Adoption Of Cisco’s Hypershield Will Depend On AI And Security Tooling Coexistence

4 months ago 6
News Banner

Looking for an Interim or Fractional CTO to support your business?

Read more

Cisco has announced a new network and cloud security platform, called Hypershield. Hypershield offers autonomous and automatic network segmentation based on understanding network traffic patterns with AI. Hypershield provides:

  1. A modified and proprietary version of the Extended Berkeley Packet Filter (eBPF)-based agent framework to act as not only a traditional observation point but also a network policy enforcement point in Windows and Linux operating systems.
  2. Virtualization hypervisor and container-level network policy enforcement points.
  3. Data processing units, which are hardware-accelerated embedded network policy enforcement points (available in the future).
  4. Smart Cisco hardware network switches.

The above four enforcement point types all are controlled by a centralized policy management “brain” and also provide coverage of unified segmentation policies across on-premises, private, and public cloud infrastructures (available in the future).

Cisco has been excited about eBPF for a while now, even acquiring Isovalent, the early eBPF pioneer startup. eBPF will provide visibility at the process level, which could enable Hypershield to detect aberrant digital behavior earlier and detect attackers moving along allowed paths. Cisco plans to use AI to build the network policies.

Hypershield is significant for the following reasons:

  • Defensive AI. Everyone wants to get into this game, but no one wants to leak their data. Privately hosted AI will be more secure than publicly hosted. Hypershield offers a much-needed network security layer to protect all flavors of hosting for AI. Also, AI is good in production use only if customer organizations can understand, explain, and defend AI’s decisions.
  • Single agent, multiple use cases. Hypershield brings together cloud workload protection, container security, and network security, which is a plus. An open question, though: Can the single Cisco agent coexist with existing customer investments in the above areas?
  • VMware enforcement — a security update to an aging infrastructure option. Customers are frantically looking for VMware alternatives right now. Hypershield could replace VMware’s NSX, and a customer could, in the short term, use OpenShift to replace ESXi.
  • On-prem to private to public cloud coverage. Enterprises are concerned about their cloud costs; mitigating cloud costs is currently one of our most common client inquiries. Having a vision to modernize network security for on-prem and private workloads, instead of moving these workloads to public clouds, could be an attractive option that benefits Cisco greatly. Unified security coverage for bridging the gap between on-prem, private, and public clouds is definitely a good thing and is asked for by customers. The key question here: How will Cisco interoperate with existing Cisco and third-party security products in all these locations?

Cisco has identified an architecture that may solve all these problems. Organizations should pay close attention to Hypershield development going forward. The question will be whether Cisco can execute this strategy efficiently and effectively, something that sometimes plagued some of its past architecture initiatives such as ACI and ISE.

Blog

Ten More Important Emerging Technologies For 2024

As AI continues to dominate the technological landscape in 2024, security, the need for trust, and innovation in advanced computing remain vital. These trends influenced our selection of the next 10 top emerging technologies for 2024.

Blog

Announcing The Forrester Wave™: Microsegmentation Solutions, Q3 2024

Forrester just published the second edition of The Forrester Wave™: Microsegmentation Solutions. Just over two years separates this research from the previous report, and the technological advances over that short time are stunning. The previous evaluation, The Forrester New Wave™: Microsegmentation, Q1 2022, was all about layer 3 microsegmentation in a data center (or private […]

Get The Insights At Work Newsletter

Email Address*

Yes, I’d like to receive Forrester’s Insights At Work newsletter and receive occasional survey invitations and marketing communications.

Thanks for signing up.

Stay tuned for updates from the Forrester blogs.

Read Entire Article