Transcript for:
The Future of Cybersecurity and AI

Is it fair to say that the future of cybersecurity is AI? The future of cybersecurity is going to be powered by AI, and anyone that thinks otherwise is not going to have an effective platform for security. If you think about it, 80% of the attacks that happen originate from email.

Yep. You get an email from some prince from some exotic country, and then they'll say, well, click on this link and you can download your $10 million. Yep. From there, you actually download some malware. But the problem people have, right, too much data, too much, it's overload for a human.

Correct. And that's where AI helps. Okay. It took a while for folks to realize is at this point, think about it.

Warfare starts with cyber. Yeah. A hospital, people would lose their lives if a hospital got breached.

Yeah. Because people wouldn't be able to get dialysis. Yeah. You know, or whatever the treatment is that they're looking to get. Water supply can stop for a city.

You can have power grids completely stopped. You can have the financial system stopped. Your healthcare system stops. There's a tremendous impact.

with that shortage of skill. And we have to make sure that we actually get to it at machine scale. Everyone, it's David Bombal coming to you from Cisco Live, back with G2. G2, welcome. Great to have you back here.

Thank you for having me, David. Yeah, it's great to see you again, man. Likewise. You on stage, I saw today.

Lots of announcements. Is there anyone on stage these days? No. But big question. Recently, there's this, they're calling it the mother of all breaches.

26 billion records got leaked. Last time we spoke about like the attackers, you know, it looks like the attackers are winning. Hopefully, you guys are going to do something about that.

You know, for 30 years, David, it's been... The way that things have actually transpired, the adversary has the advantage over the defender. And the reason for that is because they have to be right once. We have to be right every single time.

I think this is the first time, at least in my professional career, that I see a light at the end of the tunnel. Where I think the scales might tip in favor of the defender because they'll have a data advantage. The defenders will have a data advantage. The defenders will have a data advantage over time. Now, it's not quite, we're not there today.

Okay. But I do see that being a possible state in the future. And we're pretty excited about the things that we can do with it because it's not just having a lot of data. We've always had a lot of data. I think the ability to correlate data effectively.

and then reason with that intelligence that's there, and then be able to feed that into everything else is where I think we'll be able to predict and prevent rather than just detect and respond. Last time we spoke about the fact that cybersecurity especially has all of these sort of niche companies, it seems, that are providing a very specific solution, but there's no overall solution. Yeah, the way that innovation has evolved in cybersecurity, it's all through patchwork. There's a new threat that comes up, there's a new company that came out to go out and help the threat.

And... The ironic part about this is that model started so that the efficacy would be high for security. That is the model that's breaking security down today. Because on average, people have 50 to 70 different products in their cybersecurity stack. And it's untenable to go out and manage that anymore.

The complexity is too high. And so what needs to happen, and I think there's this shift that's occurring right now in the market. We'd like to think we're one of the people that are driving it. But the shift that's occurring is moving from a bunch of point solutions.

to integrated platforms. Yeah. And what that'll allow you to do is have a single policy engine. It'll have a single kind of core design system.

And it's going to allow us to do things that we couldn't do before, largely because you can correlate data sets that you weren't able to do in the past. Okay. Because if you have, if you think about it, 80% of the attacks that happen originate from email.

Yep. You get an email from some prince from some... exotic country and then they'll say well click on this link and you can download your 10 million dollars yeah take your it takes you to a website that didn't exist two hours ago yeah um from from there you actually download some malware that malware kicks off a process on your PC that then does lateral movement throughout the entire network. That is 80% of the attacks that happen today. Now, what happens in those attacks and how the defenses work?

There is a company that does email protection. There's a company that does web protection and DNS protection. There's a company that's actually doing things around endpoint protection. And then there's a company that's doing something on network. And each one of them have their own telemetry.

And so an email that comes in... in gets passed as a low-level alert. Yeah. And then a website that you go to might get passed as a low-level alert. And a process that got kick-started at the endpoint might be tagged as a low-level alert.

But if you put those three low-level alerts together, that is a high-level alert. Low-level alerts get ignored because of the signal-to-noise ratio being way off, right? But a high-level alert, you would do something about. And that only happens when you actually start to correlate telemetry.

And that's the idea of data, right? That's the idea of making sure that you have data across multiple control points, email, web, network, identity, endpoint, that you can start to correlate together and say, what's anomalous versus what's normal behavior? Okay.

