In light of the recent advancements in artificial intelligence, a new breed of technological solutions has emerged – intelligent virtual assistants. Cisco AI Assistant for Security stands as a prime example, pledging to streamline the operations of security departments by efficiently handling a larger workload with minimal response time.

Industry analysts point out a shortage of cybersecurity personnel, with many organizations in Romania operating with lean teams and facing challenges in recruiting suitable candidates. Cisco AI Assistant for Security directly addresses this issue by harnessing generative artificial intelligence technologies. This solution aids administrators in executing intricate tasks, ultimately saving time and mitigating errors and misconfigurations.

By utilizing natural language, administrators can seamlessly interact with Cisco’s virtual assistants to perform tasks such as uncovering and identifying all policies governing access to an application, defining new security policies or rules, and receiving recommendations for their seamless implementation. These AI assistants excel at identifying duplicate or misconfigured security policies amidst the myriad existing ones, offering insightful suggestions for resolution.

 

 

Driving Automation in Cybersecurity

 

Conventional cybersecurity management solutions are proving inadequate in the face of the exponential surge in sophisticated security threats. Moreover, financial constraints and resource limitations are impeding security teams from effectively addressing these challenges. Following a comprehensive analysis of the security infrastructure of top-tier clients, Cisco experts found that 66% of security rules were misconfigured, 49% could be streamlined, 13% were redundant, and 3% had expired.

Analyzing all these rules poses a significant challenge, if not an outright impossibility, without the aid of an automated tool. It demands extensive hours of work from our IT department. Cybersecurity automation steps in to shoulder the burden of human-intensive and repetitive tasks, efficiently managing them without requiring constant human intervention. In essence, cybersecurity automation optimizes manual and time-consuming tasks, streamlining workflows and rendering network security processes more efficient and less susceptible to human errors. With heightened efficiency, quicker decisions can be made, ultimately bolstering the overall security stance of an organization.

Various tiers of automation are ingrained in the majority of our security tools, spanning from SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) to straightforward EDR and XDR solutions. Cisco brings automation to the forefront, delivering it directly to users through a suite of intelligent virtual assistants seamlessly interacting with multiple security solutions within our portfolio.

 

 

 

Benefits of Automation

 

The advantages of security automation are twofold: it seamlessly correlates vast amounts of data, providing humans with a comprehensive overview, while also eradicating repetitive tasks and simplifying highly intricate processes.

A first example is Cisco XDR, where automation functionalities enable the correlation of data from multiple sources (email, web, network, processes) to detect attacks with much higher accuracy. It also allows the scaling of data sources to identify behavior patterns or traffic that employees might overlook due to high workloads or a large number of alerts.

Another example is the Encrypted Visibility Engine, which is the new version of the operating system for Cisco Secure Firewall products. This capability analyzes encrypted traffic to identify signals of abnormal behavior, which human teams may not detect, all without decrypting the traffic and impacting performance. Protecting a medical device like an insulin pump, which may not allow the installation of an endpoint security solution, can be achieved through monitoring traffic and blocking attacks at the firewall level. Additionally, artificial intelligence plays an increasingly important role in automating workflows and repetitive tasks. If a user attempts to implement a set of incorrect rules or configurations, AI recognizes the error and recommends the necessary corrections.

 

Virtual Assistants in Cisco’s Portfolio

 

Cisco recently announced the launch of an entire family of intelligent virtual assistants under the generic name Cisco AI Assistant for Security. These assistants are trained on an extensive dataset (Cisco collects and analyzes approximately 550 billion security signals every day) and enable interaction with multiple security platforms and solutions. The details of this announcement can be found here.

This innovative suite of virtual assistants reflects Cisco’s commitment to redefining cybersecurity defense through powerful artificial intelligence capabilities. By leveraging a vast amount of security data, these assistants are designed to enhance interaction, analysis, and decision-making across diverse security platforms, contributing to a more robust and adaptive cybersecurity strategy.

• AI Assistant for Firewall Policy leads the series and is delivered from the Cisco cloud. It interacts seamlessly with the Firewall Management Center solution and Cisco Defense Orchestrator, enabling administrators to manage firewall policies and configuration rules. Through the Virtual Assistant, administrators can use natural language to uncover security policies and receive rule and configuration recommendations. This facilitates faster discovery of configuration errors, eliminates duplicate rules, and expedites installation, configuration, and troubleshooting operations.
• The AI-powered Encrypted Visibility Engine serves as a virtual assistant for all Cisco firewall models, dedicated to inspecting encrypted traffic for deviations from the norm. Decrypting traffic is time-consuming and raises privacy concerns, challenges addressed by this intelligent assistant available in version 7.4.1 of the Cisco firewall operating system. The Encrypted Visibility Engine analyzes billions of signals in traffic to detect hidden malware in encrypted traffic. It identifies and associates traffic with associated equipment and operating systems, all without decryption and human intervention.

Cisco’s Virtual Assistants are set to be commercially available in the spring of 2024 through the Firewall Management Center (FMC) cloud platform. While the two virtual assistants mentioned earlier are the first to be announced by Cisco, the company assures that the list will expand. Looking ahead, Cisco commits to integrating Artificial Intelligence across the majority of its product portfolio, aiming to provide an elevated level of efficiency for all clients.

For more information on automating cybersecurity operations and Cisco’s virtual assistants, feel free to contact us at sales@datanets.ro.