Redefining Cybersecurity for an Adversarial AI World
As cybercrime gangs and nation-state adversaries continue to employ AI and machine learning experts to carry out sophisticated attacks, organizations must prioritize resilience in order to defend against these threats. According to CISOs interviewed at RSAC 2024, resilient networks are now a board-level priority. Boards are demanding proof of progress in risk management and a greater emphasis on infrastructure-wide efficacy and visibility.
The current level of confidence in handling cyberattacks is misguided, with 80% of companies feeling prepared but only 3% being truly ready. The consequences of lacking resilience can be tragic, and there is a pressing need to create something entirely new in the field of cybersecurity. This sentiment was echoed by Jeetu Patel, the EVP and GM of Security and Collaboration for Cisco, who referenced the 2024 Cisco Cybersecurity Readiness Index.
CISOs at RSAC also expressed their top concerns, which include improving the resilience of cloud infrastructure, securing software supply chains, ensuring software bill of materials (SBOM) compliance, and protecting connections with partners and suppliers from new attack techniques.
To address these challenges, Cisco emphasizes the need for a new approach to cybersecurity that leverages native AI, kernel-level visibility, and hardware acceleration. According to Patel, defending against AI-based attacks requires AI defenses at a machine scale rather than a human scale. Organizations must keep their infrastructure up to date, maintain strong patch management practices, and implement robust segmentation to prevent attackers from exploiting weak threat surfaces.
However, many organizations tend to procrastinate when it comes to patching, only taking action after a breach occurs. Patching critical systems is often seen as complex and time-consuming, especially in the context of remote work and decentralized workspaces. Segmentation, which is crucial for zero-trust security frameworks, is also challenging to implement effectively. Moreover, updating infrastructure components such as firewalls and network equipment can be slow due to limited change control windows.
To reimagine cybersecurity, Cisco has introduced HyperShield, a hyper-distributed framework that acts as an enterprise-wide security fabric. Native AI is at the core of this new strategy, enabling contextually intelligent, autonomous segmentation, automated patch management, and self-upgrading infrastructure. By applying compensating controls and removing them once patched, HyperShield provides lifecycle management for security systems.
Cisco identifies three technological shifts that will fundamentally change cybersecurity: AI, kernel-level visibility, and hardware acceleration. AI tools offer significant improvements in SOC accuracy and performance, but they must earn the trust of users by presenting their decision-making process. Kernel-level visibility, facilitated by extended Berkeley Packet Filter (eBPF) technology, allows organizations to monitor server and operating system activity without being inside the system. Hardware acceleration, enabled by GPUs and DPUs, offers a significant boost in throughput for security operations, I/O operations, connection management, and encryption.
In summary, organizations must prioritize resilience and embrace a new approach to cybersecurity that incorporates native AI, kernel-level visibility, and hardware acceleration. By doing so, they can better defend against adversarial AI-based attacks and stay ahead of rapidly evolving threats.