And when you start detecting patterns of legitimate activity versus patterns of abnormal activity, You can then start to have a graduated set of responses that you can apply to that. Quarantine this. Make sure that you kill this session.

Make sure that you actually have gone out and done a snapshot backup. Yeah. All of those things can start happening once you have that core set of, you know, kind of indication that this is in fact a breach that's about to happen. And therefore, I'm going to predict and prevent rather than just. detect and respond.

But the problem people have, right? Too much data, too much, it's overload for a human. Correct, and that's where AI helps. Okay.

So up until now, we've not had a data scarcity issue. We've had an issue of deriving meaning from that. Yeah.

And that's where AI can massively kind of, it's a step function improvement. So I know that I interviewed DJ, I believe he's on your team. Love DJ, man.

On the firewall, like there's an assistant for a firewall. Are we talking about that or is there more? No, so what we're talking about on the firewall, so the way that we think about it is there's three major objectives in security that we're trying to go out and solve. First one is. Massively increase the efficacy of security.

Second one is make sure that your experience gets way better than what it is right now. Yeah. And then the third one is make sure that the economics are contained so that you don't end up spending more money. Because right now, if you look at the trajectory over the past 15 years, people have spent an inordinate amount of money in security. And it's not effective because the attackers are winning.

Yeah. And so you have to do all these three at once. Yeah. In order to do all these three things at once, on the efficacy side, what I'm talking about is a correlation of data. Okay.

On the experience side is what DJ was talking about, which is I can go out and set a policy in natural language. And what that policy in natural language is going to do is it's going to reduce the dexterity that people need to go out and get certain things done. And so then you actually can address the talent shortage. Because right now, 4 million jobs just in the U.S. go unfilled every year.

Millions go unfilled throughout the world. And what do you need? How can we go out and make sure that that changes quite dramatically? Because if the attack rates keep going up and keep compounding, and your talent shortage remains, you just by definition get weaker. So you have to handle this at machine scale.

You can't handle it at the human scale. So does Cisco just have AI on a phone? firewall? Is it bigger than that? No, no.

So the beauty about this is we started with AI on the firewall because it was such a huge problem. And we said, wow, firstly, wouldn't it be nice if you had the ability to have natural language interface on every single product of ours? So you can set policy, you can do basic hygiene on policy.

So one of the demos we showed this morning at the keynote. was the ability to say, I've got 1,200 rules in my firewall, but 350 of them are duplicates. So what do I do?

Do I disable them? Do I delete them? In order to go out and even determine that in a reasoning engine, when you're creating a rule, would be something that right now is not something that people do. And now this is something that you can do in a very easy way. Not only is it easier, it does more while making it a whole lot easier.

And so then the people that are working on these things, it's not like you don't need them. You will just be able to have them. them focus on higher order efforts rather than the things that actually use up a huge amount of cycles is it requires a very high level of dexterity and isn't really progressing us as fast as we need to progress we need all the human minds on the problem on security so one thing that i think people need to take away from this is it's not that we're trying to eliminate jobs What we're trying to do is make sure that those jobs that are being done can be done at a higher bandwidth so that the mundane work can actually happen with the augmentation of a machine.

I mean people, I mean old people like me, Yeah. you know, firewalls... You're still younger than me, which is really depressing.

Firewall rules are a nightmare, right? CLI was difficult in the old days. It's like assembly code. That's right. Yeah, and...

And I mean, you don't want to touch it because you might break it. Yes. So...

We need something to solve this problem. And actually, the people that wrote the rules retired. The kids graduated from college. And so now you've got, there's companies we know that have millions of rules on the firewall. And so what they do is, because they don't want to break anything, they just don't touch it.

Exactly. And then at some point in time, that system, which was designed for efficacy, is actually the most ineffective system that's out there. I mean, you mentioned in your keynote, AI is not going to replace it. So assist, I think, augment and automate, were you? Assist, augment, and automate.

So why we do... Why we are using AI is to increase efficacy, improve the experience, and improve the economics. How we do it is by assisting every human. to actually have an assist heat. Yeah.

Augmenting so that the detection is going to happen at a much faster pace and make sure that the human's in the loop and then automate certain tasks that can be done so that humans can actually be graduated to doing better tasks. Yeah, because the warrior's jobs, right? Like you mentioned, and you've addressed that. We just simply don't have the number of people to go out and address the number of attacks that are happening.

