The AI Cybersecurity future is here

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
Is it fair to say that the future of cyber security is AI? The future of cyber security is going to be powered by AI and anyone that thinks otherwise is not going to have an effective platform for security. If you think about 80% of the attacks that happen originate from email. Yep. Like you get an email from some prince from some exotic country and then they'll say, well, click on this link and you can download your $10 million. Yep. From there, you actually download some malware. But the problem people have, right? Too much data, too much it's overload for a human. Correct. That's where AI helps. Okay. It took a while for folks to realize is at this point, think about it, warfare starts with cyber. Yeah. A hospital, people would lose their lives if the hospital got breached. Yeah. Because people wouldn't be able to get dialysis. Yeah. Or whatever the treatment is that they're looking to get. Water supply can stop for a city. You can have power grids completely stopped. You can have the financial system stop. Your healthcare system stops. There's a tremendous impact with that shortage of skill. We have to make sure that we actually get to that at machine scale. Hey everyone, it's David Bombal coming to you from Cisco Live back with Jeetu. Jeetu, welcome. Great to have you back here. Thank you. Thank you for having me, David. It's great to see you again, man. Likewise. You on stage. I saw today lots of announcements. Is anyone on stage these days? Well, but big question. Recently, they're calling it the mother of all breaches. 26 billion records got leaked. Last time we spoke about the attackers are, you know, it looks like the attackers are winning. Hopefully, you guys are going to do something about that. Well, you know, for 30 years, David, it's been the way that things have actually transpired. The adversary has the advantage over the defender. And the reason for that is because they have to be right once. We have to be right every single time. I think this is the first time, at least in my professional career, that I see a light at the end of the tunnel where I think the scales might tip in favor of the defender because they'll have a data advantage. The defenders will have a data advantage over time. Now, it's not quite, we're not there today. OK. But I do see that being a possible state in the future. And we're pretty excited about the things that we can do with it because it's not just having a lot of data. We've always had a lot of data. I think the ability to correlate data effectively and then reason with that intelligence that's there and then be able to feed that into everything else is where I think we'll be able to predict and prevent rather than just detect and respond. Last time we spoke about the fact that cybersecurity especially has all of these sort of niche companies, it seems, that are providing a very specific solution, but there's no overall solution. Yeah, the way that innovation has evolved in cybersecurity, it's all through patchwork. There's a new threat that comes up. There's a new company that came out to go out and help the threat. The ironic part about this is that model started so that the efficacy would be high for security. That is the model that's breaking security down today because on average people have 50 to 70 different products in their cybersecurity stack. Yeah. And it's untenable to go out and manage that anymore. Exactly. The complexity is too high. And so what needs to happen, and I think there's the shift that's occurring right now in the market. We'd like to think we're one of the people that are driving it, but the shift that's occurring is moving from a bunch of point solutions to integrated platforms. And what that'll allow you to do is have a single policy engine. It'll have a single kind of core design system. And it's going to allow us to do things that we couldn't do before, largely because you could correlate data sets that you weren't able to in the past. If you think about 80% of the attacks that happen originate from email. You get an email from some prince from some exotic country. You're very polite. Yep. And then they'll say, well, click on this link and you can download your $10 million. It takes you to a website that didn't exist two hours ago. From there, you actually download some malware. That malware kicks off a process on your PC that then does lateral movement throughout the entire network. That is 80% of the attacks that happen today. Now, what happens in those attacks and how the defenses work? There is a company that does email protection. There's a company that does web protection and DNS protection. There's a company that's actually doing things around endpoint protection. And then there's a company that's doing something on network. Each one of them have their own telemetry. And so an email that comes in gets passed as a low level alert. And then a website that you go to might get passed as a low level alert. And a process that got kickstarted on the endpoint might be tagged as a low level alert. But if you put those three low level alerts together, that is a high level alert. Low level alerts get ignored because of the signal and noise ratio being way off. But a high level alert, you would do something about. And that only happens when you actually start to correlate telemetry. And that's the idea of data, right? That's the idea of making sure that you have data across multiple control points, email, web, network, identity, endpoint, that you can start to correlate together and say what's anomalous versus what's normal behavior. And when you start detecting patterns of legitimate activity versus patterns of abnormal activity, you can then start to have a graduated set of responses that you can apply to that. Quarantine this. Make sure that you kill this session. Make sure that you