Firewalls just changed forever! (Can your firewall do this?)

Firewalls just changed forever! (Can your firewall do this?)

Show Video

You also have the ability to sort of go back into  like history of conversations that you've asked   here's an example of hey uh you know what is a  shadow rule I'm trying to understand what a shadow   rule is. It comes back with the response it gives  you the sources and the links. What we've done   here at Cisco is that we've solved an incredibly  hard problem you know very hard computer science   problem and like being able to recognize you know  which application is sending what type of traffic   even you know without decrypting those packets.  So so encrypted you know visibility engine or   EVE is able to see that you know whether it's you  know TLS or QUIC you know protocol recognize that   hey um you know this particular application is  now you know sending this type of traffic it can   recognize which Operating System the application  is running on, what browser it's using, what   version uh you know of the OS and the browser,  what type of headers are on top of it, just by   inspecting the handshake, just by inspecting  looking at you know the the encrypted traffic   itself. It's a bit scary I think because you know  ChatGPT writing a letter or writing some poem or   something is is one thing but AI writing firewall  rules that could affect a company is like a next   level of like seriousness. I think we're going  to go through that same phase of like you know   a lot of skepticism, to like wait it's starting  to be useful, I'm starting to use it every once   in a while, to like I'm starting to use it every  day to like I completely trusted to do its job. I   think we'll see that same transition happen here  as well and we're just at the beginning of that curve. Hey everyone it's David Bombal back with a  very special guest DJ welcome. Hey thanks so much  

thanks for having me. So DJ can you introduce  yourself to the audience you've got a a great   story something an announcement as well but tell  us a bit about yourself and then tell us about   this amazing announcement that I think is going to  change a lot of people's lives. Yeah know first of   all thanks for having me this is uh super exciting  to be here um I I'm I'm your classic you know   cliche immigrant uh you know came to this country  United States here uh almost about 20 years ago,   $800 in my pocket dreams of conquering the  world, got a PhD in Computer Engineering went   to school at UC Santa Cruz, got a dark DOD Grant  a Department of Defense Grant which means that I   could work on some pretty cool projects you know  across the board I spent some time at Berkeley   media Labs at MIT, I worked out of a defense  contractor called BB and Technologies and um   you know part of my job was sort of building out  communication protocols with drones and um you   know um spent some time starting startups I was  a VP of Engineering and Chief Architect um at a   company a startup called Stack Rocks right after  that started Armorblox I was the co-founder and   CEO and uh at Armorblox our hypothesis was this  right we were sort of seeing this huge shift   you know that were that was about to happen with  respect to natural language processing and natural   language understanding this is back in 2017 2018  where you know open AI was still a smallish outfit   that had just broken out of Google and uh and and  we're talking about AGI a lot of people were just   looking at them going hey you know these people  are wide eyed you know um scientists that are that are   just out there like wanting to build something  brand new and different but um it still wasn't   what what it is today but you know we sort of knew  people in there we're working with them and they   they announced this thing called Transformers  which is really interesting you know and we   were like hey what does this Transformer mean?  We sort of saw the very first glimpse of you know   GPT or or generative pre-trained Transformer  models which fundamentally allowed you to do   a lot more interesting things with textual data  and that was our segue to sort of imagining what   could be for cyber security and so we you know we  sort of founded the company around that hypothesis   that you know AI is going to be very important  for security and cyber security and let's start   you know focusing on specific use cases. So the  first use case we picked was email security and  

so uh and that really allowed us to understand  and solve the problem very meaningfully uh the   company was ultimately acquired after five you  know five and a half years uh into Cisco um as   recently as about you know three months ago  and um and we're um you know we're we're now   inside of Cisco I'm currently the VP of products  uh for AI uh within the security business group   at Cisco and responsible for injecting AI into  you know the entire journey of AI in specific   you know into the entire portfolio. So that's it's  a little bit about my background and and what I'm   doing right now but uh but yeah it's it's really  interesting times with respect to AI. There's a   lot of hype right ChatGPT really like brought it  to the Forefront I think it made it real for a lot   of people but I mean you've been talking about how  this changes business processes and security for   a long time and I mean the companies that that  you that you the company that you created and   companies you've worked in being this has been a  journey. Absolutely you're you're spot on right I   think it's um it's not a it's not like you know  a lot of times overnight Transformations are   talked about as truly being overnight um when it's  actually been many many years in the making and I   think you know when you when you even reflect on  just um just AI itself right AI has had you know   tons of AI Winters as as like in a lot of research  you know researchers like to call it there are the   these booms and busts that happen um just based  off of um you know where Technologies and it   adoptions uh curves are I think I think what's  really you know tremendously exciting about AI   especially with you know what happened last year  in November when ChatGPT came out of you know uh   was was officially launched was that it it it  made AI accessible to like you know folks like   you and me that are in like deep in the weeds of  it or like anybody that just wants to go up to   a site and start using it right? I think I think  that really changed the way people thought about   and perceived you know what AI could do um so  so essentially the large language models that   powers them, power the the ChatGPT, powers those  applications I think it's really sparked people's   imagination you know drastically and and again  the core architecture and I'm sure we'll see a lot   more architectures beyond just the Transformers  but the core architecture really lends itself you   know well to like solving a lot of problems  that requires a huge amount of human effort   today. The announcement that you you better tell  us about this announcement because it affects a  

