Cisco promises to tip the scales in favor of defenders with its latest security solution Cisco Hypershield, a highly-distributed security architecture to match the growing threats from distributed attacks.
The core principle of Cisco Hypershield is to allow customers to implement security measures wherever they need them, be it in the cloud, data center, or across thousands of IoT-enabled devices.
Hypershield’s launch follows Cisco’s acquisition of cloud-native networking firm Isovalent, completed on 12 April 2024.
Isovalent’s specialize in eBPF, the open-source technology that facilitates packet tracing on a wide variety of Linux-based systems, which enables security teams to perform enforcement and monitoring actions via the kernel.
For example, application services in the data center, Kubernetes clusters in the public cloud, containers and virtual machines (VM), as well as every network port can be turned into a high-performance security enforcement point that can monitor and regulate access.
Using AI, these enforcement points will be able to learn the behavior of each asset, and detect any suspicious activity to automatically trigger changes in the network segmentation, prevent lateral movement, and eliminate potential threats.
As a result, the system should help enterprises shore up their security posture in a threat landscape characterized by more sophisticated attacks targeting a wide range of assets across an ever-expanding attack surface.
Founder and principal analyst at ZK Research, Zeus Kerravala, said the recent advances in AI and eBPF allow for this level of control over such a ‘hyper-distributed’ environment.
“[T]his level of visibility and control across a hyper-distributed environment prevents lateral movement of attackers, enabled through a unique approach to segmentation that's autonomous and highly effective. While this may seem fantastical, the time is right given recent AI advances combined with the maturity of cloud-native technologies like eBPF."
Growing IoT threats demand better distributed security solutions
Asked about competing security solutions during the Hypershield press briefing, Group VP for IDC’s Security & Trust research Frank Dickson said he wasn’t aware of any security products that directly compete with Hypershield.
Dickson added that Cisco’s approach with Hypershield bucks the trend of treating security as an afterthought that gets layered on top of existing IT infrastructure, rather than being built into the systems themselves.
“I don’t know of anyone doing this. Because when you think about typical security solutions what are we doing? We’re bolting on, and this isn’t bolted on, it’s built in”, he explained.
Dickson highlighted Hypershield’s use of eBPF, arguing Cisco’s use of the technology is a key differentiator between other distributed security products.
“When you think of every Kubernetes cluster or anything built with Linux, now we can put a sensor there to be able to monitor, and all you’ve got to do is apply analytics to it”, he noted.
“What I’d say is it’s just a fundamentally different approach, there are microsegmentation solutions that are good, there are other network security solutions, I don’t know of anyone really doing this.”
By being built into the fabric of the network itself, rather than erecting a perimeter fence around the network as it were, Cisco claims it will be able to offer customers a host of handy security features including autonomous network segmentation using AI, exploit protection, and self-qualifying updates.
These features could prove vital in protecting the litany of digital assets that now make up an organization’s IT estate.
Speaking at the press briefing launching Cisco Hypershield, Jeetu Patel, EVP & GM of Security and Collaboration said the proliferation of technologies like IoT means organizations have an endless list of devices that all need to communicate with one another has made securing the IT estate extremely difficult.
“Securing everything is super hard, and the reason it's so hard is because it used to be that having security was largely for having users connect to applications,” he explained.
“Now you’re going to have trillions of devices, IoT devices, OT devices, applications talking to applications, microservices on Kubernetes clusters that need to talk to other Kubernetes clusters, but not other ones, and this gets to be pretty complicated.”
Comparable security solutions include VMware’s NSX Distributed Firewall, which uses a Layer 7 firewalls to segment the network and prevent lateral movement, as well as Palo Alto’s CN-Series containerized firewalls.