And by the way, this is critical infrastructure that's going to damage other critical infrastructure. The thing that people, it took a while for folks to realize is at this point. Think about it. Warfare starts with cyber.

A hospital, people would lose their lives if a hospital got breached because people wouldn't be able to get dialysis or whatever the treatment is that they're looking to get. Water supply can stop for a city. You can have power grids completely stopped.

You can have the financial system stopped. Your healthcare system stopped. So there's a tremendous impact with that shortage of skill and we have to make sure that we actually get to that. at machine scale.

So you've mentioned firewalls quite a bit. There are other products, right, where the AI is involved in? So our AI assistant actually manages all of our products. So we started with firewall.

We just added secure access, which is... is our competitor, the SASE market. And so you can actually go out and have policies that are set with natural language and are secure access products now.

We have announced a SOC assistant, which will come out later in the year. We will have, you know, we currently also... have a documentation site for our, you know, if people want to find out exact documentation that, you know, how do you do this, how do you do that, that's actually going to be in that, that's available with an AI assistant.

And we will continue to keep adding... Email as well, right? Yeah, so email has, we just announced today that email threat defense will have some AI capabilities to do better detection of spam and so on and so forth.

And so every single product will have different uses for it, but we will make sure that AI gets injected across the board. Because frankly, the way I think about it, security is a data game. Yeah. And you cannot make sense of data without having strong, robust AI models in place.

How do you get the data? Is that perhaps related to the possible Splunk acquisition? Splunk will definitely be one of the contributors of that. And the way you think about this is, you know, we are a networking company. In order to be a great networking company, we have to be a great security company.

I love that, yeah. If you're going to be a great security company, you have to be a great AI company. And you cannot be a great AI company if you're not a great data company. And Splunk will definitely allow us to scale that to a very different level.

We can't talk much about that because we're in the regulatory approval process right now. But in addition to Splunk, we just have to think about all aspects where we have telemetry. that can be pulled together.

So we have data about every packet that flows through the network. We have data about every email and every forward that happens. We have data about every process that gets kick-started on an endpoint.

We have data about every WebDNS query that gets made. We have data about... every identity, human or machine identity, now with the identity intelligence engine, where you can tell whether or not there's anomalous behavior, both reactively, David's doing something that seems out of character, or proactively.

I've got these three devices that I've never connected to the, I've never logged in for three years. Maybe I should decommission those devices and instill a level of basic hygiene. So all of those things, that telemetry, if we can take and start to correlate.

where there's magic that can happen. And that's why I think there's an advantage to, you know, once you start really mining this data effectively for the customer being safe. I'm going to push on that word mining because a lot of people may be concerned about giving their...

personal data or confidential data to AI. Yeah, so the way that we do it is, firstly, when you start thinking about the world of security, it's slightly different in the sense that if there's an incident that's happening, you want to know what that incident is so that others can actually get prevented from it. But we don't use...

anyone's data. So what I'm talking about is an instance that you would have with your data. Okay, so it's personal to my company?

Personal to your company. Okay, but that's not like a typical chat GPT thing. No, no, no. And so we would actually make sure that that's there.

But in security, in the world of security, you typically have a pretty common practice of making sure that certain kinds of data on incidents and breaches get shared with the community so that you know what's going on. Otherwise, you're fighting against the adversary. But the thing to keep in mind is this, what I'm talking about over here is largely for like one of our big core value systems is privacy. And we think it's a basic human right.

And we should, if we ever used a data set to train the model, there would be with explicit consent. I mean, I suppose that's advantage, right? Because you've got AI for my company.

But Cisco also have a lot of data from many people that are perhaps sharing it with you. So I think one of the concerns is ChatGPT is like pulling data from the internet, but that's very different to the AI that you're using. Yeah, I mean, on the data side, it's a very different thing from ChatGPT because in ChatGPT, for example, you would say, what's the weather like today? With us, it's more around how do I go out and configure this policy? And that's a very different kind of way that you've actually trained the model.

And it's a very constrained set of data that we've actually trained the model on. It's called retrieval augmented generation, where you actually make sure that you've trained the model based on a very specific custom set of data for that account. And that's important because of hallucinations as well. Yeah, hallucinations in chat GPT is a feature, not a bug, right?

