Firewalls just changed forever! (Can your firewall do this?)
You also have the ability to sort of go back into like history of conversations that you've asked here's an example of hey uh you know what is a shadow rule I'm trying to understand what a shadow rule is. It comes back with the response it gives you the sources and the links. What we've done here at Cisco is that we've solved an incredibly hard problem you know very hard computer science problem and like being able to recognize you know which application is sending what type of traffic even you know without decrypting those packets. So so encrypted you know visibility engine or EVE is able to see that you know whether it's you know TLS or QUIC you know protocol recognize that hey um you know this particular application is now you know sending this type of traffic it can recognize which Operating System the application is running on, what browser it's using, what version uh you know of the OS and the browser, what type of headers are on top of it, just by inspecting the handshake, just by inspecting looking at you know the the encrypted traffic itself. It's a bit scary I think because you know ChatGPT writing a letter or writing some poem or something is is one thing but AI writing firewall rules that could affect a company is like a next level of like seriousness. I think we're going to go through that same phase of like you know a lot of skepticism, to like wait it's starting to be useful, I'm starting to use it every once in a while, to like I'm starting to use it every day to like I completely trusted to do its job. I think we'll see that same transition happen here as well and we're just at the beginning of that curve. Hey everyone it's David Bombal back with a very special guest DJ welcome. Hey thanks so much
thanks for having me. So DJ can you introduce yourself to the audience you've got a a great story something an announcement as well but tell us a bit about yourself and then tell us about this amazing announcement that I think is going to change a lot of people's lives. Yeah know first of all thanks for having me this is uh super exciting to be here um I I'm I'm your classic you know cliche immigrant uh you know came to this country United States here uh almost about 20 years ago, $800 in my pocket dreams of conquering the world, got a PhD in Computer Engineering went to school at UC Santa Cruz, got a dark DOD Grant a Department of Defense Grant which means that I could work on some pretty cool projects you know across the board I spent some time at Berkeley media Labs at MIT, I worked out of a defense contractor called BB and Technologies and um you know part of my job was sort of building out communication protocols with drones and um you know um spent some time starting startups I was a VP of Engineering and Chief Architect um at a company a startup called Stack Rocks right after that started Armorblox I was the co-founder and CEO and uh at Armorblox our hypothesis was this right we were sort of seeing this huge shift you know that were that was about to happen with respect to natural language processing and natural language understanding this is back in 2017 2018 where you know open AI was still a smallish outfit that had just broken out of Google and uh and and we're talking about AGI a lot of people were just looking at them going hey you know these people are wide eyed you know um scientists that are that are just out there like wanting to build something brand new and different but um it still wasn't what what it is today but you know we sort of knew people in there we're working with them and they they announced this thing called Transformers which is really interesting you know and we were like hey what does this Transformer mean? We sort of saw the very first glimpse of you know GPT or or generative pre-trained Transformer models which fundamentally allowed you to do a lot more interesting things with textual data and that was our segue to sort of imagining what could be for cyber security and so we you know we sort of founded the company around that hypothesis that you know AI is going to be very important for security and cyber security and let's start you know focusing on specific use cases. So the first use case we picked was email security and
so uh and that really allowed us to understand and solve the problem very meaningfully uh the company was ultimately acquired after five you know five and a half years uh into Cisco um as recently as about you know three months ago and um and we're um you know we're we're now inside of Cisco I'm currently the VP of products uh for AI uh within the security business group at Cisco and responsible for injecting AI into you know the entire journey of AI in specific you know into the entire portfolio. So that's it's a little bit about my background and and what I'm doing right now but uh but yeah it's it's really interesting times with respect to AI. There's a lot of hype right ChatGPT really like brought it to the Forefront I think it made it real for a lot of people but I mean you've been talking about how this changes business processes and security for a long time and I mean the companies that that you that you the company that you created and companies you've worked in being this has been a journey. Absolutely you're you're spot on right I think it's um it's not a it's not like you know a lot of times overnight Transformations are talked about as truly being overnight um when it's actually been many many years in the making and I think you know when you when you even reflect on just um just AI itself right AI has had you know tons of AI Winters as as like in a lot of research you know researchers like to call it there are the these booms and busts that happen um just based off of um you know where Technologies and it adoptions uh curves are I think I think what's really you know tremendously exciting about AI especially with you know what happened last year in November when ChatGPT came out of you know uh was was officially launched was that it it it made AI accessible to like you know folks like you and me that are in like deep in the weeds of it or like anybody that just wants to go up to a site and start using it right? I think I think that really changed the way people thought about and perceived you know what AI could do um so so essentially the large language models that powers them, power the the ChatGPT, powers those applications I think it's really sparked people's imagination you know drastically and and again the core architecture and I'm sure we'll see a lot more architectures beyond just the Transformers but the core architecture really lends itself you know well to like solving a lot of problems that requires a huge amount of human effort today. The announcement that you you better tell us about this announcement because it affects a
