Cisco Hypershield: AI Driven Security

Cisco Hypershield is an AI-driven, cloud-native security architecture designed to provide advanced threat protection across data centers, clouds, and applications. In today’s topic we will learn about Cisco HyperShield security solution, its key components, architecture and use cases.

In today’s distributed and hybrid world traditional monolithic systems are replaced by microservices, cloud computing where users can be located anywhere. In traditional data center scenarios all this was easy to have physical firewalls to guard and grant access to right persons and shut the door for outsiders. But since the IT infrastructure is now becoming more complex with the advent of cloud, microservices, container-based applications and Artificial intelligence (AI). Managing security in distributed and hybrid infrastructure is a complex affair and calls for a unified security strategy to integrate and protect all components without overloading resources and creating gaps. 

What is Cisco Hypershield  

Cisco hypershield is designed to manage distributed and hybrid IT infrastructure and it is based on the principle of zero trust which means ‘Trust no one , always verify’. No device or user is granted access or privileges automatically even if they exist on the network. Let’s look at the three main components of Cisco Hypershield in more detail – eBPF (extended Berkeley Packet filter), DPUs (Data processing units) and AI-based automation. All three components work together to adapt to dynamic environment requirements. 

Components of Cisco Hypershield

• eBPF (extended Berkeley Packet filter) – technology allows functionality of running functions with very low resource consumption with direct access to system calls and kernel resources. Detailed security rules can be defined which are independent of IP addresses and port numbers but perform intelligent analysis of resource usage and process. Security is implemented at a granular level to reduce risk of threats while moving across the network. It is used to monitor network traffic in real-time and prevention of malicious activity happens automatically. 

• DPU (Data processing unit) – is a chip which enables high-performance network processing and advanced security features in the network. The eBPF is run by DPU placed in a switch, and performs traditional firewall tasks in a more intelligent and cost-effective manner. It has advanced segmentation and security capabilities to be provided across workloads and network devices. DPU has integrated dual path technology running data in two streams – on one stream regular operations continue and, on another stream, new rules can be tested and updated without any disruptions to normal operations. 
• AI Assist with automation in security work – specialized AI supported functionality enables analysis of vast amounts of network data , devices and applications. Based on the outcome of analysis AI continuously learns and designs new security rules or updates existing rules. It identifies benign threats in real-time and allows rapid response to contain the threats. This reduces manual intervention and response to security incidents gets better. Self-learning algorithms enable Hypershield continuous improvement in security posture as it always has latest threat data and trends to be analyzed. AI automates a large number of routine security tasks such as review rules, update rules, create new rules etc. systems automatically detect existing privileges and modify them to prevent malicious use by threat actors. 

Cisco Hypershield Characteristics 

• Advanced threat protection, micro-segmentation and automated rules set protect complex environments 
• Scalable tool as per the need
• It has autonomous segmentation with continuous observation and reasoning to refine and enforce segmentation policies to prevent lateral movement of attackers in the network 
• Deployment of updates with a digital twin environment to ensure no disruption to networks during policy deployments 
• AI powered engine to learn about network traffic and patterns, workload behaviour. Detection of abnormal patterns which might be sign of attack
• Distributed enforcement of security policies across virtual systems, containers, and physical devices. 

Cisco Hypershield Use Cases

• Monitoring and controlling access to sensitive customer data especially beneficial for financial institutions 
• Detecting and addressing vulnerabilities in a payment processing system before being exploited such as e-commerce platforms
• Identify and mitigate unusual activity in patient record systems to prevent data theft especially useful in healthcare sector
• Neutralize a newly discovered vulnerability in customer support portal 
• Consistent security policies enforcement across all branch offices and remote workers. 
• Dynamic segmentation of IoT devices to ensure protection from broader network threats 

References:

https://www.cisco.com/c/en/us/products/collateral/security/hypershield/hypershield-so.html

ABOUT THE AUTHOR

Rashmi Bhardwaj

Founder of AAR TECHNOSOLUTIONS, Rashmi is an evangelist for IT and technology. With more than 12 years in the IT ecosystem, she has been supporting multi domain functions across IT & consultancy services, in addition to Technical content making.

You can learn more about her on her linkedin profile – Rashmi Bhardwaj