Artificial intelligence, extended detection and response (XDR), identity management and the needs of the modern-day security operations center (SOC) are Cisco's top priority topics at RSA Conference 2023, according to Cisco Manager of Global Product and Portfolio Marketing Steve Ragan.
Domo arigato, Mr. Roboto
Speaking in a brief interview on the RSA show floor with CyberRisk Alliance's Bill Brenner on April 24, Ragan explained that the information-security industry's hopes and fears around AI were both somewhat exaggerated.
"[One] extreme is 'AI is going to replace people so it's going to lead to jobs lost,'" and that's just absolutely not the case," said Ragan. "And the other side is that AI is going to automate everything in the industry, and that is absolutely not the case."
AI will be very helpful in running operations and generating reports, Ragan said, but as appears to often be the case, AI will lack the overall context and background information to prioritize information accordingly. For those tasks, you need humans.
"The best AI can do is take a quantitative view of your network and the telemetry that's on it and give you an outcome report — here's what happened, here's why I know that that happened, here's what I suggest you would do about it," Ragan added. "A human still has to take that and analyze it, and the reason a human needs to be involved is because the human knows the business.
"A machine will never understand your business," Ragan said. "It'll never understand the goal. It'll never understand the pressures of regulatory compliance. It may know the laws, but it doesn't know the nuance behind the laws, and that is important."
Just let the AI handle it
What AI can do is take the burden of mundane tasks off human security personnel, allowing them to do their jobs more efficiently. Humans will remain in charge.
"When you think of how AI is going to transform the security industry or how AI is going to do something performative, really what AI is going to do is simplify things," Ragan said. "It's going to take a lot of the steps out of, for example, writing after-action reports or compliance reports and things like this."
Ragan's vision of AI involvement in security operations center (SOC) management dovetailed with RSA keynote remarks delivered by Tom Gillis, Cisco Senior Vice President and General Manager of the Security Business Group, who envisioned AI assistance with routine SOC tasks.
"The beauty about this concept is that when you use AI to augment humans in the job, there's amazing possibilities," Gillis said.
However, Ragan cautioned against unreasonable expectations for the abilities of and solutions offered by AI in information security.
"AI is not going to be the silver bullet that solves the problems in security. AI is not going to fix compliance. AI is not going to fix regulatory things," Ragan said. "The advice I would give to people is don't look for AI to solve all of your problems. Look for AI to be an assistant."
Echoing the sentiments aired by RSA Security CEO Rohit Ghai during the conference's opening keynote addresses, Ragan said that AI might be disruptive to the infosec industry, but that it would eventually lead to job gains.
"Don't look to AI as this thing that might take your job," Ragan said. "If AI does get to the point where it starts taking low-level jobs in the industry, all that means is you're going to need to have new people go and be prepared to fix and tune the AI. It's going to create jobs. It's not going to eliminate them."
IAM and XDR
In his opening keynote, Ghai also said that AI would be essential to the next generation of identity and access management (IAM) solutions.
"The identity and access management platform is outdated," Ghai said. "Today, the core purpose of an identity platform is security. In the AI era, we need an identity security fabric."
Ragan said IAM was an important topic for Cisco and for the information-security industry as a whole.
"Identity is still not only one of the most important assets to developing a security program, it's also a linchpin that you still see criminals to this day hanging on to get in," Ragan said. "Look at all the ransomware incidents you see across the board. That stuff starts with identity."
XDR and its role in streamlining security operations are also high on Cisco's list of priorities, Ragan said, emphasizing that organizations of all sizes can benefit from more efficient, more comprehensive detection and response.
"It's not about the size of your environment," he explained. "The size of your environment should not count. You should be able to have the tools in place and the people and processes in place to deal with whatever may come your way.
"That's where we want to focus," Ragan added. "That's where Cisco's going to be looking at. It's simplifying SOC operations to where we're meeting the customer where they are, no matter where they are."
Focusing on the signal, not the noise
Ragan emphasized that elimination of complexity and reducing the presentation of information to the essentials are aims that the information-security industry should strive for.
"You should not have to think about security when you start to work," he said. "It should just be there. It should be underlying.
"When you think of SOC operators," Ragan added, "it should be simple for them to judge the network, and the performance of the network, and the incidents that may roll in, based on a glance. They shouldn't have to do 50 billion steps to realize that that was a phishing email. It should be flagged, 'That was a phishing email. We've seen hundreds of it like this. This is why we flagged it. This is what it looks like.'"
Concentration of information is "what every company needs," he said. "They need more telemetry. They need more insight and viewpoints, and it shouldn't have to be 50 different vendors to achieve this. There's no reason why it can't be built on a platform."
Good, efficient information security is a universal goal, Ragan explained, and it's a goal that Cisco is prepared to help organizations meet.
"As we've been sitting here talking, I've been watching people move across the hall in front of us," he told Brenner. "When you look at these people walk through, they're from all walks of life, all points of view. They've got different enterprise operations, some scaled up, some scaled down.
"Some [of these people] know what they want with their security program," Ragan said. "Some don't even know where to start. And these are the people we want to talk to because there's a lesson for all of them, and there's a way to work with all of them."
"The ultimate goal for all of this is to make the industry better," he added, and to "make the internet suck less. That's where we want to be."
