An Introduction To Cisco Hypershield

Originally published when Cisco Hypershield was announced, this article summarises the AI-native security direction Cisco was taking across on-premises and cloud environments. It features a distributed architecture with network and workload enforcement points under one management system. The useful question is how security teams test policy changes, segment applications and prioritise vulnerability evidence without adding more manual noise.

As we mentioned, Hypershield is AI-native, that means it has many capabilities that legacy security platforms did not. Below we’ve included some of the most exciting features that Hypershield provides.

One of the features likely to interest IT teams is the Self Upgrading Infrastructure built into Hypershield. Having to regularly upgrade platforms is vital but the pressure it puts on those responsible is great. That’s why the task is often postponed or avoided altogether. This means thousands of organisations across the globe have outdated security infrastructure, which can increase exposure for attackers.

Hypershield's dual dataplane technology allows live production traffic to operate under current rules while sending a copy to a shadow dataplane for testing new upgrades or policy changes without impacting production. The intent is to reduce upgrade pressure and give IT and security teams more evidence before policy changes are enforced.

In hyper-distributed environments, segmentation of applications can become very difficult. The average time to segment a single application exceeds 40 days, and rules often become outdated almost immediately after implementation. This creates significant security gaps, allowing hackers to move laterally through networks and greatly increasing risk.

Hypershield has an Autonomous Segmentation module which uses a variety of methods. It will segment itself and continually adapt to adjust to current realities. It will also use comprehensive data that goes further than network flows by looking at process behaviours and application updates. The longer Hypershield is active for the better it becomes at protecting you. It starts with wide protection parameters and then finely tunes itself to ensure optimal risk prevention.

With the increased access to AI, vulnerabilities are becoming more dangerous, with Cisco Talos discovering hundreds of new ones annually and about 80 new CVEs reported daily. Attackers often use stolen credentials and tools to bypass traditional security measures, logging in instead of hacking in.

Hypershield goes beyond commercial vulnerability scanners by checking if vulnerabilities exist in memory or are already being exploited. It also assesses the value of the attacked asset. The AI assigns a risk score to prioritise the most severe vulnerabilities.

The AI capability within Hypershield evaluates the potential threats it can observe across the environment, prioritising them for appropriate compensating controls while security teams investigate and mitigate.

Interested in Cisco Hypershield?

Tesrex is a specialised Security Cisco Partner. We can answer any of your questions and help you getting started with Hypershield. Reach out today!