New Cisco AI Assistant looks to drive cloud security automation

Cisco has unveiled the launch of a new AI assistant to support security practitioners and automate key processes. 

The Cisco AI Assistant for Security marks a “major step in making artificial intelligence pervasive in the security cloud”, the tech giant said.

The AI tool is capable of understanding and supporting security event triage practices, assisting in policy design, and conducting root cause analysis in the wake of an incident.

The firm said this will enable security practitioners to make more informed decisions, augment capabilities and automate complex tasks in their daily workflows.

In addition, the tool is trained on one of the largest security-focused datasets in the world, drawing upon more than 550 billion security events each day spanning the web, email, endpoints, networks, and applications.

Jeetu Patel, executive vice president and general manager of security and collaboration at Cisco, said the launch of the new AI tool will greatly enhance security practitioner efficiency and reduce workloads.

“Today’s announcement is a monumental step forward,” he said. “This advancement will help tip the scales in favor of defenders, empowering customers with AI built pervasively throughout the Cisco Security Cloud.”

“To be an AI-first company, you must be a data-first company. With our extensive native telemetry, Cisco is uniquely positioned to deliver cybersecurity solutions that allow businesses to confidently operate at machine scale, augmenting what humans can do alone.”

Cisco AI Assistant for Security: Key features

Key features and capabilities of the AI tool outlined by Cisco include automated firewall support. The assistant will first go live within the firm’s cloud-delivered Firewall Management Center and Cisco Defense Orchestrator. 

This will enable administrators to use natural language to curate policies and establish rule recommendations, the firm said. In addition, admins can use the tool to rectify misconfigured policies, improve workflow visibility, and streamline configuration activities.

"Using natural language, an administrator can iterate with the AI Assistant to do things like discover and identify all the policies that control access to an application, define a new policy or rule for the administrator, and implement the policy," Patel said in a blog post.

"The AI Assistant can also identify duplicate or misconfigured security policies from amongst thousands of existing policies and make recommendations for resolving them."

The AI assistant will also help users to improve data center traffic encryption processes through the Encrypted Visibility Engine.

The service analyzes billing of samples, including sandboxed malware samples, to establish if encrypted traffic is transporting malware. AI tools will support administrators using the platform, and improve broader operational security, Cisco said.

“Most data center traffic today is encrypted and the inability to inspect encrypted traffic is a key security concern,” the firm said. “Decrypting traffic for inspection is resource-intensive and fraught with operational, privacy and compliance issues”

AI security tools experiencing a renaissance 

Cisco is the latest in a slew of security firms to provide AI-powered tools so far in 2023. Microsoft unveiled its Security Copilot for customers in March, and was hailed as a potential game changer by industry stakeholders. 

In May, CrowdStrike unveiled a new generative AI security tool aimed at driving efficiency for frontline practitioners.

The Charlotte AI security assistant operates across the company’s suite of security and threat intelligence platforms to help analysts identify emerging threats and bolster productivity.

The tool provides security analysts with real-time, prompt-based insights into security threats and provides natural language recommendations to mitigate risks.