Instead, the encrypted visibility engine leverages billions of samples, including sandboxed malware samples, to assess if encrypted traffic contains malware. It can tell which operating system the traffic is coming from and what client application is generating that — all without the need for decryption.
The goal is to reduce the time and resources typically needed for decryption and packet inspection. “We have built this tool that’s based on the movement of the packet to infer if it’s anomalous behavior and then do something about it,” Patel said.
Cisco goes for simplicity against sophisticated threats
With more than 3,500 vendors in the market, Patel believes this is an inflection point, where the expanding number and sophistication of threats demands simplicity and protection at scale. “It gets complicated with 70 or so vendors in your security stack. The efficacy goes down, there can be overlap between policy engines and it’s very complex,” he said.
Looking to lower the complexity and make the economics better, Cisco is going all in on effectively harnessing AI as the answer. And with these tools it aims to simplify security processes and thereby strengthen organizational defenses.
The company has made significant investments in AI in recent years, but with the launch of ChatGPT, the generative AI piece offered something more to help lift the capabilities of end-users. Not strictly running on ChatGPT, these tools are powered by multiple different AI engines. Users input their queries to the AI Assistant, and behind the scenes, the engine will redirect to the relevant dataset to get the answer and provide it to the user, Patel explained.
Aimed at IT admins, SOC analysts and security admins and the like, the generative AI-based policy administration tools offer embedded AI capabilities for practitioners. “We wanted every persona that uses our products to have an assistant and they should, using natural language, be able to ask the system to do something, but also to reason with them.”