actually have gone out and done a snapshot backup. All of those things can start happening once you have that core set of, you know, kind of indication that this is in fact a breach that's about to happen. And therefore, I'm going to predict and prevent rather than just detect and respond. But the problem people have, right? Too much data, too much. It's overload for a human. Correct. That's where AI helps. So up until now, we've not had a data scarcity issue. We've had an issue of making deriving meaning from that. And that's where AI can massively kind of bits of step function improvement. So I know that I interviewed DJ, I believe, is in your team. Love DJ, man. On the firewall. Like there's an assistant for a firewall. Yes. Are we talking about that or is there more? No. So what we're talking about on the firewall, so the way that we think about it is there's three major objectives in security that we're trying to go out and solve. First one is massively increase the efficacy of security. Second one is make sure that your experience gets way better than what it is right now. Yeah. And then third one is make sure that the economics are contained so that you don't end up spending more money. Because right now, if you look at the trajectory over the past 15 years, people have spent an inordinate amount of money in security. And it's not effective because it's not. It's not effective actually. Yeah. And so you have to do all these three at once. In order to do all these three things at once, on the efficacy side, what I'm talking about is a correlation of data. Okay. On the efficient experience side, what I'm talking is what DJ was talking about, which is I can go out and set a policy in natural language. And what that policy natural language is going to do is it's going to reduce the dexterity that people need to go out and get certain things done. And so then you actually can address the talent shortage. Because right now, 4 million jobs just in the US go unfilled every year. Millions go unfilled throughout the world. And how can we go out and make sure that that changes quite dramatically? Because if the attack rates keep going up and keep compounding, and your talent shortage remains, you just by definition get weaker. So you have to handle this at machine scale. You can't handle it at the human scale. So does Cisco just have AI on a firewall? Is it bigger than that? No, no. So the beauty about this is we started with AI on the firewall, but it was such a huge problem. And we said, wow, firstly, wouldn't it be nice if you had the ability to have natural language interface on every single product of ours? So you can set policy. You can do basic hygiene on policy. So one of the demos we showed this morning at the keynote was the ability to say, I've got 1200 rules in my firewall, but 350 of them are duplicates. So what do I do? Do I disable them? Do I delete them? In order to go out and even determine that in a reasoning engine, when you're creating a rule, it would be something that right now is not something that people do. And now this is something that you can do in a very easy way. It's not only is it easier, it does more while making it a whole lot easier. And so then the people that are working on these things, it's not like you don't need them. You will just be able to have them focus on higher order efforts rather than the things that actually you use up a huge amount of cycles. It requires a very high level of dexterity and isn't really progressing us as fast as we need to progress. We need all the human minds on the problem of security. So one thing that I think people need to take away from this is it's not that we're trying to eliminate jobs. What we're trying to do is make sure that those jobs that are being done can be done at a higher bandwidth so that the mundane work can actually happen with the augmentation of a machine. I mean, old people like me, you know, firewall... You're still younger than me, which is really depressing. Firewall rules are a nightmare, right? CLI was difficult in the old days. It's like assembly code. That's right. Yeah. And I mean, you don't want to touch it because you might break it. Yes. So we need something... And actually, the people that wrote the rules retired, the kids graduated from college. Exactly. And so now you've got... There's companies we know that have millions of rules on the firewall. And so what they do is because they don't want to break anything, they just don't touch it. Exactly. And then at some point in time, that system which was designed for efficacy is actually the most ineffective system that's out there. I mean, you mentioned in your keynote, AI is not going to replace it. Assist, I think, augment and automate, will you? Assist, augment and automate. So why we do... Why we are using AI is to increase efficacy, improve the experience and improve the economics. How we do it is by assisting every human to actually have an assistant. Yeah. Augmenting so that the detection is going to happen at a much faster pace and make sure that the human's in the loop and then automate certain tasks that can be done so that humans can actually be graduated to doing better tasks. Yeah, because the warrior's jobs, right? Like you mentioned, and you've addressed that. We just simply don't have the number of people to go out and address the number of attacks that are happening. And by the way, this is critical infrastructure that's going to damage other critical infrastructure. The thing that people... It took a while for folks to realize is at this point, think about it, warfare starts with cyber. A hospital, people would lose their lives if a hospital got breached because people wouldn't be able to get dialysis or whatever the treatment is that they're looking to get. Water supply can stop for a city. You can have power grids completely stopped. You can have the financial system stop. Your