problem I mean I've been doing firewalls for way too long showing my age I remember for as long as it's ever been firewall rules and stuff have been an absolute nightmare. You're you're spot on right I think um you know one of the one of the first you know sort of conversations that we started having you know with with you know with folks inside of Cisco and and as you know Cisco security when you take a look at you know one of the largest offerings that that we put out there is a is a Cisco firewall right you know and um and the firewall really you know moves the needle from a business perspective but also for all of the customers that we sell firewalls too it is a a must have it's not a it's not a it's an aspirin it's not a vitamin right they absolutely need the firewall to be there. One of the challenges with you know with something like that is that it's extremely you know it's a very complicated complex you know piece of equipment you know when you think about what a firewall can, cannot accomplish it's basically consuming traffic that's going in or out of your environment at at speeds that are you know that that have to support like you know any and every application and any type of outages or any type of problems that happen can potentially affect millions if not billions of dollars of revenue you know for for a business. So it plays a very critical function and it's a very complex piece of equipment and you know whether it's in software or hardware uh and so it becomes really important to sort of think about what the future of that looks like and and and part of the charter that we have is to fundamentally redefine reshape that and there's a tremendous amount of momentum and excitement that's happening inside of Cisco that's fundamentally changing what the future of this is going to look like. And so as part of the announcement you know one of the big things that we're going to announce um you know and and we're we're actively announcing um is the AI assistant for the firewall and it's it's one of the first of its kind uh I'm sure you've heard of Copilot, you've heard of you know Microsoft talking about Copilot, you've heard of other folks you know talking about some of those experiences but what we're bringing to the table is fundamentally different we're saying hey we are going to launch an AI assistant that understands the the policies, understands rules tools that are inside of a firewall you know on top of that we're we're able to understand how to troubleshoot, how to provide step-by-step instructions to manage that firewall and and provide additional visibility into your policies and uh and also give you the ability to troubleshoot you know um your firewall much much easier you know and faster. The key thing to sort of think about this is
it's like hey you know is there going to be an AI assistant for each part of the security portfolio or security product and and that's where I think we have fundamentally you know taking a step back and said hey this needs to be reimagined it's not going to be you know an AI assistant for a firewall, an AI assistant for your XDR it is going to be a unified assistant you know for the entire security Cloud right so yeah I mean from an experience perspective you as a customer you're you're fundamentally you know you're changing the way you're interacting with your security suite of products right you're you're going to use natural language to ask a simple question. Hey I want to block this traffic from going out to to you know xyz.com and uh and and the the assistant basically parses that knows which API to call, constructs the the rule for you comes back and and lays it all out which makes your life a lot easier as a as an analyst or as a firewall admin and uh and most importantly like when you think about the natural behaviors you mentioned that you've you you've played around with firewalls yourself you know and uh and so have I I've actually built in a firewalls in a different company before uh in part of my part of my journey here. The interesting thing is you'll notice that people that use the firewalls they don't want to normally change rules or policies once it's been deployed right? You might break something. Exactly you might break
