Cisco charts new security terrain with Hypershield

Initially, Hypershield protects software, VMs and containerized applications running on Linux. Cisco's ambition is to eventually broaden its reach.

Cisco has taken a significant step toward automated security with the introduction of a data center system borrowed from hyperscale cloud providers.

Cisco introduced the Hypershield security fabric this week as the latest addition to Cisco Security Cloud, a platform launched in 2022 that unifies the company's products. Cisco plans to release Hypershield in late July.

The product is unique in the market and highly unusual for Cisco because it's pure software and not tied to the company's hardware, Gartner analyst Neil MacDonald said.

Historically, Cisco has difficulty getting out of their traditional network security hardware buying center. This is a piece of software, no doubt about it, and it takes Cisco into new buying centers and use cases.
Neil MacDonaldAnalyst, Gartner

"Historically, Cisco has difficulty getting out of their traditional network security hardware buying center," MacDonald said. "This is a piece of software, no doubt about it, and it takes Cisco into new buying centers and use cases. Cisco is not always good at that [entering new tech arenas]."

Initially, Hypershield will protect software, VMs and containerized applications running on Linux. Missing from Hypershield's first iteration is support for Windows servers or virtual or physical appliances that do not run Linux.

Nevertheless, Cisco's ambition for Hypershield is to expand its reach to every node inside and outside the data center network, including non-Linux servers and IoT devices found in manufacturing or hospitals.

"To be clear, this isn't a new take on an old idea, or the 'next generation' of anything," said Tom Gillis, senior vice president and general manager of the Cisco Security Business Group, in a blog post. "It's a holistic system that -- finally -- brings the security advantages of a hyperscale model to enterprises."

For now, Hypershield is limited because of its use of the extended Berkeley Packet Filter in the Linux kernel. With eBPF, developers can run bytecode in a sandbox that uses the kernel's resources without changing it. Developers use the mechanism primarily for network monitoring, but they can also use it for security policy enforcement.

Cisco uses eBPF to run a critical Hypershield component called a Tesseract Security Agent. Cisco developed TSA with tools it acquired when it bought Isovalent in December; the eBPF expert makes a service mesh for connecting microservices in multi-cloud environments.

Hypershield's core features include the following:

  • A distributed exploit protection module that uses AI to detect vulnerabilities in the network, assist in prioritizing them and recommend approaches for mitigating the threat. The data analyzed is the telemetry gathered by the agents.
  • An autonomous segmentation module that lets the service mesh segment itself when it detects suspicious application behavior. The automated segmentation, based on the module's observations and customer-defined policies, prevents a malicious app from moving across the network.
  • A dual data plane that acts like a digital twin of the network. IT and security teams use the data plane to safely test software or policy changes before adding them to the production environment.
Diagram of Cisco's Hypershield data plane.
Hypershield has a second data plane that acts like a digital twin for testing software and policy changes before adding them to the production environment.

"Based on my reading of Hypershield materials, I would classify it as a more modern microsegmentation effort and not a wholesale new architecture," Omdia analyst Fernando Montenegro said.

In the future, Cisco could broaden the reach of Hypershield's intelligence by adding agents to top-of-rack switches and data processing units found in smartNICs, the network interface controller in advanced servers, Cisco executives said without committing to a roadmap. DPUs contain programmable acceleration engines that can significantly improve application performance for AI and zero-trust security.

"That's all hypothetical, and they're just talking about what they could do in the future," MacDonald said. "But you could cast this wide fabric. It doesn't always have to be dependent on eBPF. They could put these policy enforcement points anywhere."

Cisco has doubled down on the use of AI in security for several years. The company has also pursued a strategy of moving from a portfolio of siloed network security products to one where all the technology works better together through Cisco Security Cloud.

Antone Gonsalves is an editor at large for TechTarget Editorial, reporting on industry trends critical to enterprise tech buyers. He has worked in tech journalism for 25 years and is based in San Francisco. Have a news tip? Please drop him an email.

Dig Deeper on Network security