思科系统公司本周在澳大利亚墨尔本举办亚太、日本和中国版的思科现场(Cisco Live APJC)大会。大会的亮点是思科的安全新闻:思科为旗下的网络产品组合注入了人工智能技术。

Historically, Cisco and security have had somewhat of an on-again, off-again relationship – like Cardi B and Offset. Sometimes, you think they have it figured out, and then they don’t. This all changed about 18 months ago when the company announced its extended detection and response or XDR strategy and followed that up with its Security Cloud portfolio, which greatly simplifies the deployment of security technology compared with the mishmash that most companies have.

从历史上看,思科与安全的关系时阴时晴时好时坏。有时候,你以为二者肯定好上了,但后来又分手收场。这一切大约在 18 个月前发生了改变,当时思科宣布扩展检测和响应(XDR)战略,随后又推出了安全云产品组合。该产品组合与大多数公司的混乱组合相比大大简化了安全技术的部署。

My research shows that enterprise-class companies have, on average, 32 security vendors. This is the average, and I’ve seen some companies with many more than this. I did some work with one of the government agencies, which had more than 200 vendors. One of the engineers there confessed there is so much paranoia around security that they deploy almost every point product from every startup to be more secure. The problem is, with security, more isn’t better, as keeping policies up to date is impossible across dozens of vendors.

笔者的研究表明,企业级公司平均拥有 32 家安全供应商。这只是平均值,笔者见过一些公司拥有多得多的供应商。笔者曾与一家政府机构合作,该机构有 200 多家供应商。那里的一位工程师坦言,一些人对安全问题到了过于疯狂的地步,为了提高安全性,他们几乎部署了所有初创公司的所有产品。问题是,在安全方面,并不是越多越好,因为要同时更新数十家供应商的安全策略是不可能的。

This was the problem Cisco had. Although the company could market as a single vendor, its portfolio was a collection of point products. Duo, Umbrella, Talos and others are all great products, but more products do not provide better-in-class threat protection.

思科也遇到这个问题。虽然思科可以作为单一供应商进行营销,但旗下的产品组合却是一系列的点产品。Duo、Umbrella、Talos 等都是很好的产品,但更多的产品并不能提供更好的最佳的威胁保护。

The new security leadership, which includes Executive Vice President Jeetu Patel, Senior Vice President and General Manager Tom Gillis and Senior Vice President and Chief Product Officer Raj Chopra, have quickly turned the Cisco Security ship around with its three security clouds. Breach, User and Cloud protection are the core of the strategy and the firewall is foundational to the clouds as it provides much of the data used by the clouds.

思科新的安全领导层包括执行副总裁 Jeetu Patel、高级副总裁兼总经理 Tom Gillis 和高级副总裁兼首席产品官 Raj Chopra。他们通过三个安全云迅速扭转了思科安全的局面。入侵、用户和云保护是战略的核心,防火墙是云的基础,因为防火墙提供了云所使用的大量数据。

At Cisco Live APJC, Cisco announced its new **AI Assistant for Security** , making AI pervasive across the Cisco Security Portfolio. This is critical for Cisco customers as attackers have used AI to stay ahead of businesses. “Our job at Cisco, as is the job of all security vendors, is to ensure that the scale tip in favor of defenders, and AI is the key to that,” Ambika Kapur, senior vice president of security marketing at Cisco, said in a prebriefing.

在 Cisco Live APJC 大会上,思科发布了全新的安全人工智能助理,使人工智能在思科安全产品组合中得到广泛应用。这对思科客户来说至关重要,因为攻击者已经在利用人工智能,走在了企业的前面。思科安全营销高级副总裁Ambika Kapur在会前简报中表示,“我们在思科的工作以及所有安全厂商的工作就是确保天平向防御者倾斜,而人工智能是实现这一点的关键。”

On the call, DJ Sampath, vice president of product and AI for Cisco Security, talked about the AI Assistant playing three roles – assist, augment and automate. Sampath talked about each of these.

