As AI demands more from IT infrastructure, Cisco just released Hypershield, which it heralds as a new way to secure data centers and clouds. This new solution aims to protect assets wherever they are—applications and devices, as well as public and private data centers. The company says Hypershield was created with AI in mind from the ground up to help secure beyond a level humans can reach alone.
In a pre-briefing, Tom Gillis, Senior Vice President and General Manager of Cisco security products, shared the background on Hypershield. “For decades, the way the industry has worked is that every time there was a new problem in security, there’d be a little cluster of new companies formed to solve that problem,” he said. And while the individual solutions are excellent, this puts the burden on the customer of constantly ingesting a new tool and often onboarding a new vendor.”
Gillis said that Cisco wanted to create a more integrated solution defined in software—independent of infrastructure—that could span private and public clouds. The company would then tie it together with its networking capability.
Better security outcomes
“This is going to create a better security outcome for our customer, which is better, faster, and cheaper—an irresistible combination in any industry, but in security in particular,” he added. Cisco Hypershield is a security architecture built to meet the needs of the AI-scale data center.
Cisco says it built Hypershield on three key pillars:
- AI-native: The company says it designed Hypershield to be autonomous and predictive. As such, it self-manages once it earns trust, which is the key to its operation at scale.
- Cloud-native: With open-source eBPF underpinning, Hypershield can connect and protect cloud-native workloads. Bolstered by its acquisition of Isovalent, an eBPF provider for enterprises, earlier this month, this should be a unique advantage for Cisco.
- Hyper-distributed: Cisco’s network heritage gives it a singular advantage in how it views security—it uses the network fabric, enabling it to shift security where workloads need protection.
For customers, Cisco says Hypershield solves a few challenges on the threat landscape, including distributed exploit protection to prevent attackers from weaponizing new vulnerabilities before patches are available, autonomous segmentation to stop attackers from lateral movement, and self-qualifying upgrades, which automates testing and deploying of upgrades when they’re ready.
The important thing to understand about Hypershield is that it’s a new architecture built on the technology Cisco developed originally for hyperscalers. Legacy security is akin to a fence that protects the perimeter. Once the fence is breached, threat actors have unfettered access to everything inside it. Hypershield enables security enforcement to be placed everywhere – from application services to containers and virtual machines. Think of Hypershield as an AI-enabled security fabric where every network port becomes a high-performance enforcement point. This fabric approach blocks application exploits in near real-time and blocks threats from moving laterally, ultimately limiting the blast radius of a breach.
While there are many use cases for Hypershield, Cisco is targeting the following three specific pain points:
- Distributed exploit protection. Hypershield protects against the rising number of vulnerabilities through continuous testing and deploying compensating controls into the enforcement points of the distributed fabric. Critical vulnerability exploits (CVEs) are a way of life and are growing faster than most customers can keep up, and Hypershield can help minimize their impact.
- Autonomous segmentation. Hypershield's continuous monitoring enables it to observe and re-evaluate segmentation policies and dynamically adjust them. Customers have been interested in segmentation for years, but maintaining the policies is extremely difficult and impossible in dynamic environments.
- Self-qualifying upgrades. The solution automates the time-consuming and manually-heavy process of testing and deploying upgrades once they are ready, leveraging Hypershield’s dual data plane. Effectively, it accomplishes this by creating a "digital twin" of the environment.
Hypershield will be generally available in August of this year. It will use per-workload and per-port pricing for network-based enforcement and will be a software subscription with a la carte hardware.
Some final thoughts on Hypershield
Cisco Hypershield is in the right place at the right time to help with the many complex security challenges of modern, AI-scale data centers. Cisco’s vision of a self-managing fabric that seamlessly integrates from the network to the endpoint will help redefine what’s possible for security at scale.
For example, this level of visibility and control across a hyper-distributed environment prevents lateral movement of attackers, enabled through a unique approach to segmentation that’s autonomous and highly effective. This may seem fantastical, but the time is right, especially when you combine recent AI advances with the maturity of cloud-native technologies like eBPF.
Zeus Kerravala is the founder and principal analyst with ZK Research.
Read his other Network Computing articles here.
Related articles: