Cisco launches Hypershield, a new solution based on Hyperscalers’ software that receives email from anywhere on your IT network and can protect applications even from the latest attacks.

Cisco introduces Hypershield with much fanfare and the necessary superlatives. There is talk of “groundbreaking” and “revolutionary,” and for good reason: Cisco believes it has developed a security architecture that can protect companies from even the latest zero-day attacks, fully automatically, without disrupting IT operations. affecting systems.

Policeman on every street corner

Hypershield is based on technology originally used by hyperscalers. Hypershield consists of a type of agent or small intelligent firewall that can run on servers or in data processing units (DPUs or SmartNICs). These DPUs can in turn be part of servers or future (Cisco) server hardware such as switches.

During deployment, the small Hypershield instances are informed of their role: they learn which applications they need to protect and how these applications behave normally. They then examine the behavior of the applications on the network and look for suspicious behavior.

All Hypershield mini firewalls communicate with Cisco and receive up-to-date information about new threats. When a new zero-day is discovered, instances can immediately block associated traffic. Hypershield is based on the open source eBPF (extended Berkeley packet filter) technology from Isovalent, which Cisco recently acquired. The eBPF technology ensures that the small agents can easily inspect network packets.

In fact, Cisco places a smart agent on every digital street corner who is well informed about what is happening in the neighborhood and is constantly kept up to date from a central control center.

Adapt autonomously

Hypershield is capable of autonomously segmenting networks and continuously adjusting security policies based on correct application usage. The solution uses two parallel routes for network traffic: a production route that is verified to work and an alternative shadow route that takes into account the latest security information. Hypershield tests this shadow route with production traffic and checks whether it works properly compared to the production route. If so, the shadow path becomes the production path and Hypershield repeats the exercise.

Built-in intelligence ensures that Hypershield can make adjustments on its own without disrupting the production environment. In addition, the solution learns from the desired behavior of applications. According to Cisco, organizations can be protected from the latest threats in minutes without the need for an administrator. Of course, when a new relevant threat is discovered, the solution notifies administrators.

Certainly in minutes, not months

Cisco points out that it typically takes an IT team nearly two months to deploy a patch for a new vulnerability, while criminals sometimes start working on it within a few days. Hypershield must ensure that attacks cannot reach an application, even if an important patch has not yet been rolled out.

Hypershield will be largely vendor independent. The solution runs on servers and DPUs from all manufacturers, unless you want to integrate the agents into network hardware. In this case you need Cisco switches with DPUs. These don’t exist yet, but will appear in the near future. With Hypershield, Cisco provides an interesting additional benefit for its own hardware.

Cisco Hypershield works through a cloud portal and has a licensing model based on workloads. The security solution will be available to everyone on August 24th.