思科安全产品和人工智能副总裁 DJ Sampath 在简报中谈到人工智能助理的三种功能:辅助、增强和自动化。Sampath 分别谈到了这三种功能。

“Assist changes the user experience where they can interact with Cisco Security using a natural language interface enabling our engineers to manage complex systems,” he explained. “With augment, we are creating the ability to add machine-driven insights to human intelligence to detect attacks faster. The automation capabilities can eliminate the mundane tasks an administrator needs to perform, enabling them to focus on more important tasks.”


It’s worth noting that Cisco designed the AI Assistant not to replace security engineers but, as the name suggests, to assist them, make them smarter, and enable them to operate faster. Modern security is largely data-driven, and there is far too much data for even the most seasoned security professional to understand. Machines can, and the AI Assistant makes the data more accessible.


The AI Assistant for Security is being launched within the Cisco Cloud Firewall Management Center and Cisco Defense Orchestrator to solve the monumental problem of managing and maintaining firewall rules. One might think this is straightforward, but I’m unaware of any company that does this well. Administrators create rules because of specific threats or other purposes. Then, another is created, but no one ever eliminates them or checks their validity out of fear something bad might happen.

思科云防火墙管理中心(Cisco Cloud Firewall Management Center)和思科防御协调器(Cisco Defense Orchestrator)还推出了安全人工智能助理(AI Assistant for Security),可以解决管理和维护防火墙规则这个大问题。大家可能会认为这很简单,但笔者不知道有哪家公司能很好地做到这一点。管理员会根据特定威胁或其他目的创建规则。然后,又创建了另一个规则,但再也不会有人删掉这些规则或检查其有效性,因为担心会发生不好的事情。

Administrators can use the AI Assistant to discover policies, eliminate duplicate rules, get rule recommendations and speed up troubleshooting. During the call, Sampath went through a scenario where data was being exfiltrated, and without the assistant, the administrator would need to tweak a bunch of settings. With the AI Assistant, the administrator can request natural language.

管理员可以使用人工智能助理找到安全策略、消除重复规则、获得规则建议并加快故障排除。Sampath 在简报上讲述了一个数据被外泄的场景,如果没有人工智能助理,管理员就需要调整大量的设置。而有了人工智能助理,管理员就可以使用自然语言发送请求。

Cisco also introduced its **AI-powered Encrypted Visibility Engine** for all its firewalls. It’s well-known that almost all traffic is encrypted today, which makes the firewall blind to the payload. One option is to decrypt the traffic for inspection, which has massive privacy and compliance implications and is also extremely processor-intensive.


Customers can find malware in encrypted traffic with the 7.4.1 Operating System, now available for the entire Cisco Firewall family. The new capability uses AI to sample billions of data points, including sandboxed malware, to understand the slight nuances of infected versus clean traffic. It can also tell which operating system the traffic is coming from and what client application is generating it, all without decrypting it.

客户可以通过 7.4.1 操作系统发现加密流量中的恶意软件,现在整个思科防火墙系列都可以使用7.4.1 操作系统。这项新功能利用人工智能对数十亿个数据点(包括沙盒中的恶意软件)进行采样,以了解受感染流量与干净流量之间的细微差别。新功能还能分辨出流量来自哪个操作系统以及产生流量的客户端应用程序,所有这些都无需解密流量。

Many think security is shifting to an AI-led industry, but that’s only partially right. I expect all the security vendors to have effective AI algorithms, which means data is the key differentiator, and this is where Cisco can flex its muscles. Because of its massive network footprint, Cisco can bring more data to the AI party than anyone.


Patel summed it up accurately: “To be an AI-first company, you must be a data-first company. With our extensive native telemetry, Cisco is uniquely positioned to deliver cybersecurity solutions that allow businesses to confidently operate at machine scale, augmenting what humans can do alone.”

Patel 对此进行了准确的总结,“要成为一家人工智能优先的公司就必须成为一家数据优先的公司。思科凭借我们广泛的原生遥测技术在提供网络安全解决方案方面具有得天独厚的优势,可以让企业自信地进行机器规模运营,增强人类的能力。”

Cybersecurity has been a long, winding road for Cisco, filled with starts and stops. After years of being marketing-led, Cisco security is now being driven by good, quality products that simplify the deployment of security technology. This leads to better threat identification and remediation, which is where Cisco’s focus should be.