healthcare system stops. So there's a tremendous impact with that shortage of skill. And we have to make sure that we actually get to that at machine scale. So you've mentioned firewalls quite a bit. There are other products, right, where the AI is involved in. So our AI assistant actually manages all of our products. So we started with firewall. We just added secure access, which is our competitor, the SASE market. And so you can actually go out and have policies that are set with natural language in our secure access product. We have announced a SOC assistant, which will come out later in the year. We will have, we currently also have a documentation site for our, if people want to find out exact documentation that, how do you do this? How do you do that? That's actually going to be in that that's available with an AI assistant. And we will continue to keep adding email as well, right? Yeah. So email has, we just announced today that email threat defense will have some AI capabilities to do better detection of spam and so on and so forth. And so every single product will have different uses for it, but we will make sure that AI gets injected across the board. Because frankly, the way I think about it, security is a data game. Yeah. And you cannot make sense of data without having strong, robust AI models in place. How do you get the data? Is that perhaps related to the possible Splunk acquisition? Splunk will definitely be one of the contributors of that. And the way you think about this is, you know, we are a networking company in order to be a great networking company, we have to be a great security company. I love that. Yeah. If you're going to be a great security company, you have to be a great AI company. And you cannot be a great AI company if you're not a great data company. And Splunk will definitely allow us to scale that to a very different level. We can't talk much about that because we're in the regulatory approval process right now. But in addition to Splunk, we just have to think about all aspects where we have telemetry that can be pulled together. We have data about every packet that flows through the network. We have data about every email and every forward that happens. We have data about every process that gets kickstarted on an endpoint. We have data about every WebDNS query that gets made. We have data about every identity, human or machine identity. Now with the identity intelligence engine, where you can tell whether or not there's anomalous behavior, both reactively, David's doing something that seems out of character, or proactively. I've got these three devices that I've never logged in for three years. Maybe I should decommission those devices and instill a level of basic hygiene. So all of those things, that telemetry, if we can take and start to correlate, where there's magic that can happen. And that's why I think there's an advantage to, once you start really mining this data effectively for the customer being safe. I'm going to push on that word mining because a lot of people may be concerned about giving their personal data or confidential data to AI. Yeah, so the way that we do it is firstly, when you start thinking about the world of security, it's slightly different in the sense that if there's an incident that's happening, you want to know what that incident is so that others can actually get prevented from it. But we don't use anyone's data. So what I'm talking about is an instance that you would have with your data. Okay, so it's personal to my company? Personal to your company. And you'll say, okay, here's your data. Not like the typical check GBT thing. No, no, no. And so we would actually make sure that that's there. But in security, in the world of security, you typically have a pretty common practice of making sure that certain kinds of data on incidents and breaches get shared with the community so that you know what's going on. Otherwise, you're fighting against the adversary. But the thing to keep in mind is this, what I'm talking about over here is largely for like, one of our big core value systems is privacy. And we think it's a basic human right. And we should, if we ever used a data set to train the model, there would be with explicit consent. I mean, I suppose that's an advantage, right? Because you've got AI for my company, but Cisco also have a lot of data from many people that are perhaps sharing it with you. So I think one of the concern is ChatGPT is like pulling data from the internet, but that's very different to the AI that you're using. Yeah, I mean, on the data side, like it's a very different thing from ChatGPT, because in ChatGPT, for example, you would say, what's the weather like today? With us, it's more around how do I go out and configure this policy? And that's a very different kind of way that you've actually trained the model. And it's a very constrained set of data that we've actually trained the model on. It's called retrieval augmented generation, where you actually make sure that you train the model based on a very specific custom set of data for that account. And that's important because of hallucinations as well. Yeah, hallucinations in ChatGPT is a feature, not a bug, right? Because when you start thinking about it, in some cases, what ends up happening is the creative personas. If you think about how AI evolved, and Sam Altman had a great kind of thought over here in one of the podcasts, he was in where he said that if you would have asked him five years ago, seven years ago, how is AI going to evolve? He would have said, it starts with the blue collar workers. Yeah, exactly. Right. And then it's going to go to the knowledge workers and then to the super high creatives. It's actually turned out exactly the opposite. Exactly. Yeah. Why is that? Part of the reason is because hallucination actually helped in actually creating the creative wandering that can happen. That