思科在 RSA 大会上推出基于 Hypershield 和 Splunk 的安全云解决方案

RSA 大会本周开幕,所有的安全目光都聚焦旧金山。思科系统公司(Cisco Systems Inc.)在会上率先推出旗下安全云中的一系列新的产品。产品的功能旨在支持和保护人工智能,帮助企业保护其应用程序、设备、用户和数据。

Photo: Cisc

All security eyes are on San Francisco this week as the RSA Conference kicks off. One vendor with some early news is Cisco Systems Inc., which unveiled a salvo of new offerings in its Cisco Security Cloud. Designed to support and safeguard artificial intelligence, the features aim to help companies protect their applications, devices, users and da

In a briefing ahead of the announcement, Tom Gillis, senior vice president and general manager of Cisco Security, discussed the changes that AI has brought on. “The changes that are afoot in the industry, powered by AI, really cannot be understated,” he said. “So the way we think about AI is that we have security to protect AI-scale data centers. So, as you look at the amount of computing going into the data center — the density of that compute — we think there’s an opportunity to rethink how we deliver security. And it’s much more like the hyperscalers do.

RSA 大会本周开幕,所有的安全目光都聚焦旧金山。思科系统公司(Cisco Systems Inc.)在会上率先推出旗下安全云中的一系列新的产品。产品的功能旨在支持和保护人工智能,帮助企业保护其应用程序、设备、用户和数据。

思科安全高级副总裁兼总经理 Tom Gillis 在发布会前的一次简报中讨论了人工智能带来的变化。他表示,“在人工智能的推动下,行业正在发生的变化确实不容低估。我们对人工智能的看法是,我们的安全措施可以保护人工智能规模的数据中心。因此,当你看到计算量进入计算的最终去处数据中心时,我们认为重新思考如何提供安全的机会来了。这更像是超大规模的做法。”

He added that the company is also thinking about how users connect to apps running in the data center—from anywhere, on any device, at any time. “AI is making this process much more sophisticated, much more intelligent — and that’s manifested in our breach and user protection suite,” he said. “Lastly, the ability to do anomaly detection, to see new classes of data than we have been able to see before to start driving responses closer and closer to real-time — this is getting a huge step forward with our AI capability, and that’s implemented in our breach protection suite.”


Here are the details of what Cisco announced:


### The SOC of the future

未来的 SOC

Cisco is leaning on Splunk to help with threat prevention, detection, investigation, and response. Elements of the SOC of the future include:

思科正在借助 Splunk 帮助进行威胁预防、检测、调查和响应。未来 SOC (安全运营中心)的要素包括:

* The integration of Cisco’s XDR system with Splunk Enterprise Security will enable alerts and detections from Cisco XDR into Splunk ES. The combination lets enterprises pick elements from the two to bolster their defenses.

  • 思科的 XDR 系统与 Splunk 企业安全(Enterprise Security)的整合将使思科 XDR 的警报和检测能够进入 Splunk ES。这种结合使企业能够从两者中选择一些元素加强防御。

* Continuous asset discovery and compliance monitoring with Splunk Asset and Risk Intelligence so security teams gain visibility (something teams are sorely lacking), which is essential for effective protection.

  • 利用 Splunk 资产和风险智能(Asset and Risk Intelligence)进行持续的资产发现和合规性监控,安全团队可以获得可视性(这是安全团队非常缺乏的东西),这对于有效保护至关重要。

* Enabling security analysts to respond to evolving threats by providing contextual insights, guided responses, recommended actions, and automated workflows with Cisco’s AI Assistant for Security. The AI Assistant lets analysts make decisions regardless of skill level by providing contextual insights, responses, and action recommendations.

  • 通过思科安全人工智能助理(AI Assistant for Security)提供上下文洞察、响应指导、行动建议和自动工作流,安全分析师借此能够应对不断变化的威胁。人工智能助理通过提供上下文洞察、响应和行动建议,分析师因此无论技能水平高低都可以做出决策。

* New capabilities in Cisco’s Cloud Detection and Response that will detect and alert security teams to emerging threats within cloud applications. With AI and machine learning included in Cisco’s Panoptica CNAPP, teams will also get prescriptive guidance.

  • 思科云检测和响应(Cloud Detection and Response)的新功能可以检测云应用中新出现的威胁,并可以提醒安全团队。各团队借助包含在思科 Panoptica CNAPP 中的人工智能和机器学习还可以获得规范性指导。

### Hypershield AI-scale data center

Hypershield 人工智能规模数据中心

After introducing Hypershield last month, Cisco is rolling out new features to identify and prevent attacks originating from unidentified vulnerabilities within real-time workload environments. Plus, Cisco can isolate potential malicious workloads to minimize the impact of vulnerabilities.

