At the hustling and bustling Melbourne Convention and Exhibition Centre, the 2024 edition of Cisco Live commenced with discussions on the future of cybersecurity and data management. With industry heavyweights like Tom Gillis, AJ Shipley, and Tom Casey at the helm, the event promises to redefine the paradigms of network security, artificial intelligence, and integrated solutions. So I went to the team directly to find out what was going on.

The Evolution of Security: Introducing Hypershield

Tom Gillis, Cisco's Senior Vice President and General Manager of the Security Business Group, unveiled Hypershield — an avant-garde approach designed to balance security with network stability. Historically, the integration of security and networking has faced significant challenges, notably performance issues and the dichotomy between agility and stability.

Gillis reinforced that Hypershield marries the best of both worlds, employing Data Processing Units (DPUs) for agility and Network Processing Units (NPUs) for stability.

"Hypershield is built on a principle of ‘tightly integrated but loosely coupled’ systems," Gillis explained. "This ensures that even if a security update fails, the network remains stable and operational."

This approach aims to provide immediate protection against vulnerabilities while awaiting permanent patches.

A Historic Acquisition: Cisco and Splunk Join Forces

The acquisition of Splunk for $30 billion was another hot topic, delineated by AJ Shipley, Vice President, Product Management – Threat Detection, Investigation & Response at Cisco. As the fourth largest software acquisition in history, it's ahead of schedule, promising a new era of integrated analytics and security. "Combining Cisco's data capabilities with Splunk's analytics offers unprecedented potential for better security outcomes," Shipley noted. There are, however, market concerns about the impact of such a large acquisition. Will Splunk continue to deliver as before or will it be forced to conform to Cisco's existing structures?

“I would even argue that actually, if you look at some of the other security vendors in the space, and I won't name them, they probably would have loved to have been able to do the same thing, but they couldn't afford it, candidly.” added Shipley.

Addressing these concerns, Tom Casey, Senior Vice President and General Manager, Products and Technology at Splunk assured question marks around Splunk, that it would maintain its open approach to offer interoperability with both Cisco and non-Cisco products, aiming to meet customers where they are at.

AI – From Buzzword to Practical Solutions

The application of artificial intelligence (AI) in cybersecurity was indeed explored, particularly by Tom Gillis. He illustrated the immense capabilities of AI, not just as a topic of discussion or fluff, but as a practical tool.

One highlight was a network security device capable of autonomously writing, testing, qualifying, deploying, and upgrading its own rules.

"We need AI to be more than just a buzzword; it should be a cornerstone of practical application in cybersecurity" Gillis asserted.

This focus on practical AI is evident in tools like the system that addresses the chronic issue of patch management by creating immutable environments where only predefined actions are permitted.

Navigating the Future: A Comprehensive Approach

Looking forward – the broader trend of integrated security solutions is often spoken about amongst the industry. The industry is moving towards fewer, more comprehensive vendors to simplify IT landscapes, and to reduce cost. Cisco’s strategy is to consolidate tools and focus on data federation exemplifies this shift. Splunk’s evolution in this domain, started well before the acquisition, complementing Cisco's direction towards integrated networking and security.

AI-Driven Automation and Security Operations

Furthermore, the dual role of AI in enhancing both security defence mechanisms and adversarial tactics. Beyond generative AI's ability to summarise data and tailor reports for different executive levels, it helps security operation centres (SOCs) focus on triage and investigation rather than monotonous report drafting.

This automation enables analysts to operate more efficiently, freeing them up for critical thinking and strategy development. Tom Casey spotlighted the integration of Cisco and Splunk technologies in the early months post-acquisition, highlighting practical benefits such as Splunk’s new features and automation tools.

Splunk gave a nod to Cisco's vision of future-ready SOCs, leveraging platforms like Splunk Observability Cloud and AppDynamics to provide comprehensive visibility across networks.

Cisco and Splunk plan to pave the way for more intelligent, integrated, and automated security operations. Despite market skepticism, particularly around cost concerns and the impact on current products, the sentiment was overwhelmingly positive.

"Ultimately, our aim is to build a secure, advanced, and automated future where security operations can keep pace with the rapid evolution of cyber threats" concluded Gillis.