Firewalls are a critical component of any network security strategy. One of their greatest strengths is the ability to adjust thousands of rules (or more) to meet evolving threats. But that flexibility makes firewalls hard to manage, optimize, and troubleshoot. To address these issues, Cisco introduced the Cisco AI Assistant for Security this week, a tool to help IT administrators manage their firewalls to maintain a robust security posture.
A couple of data points put the need for such a tool into perspective. For years, numerous analyst and industry studies have noted that misconfigurations are the biggest problem with firewalls. Multiple studies by Garter and others claim the figure is incredibly high, attributing 99% of all firewall breaches to misconfiguration.
Why such a large number? What’s the problem? The issue is quite simple. Firewalls are incredibly complex. Indeed, 58% of organizations have more than 1,000 firewall rules, and 18% have more than 5,000 rules, according to Cybersecurity Insiders. In large enterprises, the number of rules can be in the millions.
Using AI to tame firewall complexity
The impetus for the new Cisco tool came from customer feedback. The company said that when talking to enterprise customers about their challenges using firewalls, they heard the same things over and over again. Checking configuration details is hard, troubleshooting is hard, and optimizing rulesets is hard.
Based on these concerns, Cisco developed the AI Assistant for Firewall, focusing on three use cases. The tool assists an administrator helping with policy identification and reporting. It augments an enterprise’s efforts in troubleshooting problems. And it automates tasks for policy lifecycle management.
As AI has become mainstream, one of the biggest lessons learned is that the quality of any AI tool is dependent on the data used to train it. In this case, Cisco trained the AI Assistant by analyzing more than 550 billion security events it captures daily across the web, email, endpoints, networks, and applications.
Using large language models (LLMs), the Cisco generative tool simplifies firewall management. Rather than having an IT manager spend hours (or more) sorting through dependencies, network maps, and documentation, the Cisco tool lets an administrator ask firewall security and configuration questions. The tool then uses natural language processing (NLP) and machine learning (ML) to answer those questions in seconds.
For example, an administrator might use the tool to understand what policies are already in place. Simply asking the question returns a list of the current access control policies, the status of each (i.e., how many devices does that policy apply to), and when that policy was last modified.
Knowing what policies are in place, the admin could, for example, ask the AI Assistant to add a rule blocking outbound traffic from a specific application. The AI Assistant would then recommend a rule for the admin to review and approve before it is implemented.
The tool can also help in troubleshooting problems and maintaining security over time. That latter topic is particularly important today since networks (and the applications running on them) are highly dynamic while cyber threats continuously evolve. As such, firewall rules need to constantly be updated, removed, or added over time.
In a blog about the tool, Cisco said that a typical enterprise needs to adjust about 30% of its rules. Manually doing these tasks takes a great amount of time and often introduces duplicate or conflicting rules. The policy analysis and optimization features built into the AI Assistant help find duplicate rules and suggest different steps to take to improve security policies.
An AI assistant for managing firewall policies
The Cisco AI Assistant for Security will first be available within the Cisco Cloud-delivered Firewall Management Center and Cisco Defense Orchestrator. It can help set and maintain security policies and firewall rules. The solution lets administrators use natural language to accelerate troubleshooting and configuration tasks. It also helps admins discover policies and get rule recommendations to help eliminate duplicate rules and misconfigured policies.