Cisco Hypershield: A giant leap forward for cybersecurity and data protection
By Ryan Noik 24 April 2024 | Categories: feature articles
The past week was a quietly momentous one for the IT industry, as Cisco promised, and then delivered, a significant announcement that we were told would be a gamechanger.
At an online event held at the tail end of the week, the company announced that it is launching new technology that it promised would secure data centres as never before.
More specifically, Cisco explained that its newly launched Hypershield would enable customers to place security wherever it is needed, whether that be in the cloud, on a data centre, or in a hospital imaging room. The latter, the team noted, can quite literally be a lifesaver.
The Hypershield, apart from sounding like a technology used on an episode of Star Trek, is a ‘’radically new approach to securing data centres and clouds in response to the increasing demands the AI revolution has put on IT infrastructure.’’
Protection with a difference
Cisco elaborated that its new Hypershield protects applications, devices and data across public and private datacentres, clouds and physical locations, anywhere, in fact, that customers need reliable security.
What makes Hypershield different from other cybersecurity solutions we have heard about over the years, is that it has been designed and built with AI in mind from the start.
This may be the impetus for the company’s bold claim that it will enable organizations ‘’to achieve security outcomes beyond what has been possible with humans alone.’’
“AI has the potential to empower the world’s 8 billion people to have the same impact as 80 billion. With this abundance, we must reimagine the role of the datacentre – how datacentres are connected, secured, operated and scaled,” commented Jeetu Patel, Executive Vice President and General Manager for Security and Collaboration at Cisco.
“The power of Cisco Hypershield is that it can put security anywhere you need it – in software, in a server, or in the future even in a network switch. When you have a distributed system that could include hundreds of thousands of enforcement points, simplified management is mission critical. And we need to be orders-of-magnitude more autonomous, at an orders-of-magnitude lower cost,” he continued.
How it works
Technically speaking, security enforcement with Hypershield happens at three different layers: in software, in virtual machines, and in network and compute servers and appliances. This means that it can leveraging the same powerful hardware accelerators that are used extensively in high-performance computing and hyperscale public clouds.
Hypershield was built on three key pillars:
- AI-Native: Built and designed from the start to be autonomous and predictive, Hypershield manages itself once it earns trust, making a hyper-distributed approach at scale possible.
- Cloud-Native: Hypershield is built on open source eBPF, the default mechanism for connecting and protecting cloud-native workloads in the hyperscale cloud. Ciscoacquired the leading provider of eBPF for enterprises, Isovalent, earlier this month.
- Hyper-Distributed: Hypershield spans all clouds and leverages hardware acceleration like Data Processing Units (DPU) to analyze and respond to anomalies in application and network behavior. It shifts security closer to the workloads that need protection.
As a revolutionary new security architecture, Cisco explained that Hypershield is solving three key customer challenges in defending against today’s sophisticated threat landscape:
- Distributed Exploit Protection: Attackers are adept at weaponizing newly published vulnerabilities faster than defenders can patch. With defenders seeing nearly 100 new vulnerabilities every day, according to Cisco Talos Threat Intelligence, this can lead to catastrophic results. Hypershield aims to deliver protection in minutes by automatically testing and deploying compensating controls into the distributed fabric of enforcement points.
- Autonomous Segmentation: Once an attacker is in the network, segmentation is key to stopping their lateral movement. Hypershield perpetually observes, auto-reasons and re-evaluates existing policies to autonomously segment the network, solving this in large and complex environments.
- Self-qualifying Upgrades: Hypershield automates the incredibly laborious and time-consuming process of testing and deploying upgrades once they are ready, leveraging a dual data plane. This completely new software architecture allows software upgrades and policy changes to be placed in a digital twin that tests updates using the customer’s unique combination of traffic, policies and features, then applying those updates with zero downtime.
A good day for the good guys?
As part of its explanation of why the announcement was such a big deal, the company emphasised that it is completely reimagining how traditional network security works by embedding advanced security controls into servers and the network fabric itself.
“Cisco Hypershield is one of the most significant security innovations in our history,” explained Chuck Robbins, Cisco Chair and CEO. “With our data advantage and strength in security, infrastructure and observability platforms, Cisco is uniquely positioned to help our customers harness the power of AI,” he asserted.
The burning question on our mind was whether the AI infused security solution finally represents a major win for the cybersecurity defenders on the cybersecurity landscape and by extension, businesses working diligently, if not desperately, to secure their data.
This is especially pertinent, as cybercrime syndicates and cybercriminals have only seemed to have become more prolific and bolder in recent years, using technology to their advantage too to try breach companies and create new malware and threats.
"For the past many years, when looking at cybersecurity, our adversary has always had the advantage. This is because they only had to get their attempt right once, whereas cybersecurity defenders have had to get their side of the battle right every single time," explained Patel.
"However, I do think we could in the foreseeable future live in an era where we may have the advantage, due to the technologies such as hardware an acceleration and native AI protection," he continued.
Patel pointed out that impact of a breach is far greater now than it was a decade or two ago.
''This is a technology that is a massive shift in architecture and security. And is not just something that's another product from another vendor, it is a different way of thinking. And that's why we say this is not the next version or something that exists. It's a brand-new reimagined version of something completely new," he stressed.
With Hypershield, it seems like Cisco, and thus its customers, how have a formidable ally in its corner. Because it infused with and powered by AI, the solution will keep learning and getting better, evolving, to keep pace with the tricks and traps that cybercriminals create.
Frank Dickson, Group Vice President, Security & Trust at IDC, sounded a bit more cautionary note, pointing out that AI is not just a force for good but also a tool used for nefarious purposes, allowing hackers to reverse engineer patches and ‘’create exploits in record time.’’
Even so, he was optimistic, noting that with Hypershield, Cisco is addressing ''an AI enabled problem with an AI solution,'' and achnowledged that Cisco Hypershield aims to tip the scales back in favour of the defender by shielding new vulnerabilities against exploit in minutes - rather than the days, weeks or even months as we wait for patches to actually get deployed.
Rather than just being a big announcement for the company and the industry - which it was - Cisco's news left us feeling like it represented a considerable step forward in the constant, never-ending battle to enjoy our digitally connected world more securely and a bit freer from the possibility of getting hacked or breached.
Most Read Articles
Have Your Say
What new tech or developments are you most anticipating this year?