The future of cybersecurity teams? 4 digital staff for every human

I love technology. Every day, you learn something wild, especially in AI and cybersecurity. But today’s keynote speaker at RSA Conference, Jeetu Patel, Cisco’s Executive Vice President and General Manager of Security and Collaboration, nearly blew my branded socks off with his vision for what the next decade might look like in cybersec.

Specifically, our world of eight billion people might suddenly jump to feeling like it’s eighty billion in the near future.

“We as humans, since the beginning of time, have worked in a world of complete scarcity,” Jeetu said. “In practical terms, all of us in the IT industry, we have a certain constrained budget . . . and we’ve been expected every year to do a little more with less. For the first time, we’re now entering a time when abundance can become a reality.”

The reason? The ability to augment human operations with AI, which is set to make a “seismic change” in how cybersecurity—and a lot of industries—operate. But, as Jeetu noted, these augmenting assistants will need a special arrangement of cybersecurity protections.

• Getting AI assistants as part of your employee benefits package
• Digital cities resting in data centers (dreaming of electric sheep)
• Reimagining the security paradigm: three tier thinking is dead
• The three massive problems with securing infrastructure
• Technology shifts have solved these infrastructure security problems, as of 2024
• Presenting the self-training, AI cybersecurity defenses of the future
• Conclusion: This is not a jet pack, says Cisco

Imagine this: You get a shiny new job, and you’re talking salary. Your boss says, “How about I throw in ten assistants for you? Like your own personal assistant, HR specialist, coach, finance planner, etcetera.”

This was a scenario Jeetu floated as a very real possibility as “plausible forms of augmentation.”

“The ability for us to augment capacity to humans is going to be so profound and grow at a different scale. . . . If you had 40 people in a customer service department, you could expand capacity to 240. Suddenly our eight billion people world would have the capacity and throughput of 80 billion people.”

So, where would all these people live? In “digital cities we call data centers,” according to Jeetu. These data centers would be both public and privately run.

“These data centers are going to need to accommodate this increasing volume,” he said. “Data centers themselves will need to be fundamentally altered . . . to accommodate for AI workloads and digital workloads.

“As a result, we’re going to have to reimagine the underlying security that goes into the infrastructure.”

“We used to have three tiers to cybersecurity: The web tier, the application tier, and the data tier, each in a dedicated piece of hardware," explained Jeetu. "However, today we’ve got a hyper-distributed environment . . . with microservices on thousands of pieces of hardware.”

Jeetu said the infrastructure that powers the data centers had also changed over the years, switching from general purpose computing to GPUs and DPUs, parallel processing, and vector and matrix math. All of this allowed us to do “10,000 times more than what you could do in the past.”

But even with all the advances in infrastructure, securing it has become incredibly difficult, according to Jeetu.

According to Jeetu, up until now, there have been three “specific areas of tactical concern” we haven’t been able to overcome: segmentation, patching, and updates.

“Segmentation is hard," said Jeetu. "If you assume the attacker is in your environment, and the name of the game is to contain the attacker from spreading that attack through lateral movement, it’s really hard (to stop that)."

You used to be able to segment things out with a three-tier environment. But in the new distributed paradigm, there are thousands of microservices that might “run on Kubernetes containers, that run on VMs, that need to talk to each other, and be segmented in an effective manner.”

“It takes a long time to patch something," said Jeetu. "The time it takes from a vulnerability being announced to when an exploit happens is now down to single digit days. However, the time it takes to patch something is not any faster than before, and if anything, it’s getting [more difficult due to segmentation].

“There’s also the need to patch things that weren’t designed to be patched now, like a drone, an oil rig, a robot welder, [or] an MRI machine. It’s a hard thing to do as a security practitioner and get a handle on it.”

As Jeetu said, “Updates are critical for infrastructure, and it’s hard to update that infrastructure. If you miss one of the two update windows for a year, you’ve got to wait around six months.

“Even though a software manufacturer might have done an update . . . the update doesn’t actually make it into the hands of customers and the infrastructure for a long, long time.”

According to Jeetu, these previously unsolvable problems are now fixable using three advancements: AI, kernel-level visibility, and hardware acceleration.

“When AI is weaponized by adversaries, the only way to stop it is if you use AI natively in your defense. This is hard to do if you’re thinking of AI as a bolt on.

“With kernel-level visibility, if you think of an end point being compromised and traffic being encrypted end to end . . . the [only way to know] is if you can see what’s happening visibility-wise.” Jeetu said there are now ways to see what’s happening in the heart of a client’s server without being inside their operating system.

“With hardware acceleration and data processing units (DPUs), you can make sure you’ve got a massive acceleration of throughput for security operations. These three core techs allow us to fundamentally reimagine security in the age of AI.”

One example of the new paradigm shift is network segmentation via AI, according to Tom Gillis, Senior Vice President and General Manager of the Cisco Security Business Group.

“Network segmentation is the foundational capability of every security stack. However, it can be hard to do in practice,” he said.

At RSA Conference, Tom showcased AI that could automatically segment apps, separating those that never talk to each other. As it gets more confident, it makes tighter segmentation policies. But if something changes, it can relax them again, learning over time.

In terms of dealing with patches, Cisco said there are now tools that can help with this as well.

“Right now in environments we have vulnerability scanners. They’re very good at assessing and finding holes, almost too good. They might find five hundred, a thousand, even two thousand CVEs a week,” said Tom.

“However, by asking follow up questions such as, “Is it running in memory?” “Is this being actively exploited in the wild?” and “Is it a high value asset?”, Cisco can create an AI-powered report you can use across your whole infrastructure. 

“Patching takes time. When this happens, we can apply a compensating control somewhere in the infrastructure in the interim, and when that vulnerability is closed, the control is automatically removed. This [sort of tool] can be training to protect itself against unknown vulnerabilities in a highly efficient fashion.”

In terms of updates, Cisco demonstrated a self-patching firewall. The firewall ran a shadow path, where it tested out the change to see if it could have some unindented consequence. If not, it promoted the change into production.

“What you’ve got is a network security system that writes its own rules, tests its own rules, qualifies its own rules, and manages its own rules.”

Unlike the jetpacks people were promised in the “distant future” of the 2000s, these technologies were available to see on the floor at RSA Conference, according to Cisco.

“This is something you’ll see [out there] in months, not years,” Tom said.

Jeetu said these advancements weren’t the “next version of something that already exists, but the first version of something new.”

“All of this is just the beginning," he explained. "All these technology building blocks allow us to imagine things we weren’t able to before. From SOC operation, security analytics, networking—it will all be foundationally different from how it used to be.”

Start building security skills with a free trial of Pluralsight Skills.