思科继上个月推出 Hypershield 之后又推出了一些新功能,用于识别和防止来自实时工作负载环境中未识别漏洞的攻击。此外,思科还可以隔离潜在的恶意工作负载,最大限度地减少漏洞的影响。

Cisco Hypershield secures data centers and cloud environments while addressing the growing challenges to information technology infrastructure posed by AI.

思科 Hypershield 可确保数据中心和云环境的安全,同时应对人工智能给信息技术基础设施带来的日益严峻的挑战。

### Protecting users


Cisco’s Identify Intelligence aims to stop identity attacks in a simpler user experience.

思科身份智能(Identify Intelligence)旨在通过更简单的用户体验阻止身份攻击。

Duo Passport aims to minimize authentication issues with streamlined access for employees, while ensuring high security levels. Cisco Identity Intelligence in Duo is designed to bolster workforce identity security with AI analytics.

Duo Passport 的目标是简化员工访问权限,同时确保高安全级别,最大程度地减少身份验证问题。Duo 中的思科身份智能旨在通过人工智能分析加强员工的身份安全。

### Cisco is moving fast in security


Cisco is a company searching for accelerated growth, and there is no bigger needle-moving opportunity than security. It is a massive, highly fragmented market that has never had a “de facto standard,” with no vendor holding more than low teens market share.


For Cisco, it doesn’t need to be the top dog. However, if you talk to Executive Vice President Jeetu Patel, that’s certainly where the company is aiming, but capitalizing on its massive network and now Splunk’s installed base could easily double or even triple security revenue.

对于思科来说,公司并不需要成为市场的领头羊。不过如果和执行副总裁 Jeetu Patel 聊一聊就可以肯定这个正是思科的目标,思科可以利用旗下庞大的网络和现在 Splunk 的安装基础,安全收入很容易翻一番甚至翻两番。

Timing is on Cisco’s side as the security industry is changing. My research shows that 73% of enterprise-class companies are looking to consolidate the number of security vendors they have as the 30, 40 and even 50-plus vendors is now untenable. In fact, the chief information security officer of one of the three-letter U.S. government agencies told me it currently has more than 200 security vendors and rationalizing down to under 10 is his goal.

时机对思科有利,因为安全行业正在发生变化。笔者的研究表明,73% 的企业级公司正在寻求减少所用到的安全厂商的数量,因为目前的 30、40 甚至 50 多家安全厂商已经不可持续。事实上,美国某个三字母政府机构的首席信息安全官告诉笔者,该机构目前用到的安全供应商有 200 多家,他的目标是将供应商数量合理减少到 10 家以下。

This tips the scales to the security platform vendors, of which Cisco is one of a handful. The other “big shift” is the move to AI-enabled security. As Patel has stated in the past, “If you want to be a world-class security company, you need to be a world-class data company.” When cyber, network and Splunk data are combined, Cisco arguably has more security-relevant data than any other company.

这就使得安全平台供应商处于了一个优势地位,思科是为数不多的其中之一。另一个“重大转变”是人工智能启动的安全。正如 Patel  过去说过的,“如果你想成为世界一流的安全公司,你就需要成为一家世界一流的数据公司。”当数据安全、网络和 Splunk 数据结合在一起时,思科可以说比其他任何公司都拥有更多的与安全相关的数据。

One aspect of these announcements I liked is how fast Cisco announced integration with Splunk. While I believe Splunk benefits almost every business unit within Cisco, the biggest bang for the buck is with security because, as I outlined above, the opportunity is so big and relatively untapped.

笔者很高兴地看到思科这么快就宣布整合 Splunk。虽然我相信 Splunk 几乎能使思科的每个业务部门受益,但最大的收益还是在安全业务方面,因为正如我在上文所概述的,机会巨大,而且相对来说仍未被充分利用。

That said, the vision of the security platform isn’t unique; Palo Alto Networks Inc., Fortinet Inc., CrowdStrike Holdings Inc., Zscaler Inc. and others have oriented their go-to-market around consolidation and convergence of security. Cisco arguably has a data advantage over the field because of Splunk and the network, but it needs to move fast to capitalize on the opportunity.

话虽如此,但安全平台的愿景也并不是唯一的。Palo Alto Networks 公司、Fortinet 公司、CrowdStrike 控股公司、Zscaler 公司和其他公司都在以安全的整合和融合为市场导向。可以说,思科靠 Splunk 和网络在数据方面比其他公司更有优势,但也需要快速行动抓住机遇。