Cisco Security Cloud Gets Generative AI Booster; Identity Intelligence Launched

‘We are entering, in a big way, into identity because we think of that as one of the big attack surfaces of the future … If you think about meaningful breaches that have happened in recent days, [they] tend to be things that have happened because of compromise of identity,’ Cisco's EVP and GM of Security and Collaboration Jeetu Patel tells CRN ahead of Cisco Live EMEA.

Cisco Systems is upping the profile of its security strategy once again with the addition Cisco Identity Intelligence, among other updates to its Security Cloud platform, the company revealed at Cisco Live EMEA in Amsterdam on Tuesday.

The well-known networking giant in recent years has been building up its security prowess in the hopes of becoming as popular in the security space as it is in the networking arena. The momentum continues with the introduction of Cisco Identity Intelligence, a new approach that links identity, networking and security together to better protect businesses, according to Jeetu Patel, executive vice president and general manager of security and collaboration for Cisco.

"We are entering, in a big way, into identity because we think of that as one of the big attack surfaces of the future … In fact, many say identity is the new perimeter," Patel told CRN. "If you think about meaningful breaches that have happened in recent days, [they] tend to be things that have happened because of compromise of identity."

Cisco said that more than 29 percent of all Cisco Talos -- the company's cybersecurity intelligence arm -- Incident Response engagements in 2023 included bad actors using compromised credentials on valid accounts.

That's because end users and employees often have many digital identities and accounts, which means more entry points for adversaries to choose from and there’s a lack of visibility into identities across the entire IT landscape, said Patel (pictured above).

Then, there's the issue of human error, which includes legacy permissions or former employees not being removed. Security teams are sometimes missing context about historical identity behavior, actions across systems and current risk levels that are needed to make trusted access decisions, he said.

Cisco Identity Intelligence works by running on top of customers’ existing identity stores. The feature lets IT administrators discover their whole identity population, clean up vulnerable accounts, eliminate unused and risky privileges, detect behavior anomalies and block high-risk access attempts. This can all be done without replacing any of their current cybersecurity tools, he said.

Patel called Cisco Identity Intelligence "very different" than what other identity providers (IdPs) are offering. The AI-based offering pulls data from existing identity providers into what Cisco is referring to as an identity graph. The graph can then correlate data and analyze behavior and serve up any unusual activity and information to administrators.

"We want to play a very big role in identity but are not going to be an IdP. We're going to sit as an intelligence layer on top of all identity providers so that we can preserve the investment that companies have made in the identity providers and take that telemetry of identity and then feed it into a lot of different products so that the products are much more identity-aware," Patel said.

Cisco Identity Intelligence will give customers and partners more visibility through their existing solutions, such as smart authentication with Cisco Duo to find unusual patterns based on behavior, smart access with Cisco Secure Access to verify the authentication decision and block unusual or high-risk behaviors, and smart threat detection with Cisco XDR to correlate identity signals to provide missing information that traditional endpoint and network security tools could miss, the company said.

Cisco Identity Intelligence will be available within Cisco’s fiscal 2024 year, which ends in July.

Cisco Security Cloud AI Additions

Cisco in addition to Identity Intelligence also unveiled a series of AI-powered updates to the Cisco Security Cloud platform.

The new AI Assistant in Secure Access feature lets users create security access policies using generative AI prompts and natural language within Cisco’s Secure Services Edge (SSE) offering, Patel said.

The new Securing AI feature in Secure Access will automatically detect and protect intellectual property as it flows in and out of AI systems. The capability allows for the safe use of tools like ChatGBT, Patel said.

Lastly, Cisco Email Threat Defense for AI-based email threat detection now uses AI to evaluate emails for malicious intent, he said.

The three new updates are available now within Cisco's SSE offering, Patel said.

The latest feature additions mark significant momentum for the Security Cloud, he added.

"AI is going to be pervasive across the entire Security Cloud … to help customers make very informed decisions and augment their tool capabilities and automate really complex tasks," he said.