something and you don't want to be the person that that gets fired for like you know changing a small rule somewhere right. So so I think what ends up happening because of that is that you've got tons and tons of rules you know, rules on top of rules and policies that are now sitting out there we've we've actually talked to a bunch of customers and a lot of them actually have like know hundreds of thousands of rules and some of them even have millions of rules and uh that becomes really hard to manage and uh and so we're leveraging AI and the AI system now you know has the ability to get a lot more smarter about the policy itself right it has the ability to go back and reason and say hey hang on a second you're trying to you know add a new policy uh guess what you already have a policy that looks a lot like this maybe you just need to create an object and attach it to this policy right and then you know you as an admin you go oh wait I didn't have a policy for that oh that's great I I had a rule that almost had all of the right objects I just had to create a new ad group and attach this person to great I'm just going to say yes to this. We want to simplify and and create that experience and and that's really magical for the firewall admin but but again it doesn't stop there you know we're tying that seamlessly across the board but I think you know just taking a step back for a second as you think about the announcement itself why should a customer care about this becomes you know a thing like a practitioner why should an admin you know you know get tremendously excited. So let me let me just take a minute if you don't mind I'll just sort of just set up um you know a basic sort of our a framing or a frame of reference of how we at Cisco thinking about this right.When you sort of see this the way we're talking about this we we keep customers at the center of our conversations right, so if if you're a customer you're wondering why should I care about AI? Um the very first you know thing that that comes to mind is the the fundamental change in experience right? You no longer are fiddling with knobs you're you're using natural language to communicate with you know your your security solutions and so fundamentally we're changing the experience of how users engage with security. The second part of it is really about
the efficacy side of the house. Like are we able to like do things at machine scale because we want things that are you know security products are able to detect things faster quicker better and then ultimately it's all about the economics like can I do more with less because I don't have as many dollars to spend I'm doing you know all of these things can I you know how can I do more with less? And so those are the reasons why customers absolutely have to care about AI right now. The why quickly segue is you know wait great I'm I'm bought into this but what is Cisco doing for you know for for for me and that's where you know you sort of get into the conversation of the what and then and so we're breaking that down into you know three pillars which is assist, augment and automate when we talk about assist we're talking about AI assistance we just talked about what we're announcing what we're launching AI assistants are fundamentally going to change the way that humans and machines interact so we're launching that experience first but then we're combining that with you know the ability to sort of correlate you know insights across you know the the the number of you know vast disperate signals that Cisco generates right whether it's on the network or the email or the the DNS, the endpoint, all of the native telemetry that we have we want to able to correlate that's where the augment piece comes in where we're able to augment you know human insights with machine intelligence. And the last piece is of course to automate you know complex workflows that make the lives of security admins a lot easier. So those
are the three pillars in which we're building technologies and uh and finally when you break it down into how are we doing this we break it into data models and governance. The data part really focuses on the again the telemetry that we're getting from different sources. The models are specifically focused on the the third party models and you know like OpenAI or Anthropic or Cohere um or you know sometimes you know the open source models that we're using or in fact the the models that we're trying to start building ourselves, foundation models that are needed to Cisco. So we're picking the best of breed uh among those models and and in in you know focusing on things that you know make the most amount of sense with the application that we're using and ultimately governance is important right? Everybody cares about what type of data are we using, is the data like you know sanitized? Do we have like the right type of Guardrails rails in place? Making sure no data is leaking. That's absolutely important to us like we are a security company in at Cisco we're a trusted business partner for a lot of lots and lots of enterprises. So responsible AI is absolutely non-negotiable so that's that's sort of how we're thinking about you know the framing of the entire conversation and uh we're launching specifically experiences in each one of these segments as you can see. So firewalls is just the beginning right? Firewall
is just the beginning I love how you put it and it's it's absolutely just a beginning and uh and let me show you you know one of the things that you just mentioned was that there's there's a a ton of hype around this and um you know and it's uh and it's hard because you know one of the interesting things about AI right now is that it's moving incredibly fast. Things are changing almost on a daily you know weekly basis. A lot of times when you take a look at some of the demos that are online it's interesting it shows you the art of what's possible, it seems fascinating but when you have when you take the step from like a demo to like a product it's a very different ball game. Yeah I think I mean I you you've got a demo and I want to get to that the the audience a lot of people are working with firewalls and um a lot of us have had like experiences with technologies over the years and you mentioned Copilot um I think one of the concerns a lot of Engineers will have is can I trust this? No, I think I think that's it's the number one thing right you know when we do our own you know conversations with our customers when uh we're talking to the analysts, we're talking to you know practitioners that are using this on a daily basis, I think the number one thought that that sort of crosses their mind is like hey I don't know is this going to be safe, is this not going to you know is this going to do the right sets of things, you know how do I think about this how do I position this, there's there's a lot of lot of thinking around that that that's sort of happening and and I think we' we've been very thoughtful about how we want to approach this right I think we made sure that we're uh when we think about um you know one of the common topics is really about hallucination right, people say that if I were to ask it a question is it going to come back with the right response and um and so so what we have done you know with respect to hallucination is that we've come up with a a technology stack that uses something called grounding where it is grounding all of its answers based on knowledge that you're pointing the the large language model to saying hey um answer the question that I'm asking you from this repository of information or from this database, if you don't know the answer don't make it up and um and the best part is like you know when you say that it actually starts you know behaving appropriately it only comes back with the answers from the uh you know from the data store from the knowledge base that it has. And so um so yeah so you're spot on I think trust is the the number one thing that we have to go out and solve for and again and as I walk you through the demo you'll see that we're trying to build the right types of user experiences to sort of improve and enhance the trust that you know that they have and then the one point I'll just you know articulate before I dive into the demo is that it is a challenge right when you think about you know uh people getting on planes, planes are by and large you know being driven by you know control systems that are that are powering the autopilot mechanism the Pilot's really watching for like abnormal things but you know by by and large the plane sort of flies itself trying to get that you know into a reality for cars has been a lot harder because you know you now have like a much larger population as opposed to just the a small group of Pilots that are piloting you know aircrafts you now have like a vast majority of people that are still uncomfortable letting go of control but it's starting to happen you know with uh self-driving cars becoming a reality. I think we're going to go through that same face of like you know a lot of skepticism to like wait it's starting to be useful I'm starting to use it every once in a while to like I'm starting to use it every day to like I completely trusted to do its job. I think we'll see that same transition happen here
as well and we're just at the beginning of that curve. So here's a a quick view of um what it is that we are building and um and then we will be announcing very very shortly. Here's the Cisco defense orchestrator we use the uh the CDO to be able to um control, manage uh your firewall rules, your policies and uh and what you're going to see over here is um an instance where we um we've actually deployed the AI assistant you can see it right on top you're in by clicking on a button it pops right over and um you know this sort of has a UI and a UX that's easy to use easy to understand in this case it looks a lot like you know um what you might see from a ChatGPT right. It asks you
hey what what would you like to ask today? Here's an initial setup guide. Here's an admin you know super admin experience access control you know these are sample prompts that you can ask. So for instance here what access control rules are disabled you can click into it and uh it's going to come back come back with a response. You also have the ability to sort of go back into like history of conversations that you've asked. Here's an example of hey uh you know what is a shadow rule I'm trying to understand what a shadow rule is, it comes back to the response it gives you the sources and the links. What's interesting over here is that you've got um you know uh the ability to give feedback. So you can give it a feedback and you can say hey wait a minute I was not with
the response that just came back and then you could give it a a thumbs down and then when you do that uh it'll come back with a few options you can say Hey you know it was factually inaccurate, it was uh irrelevant, it was you problem with the citation and so on and so forth and uh and that automatically provides feedback that makes the models better. You know it's not just that you know we're constantly you giving you answers we're we know for a fact that you know the answers that that you see are mostly going to be right but when they're not right you have the ability to give feedback and and make the models better. So that's really what we have you know built into this but you know going back to the uh conversation you know, you can you can basically ask questions about a specific policies. It's like hey list all of the policies that are actively deployed
it comes back and says hey here are some of the policies that that have been actively deployed and then I can ask it a question to say hey can you turn this policy on, can you set it a block, can you give me a list of objects, um you know give me step-by-step instructions to make this change and you know we've also built a Guardrails now if you were to ask it a question about hey what is the weather like today? It's going to come back and say hey thanks for a question but I'm a firewall expert and this is my area of expertise so um if you want to ask about the weather you might want to try different websites to do so. So we've implemented those basic Guardrails as well so that's a a quick view you will have the ability to make this full screen if you want to you know if you are constantly using it which is what we like you to do uh and if if things work out well and and it's sort of solving the you know the problems for you you know you would you know potentially put this on a on on a second screen and start using this as your default way to be able to talk to uh you know your security products and so and at the