Adoption Of Cisco’s Hypershield Will Depend On AI And Security Tooling Coexistence
Cisco has announced a new network and cloud security platform, called Hypershield. Hypershield offers autonomous and automatic network segmentation based on understanding network traffic patterns with AI. Hypershield provides:
- A modified and proprietary version of the Extended Berkeley Packet Filter (eBPF)-based agent framework to act as not only a traditional observation point but also a network policy enforcement point in Windows and Linux operating systems.
- Virtualization hypervisor and container-level network policy enforcement points.
- Data processing units, which are hardware-accelerated embedded network policy enforcement points (available in the future).
- Smart Cisco hardware network switches.
The above four enforcement point types all are controlled by a centralized policy management “brain” and also provide coverage of unified segmentation policies across on-premises, private, and public cloud infrastructures (available in the future).
Cisco has been excited about eBPF for a while now, even acquiring Isovalent, the early eBPF pioneer startup. eBPF will provide visibility at the process level, which could enable Hypershield to detect aberrant digital behavior earlier and detect attackers moving along allowed paths. Cisco plans to use AI to build the network policies.
Hypershield is significant for the following reasons:
- Defensive AI. Everyone wants to get into this game, but no one wants to leak their data. Privately hosted AI will be more secure than publicly hosted. Hypershield offers a much-needed network security layer to protect all flavors of hosting for AI. Also, AI is good in production use only if customer organizations can understand, explain, and defend AI’s decisions.
- Single agent, multiple use cases. Hypershield brings together cloud workload protection, container security, and network security, which is a plus. An open question, though: Can the single Cisco agent coexist with existing customer investments in the above areas?
- VMware enforcement — a security update to an aging infrastructure option. Customers are frantically looking for VMware alternatives right now. Hypershield could replace VMware’s NSX, and a customer could, in the short term, use OpenShift to replace ESXi.
- On-prem to private to public cloud coverage. Enterprises are concerned about their cloud costs; mitigating cloud costs is currently one of our most common client inquiries. Having a vision to modernize network security for on-prem and private workloads, instead of moving these workloads to public clouds, could be an attractive option that benefits Cisco greatly. Unified security coverage for bridging the gap between on-prem, private, and public clouds is definitely a good thing and is asked for by customers. The key question here: How will Cisco interoperate with existing Cisco and third-party security products in all these locations?
Cisco has identified an architecture that may solve all these problems. Organizations should pay close attention to Hypershield development going forward. The question will be whether Cisco can execute this strategy efficiently and effectively, something that sometimes plagued some of its past architecture initiatives such as ACI and ISE.