Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now
AI is set to be a force multiplier like no other; eventually, everyone will have digital assistants for a multitude of tasks.
However, existing data center infrastructure can’t handle this massive data load or the security challenges that come with it. The AI of the future requires a fundamentally scaled, highly protected architecture.
Cisco says it has finally built this: The tech giant is today announcing Cisco Hypershield, a new approach that embeds security into the data center fabric and autonomously scans, segments and performs critical updates at the network level.
The new technology is “truly game-changing” and “the most consequential innovation” in Cisco’s 40-year history, Jeetu Patel, EVP and GM of security and collaboration, boldly claimed.
AI Scaling Hits Its Limits
Power caps, rising token costs, and inference delays are reshaping enterprise AI. Join our exclusive salon to discover how top teams are:
- Turning energy into a strategic advantage
- Architecting efficient inference for real throughput gains
- Unlocking competitive ROI with sustainable AI systems
Secure your spot to stay ahead: https://bit.ly/4mwGngO
“You can’t address these structural shifts by coming up with the next version of something that already exists,” Patel told VentureBeat. “You have to think about it as the first version of something completely new and re-imagined.”
Embedding security into data centers
Cisco Hypershield, which will be generally available in August, was built on three customer challenges. These include:
- Exploit protection: According to Cisco Talos Intelligence, defenders are seeing 100 new vulnerabilities a day, and attackers can weaponize newly published vulnerabilities faster than they can be patched. However, only about 20% of vulnerabilities get patches. There’s a “disconnect” between when vulnerabilities are announced and exploits occur that has “now shrunk to single-digit days,” said Patel. Eventually, this will shrink to hours and minutes.
- Segmentation: Once a threat actor is in a network, it can be difficult to segment them to stop their lateral movement. Attackers used to be segmented on hardware, Patel pointed out, but today’s infrastructure is completely different.
- Upgrades: Critical infrastructure is being attacked regularly because it’s outdated.
“Segmentation is really hard, patching is hard, upgrades are hard,” said Patel. However, with new foundational technologies, “these are all solvable problems.”
The system is AI-native and self-managing (once it earns trust). It is also cloud-native and built on open-source eBPF, which accesses hardware and services from the Linux kernel area.
The agent sits on the host and can observe everything going in and out, offering “extreme visibility at a very manual level,” said Patel. Supporting this capability, Cisco is set to close its acquisition of Isovalent, one of the leading providers of eBPF, this month.
Further, Hypershield is “highly distributed,” embedded security controls into servers and the network fabric. It spans all clouds and uses hardware including data processing units (DPUs) to analyze and respond to anomalies in applications and the network.
Rather than bringing the app to security,” you get security to where the exposure might be,” said Patel. “You can take security to where the problem areas lie.”
This could be an OT or IoT device, an infrastructure element, robotic device, a factory floor or an MRI machine, he said. “Instead of a fence, we’ve embedded security into the fabric of data centers.”
When it comes to vulnerability management, defenders used to be worried about zero days, but today’s “cyber miscreants” can just wait for a patch to come out and reverse engineer it, said Frank Dickson, group VP for security and trust at IDC.
“Hackers are businesses, they’re looking to create an ROI,” he said. It’s simply easier to weaponize patches. This is compounded by the fact that security is severely short on personnel.
“Shifting the burden of security from the core to the edge becomes incredibly important,” he said. “We can’t do what we’ve done before.”
AI agents that run autonomously once trusted
Hypershield helps protect in minutes because it automatically tests and deploys compensating controls into the fabric of enforcement points, Patel explained. These compensating controls can be stacked on top of each other, much like boarding a broken window with plywood, he said.
“Enforcement of security can happen in tens of thousands of places, hundreds of thousands of places,” said Patel.
Hypershield performs autonomous segmentation, meaning it “perpetually” observes, auto-reasons and re-evaluates policies to segment the network.
The tool also automates the time-consuming process of testing and deploying upgrades once they’re ready. This process is powered by digital twin technology. Every policy enforcement point in the system is built with two versions of software running in parallel, explained Craig Connors, VP and CTO for Cisco Security. The secondary data plane can also be used in cases of high availability and for modeling policies.
The built-in AI agent can test every possible combination that could occur in a real environment, he said, and it understands the application and all its dependencies.
“The security agent is learning your applications and how they behave and looking for any activity that appears to be malicious, whether a vulnerability or something else,” said Connors. “We’re really trying to bring the trust aspect in, and not just AI bomb you with recommendations.”
Shifting the “burden of security” from the core to the edge is incredibly important, said IDC’s Dickson; the industry simply can’t do what it’s done before.
Typical security solutions are “bolting on,” he said. “This isn’t bolted on, it’s built-in. It’s just a fundamentally different approach.”
AI is the platform shift of a lifetime
AI is no doubt one of the largest platform shifts most of us will experience in our lifetimes, Patel noted.
“Whenever you see something this profound happening, the short-term impact is grossly overestimated and the long-term impact is grossly underestimated,” he said.
Our lives haven’t changed that much since ChatGPT came out roughly a year-and-a-half ago; but a decade from now, AI will have dramatically changed our day-to-day, he forecasted. It will provide a “profound shift” with augmented capacity “unlike anything we’ve ever seen.”
People will have dedicated personal assistants, HR managers, financial advisors and other digital helpers that will live in advanced data centers. The world’s 8 billion people will have the capacity of 80 billion people and scientific progress will compound at 1,000X.
“AI becomes this force multiplier for output,” said Patel. “This isn’t science fiction at this point, we’re seeing this happen.”
But this introduces a new layer of complexity: Whereas security used to just be between users and apps, now there are trillions of devices, microservices, clusters and other technologies talking to each other. This requires a new security approach, said Patel, which is finally possible due to DPUs and high-performance computing.
“For the past zillion years, when we’ve looked at security, the advantage has always been on the side of the adversary,” said Patel. “Why is that? They only have to be right once. The defender has to be right every single time.”
Eventually, it might get to the point where the defender has the advantage, he noted, and “wouldn’t that be a wonderful world to live in.”
