CyberClub

Cisco has announced Hypershield, an AI-based capability of the company’s Security Cloud platform for hyperscalers. Hypershield is designed to defend cloud, data center, and distributed edge appliances from rapid vulnerability exploitation, according to Cisco.

Patching today’s sprawling applications has become a task beyond the capabilities of any security team and manual processes. This covers a range of problems: patching cycles cannot keep up, patch testing is complex and therefore takes too long, and legacy technology is unlikely to be patched at all. This model of centralized vulnerability management left defenders at a huge disadvantage and was no longer sustainable. Hypershield is expected to address these issues in three ways:

Distributed exploit protection – part of Cisco Defense Orchestrator, this can be used to test and deploy controls to contain newly-published vulnerabilities. Flaws are often exploited by criminals faster than organizations can patch them. Distributed exploit protection could be used as a stopgap when a patch was not available, or even deployed indefinitely.

Autonomous segmentation – this uses AI to react to possible attacks by autonomously segmenting the network by policy to block lateral movement.

Self-qualifying upgrades – a way of automating the testing and deployment of upgrades into what the company termed a “digital twin” of an application environment, including any policies and traffic profile. Updates are then applied without incurring downtime in production.

“Containing attacks is getting hard because the isolation of attackers is no longer a trivial task. Now, an application runs across thousands of microservices and APIs talking to each other across the public cloud and private cloud,” Cisco’s EVP and general manager for security and collaboration Jeetu Patel said in a press briefing.

Compounding this architectural change, the time attackers needed to exploit vulnerabilities had shrunk to days and would soon be hours or minutes. Meanwhile, in contrast, the time required to apply patches remained stuck at between 20 and 45 days, he said.

A third challenge was the difficulty of upgrading infrastructure, especially in sectors full of older equipment. “Critical infrastructure is being attacked on a regular basis because traditional infrastructure is not being upgraded.” Despite this, “these are all solvable problems,” said Patel.

Cisco Security Cloud expands

The context for Hypershield is acquisitions such as SIEM-like data analytics platform Splunk and cloud security startup Lightspin. More recently, it bought Isovalent, the outfit behind Cilium, a pioneering open-source application that uses a technology called the extended Berkeley Packet Filter (eBPF).

Extended BPF emerged in the last decade as a way to interact with the Linux kernel via a sandboxed runtime layer without needing to modify the kernel itself. Now widely adopted across the industry, eBPF makes it possible to see what’s happening at kernel level in real-time, critical to cloud monitoring and security in Kubernetes environments.

Alongside AI automation, Hypershield leans heavily on Isovalent’s Cilium and eBPF. For customers, this is optimistic because Cilium is seen as highly capable.

Cisco appears committed to building a platform stack from bottom to top. Earlier this year it entered into a partnership with Nvidia, which gives it access to that company’s dominant position in underlying AI hardware and software stack that makes it possible.

Nevertheless, Cisco still has many well-established rivals in the cloud security and platform market and it’s not yet clear what its unique selling point will be when going head-to-head technologically. The Cisco Security Cloud is simply too new even if Hypershield could turn out to be an important part of the answer.

For now, Hypershield is aimed at Linux infrastructure, but the company said it would be available for other environments in the future without specifying a timeline. Hypershield is expected to make it into the hands of customers in late July or early August.