same time when you're done with the work you just you know close it out and uh you can always look it back you know it comes back the same way you can move it around if you like it as a side right rail and experience so you can just say hey you know pop it to the side. So we've made sure that from a usability perspective it's got the right sets of things. You know we've been doing this for a long time in the old days it was CLI was the way that we managed devices and then it's moved to like GUI and this is just another iteration of an interface is that is that kind of fair to say? It's a it's a great point that you raised right I think you're spot on about how we're moving back to a a text based interface but I think the um the fundamental shift though is that you don't have to learn a new language anymore. You don't have to learn how the CLI spec works. You can come and ask a question as you normally
would it's like how do I create a basic security policy for FTD and then you're off the races it breaks it down for you, it gives you the sources so you feel confident that hey I can go read up the source you know you can click into it to say oh um you know can I get more details on that specific link and then you know exactly that oh it's it's it's pulling all of this information from here. Imagine now this working across portfolio products, it's not just one product, it's like you know your your firewall, your XDR, your you know think about you know every single speed of products that are seamlessly now interfacing using a a singular assistant it starts to make a lot of a lot of sense from a you know from from where we are headed perspective. So so this is today what you're seeing is for the firewall and this is the big announcement. We are actively adding more capabilities um this is going to be launched uh you know in private preview for our customers that are using CDO and and and CD FMC which is the the the Cisco Defense Orchestrator and the Cloud- Delivered Firewall Management Center and then you know we're rolling this out to the On-Prem FMC's as well which is really interesting right I think when you think about a lot of customers that are still running their firewalls on Prem that're not connected to the cloud we are still offering them the ability to leverage the AI assistant by summer they'll be able to start using this as well. So it
really changes the game for all of the firewall you know uh users and admins and our goal is to be able to give them you know a unified you know a single pane of glass if you will but your point it's going to be a you know a conversational interface. Yeah I mean that's fantastic I mean I think ChatGPT really brought it home to a lot of people how powerful it is to have a chat interface before that AI was this like thing somewhere out there in the ether but it kind of brought it to a lot of people that you can configure stuff and get a lot of information just by chatting to a machine. You you're spot on right I think I think that is the big you know game changer right I think um and again it's you know one of the interesting things that's happening from an evolution perspective is that we're starting to see multimodal responses right so it's not just the a text based response it's able to come back to you you know uh in a tabler format you're able to now start providing it with pictures and it recognizes what the picture is about and it's able to respond back as well so what's what's sort of happening and again the same thing's happening with voice to text in our transcription as well we're very rapidly sort of headed to the place where the conversational way of engaging with machines is going to become the default way of you know getting things done and you know as much as it might seem unnatural to begin with you know it's like people are used to using keyboards uh they used to using a mouse if you remember there was a big transition from like folks that just used a text based interface to like giving them a a mouse and saying hey start to use the GUI and uh and there were people that were holding out saying no no I'm going to still use my I'm still going to use my whim yeah right and so um so we're we will have an initial phase of like people saying wait a minute this feels a little unnatural before they start to recognize that it is saving them a lot of pain. We've already done some user studies where um the user research response have come back and and and you can see a marked improvement in in the rate of learning for people that are not familiar with something it gets them to a point of being productive much faster but more importantly for those that are experts as well you know once they recognize that the system is doing what it's supposed to and their trust factor increases they start using this more than going down and like clicking on knobs you know five pages deep that they just you know trust the assistant to go out and execute on it over and over again. The problem in cyber security right is it we just don't seem to be winning, so it looks like the old way is just not working and it sounds like this is we have to do this we have no choice cuz we're overwhelmed there's there's too many attacks, companies are getting hacked every day it sounds like this is we have we have no choice to rely on a manual way of doing things right? Absolutely I think I think this is truly that moment in time where you know um AI starts tipping the uh you know the battle in favor of the defenders right and and that's really what we're seeing right now um because it is not cheap to be able to you know run inferences on models um which directly you know means that you know the the economics for an attacker is fundamentally starting to shift. When you are able to correlate things at at a at a speed faster than what humans are able to do you are forever changing the way you know the economics of an attack happens and so so that's why this is incredibly interesting.
