Cisco has announced Foundation AI, an open-source reasoning model for use in IT security. It can be integrated into your security applications and uses eight billion parameters to answer queries quickly and practically. According to Chief Product Officer Jeetu Patel, Cisco trained the model with 200 billion tokens based on Llama 3 with the aim of creating a compact and high-performance model that is suitable for smaller environments and can be run on an Nvidia A100. The company did not specify a release date.
Cisco is also expanding its AI Defense monitoring software to include risk management for the supply chain of AI applications. The tool will be able to detect malicious AI models and block them before they are deployed in the company. In addition to detecting malware or manipulated data records, AI Defense will also check the licensing conditions of the language models. This should make it possible to reject AI models whose licenses pose a business risk to intellectual property and compliance. Models from geopolitically sensitive regions can also be identified and blocked.
Cisco XDR gets AI agents
The in-house XDR application will receive agent-based AI for detecting and responding to security threats. The aim is to reduce the workload of security teams and initiate countermeasures more quickly. Instant Attack Verification uses data from the Splunk monitoring platform, end devices and the network, among other things. Cisco XDR uses this data to automatically create forensic plans and investigate the incidents. If an incident is confirmed, the tool creates recommendations for action for security analysts and carries out mitigations itself, such as API triggers on firewalls to isolate endpoints in a quarantine VLAN.
Cisco XDR displays attacks in a progression diagram
(Image: Cisco)
Cisco XDR also creates a flowchart for each incident to illustrate attacks clearly and make decision-making easier. To this end, it contains graphically prepared information and a timeline of the respective events of the incident. The diagram also includes a summary that explains the attack and its automatic evaluation. This can be a correlation between firewall events and endpoint security solutions, for example. Cisco stated a hit rate of 85 percent for critical events.
Updates for Splunk and Cyber Vision
Version 8.1 of Splunk Enterprise Security (ES), which will be available from June 2025, and Splunk SOAR 6.4, which is already available, will also receive updates to improve the detection of known and unknown security vulnerabilities. There are also enhancements for integrated and automated workflows to relieve analysts in security operations centers.
Cisco is also expanding its portfolio in the area of security for Operational Technology (OT). For example, the OT monitoring platform Cyber Vision has been given vulnerability management and integration with Splunk Asset and Risk Intelligence to qualify security risks in OT networks. Furthermore, automated network segmentation for industrial networks is planned in Cisco Secure Firewalls. The manufacturer has not yet commented on the implementation. Splunk ES will also receive an OT add-on, which is intended to improve the visibility of IT threats.
Cisco and ServiceNow are also expanding their cooperation in the security environment. The initial plan is to integrate Cisco AI Defense into ServiceNow’s security operations. This will enable customers to identify potential vulnerabilities and security incidents in their AI applications. Based on this, workflows and automations in ServiceNow should relieve the burden on SOC teams.
(wpl)
Don’t miss any news – follow us on
Facebook,
LinkedIn or
Mastodon.
This article was originally published in
German.
It was translated with technical assistance and editorially reviewed before publication.
