Network security key to AI security: Cisco

Peter Bailey, SVP and GM of Cisco’s Security business and Juan Huat Koo, Director, Cybersecurity, Cisco ASEAN, explain why organizations need to prioritize network security, especially with the increased use of AI agents.

According to Peter Bailey, SVP and GM of Cisco’s Security business, security operations are evolving because of AI reasoning models that are capable of automating different roles in cybersecurity. In an interview with CRN Asia, Bailey explained that everything from threat intelligence to creating rules for threat detection, from the alert triage to creating playbooks and execution, can be done with AI over time.

“We're now on a path for getting to semi-autonomous in AI in cybersecurity and this will create efficiencies in the SOC. And the reason why that's important is that AI attacks, as they start being used such as agentic solutions by threat actors, the prevalence and speed at which we have to respond is just going to go through the roof. So, it's important that we have high automation and efficiency to counter that,” said Bailey.

For Bailey, while humans in the loop is still key to AI in cybersecurity, the situation would eventually come to a point where everything becomes automated.

“Think about autonomous cars and driving. At some point, we'll take our hands off the wheel, right? That's going to be built through trust and certainly the customer will make that decision when it comes to cybersecurity,” explained Bailey.

Looking at AI and cybersecurity in Southeast Asia, Juan Huat Koo, Director, Cybersecurity, Cisco ASEAN pointed out that Cisco is seeing the adoption from three different perspectives. The first perspective is how to actually use security for AI. The second perspective is AI for security while the third one is using AI to combat AI security risks.

“We see a lot of customers now trying to make use of AI that's built within the security platform to help them manage and to detect threats better. This is something that I think all vendors are starting to build AI into their capability. And even in that perspective, it can come from three different angles,” said Koo.

Cisco in ASEAN

According to Koo, Cisco is also doing this for customers in the region. First, Cisco is assisting customers to improve their security posture by managing their policies and such.

“We have seen things like firewalls having a lot of policies, but whoever removes policies from the firewalls, right? Instead, they just keep adding, and it makes it very cumbersome, which affects performance. A more important aspect is that if you don't remove some of the outdated rules, it's also an attack surface. So, the first form of AI in cybersecurity is to help manage some of this housekeeping and so on,” he said.

The next aspect is augmentation. Koo shared an example whereby if a customer’s traffic is 100% encrypted, how are they going to tell what is good and what is bad? This is where Cisco has innovations that can look at encrypted traffic, without decryption, and can tell with high confidence whether this particular traffic connection is good or bad and to take action on it.

For automation, Koo explained that while it comes in easily, there are many different ways to use it. For example, if there is an endpoint that's doing a lot of exfiltration, what can a company do to automatically block that particular endpoint from doing things on the network?

“We can quarantine it, block it so that it doesn't communicate on the network. So, assist, augment, and automate. So that's from a platform perspective. Now we are also seeing customers starting to use GenAI for work. How do you tell whether what information is being transmitted is against corporate policy or things like that? So, we've got to be able to also help the customers detect what are some of the Gen AI models or applications they're using inside the environment and to apply some guardrails on it,” he explained.

At the same time, there is also a need to protect LLMs. As a lot of organizations are already starting to do pilot AI applications inside their environment, Koo pointed out that the key question is, do IT and security teams know what they're doing inside there?

“There might be shadow AI inside the environment, right? And if you don't know, you can't protect it. So, what we're trying to do with customers is to help them establish visibility. What LLM models are inside their organizations? Are the LLMs safe? Security for LLM is no longer about traditional security. It's also about the safety aspects of it, and we're doing a lot of work in that area. So, you discover, you validate, and then you protect yourself using guardrails. So, these are the three categories of AI and security that's intertwined, that we're trying to help our customers navigate,” said Koo.

Cisco AI Defense

This is where both Bailey and Koo believe Cisco AI Defense fits perfectly in. For Bailey, the reason why Cisco brought AI Defense to market is to kind of solve the first big problem, which is protecting the model themselves.

“As organizations are trying to adopt AI internally, use it for their internal use cases, it's sort of the first thing they run into. How do they protect the model? How do they create guardrails around the model? How do they avoid accessing certain data or producing certain answers? And so that by far is the thing we're talking to customers most about, because that is kind of the first problem, they run into in trying to adopt AI,” explained Bailey.

Bailey added that when organizations think about using AI, both internally and externally, they have to start thinking about what other kind of network security guardrails to put around that.

“In the context of AI, if you look at agentic examples, where agentic AI is going to be trying to come into a network to access an application or transaction or such. This is where we start seeing identity really plays an important role. So, we have human identities, we have non-human identities, now we have agentic identities, right? And so we view identity kind of more expansively as something that has to be a continuous authorization, access, look at the intent, watch the behavior, potentially revoke access. So, it becomes a continuous experience across the network,” said Bailey.

As such, he believes this is the next big step when it comes to cybersecurity when using AI, as in where everything has to happen on the network.

Koo added that agentic AI to agentic AI communications, it's beyond just security, but also about making sure that from a connectivity perspective and other key fundamental pillars, it is all going in the right direction.

“Common agreement across different capabilities is very important. So that's where Cisco is doing a lot of work inside there, trying to get all this aligned from a whole industry perspective. And obviously, the security identity of our agents is one of the key aspects that we are driving as well,” said Koo.

All about the network

Bailey pointed out that some CISOs actually pull back from AI deployments because they're worried about network security. He added that Cisco helps them provide a secure framework that they can then manage and make sure they're managing risk.

“So that's exactly the kind of thing we're doing with AI Defense. One of the things that I think is our advantage is that because we own the network, we have the visibility of everything. Everything comes across the network, right? I think the challenge with AI-based identities, agentic identities, is one of scale. Because we're not talking about tens or hundreds, we're talking potentially about thousands or tens of thousands of agents that are being used both internally as well as externally wanting access. And so, scale becomes incredibly important,” added Bailey.

As such, both Bailey and Koo believe the next challenge for organizations in AI network security will be to scale to meet the number of interactions and govern those interactions in a way with the rules and guardrails that are put in place.

“And again, I think we're good at scale, so that's something that I think we have an advantage,” concluded Bailey.