One of the so let's let's I just want to like ask the questions that I'm pretty sure a lot of people are ask are thinking about is the problem with like ChatGPT and I'll just use that as an example because it's like the posted child if you like, hallucinations you've addressed, so hallucinations are a big problem where it just makes up random stuff um and then the other thing is training data I think a big concern about AI is what is it actually trained on? You know I think I think the one of the things about you know let's let's talk about ChatGPT because that was the example but then we'll we'll talk about the models that we're using as well. I think when you use ChatGPT I think you know interesting part of it is it's crawled the entirety of the web in you know in some shape or form right but um what we don't know and what they've not made public is you know what else went into it, like what is the training sources, how how do they curate the the data there's a lot of um you know something called Reinforced Learning through Human Feedback that's gone in or you know RLHF for short it's basically in a human sort of like curating the data set and changing the shape of the model to sort of respond appropriately so there's not you know there's lower levels of toxicity, you know there's lower levels of hallucination, so on and so forth right. So a ton of work has gone into building these you know these models and we're seeing a huge movement where you know open source models are starting to you know uh perform rather well and uh and the same thing sort of happening with you know some of the small models as well which are not quite as large as the open models but smaller models that are effective and useful in being able to solve these problems so so we're seeing a brand new ecosystem of models emerge and each one of them have different corpuses of data that they're training on. What's really interesting is being able to um build domain specific models that understand a specific domain starts to get tremendously interesting right when you think about a company like Cisco we've got data coming in all the way you know from the network to the um you know to the endpoints through email, through DNS, to like pretty much you know there's data that's coming across the board and and each you know our ability to sort of like understand that data is rather unique right because of all the things that we do and so building custom models that that sort of understand that data uh becomes a a an an absolute requirement so that's something that we are aware of and we're making sure that when we look at that data we're we're training in you know the right and the appropriate ways you know um we've got the right amount of Guardrails implemented that make sure that there's no you know PII PCI data inside of training data that we that we use we've de-identified any customer specific information sometimes we you know we actually don't even use customer data we're actually creating synthetic data based off of the the statistical properties of the data that we're seeing and then using that synthetic data to be able to train the models to behave in a particular way so that when you detect an anomaly it's able to automatically sort of guess what that anomaly could potentially mean and then you know use that to be able to effectively you know do the detection. So yeah we're uh you know training data is really important and um as you think about companies that will become successful you know companies that have you know a massive amount of data gravity will obviously become the de facto winners in this game because um it'll matter that you have unique algorithms but it'll matter even more that you have access to proprietary data and uh and that's where you know we're very interestingly poised. I think that's Cisco's huge strength you've got all this data that's because I think the when I talk to people about AI and networking or AI and that people say look the problem is like ChatGPT or whatever was just pulling the stuff off the internet and I mean you can't trust a lot of that stuff at least I mean the difference here is you're using proper data for the specific domain. That's right that's right
and I think I think you know um it's it's it's interesting right ChatGPT in itself like you know it is they've not only just pulled the data but they've done a lot of work on top of it to be able to make it you know um really effective so the way to also think about this is the models are good at being able to like provide in an explanation in natural language in in an English language that we can understand but then there are other techniques called Retrieval-Augmented Generation or RAG which you know uses data from a database or a corpus of data from from a knowledge base that is very specific to the questions that you're asking. When you are retrieving data from that RAG and then you're couch it in the context of the language model you sort of now have the ability to you know get the best of both worlds so you can easily now use a model like ChatGPT that the equal under the GPT4 model or the GPT4 Turbo which is just recently announced you could use the latest and the greatest but then you're grounding it on data that is very specific to what you have so that really you know the combination really makes a a huge difference you know um to a customer and as they start using AI. I think the I mean I want to talk about the um you've got the AI powered encrypted visibility engine as well right and and then I want to come back to some of the concerns people have because we I don't know how much time we got left so could you tell us what that's about cuz that's really interesting cuz the big issue is like I got all this traffic coming in everything's encrypted these days I mean you try and do a network capture it's all encrypted how on earth do you know what's good what's bad? No I think I think you're you're spot on so so going beyond the assistance you know we're leveraging AI to be able to effectively you know do detections right. Being able to you know augment we we talked about assist augment and automate the part where we're we're augmenting human intelligence here is you know um by looking at the the data packets that are going from you know point A to point B but because they're encrypted you know it's hard for you to be able to like you know crack them open and and decrypting it is expensive as well from a computer perspective all the way you know up into the you know the application layer. What we've done
