.
In addition, eBPF is the underpinning for Isovalent’s widely used open-source, cloud-based Cilium and Tetragon software packages. Cilium uses eBPF to support networking, security, and observability for containerized Kubernetes workloads, while Tetragon lets users set security policies using eBPF. Both services are subsets of Hypershield, Gillis said.
Hypershield was designed to be self-upgrading and updating, Ellis said. “Because of the distributed architecture, the eBPF agents that send in the telemetry also act as enforcement points, using a patent-pending design that brings the continuous update CI/CD model of the cloud to premises-based systems, whether at the network, workload, file or process level.”
Ultimately the idea is to help organizations detect and respond to threats more effectively by automatically testing and deploying compensating controls into the distributed fabric of enforcement points, Gillis said.
Hypershield perpetually observes, and reevaluates existing policies to autonomously segment the network, which in large and complex environments can be a tedious task, Ellis said. Customers will be able to turn up the autonomy of the system as they get comfortable with it, he said. “This remarkable, almost magical capability is only possible because it was purpose built with AI management,” Gillis said.
Analysts said enterprise organizations will find Hypershield valuable because it will let them utilize AI to quickly combat hackers and other threats.
“The time to value is insane. There is no hardware to buy. It is installed and enabled in your existing infrastructure,” said Frank Dickson, group vice president, Security & Trust, at research firm IDC
“For those that believe in security in depth, it is a net new approach to security. It moves security from the core to edge, essentially [to] be integrated to the fabric of the network,” Dickson said. “It creates a scale advantage by enabling the compute embedded in edge devices to be applied to securing our IT infrastructure.”
The security landscape is intensely competitive, with many formidable competitors, Dickson said.
“Cisco is certainly one of those competitors. To be fair though, Cisco has not led the thought leadership or innovation in the industry over the recent past; that is changing,” Dickson said. “Hypershield is an example of how Cisco is changing the narrative. Competitors will respond, but you have to credit Cisco with first mover advantage. Hypershield is net new and a significant step in improving security,” Dickson said.