does not work in security. I was going to say. I can't hallucinate about a firewall policy I want to implement. Exactly. So it has to be pretty precise. So what we do is we actually create a... The way in which you train the models is very decent. I think another misconception people perhaps have is just because of ChatGPT, they think it's just an assistant or an interface, but like on the firewalls, you've got the assistant, but you've also got EVE, right? Yes. Can you just explain that and how perhaps AI is doing similar things on other products? So I think generative AI through transformers is one dimension of AI that actually has gotten a lot of popularity because of ChatGPT over the course of the past year. I think it's fantastic because what it's done is it's allowed us to, as humans, communicate with a machine without learning the language of the machine, but actually requiring the machine to learn the language of humans, which is great. This is the first time that's happened. But that's the transformer side and that's the understanding of natural language. There's a bunch of other areas in machine learning and AI which actually have little to do with language expertise. And more to do with detecting anomalies and making sure that you can find patterns of behavior. And so encryption visibility engine is a really interesting problem to solve because that we solved with the encryption visibility engine, because if you think about majority of the traffic today is encrypted. It's a problem. And so we used to have this technology, we have this technology in firewalls called deep packet inspection, where you can actually go and inspect a packet to know if there's malware inside that packet. And if there is, then you can intercept or block it. Now, if everything's encrypted, there's no way for you to tell. So the only way you can tell is by inferring based on the movement of the packet and whether or not it's anomalous behavior. And that's what EVE does. And that's actually a pretty major step function improvement in driving efficacy once again. So what you'll see is we're doing one of three things. Something like Eve drives efficacy. Something like AI assistant drives the experience. And it also drives the economics. And so those are the ways that we kind of think about it. So EVE kind of like, I don't want to put it, I'm not quite sure how to say it, but like the EVE kind of technology perhaps will be used on email and other spheres as well. It'll be used across the board. EVE itself is being used in the firewall largely. Yeah, but like a similar kind of concept. The concept of empowering these different tools with strong AI that's not generative in nature, but strong AI and also machine learning aspects. That's something we'll have in every single one of our products. And if you think about our AI team and you said you spoke to DJ, we bought his company and they actually are driving all of our AI efforts right now. And that company is actually getting funded quite aggressively so that we can hire more and more people. We need PhDs and researchers and developers and all different kinds of people in AI. And we will continue to keep making sure that the clock speed of innovation over there is very, very high. So I'm glad you mentioned that because looking forward, where do you see things going? Because I think a big concern for people who are moving into this industry or interested in this industry or perhaps younger is it's pointless. AI is going to take my job away. There's no future in this. Or can you address that? And also like, where do you see things going? Just to give people a roadmap and like sort of a vision. Yeah, I think in my mind, I think human judgment is going to be pretty important for the foreseeable future. And now that I am completely wide-eyed about the fact that there's some upside in AI, but there's also going to be a significant downside to humanity. And I think we can go into the areas of regulatory kind of aspects that need to be. And we should talk about that a little bit. But when you start thinking about specifically, you know, new talent coming in, the addressable market for security is 8 billion people, right? Every human on the planet is going to be connected and every human on the planet needs to be secured. Yeah, we need more people from diverse backgrounds to come into this industry. This industry is very homogeneous on multiple dimensions, largely male dominated, largely a technical audience, very jargon fill. They actually, the industry has made it very intimidating for someone that doesn't know security to say, what do I do with security? Exactly. I think we have to make sure that we remove that friction. And that requires, if you're going to build products for 8 billion people, you better have the group that's building products be representative of the population makeup of the 8 billion people that you're building products for. By definition, if you don't have half the people that are women, you're probably not going to be as effective for the people that you're building them for. We need more people who are women in this industry. We need more people with liberal arts backgrounds. I would love to have more people with a design background. I would love to have more people with backgrounds that come from the consumer tech industry. Like I, you know, one of the things that I've always asked my teams is hire people sometimes from Spotify because they know how hundreds of millions of people can actually turn on us all with a couple of clicks. I read a blog, I think you wrote about like the interface is important or you said something about like the interface is so important. It's like historically me going back to Cisco many years. Cisco weren't well known for that. One of my commitments I've made to Chuck is, hey, when you think about Cisco and you see it, you know, fast forward five years, 10 years, what