Because when you start thinking about it, in some cases, what ends up happening is the creative personas. You know, if you think about how AI evolved. And Sam Altman had a great kind of thought over here in one of the podcasts he was in, where he said that if you would have asked him five years ago, seven years ago, how is AI going to evolve? He would have said, it starts with the blue-collar workers. Yeah, exactly.

Right? And then it's going to go to the knowledge workers and then to the super high creatives. It's actually turned out exactly the opposite. Exactly, yeah.

Why is that? Part of the reason is because hallucination actually helped in actually creating the... the creative wandering that can happen.

That does not work in security. I was going to say. I can't hallucinate about a firewall policy I want to implement. Exactly. So it has to be, you know, pretty precise.

And so what we do is we actually create a... The way in which you train the models is very decent. And I think another misconception people perhaps have is just because of ChatGPT, they think it's just an assistant or an interface. But like on the firewalls, you've got the assistant, but you've also got Eve, right? Yes.

Can you just explain that and like how perhaps the AI is doing similar things on other products? So I think generative AI through transformers is one dimension of AI that actually has gotten a lot of popularity because of ChatGPT over the course of the past year. And I think it's fantastic because what it's done is it's allowed us to, as humans, communicate with a machine without learning the language of the machine. Yes.

But actually requiring the machine to learn the language of humans. Yeah. Which is great. This is the first time that's happened. But that's the transformer side, and that's the understanding of natural language.

There's a bunch of other areas in machine learning and AI which actually have little to do with language expertise and more to do with detecting anomalies and making sure that you can find patterns of behavior. And so Encryption Visibility Engine is... a really interesting problem to solve that we solved with the encryption visibility engine because if you think about the majority of the traffic today is encrypted.

Yeah, exactly. It's a problem. And so we used to have this technology, or we have this technology in firewalls called deep packet inspection, where you can actually go and inspect a packet to know if there's malware inside that packet.

And if there is, then you can intercept or block it. Now... If everything's encrypted, there's no way for you to tell.

So the only way you can tell is by inferring based on the movement of the packet, on whether or not it's anomalous behavior. And that's what Eve does. And that's actually a pretty major step function improvement in driving efficacy once again. So what you'll see is we're doing one of three things, right? Something like Eve drives efficacy.

Something like an AI assistant drives the experience. and it also drives the economics. And so those are the ways that we kind of think about it. So EVE kind of like, I don't want to put it, I'm not quite sure how to say it, but like the EVE kind of technology perhaps will be used on email and other spheres as well? It'll be used across the board.

EVE itself is being used in the firewall largely. Yeah, but like a similar kind of concept, right? But the concept of, you know, empowering these different tools with strong AI, that's not generative in nature, but strong AI and also, you know, machine learning aspects. That's something we'll have in every single one of our products.

And if you think about our AI team, and you said you spoke to DJ, you know, we bought his company and they actually are driving all of our AI efforts right now. And that company is actually getting funded quite aggressively so that we can hire more and more people. We need. PhDs and researchers and developers and all different kinds of people in AI. And we will continue to keep making sure that the clock speed of innovation over there is very, very high.

So I'm glad you mentioned that because looking forward, where do you see things going? Because I think a big concern for people who are moving into this industry or interested in this industry or perhaps younger is it's pointless. AI is going to take my job away.

There's no future in this. Or, you know, can you address that? And also, like, where do you see things going? Just to give people a roadmap and like sort of a vision.

Yeah, I think in my mind, I think human judgment is going to be pretty important for the foreseeable future. But I am... I'm completely wide-eyed about the fact that there's some upside in AI, but there's also going to be a significant downside to humanity. And I think we can go into the areas of regulatory kind of aspects that need to be, and we should talk about that a little bit.

But when you start thinking about specifically new talent coming in, the addressable market for security is 8 billion people, right? Every human on the planet is going to be connected, and every human on the planet needs to be secured. We need...

More people from diverse backgrounds to come into this industry. This industry is very homogeneous on multiple dimensions. Largely male-dominated, largely a technical audience, very jargon-filled. The industry has made it very intimidating for someone that doesn't know security to say, what do I do with security?

Exactly. I think we have to make sure that we remove that friction. And that requires, if you're going to build products for 8 billion people, you better have the group that's building products.

be representative of the population makeup of the 8 billion people that you're building products for. So by definition, if you don't have half the people that are women, your products aren't going to be as effective for the people that you're building them for. We need more people who are women in this industry.