here at Cisco is that we've solved an incredibly hard problem you know a very hard computer science problem in like being able to recognize you know which application is sending what type of traffic even you know without decrypting those packets so so Encrypted you know Visibility Engine or EVE is able to see that you know whether it's you know TLS or QUIC you know protocol recognize that hey um you know this particular application is now you know sending this type of traffic it can recognize which Operating System the application is running on, what browser it's using, what version uh you know of the OS and the browser, what type of headers are on top of it just by inspecting the handshake, just by inspecting looking at you know the the encrypted traffic itself and um it's using a a bunch of different methods inside it to be able to identify a malware um that's uh that's sending traffic you know we're using LSTMs by directional long short term memory which is a technique in deep learning to be able to identify these signatures and um and then on top of that we're using you know you know signatures as well uh to be able to recognize that hey this application is this fingerprint and give it you know a certain you know confidence score uh based on what the uh what the classifier comes back with. All of this is interesting but you know if you're just identifying that's not going to be enough right you've got to be able to take an action on the traffic what we're announcing is that we're we're effectively able to write rules inside of the firewall that blocks this traffic from a malicious you know process that could be running inside of um you know an endpoint without you having to decrypt the traffic and so think about what happens when a ransomware comes together right? You have a process that's running inside of a device and this device could be something that you could not run an endpoint agent on it could be like a a heart lung monitor or it could be a um you know a diabetic pump that you know shoots out insulin that's running a Windows Operating System and it's hard to like install an endpoint agent so which means you might have to like if if if it gets a process that starts to encrypt things and you know start to behave like a ransomware you have the ability to use those known signatures to block the traffic that it would send out to exfiltrate all the data out and create the uh uh the ransomware part you have the ability to stop that at the network level without you know doing anything so so it's it's a it's a huge thing that we're doing you know being able to block malicious encrypted traffic you know from egressing outside of your environment. In other words you are able to see what's in the packets even though you're not decrypting it? Correct we're we're able to use like like know properties of the packet the size of the packet being able to see where it's originating, where it's terminating, we're able to extract you know just by looking at the the characteristics of the encrypted packets we're able to determine it's sort of where the secret sauce comes in where it says hey we have now you know we're now effectively able to with the high degree of confidence state that this packet belongs to this process and therefore we can start taking actions on them you know on that entire session, on those packets, on the stream and uh and block that traffic from going out. I would just want to address like elephant in the room for a lot of people jobs is there a future for me you get the you know the the one side of the of the like sort of um story out there that no one's going to have a job in 5 years or 10 years or whatever because AI is going to eat all the jobs and then you've got the other side which says AI is nowhere near good enough to be deployed and I mean this is like a real world example it's a bit scary I think because you know ChatGPT writing a letter or writing some poem or something is is one thing but an AI writing firewall rules that could affect a company is like a next level of like seriousness. No I think that's a it's a it's an excellent question uh David I think the the the way to think about this is um anytime there's a new technological Epoch there's a lot of things that change when that Epoch comes together if it weren't for the advancement of internet and uh and us all collectively as a humanity embracing internet you and I wouldn't be able to do this call you know on a web browser right you know I think I think what's going to happen is you know we are now basically looking at an Epoch that's moved faster than any other Epochs in the past right because we now have an amazing distribution mechanism which is basically the internet and uh and AI is able to move a lot faster because we have the connectivity that we need to be able to effectively distribute AI in in some ways I think the the reason for that fear might be because of the speed at which it's moving but that said I think it's about you know I don't think it's you know ever going to replace a human being I think the way I sort of see it you know personally is that it's going to augment the human ability it's going to provide us with you know superhuman capabilities we're going to be able to do things tasks that used to take a lot longer a lot faster right now you know. It's like you know if you go back to spreadsheets when before spreadsheets existed we would have to spend time writing complex you know instructions or writing them on ledgers of like all the things that we had to do spreadsheet sped things up it did not take away the jobs it took away some different types of job but it repurposed it into something a lot more interesting for the knowledge workers I I I bet you that that is what is going to happen I think you're going to start to see you know certain things about managing a firewall is going to become easier which means you're no longer going to see firewalls with six million rules or five million rules out there anymore because it's becoming it's going to become easier to manage it's going to become easier to you know get in there at a rule and you it's not going to require ire a master's or PhD in managing firewalls right so that is that part is going to get easier uh which means you now have you know creative forces and energies being spent on other more interesting problems and uh and the best part about humanity is that where we always find interesting more interesting things to go out and solve you know and so so that's really what we will see at the next turn I don't think it's going to take away all of our jobs it's going to make us really good at our jobs and give us better things to do. I love that it's a great explanation I think the the next
