April 18, 2024 at 03:11AM
Cisco has developed Hypershield, a new approach to network security. It introduces “enforcement points” – tiny firewalls deployed on servers or in data processing units. These points are informed about observed applications and potential threats, allowing for proactive actions such as patching or creating new network segments. Hypershield will debut in August.
Based on the meeting notes, here are the key takeaways:
– Cisco has developed a new product called Hypershield, which represents a novel approach to network security.
– The core element of Cisco’s plan is the deployment of “enforcement points” – miniature firewalls that run on servers or in data processing units (DPUs, SmartNICs) in servers or networking hardware.
– Enforcement points are informed about observed applications, known good behaviors, and receive updates on new vulnerabilities or attacks through the work of Cisco’s security intelligence teams using AI.
– They check for anomalous behavior and can inform admins about apps needing patching and implement compensating controls to protect the app by creating new network segments that don’t allow dangerous traffic.
– Tom Gillis, senior veep and general manager of Cisco’s security business, highlighted the self-updating networks and mitigations that keep devices safe as Cisco’s alternative for industries like healthcare.
– Enforcement points run two data paths: one equivalent to a tested production system and another as a “shadow path” for testing updates using AI.
– Hypershield uses eBPF technology and can also run on DPUs/SmartNICs to isolate further and relieve the burden on server CPUs. Cisco is also developing switches to run DPUs, allowing enforcement points on each port in a switch.
– Hypershield will be licensed per “workload,” based on core count and other factors, with a cloudy app serving as the management console.
Overall, Hypershield is a new architecture from the ground up, not just software appliances replacing networking boxes, and will debut in August with its eBPF incarnation, with other elements to follow over time.