We need more people with liberal arts backgrounds. I would love to have more people with a design background. I would love to have more people with backgrounds that come from the consumer tech industry. One of the things that I've always asked my teams is, hire people sometimes from Spotify.

Because they know how hundreds of millions of people can actually turn on a song with a couple of clicks. I read a blog, I think you wrote about, like, the interface is important, or you said something about, like, the interface is so important. It's like historically me going back with Cisco many years, Cisco weren't well known for that.

And one of my commitments I've made to Chuck is, hey, when you think about Cisco and you see it, you know, fast forward five years, ten years, what I'd like to leave... this company in the hands of next generation who's going to be running it is to be one of the most design forward companies only second to Apple. That's great. In fact, I admire Apple so much for what they've done with all of their products.

And the great part is we have a great partnership with them. They happen to be, you know, they were here at the event and we had a fireside chat with them and we've actually just built a product on the collaboration side of the house with Vision Pro. And I would love to have that same kind of obsession on finesse.

That's instituted in enterprise products as it was in consumer products. And you're starting to see that now. And so all the new products that we have coming out, they're beautiful to use.

And they're not overly complex. And we'll make them, we'll keep chipping away at them and make them simpler and simpler and simpler as time goes on. Like, you know, if you think about passwordless, you think about, you know, all of the things that we're doing with SSE. We try to make the demos for the end user the most boring demos.

Yeah. Because that means that you don't have to do much. It's just invisible.

And behind the scenes, it just works. I think the concern with AI is, do I need a PhD? A lot of guys in the beginning needed PhDs and like all this kind of knowledge. But... Do you see, like the teams that you're hiring, are you hiring all kinds of different types of people at different levels?

Not just PhD people for AI? Yeah, I mean, look, I think there's a tremendous role that AI researchers and PhDs play, but that's not the only role. Yeah. Right?

And anything that's a transformative platform, which I think AI is probably the most wide transformation we will have seen in our lifetimes. You know, it's the most consequential one. You're going to need people from all walks of life.

and you're going to need people that deeply understand the tech. Yeah. You need people who deeply understand the limitations of the tech. You need people who deeply understand the human dynamic and many, many other kind of vocations that you're going to need. So I personally feel like the kind of people we're going to need, we just have to make sure that the kind of people we attract to these fields keep a level of diversity to effectively address Development of products for the target market.

You introduced yourself as G. G2, but how do I know that you actually are G2? You know, the identity is one of the biggest attack vectors that's actually emerging right now.

And it's already emerged, frankly. Yeah. And so many people say identity is a new perimeter. Many people say it's one of the largest attack vectors. And what you've seen as a challenge with identity so far, firstly, anyone who goes out and tries to tackle the identity problem tries to go out and provide you with another IDP, an identity provider.

They become an identity provider. Our goal is, I don't think the world needs yet another Active Directory. I don't think the world needs yet another LDAP. We don't need another identity provider. We've got plenty of them.

We need to make sure that we have a thin analytics layer that sits on top of the IDPs that can take the data for users, for machines, for applications, and then correlate that data together, right? And so we launched this identity intelligence layer, which I think is fundamentally going to change how... every application and every platform. can get hydrated with identity intelligence. So that we then are able to take that data and not just apply enforcements for identity at the point of authentication, but do it on a continuous basis based on behavior and context.

So David logged in, but he's doing something funny with a customer database. That's not what David typically does. Maybe I need to quarantine that.

Maybe I have a honeypot that I create so that I can let it... I keep going for a while to see what's happening without actually, you know, killing the session so that I see if I can actually catch someone doing something wrong. But those are the kind of things that we have to actually create. One is you have to have a better mechanism for detecting post-authentication how anomalies are occurring. And then based on that, have a graduated set of responses against that potential threat.

And also apply hygiene measures. So that you can say, well, these are three devices, like I said earlier, that have never been used before. Let's decommission them.

I was doing a POC on Zendesk, and I was actually connecting that to my Salesforce account. But then we decided we are not going to do anything with the POC. And then I still have that account connected to my Salesforce account.

That doesn't seem like the right thing to do. I need to make sure that I kill that connection. And so what are those kinds of things that we need to have really come up and surface up? That's what we're trying to do. Is it fair to say that the future of cybersecurity is AI?

The future of cybersecurity is going to be powered by AI and anyone that thinks otherwise is not going to have an effective platform for security. Gita, I really want to thank you for sharing on a good go. Thanks so much. Appreciate it. Thank you.