Cisco intros AI to find firewall flaws, warns this sort of thing can't be free

Cisco's executive veep for security Jeetu Patel has predicted that AI will change the infosec landscape, but that end users will eventually pay for the privilege of having a binary brainbox by their side when they go into battle.

Speaking at the Asia Pacific incarnation of the Cisco Live event today in Melbourne, Australia, Patel offered the infosec maxim that attackers only need to get it right once, but defenders need to get it right every time.

That reality means that security teams focus on defense and response.

Patel thinks that as analysis of cyber attacks increases, AI will arm defenders with tools that let them predict attackers' behavior.

"We will go from defend and respond to prediction," he declared. Automated responses can then kick in to deflect attacks.

That shift will make life harder for providers of point solutions for security. Such vendors, Patel argued, evolved because users could not acquire or operate security systems that offered visibility of all at-risk resources. By doing so, they gave themselves the harder task of managing multiple overlapping tools.

Cisco wants to tame that mess by ingesting alerts from multiple products, and applying AI to understand how seemingly unrelated mid-level alerts, that might individually be ignored, together represent a severe threat worthy of investigation.

• Cisco whips up modded switch to secure Ukraine grid against Russian cyberattacks
• Shucks Chuck, how many employees pay = one Cisco CEO?
• Cisco to sell enterprise version of $400 Bang & Olufsen earbuds
• Cisco's critical zero-day bug gets even worse – 'thousands' of IOS XE devices pwned

That sort of prediction won't be easy to make. Patel asserted that Cisco's scale will mean it can build a platform that can deliver – and that probably only Microsoft and Palo Alto Networks will be able to follow it. Vendors of specialist security products will feed their wares' outputs to the larger cyber-AI platforms, relieving IT pros of the need to manage multiple products.

Cisco's first lash at this stuff is an AI Assistant for Firewall Policy that assesses firewall rules and, using a natural language interface, allows admins to identify policies that could usefully be tweaked or removed.

A demo shown to The Register saw a user prompt the Assistant to identify firewall policies applied to an enterprise application – an act that produced a summary of the policies and identified those that are duplicates or sub-optimal. Users could then instruct the AI to address issues. The Assistant is available in preview.

Cisco has also used AI to identify traces of malware activity in encrypted traffic. That tool was delivered in version 7.4.1 of the OS for Cisco's Secure Firewall family.

Patel warned such services won't be free.

"There is a cost to run the compute services for generative AI," he noted.

"We will have a certain amount of AI available in the suite, but beyond that we will have to monetize."

Cisco hasn't announced prices yet, because it doesn't have a sufficient sample of user behavior to understand usage patterns that will let it calculate the costs of such services.

"You can assume there will be some monetization," Patel predicted. "Today we will have AI assistants. As we learn more, we will have a much better idea so we can associate the right level of costs."

He pledged the costs won't be "an impediment" to using AI. "We want to get to broad usage and adoption." ®