I'd like to leave this company in the hands of the next generation is going to be running it is to be one of the most designed forward companies only second to Apple. That's correct. In fact, I admire Apple so much for what they've done with all of their products. And the great part is we have a great partnership with them. They happen to be, you know, they were here at the event and we had a fireside chat with them and we've actually just built a product on the collaboration side of the house with Vision Pro. And I would love to have that same kind of obsession on finesse that's instituted in enterprise products as it was in consumer products. And you're starting to see that now. And so all the new products that we have coming out, they're beautiful to use and they're not overly complex. And we'll make them we'll keep chipping away them and make them simpler and simpler and simpler as time goes on. Like, you know, if you think about passwordless, you think about, you know, all of the things that we're doing with SSE, we try to make the demos for the end user the most boring demos. Yeah. Because that means that you don't have to do much. It's just invisible. And behind the scenes, it just works. I think the concern with AIs, do I need a PhD? A lot of guys in the beginning needed PhDs and like all this kind of knowledge. But do you see like the teams that you're hiring? Are you hiring all kinds of different types of people at different levels? Not just PhD people for AI? Yeah. I mean, look, I think there's a tremendous role that AI researchers and PhDs play, but that's not the only role. Yeah. Right. And anything that's a transformative platform, which I think AI is probably the most wide transformation we will have seen in our lifetimes. You know, it's the most consequential one. You're going to need people from all walks of life. And you're going to need people that deeply understand the tech. You need people who deeply understand the limitations of the tech. You need people who deeply understand the human dynamic. And many, many other kinds of vocations that you're going to need. So I personally feel like the kind of people we're going to need, we just have to make sure that the kind of people we attract to these fields keep a level of diversity to effectively address development of products for the target market. You introduced yourself as Jeetu, but how do I know that you actually are Jeetu? You know, the identity is one of the biggest attack vectors that's actually emerging right now. And it's already emerged, frankly. Yeah. And so many people say identity is a new perimeter. Many people say it's one of the largest attack vectors. And what you've seen as a challenge with identity so far, firstly, anyone who goes out and tries to tackle the identity problem tries to go out and provide you with another an IDP. Yeah. An identity provider. They become an identity provider. Our goal is I don't think the world needs yet another active directory. I don't think the world needs yet another LDAP. We don't need another identity provider. We've got plenty of them. We need to make sure that we have a thin analytics layer that sits on top of the IDPs that can take the data for users, for machines, for applications, and then correlate that data together. Right. And so we launched this identity intelligence layer, which I think is fundamentally going to change how every application and every platform can get hydrated with identity intelligence so that we then are able to take that data and not just apply enforcements for identity at the point of authentication, but do it on a continuous basis based on behavior and context. So David logged in. Yeah. But he's doing something funny with customer database. That's not what David typically does. Maybe I need to quarantine that. Yeah. Maybe I have a honeypot that I create so that I can let it keep going for a while to see what's happening without actually killing the session so that I see if I can actually catch someone doing something wrong. But those are the kind of things that we have to actually create. One is you have to have a better mechanism for detecting post authentication, how anomalies are occurring, and then based on that, have a graduated set of responses against that potential threat and also apply hygiene measures so that you can say, well, these are three devices, like I said earlier, that have never been used before. Let's decommission them. I was doing a POC on Zendesk and I was actually connecting that to my Salesforce account. But then we decided we are not going to do anything with the POC. And then I still have that account connected to my Salesforce account. That doesn't seem like the right thing to do. I need to make sure that I killed that connection. And so what are those kinds of things that we need to have really come up and surface up? That's what we're trying to do. Is it fair to say that the future of cybersecurity is AI? The future of cybersecurity is going to be powered by AI and anyone that thinks otherwise is not going to have an effective platform for security. Jeetu, I really want to thank you for sharing. I know you got to go. Thanks so much. Appreciate it.
Info
Channel: David Bombal
Views: 136,047
Rating: undefined out of 5
Keywords: ai, cybersecurity, cyber, infosec, information security, artificial intelligence, cyber security, hack, hacker, hacking, kali linux, wifi, chatgpt, firewall, dali, machine learning, encryption, careers in cybersecurity, ransomware, offensive security, pentester, pentesting, ssl, ca, ethical hacker, penetration testing, penetration tester, cisco, cisco live, chatgpt hype, chatgpt truth, ai cisco, cisco ai, ai networking, network engineers, networking jobs, ai jobs, chatgpt cisco, python, android
Id: S3QNDSax2IA
Channel Id: undefined
Length: 26min 42sec (1602 seconds)
Published: Fri Feb 09 2024
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.