Last month, and now just a few weeks away from Cisco Live, Cisco have announced they are bringing a new “AI Assistant for Security” to market this year. This is an artificial intelligence tool that combines generative AI technologies with an “unparalleled scope of data” , giving IT/SecOps teams the ability to generate more secure, AI-driven insights that span devices, applications, security, networks, and the internet .
“AI Assistant for Security will help provide better protection to our customers by simplifying management for both seasoned administrators and novice users. Our aim is to inject generative AI and unify telemetry across all Cisco Security solutions to create a more effective experience and safeguard our customers”
Brian Feeney | VP Global security partner sales | Cisco
Cisco AI Assistant for Security marks a major step in making artificial intelligence pervasive in the Cisco Security Cloud. Starting with the Cisco Secure Firewall Management Center, Cybersecurity professionals will be able to leverages Cisco AI Assistant for streamlining and automating firewall management both on premises and in the cloud.
Firewalls first – more later
Cisco have said that they will launch the AI Assistant for firewall as soon as Spring 2024, with this representing a great opportunity for their partners and customers to start leverage the advantages of AI.
Cisco say this will be included and integrated into their cloud-delivered Firewall Management Center with no additional charge. Longer term, Cisco said they plan to extend it to their other firewall management tools later.
Why? Well, according to Gartner, Configuration complexity and inconsistent rules are among the highest cause of security risks and breaches when it comes to configuring networks and firewalls with misconfiguration being the cause of nintey nine percent (99%) of all firewall breaches.
The AI Assistant for Security is built on “Ciscos foundation of security, data protection, and privacy, guided by Cisco’s responsible AI principles and framework”. Their AI assistant is trained on Cisco’s huge security-focused datasets, (Talos) which analyses more than 550 billion security events daily and helps IT and SecOps teams in making informed decisions, enhancing their tooling and reporting capabilities, and automating intricate tasks.
“Cisco is harnessing AI to reframe how organisations think about cybersecurity outcomes and tip the scales in favor of defenders. Cisco combines AI with its breadth of telemetry across the network, private and public cloud infrastructure, applications, internet, email, and endpoints. “
Jeetu Patel | VP security and collaboration | Cisco
Cisco say that their Cisco AI Assistant for Security is a major step forward in making artificial intelligence relevant and pervasive in the Cisco Security Cloud – their unified, AI-driven, cross-domain security platform. Cisco Secure Firewall Management Center will be the first platform to leverage the AI Assistant for Security to simplify firewall management.
This should make it much easier to manage and maintaining firewall rules and policies, by enabling administrators to “talk to and administer” the platform to with natural language to find policies, understand rules, spot anonomises and even get suggestions for new rules.
How AI Assistant for Security is different to Microsoft Security Copilot?
Scope
Cisco AI Assistant for Security and Microsoft Security Copilot are both artificial intelligence tools that are designed to help IT and SecOps teams work do efficiently, smarter and safer users work faster, but the platforms and services are different in several ways when comparing to Microsoft Security Copilot.
Cisco’s AI assistant is designed to work across (initially) their firewall services (with other services that make up the Cisco Secure Cloud portfolio coming later), Microsoft Security Copilot is designed to assist cybersecurity professionals in investigating critical incidents across their entire security portfolio including Microsoft 365, their XDR platform, Azure and Sentinel. Microsoft Security Copilot doesn’t work across physical security devices like firewalls so the two services are potentially good complementing services.
Microsoft has combined the power of OpenAI’s large language model with Microsoft’s own threat analysis footprints which is informed by more than 100 different data sources across Microsoft 365,Azure and hundreds of this party data analysis companies. It uses the combined intelligence of more than 65 trillion threat signals every day to provide company and sector specific insights, alerts and guidance.
Use Cases
Currently AI Assistant for Security is designed to help organisations better configure their security services (starting with firewalls), detect inconsistencies (for example across different sites, service or offices). This will expand over time however and we expect more to be annouced in Feb 2024 at Cisco Live in Amsterdam.
Use cases for Microsoft Security Copilot include for example the ability to allow admins to use prompting language prompting to ask Copilot to acreste an exec level report on an incident response for a particular ongoing investigation. Copilot will pull data across multiple sources based on the set of interrelated and connected tools and services. Another change of prompt for example could the see Copilot provide more information, change how it displays or summarises the report, or even create lessons learned documents or suggest changes in process.
Cost
According to Cisco, the AI assistant for Security will be generally available for firewall customers in the spring of 2024 at no additional cost via the cloud-delivered Firewall Management Center (FMC) and expanding to other management tools in the future.
Microsoft Security Copilot, however, which is currently in paid public preview is expected to cost >$100k when it’s officially availabily later this year.
A better together story?
As you can see the Cisco and Microsoft’s offering in this space is quite different. While Cisco see their AI Assistant for Security as a way of differentiating their brand in the cyber security space and to leap ahead of the competition in this traditional secoery space (think Palo, HPE, Dell, Checkpoint etc), Microsoft Security Copilot is more geared towards collating security signals from the organisations configuration, reports and signals from Microsoft’s own threat intelligence of 65 Trillion signals, the organisations configuration and third party connected signals to provide almost an AI powered cyber security team.
I very much see this as a “use both” better together theme.
Closing Thoughts
According to Gartner, Configuration complexity and inconsistent rules are among the highest cause of security risks and breaches when it comes to configuring networks and firewalls with misconfiguration being the cause of nintey nine percent (99%) of all firewall breaches.
As such, launching this with a “firewall first” approach is a sensible move by Cisco to add more value to their offering through the use of embedding generative AI into their core security product base without adding a surcharge or making it “Premium”. It should help to further position Cisco as a Leader in the security space against the fierce completion. I look forward to this being available and for Cisco to increase it’s reach over time to the rest of their portfolio.
Read more
You can learn more about Microsoft Security Copilot at and Cisco’s AI assistant below.
Cisco Announcement and Blog: Help Firewall Admins With Cisco AI Assistant for Security
Cisco AI Assistant: Cisco AI Assistant – Cisco
Microsoft Security Copilot: https://www.microsoft.com/en-us/security/business/ai-machine-learning/microsoft-security-copilot