Cisco Hypershield For AI Data Center, Cloud Security ‘The Most Consequential’ Announcement In Cisco’s 40-Year History: Execs
‘With this innovation … we have actually been able to deliver something that’s unlike anything we’ve done in the last 40 years at Cisco. And I will say that we’re just getting started,’ says Jeetu Patel, Cisco’s EVP and general manager of security and collaboration on Cisco Hypershield.
Cisco Hypershield, a brand-new approach to security architecture, centers on securing data centers and clouds to protect AI workloads. Introduced on Thursday, Hypershield, which is entirely software-based, protects applications, devices, and data across public and private data centers, clouds, and physical locations.
“With this innovation … we have actually been able to deliver something that’s unlike anything we’ve done in the last 40 years at Cisco. And I will say that we’re just getting started. This is going to get so much better and it’s going to get better really, really fast,” Jeetu Patel, Cisco’s executive vice president and general manager of security and collaboration, told analysts and reporters ahead of the Hypershield launch.
[Related: Cisco CEO Chuck Robbins: Moving Fast To Win The AI Battle]
San Jose, Calif.-based Cisco created the technology in response to the increasing demands that AI has put on IT infrastructure, but it’s not just a new security product or the next version of something that already exists, Tom Gillis, senior vice president and general manager of Cisco’s Security Business Group, told CRN.
“I’ll be honest. This is the reason I came to Cisco. I think the world needs a next-generation, distributed system. And it needs to be built in a way that is cloud-native from the get-go,” he said.
Cisco Hypershield will let partners and end customers do security without touching or modifying the heart of the operating system and it works in every public cloud environment, Gillis said.
“Why we think this is the most consequential is we’re taking what used to be a firewall, an appliance, and we’re like melting into the network. It’s not a separate thing that you add on. It’s like magic. It writes its own rules, it tests its own rules, it qualifies its own rules, deploys its own rules, and then overnight it upgrades itself. These are very manual, cumbersome tasks that are very easy to make mistakes on and now we’ve automated all that. It’s better security, much easier to deploy and at a much lower cost,” he said.
Infusing Security Into The Network
The new technology will solve popular customer problems by offering distributed exploit protection, autonomous segmentation, and self-qualifying upgrades, which will save time for partners and customers alike. Testing updates, for example, can be done in a digital twin so that changes can be made with virtually no downtime and eliminate errors, Patel said.
“It’s truly game-changing. You’ll never have to upgrade your infrastructure again,” he said.
Security enforcement with Hypershield happens at three different layers: in software, in virtual machines, and in network and compute servers and appliances, Cisco explained. Hypershield works by placing security enforcement wherever its needs to be, covering application service in the data center, Kubernetes clusters in the public cloud and across every container and virtual machine The new technology blocks application exploits in minutes, a once arduous process that could take an IT professional months, according to Patel.
Hypershield is built on open source eBPF, what Patel referred to as the “core building blocks” for connecting and protecting cloud-native workloads in hyperscale cloud environments. Cisco last week closed its acquisition of Isovalent, a major provider and co-creator of eBPF for enterprises, earlier this month. Cisco also is now the owner of Splunk, the largest contributor of OpenTelemetry, the second of the three major open-source projects.
“You can’t have great security without great visibility. And you need to have visibility in the guts of the operating system, on everything that’s going in and out of the operating system and on every process that’s being instantiated,” Patel said.
Cisco is embedding advanced security controls into servers and the network fabric itself. Hypershield also uses hardware acceleration like Data Processing Units (DPUs), the second building block of the offering, Patel said.
“Think about this as having multiple enforcement points for security every single place that you are, so wherever the workload is that needs to be protected, we can bring security to that,” Patel said.
The third building block is AI natively baked in, Patel said.
The innovative and “radical” nature of the offering will require Cisco partners to help customers understand the benefits, Gillis said.
“Customers are going to be scratching their heads [and saying] ‘Wait a minute, what is the AI data center? How is this going to work in an enterprise data center?’ How do these things work?’ This is a very partner-centric offering and it’s going to give [customers] a very compelling reason to refresh infrastructure,” he said. “The system is also going to be highly automated and autonomous, so it’s going to remove a thorn in the side for partners.”
Partners are often brought in by customers to help them figure out application segmentation, securing the data center, and what that posture should look like. The problem is, partners haven’t historically been given many tools to help them be successful in that regard, said Lee Waskevich, vice president, strategy, security and networking for solution provider giant and Cisco partner ePlus.
“[Cisco Hypershield] will solve the ever-elusive microsegmentation story that we’ve been chasing now for probably the better part of a decade and approaches it in an entirely new way … this flips the script around that and offers a creative approach to solving that challenge,” he said.
The technology will give partners like Herndon, Va.-based ePlus a fresh approach to this kind of problem-solving to take to their customers, Waskevich said.
“Right now, we see a lot more customers trying to reduce the number of data centers that they have, and they’re looking at how to move applications into either colocation or into the cloud. This distributed firewall approach really helps to simplify that as they make those moves and also helps them to rapidly accelerate any kind of zero trust initiatives they have,” he said.
Cisco Hypershield will be built into Cisco Security Cloud, the tech giant’s overarching security platform. Specifically, the technology will become part of the Cloud Protection Suite, one of three suites Cisco is offering as part of Cisco Security Cloud.
Cisco Hypershield will be generally available starting in July, Cisco’s 2024 fiscal year-end or in August.