Engineering for the Future: Artificial Intelligence in Security

Shailaja Shankar holds the position of SVP Engineering, Security Business Group, Cisco. Renowned as a transformative leader with a robust command of executive management and extensive technical expertise, Shailaja shoulders the responsibility for overseeing the global security business at the company. This includes shaping the innovative strategy, portfolio, and architecture, all with the overarching goal of simplifying the security experience at its core.

Beyond her considerable technical product and portfolio development background, Shailaja takes immense pride in championing diversity and actively engages in mentoring the upcoming generation of women in the technical field.

In a recent interview with Dataquest, Shailaja delved into Cisco's AI strategy within the realm of security. She shared her insights regarding the broader industry impact of AI. Furthermore, she shed light on the challenges confronted by security leaders, the ever-increasing complexity they grapple with, and the stresses and obstacles encountered by Chief Information Security Officers (CISOs).

Can you provide an overview of Cisco's AI strategy in the context of security? What are the key objectives and goals?

We know there is a tremendous opportunity to drive innovation in both AI in security and security for AI. Cisco is one of the few companies that can take an AI-first approach all the way from the networking fabric to solutions and customer services. From the SiliconOne announcements at the networking level to genAI-powered experiences in customer experience, every aspect of the business is being transformed by AI to provide better customer experiences.  Specifically, our strategy is aligned across three pillars: Assist, Augment, and Automate experiences. We are focused on simplicity of setup, simplicity of operations, and simplicity of management. Our strategy is built on customer outcomes and focused on the problems our customers are trying to solve and understand how our customers are looking to adopt these capabilities.

To build an AI-first experience that just works, products need to be data-first, and with this broad base of data that provides billions of signals a day, we are able to stay one step ahead of the bad guys. Knowing that it's a race between us and the bad guys - they will also be using AI to lower their costs of launching attacks while increasing their speed and effectiveness. A good example of this is the move to prompt engineering, which involves structuring text that can be interpreted and understood by a generative AI model that is enabled through in-context learning, defined as a model's ability to temporarily learn from prompts. A reasoning system that could be automated is the North Star.

Could you share your perspective on the importance of responsible AI and engineering practices in the field of cybersecurity?

First and foremost, what has been the benefit of AI broadly speaking to engineering organizations? Our ability to innovate and deliver new capability at a faster cliff, more efficiently. It’s critical that we do so responsibly with accountability, by publishing standards to which you uphold your organization. It is about building responsible tech as an outcome, but getting there is really about ensuring you are transparent about your practices, and methodologies and retraining your workforce so you can deliver on that promise.

Building responsible tech has a lot of facets, and we’ve built our strategy on data, models, and governance. As we build models and train AI to recognize patterns and threats, strong data governance serves as the guardrails to ensure that the data and technology are developed and used in a way that minimizes potential risks and increases intended benefits. The good news is that the security industry as a best practice has practiced good data hygiene by default - we log everything and generally strive for data accuracy and integrity.

What steps has Cisco taken to ensure that AI technologies in security are developed and deployed ethically and responsibly?

We appreciate that Artificial Intelligence (AI) can be leveraged to power an inclusive future for all. We also recognize that by applying this technology, we have a responsibility to mitigate potential harm. That is why we have developed a Responsible AI Framework based on six principles of Transparency, Fairness, Accountability, Privacy, Security, and Reliability. We translate these principles into controls that can be applied to model creation and the selection of training data with Security by Design, Privacy by Design, and Human Rights by Design processes embedded throughout the model’s lifecycle and its application in our products.

How does Cisco address issues of bias, fairness, and transparency when implementing AI solutions in the security domain?

At Cisco, we are committed to continuing internal focus and collaboration with our external partners and stakeholders to improve our collective understanding of the societal and human rights impacts of AI. We work to continuously improve our framework to support fair, explainable, and transparent results of the AI systems we develop and use. We need good hypotheses on how AI will behave once launched, the dimensions of what it can learn, need boundaries, limits, and default recovery settings. This will mitigate many of the issues you raised.

Can you elaborate on some of the top challenges that security leaders, including CISOs, currently face in ensuring the cybersecurity of their organizations?

The complexity tax and the state of Security Operations: CISOs often find themselves having to stitch together a myriad of products and disjointed solutions to achieve both the security and level of visibility they need to effectively operate and protect their organizations. This presents yet another challenge: Multiple products means a lot of disparate data, and no unified visibility or ability to easily analyze threats. Compounding this is the need for people. People manage these products, analyze the data, build reporting, manage incident response, and support operations. Security Operations is a 24/7 endeavor.

Identity security and social engineering: The majority of successful attacks still involve the human element or social engineering. These identity-based attacks that exploit compromised credentials to access resources are a blind spot for many organizations. Nearly every enterprise today still struggles to get a complete picture of what identity sources exist in their environment and how they are being used to access applications and data. There is a need to correlate whether humans and machines are who they say they are and are doing what they are supposed to be doing.

Keeping up with the bad guys:  There are a lot of threats that need to be addressed and evaluated. The threat landscape is rapidly evolving, and with the introduction of Artificial Intelligence and machine learning, we are dealing with more advanced, sophisticated threats, and an increase in automated attacks. The Exploitation of known vulnerabilities is a big concern for CISOs.

In your opinion, how has the adoption of AI in the security industry evolved over the past few years, and what trends do you foresee shortly?

Visibility, detection, and remediation of an inter-connected, hybrid, multi-cloud environment is where the industry has invested significantly over the past decade. Put differently it is understanding the attack surface, via visibility into the users, assets, devices, applications, and networks coupled with the footprint of the data and bringing context and intent into its operations and management. With the evolution of generative AI, we have a much bigger opportunity to simplify security for both the admin and the end-user. The best security is when it is invisible, and it just works. That said, the regulated industries need audit support, and we can do that better than ever before.

The simplicity one finds in their cars with voice-enabled features is the kind of simplicity we can envision for securing users, and businesses. All said, in security, we cannot afford false positives and false negatives, so getting it right matters as we deliver mission-critical capabilities to secure customers’ mission-critical businesses. On the Identity front, you can expect more innovation.

What advice would you give to CISOs and security professionals who are looking to streamline their security infrastructure and reduce complexity while maintaining robust protection?

Define your AI strategy, inclusive of the capabilities you deliver to your customers and the AI capabilities you consume.

Consolidate to drive responsible operations. Reduce the complexity tax for you and your organization by leveraging a security platform solution. Security leaders often find themselves rationalizing legacy investments that require their teams to build automation and do more manual work to stitch things together. It is not a matter of sacrificing security in favor of fewer products but consolidating to a platform solution to provide more secure, consistent, and responsive networking, security, and ultimately user experience.