Security and networking leader Cisco has unveiled a radically new approach to securing data centers and clouds in response to the increasing demands the artificial intelligence (AI) revolution has put on IT infrastructure.
Cisco says is rearchitecting how companies harness and protect AI and other modern workloads with the industry-first Cisco Hypershield, tipping the scales in favour of defenders. It builds on recent announcements to accelerate AI infrastructure with Cisco’s ethernet switching, silicon and compute portfolio, and a partnership with NVIDIA.
Hypershield protects applications, devices, and data across public and private data centers, clouds, and physical locations – anywhere customers need it. Designed and built with AI in mind from the start, Hypershield enables organisations to achieve security outcomes beyond what has been possible with humans alone.
Hypershield is a revolutionary new security architecture. It’s built with technology originally developed for hyperscale public clouds and is now available for enterprise IT teams of all sizes. More a fabric than a fence, Hypershield enables security enforcement to be placed everywhere it needs to be. Every application service in the datacenter. Every Kubernetes cluster in the public cloud. Every container and virtual machine (VM). It can even turn every network port into a high-performance security enforcement point, bringing completely new security capabilities not just to clouds, but to the data center, on a factory floor, or a hospital imaging room.
This new technology blocks application exploits in minutes and stops lateral movement in its tracks.
“AI has the potential to empower the world’s 8-billion people to have the same impact as 80 billion,” says Jeetu Patel, EVP and GM for security and collaboration at Cisco. “With this abundance, we must reimagine the role of the data center – how data centers are connected, secured, operated, and scaled.
“The power of Cisco Hypershield is that it can put security anywhere you need it – in software, in a server, or in the future even in a network switch. When you have a distributed system that could include hundreds of thousands of enforcement points, simplified management is mission critical. And we need to be orders-of-magnitude more autonomous, at an orders-of-magnitude lower cost.”
Security enforcement with Hypershield happens at three different layers: in software, in virtual machines, and in network and compute servers and appliances, leveraging the same powerful hardware accelerators that are used extensively in high-performance computing and hyperscale public clouds.
Cisco provided the following information:
Hypershield was built on three key pillars:
- AI-Native: Built and designed from the start to be autonomous and predictive, Hypershield manages itself once it earns trust, making a hyper-distributed approach at scale possible.
- Cloud-Native: Hypershield is built on open source eBPF, the default mechanism for connecting and protecting cloud-native workloads in the hyperscale cloud. Cisco is expecting to close the acquisition of Isovalent, the leading provider of eBPF for enterprises, this month.
- Hyper-Distributed: Cisco is completely reimagining how traditional network security works by embedding advanced security controls into servers and the network fabric itself. Hypershield spans all clouds and leverages hardware acceleration like Data Processing Units (DPU) to analyze and respond to anomalies in application and network behavior. It shifts security closer to the workloads that need protection.
As a revolutionary new security architecture, Hypershield is solving three key customer challenges in defending against today’s sophisticated threat landscape:
- Distributed Exploit Protection: Attackers are adept at weaponizing newly published vulnerabilities faster than defenders can patch. With defenders seeing nearly 100 new vulnerabilities every day, according to Cisco Talos Threat Intelligence, this can lead to catastrophic results. Hypershield delivers protection in minutes by automatically testing and deploying compensating controls into the distributed fabric of enforcement points.
- Autonomous Segmentation: Once an attacker is in the network, segmentation is key to stopping their lateral movement. Hypershield perpetually observes, auto-reasons, and re-evaluates existing policies to autonomously segment the network, solving this in large and complex environments.
- Self-qualifying Upgrades: Hypershield automates the incredibly laborious and time-consuming process of testing and deploying upgrades once they are ready, leveraging a dual data plane. This completely new software architecture allows software upgrades and policy changes to be placed in a digital twin that tests updates using the customer’s unique combination of traffic, policies and features, then applying those updates with zero downtime.
Built into the Security Cloud, Cisco’s unified, AI-driven, cross-domain security platform, Cisco Hypershield is expected to be Generally Available in July 2024. With Cisco’s recent acquisition of Splunk, customers will gain unparalleled visibility and insights across their entire digital footprint for unprecedented security protection.
* To learn more, visit cisco.com/go/security.