question in 2024 what should I study or where do you I mean this is like a major shift and there's a lot of hype and it's always nice to talk to someone who's an expert in the field to separate the hype versus like reality and like actionable things that I should do so I mean perhaps you can just give us some guidance like career advice or you know what where do you think we should if I'm if I want to study something I mean I should study AI whatever that means like any idea any like sort of guidelines any advice? No for sure I think I think what's what's sort of happening is that AI is moving out of the the research labs into the hands of people that can use it the the minute you can actually access AI over an API call you you know that at this point in time it's moved away from like researchers to developers and Engineers that can build amazing experiences on top of those APIs it sort of happened with the cloud as well I I'll use cloud as an analogy right. Previously if you had to build your own data center you needed to know everything about how do I rack and stack each and every single one of my servers, how do I solve for power, how do I solve for cooling, you had to know all of that to be able to effectively you know build an application that runs on top of the data center you know when when what happened with the hyperscalers was that they provided you with a simple API call that allowed you to just deploy your application everything got managed by itself we're we're at that same sort of phase of evolution where you don't need to know about every single matrix multiplication that goes on to be able to build or create these models you have the ability to sort of come in and say hey I'm going to use the APIs to be able to build amazing experiences on top so um so in some ways you know instead of AI researchers you're going to start to see a lot of AI engineers and uh and then along with this you're going to see a lot of AI operations people that come along and say hey in order to make sure that the AI APIs are working properly I have like machine learning Ops or AI Ops is going to become a thing as well. For people that are looking at specializing you know it's sort of you you just have to pick which you know part of that you know gradient do you want to be. Do you want to be part of the the research team in which case you want to spend time learning about the core mathematical you know foundations that go behind building you know machine learning and deep learning models. If you want to be more of the AI engineer then you know you start you know playing around with the APIs that are available for GPT or you know playing around with API's for Anthropic and like some of the other models that are coming out, understanding how to like build applications on top of them and if you want to be on the operation side being able to understand what it means to like server model, what it means to you know leverage the GPUs you know in a cost optimal fashion all of those problems become a lot more interesting. So those are the spectrum and that's sort of how I would break it down and
that's how I would spend time focusing on which uh which areas to focus. uh which areas to spend time on I I I always advise people you know ride the waves and this is just another huge wave that can be life-changing right um and really enhance your career I mean the problem a few years ago is I had to go and get a PhD in math to try and understand any of this stuff and statistics and all the rest of it I mean a lot of us who who a lot of people watching this aren't at that level but it sounds like it's now more available like you said just with API I could actually do something serious with AI absolutely no I think I think that is the that is the big shift that's happened right now I think you're spot on right now and I think I think and that's where you're seeing a a lot of a lot of interesting applications being built you know um you know all the way from like chat GPT is a classic example but there are so many variations of like tools like that that that's coming out of bar that's coming and that's being built on top of Anthropic and and each one of these experiences are going to change how we you know how we perceive techn technology know fundamentally we've got ChatGPT as an example and Cisco have got this new product and this is obviously going to grow but that opens up a whole ecosystem doesn't it um where if I write an application I could interface with those APIs and like create something brand new absolutely yes you know you're you know it's the beginning of like you know a new journey you know where we're going to start to see a whole lot of interesting suite of applications being built out in fact you know one of the interesting concepts that that ChatGPT had was the notion of plugins right being able to you know um bring your plugin and then connect it in ChatGPT it's sort of very similar to how co-pilot is thinking about something called skills instead of the Microsoft ecosystem we have a very similar perspective in terms of how we sort of see ourselves unifying this assistant across all of the security cloud and uh and you're going to see us like you know talk a little bit more about that you know as as the you know as the weeks progress as the months progress um but but that's definitely on top of our minds in terms of how we can um supercharge an entire ecosystem of capabilities on top of the assistance we're running out of time so last question where will the world be in 5 years nice question but just like to give people kind of like where where's it going where do you see it going no it's uh it's going to be you know absolutely interesting right I think it's uh you know I don't have a crystal ball but my my my instincts are that you're going to see compute and computational pieces fundamentally change you know it's going to be less and less of keyboards and mouse and more of being able to you know talk to Alexa and series of the world um you're going to see a huge amount of intelligence come into like you know day-to-day tasks opening a browser uh you know filling out a form a lot of those things are going to go through fundamental changes so in five years from now you're going to see a very different modality of like how you engage with you know any type of compute any type of uh you know the infrastructure that supports that compute is going to go through a huge amount of change and uh and I do believe that it's going to get very interesting you know from a purely from like you know user experience and and a usability point of view DJ I really want to thank you I know we're out of time I really want to thank you for sharing you know not just the scary stuff but like also future for people and how things are changing thanks so much David it was a pleasure talking to you thanks so much for having me on your show
2023-12-07 21:07