problem I mean I've been doing firewalls for way  too long showing my age I remember for as long   as it's ever been firewall rules and stuff have  been an absolute nightmare. You're you're spot   on right I think um you know one of the one of  the first you know sort of conversations that we   started having you know with with you know with  folks inside of Cisco and and as you know Cisco   security when you take a look at you know one of  the largest offerings that that we put out there   is a is a Cisco firewall right you know and um and  the firewall really you know moves the needle from   a business perspective but also for all of the  customers that we sell firewalls too it is a a   must have it's not a it's not a it's an aspirin  it's not a vitamin right they absolutely need   the firewall to be there. One of the challenges  with you know with something like that is that   it's extremely you know it's a very complicated  complex you know piece of equipment you know   when you think about what a firewall can, cannot  accomplish it's basically consuming traffic that's   going in or out of your environment at at speeds  that are you know that that have to support like   you know any and every application and any type  of outages or any type of problems that happen   can potentially affect millions if not billions of  dollars of revenue you know for for a business. So   it plays a very critical function and it's a very  complex piece of equipment and you know whether   it's in software or hardware uh and so it becomes  really important to sort of think about what the   future of that looks like and and and part of the  charter that we have is to fundamentally redefine   reshape that and there's a tremendous amount of  momentum and excitement that's happening inside   of Cisco that's fundamentally changing what the  future of this is going to look like. And so as   part of the announcement you know one of the big  things that we're going to announce um you know   and and we're we're actively announcing um is the  AI assistant for the firewall and it's it's one   of the first of its kind uh I'm sure you've  heard of Copilot, you've heard of you know   Microsoft talking about Copilot, you've heard of  other folks you know talking about some of those   experiences but what we're bringing to the table  is fundamentally different we're saying hey we are   going to launch an AI assistant that understands  the the policies, understands rules tools that are   inside of a firewall you know on top of that we're  we're able to understand how to troubleshoot,   how to provide step-by-step instructions to  manage that firewall and and provide additional   visibility into your policies and uh and also give  you the ability to troubleshoot you know um your   firewall much much easier you know and faster.  The key thing to sort of think about this is  

it's like hey you know is there going to be an AI  assistant for each part of the security portfolio   or security product and and that's where I think  we have fundamentally you know taking a step back   and said hey this needs to be reimagined it's  not going to be you know an AI assistant for   a firewall, an AI assistant for your XDR it is  going to be a unified assistant you know for the   entire security Cloud right so yeah I mean from  an experience perspective you as a customer you're   you're fundamentally you know you're changing the  way you're interacting with your security suite of   products right you're you're going to use natural  language to ask a simple question. Hey I want to   block this traffic from going out to to you know and uh and and the the assistant basically   parses that knows which API to call, constructs  the the rule for you comes back and and lays it   all out which makes your life a lot easier as a  as an analyst or as a firewall admin and uh and   most importantly like when you think about the  natural behaviors you mentioned that you've you   you've played around with firewalls yourself you  know and uh and so have I I've actually built in a   firewalls in a different company before uh in part  of my part of my journey here. The interesting   thing is you'll notice that people that use the  firewalls they don't want to normally change rules   or policies once it's been deployed right? You  might break something. Exactly you might break  

something and you don't want to be the person that  that gets fired for like you know changing a small   rule somewhere right. So so I think what ends up  happening because of that is that you've got tons   and tons of rules you know, rules on top of rules  and policies that are now sitting out there we've   we've actually talked to a bunch of customers and  a lot of them actually have like know hundreds of   thousands of rules and some of them even have  millions of rules and uh that becomes really   hard to manage and uh and so we're leveraging AI  and the AI system now you know has the ability to   get a lot more smarter about the policy itself  right it has the ability to go back and reason   and say hey hang on a second you're trying to you  know add a new policy uh guess what you already   have a policy that looks a lot like this maybe  you just need to create an object and attach it   to this policy right and then you know you as an  admin you go oh wait I didn't have a policy for   that oh that's great I I had a rule that almost  had all of the right objects I just had to create   a new ad group and attach this person to great I'm  just going to say yes to this. We want to simplify   and and create that experience and and that's  really magical for the firewall admin but but   again it doesn't stop there you know we're tying  that seamlessly across the board but I think you   know just taking a step back for a second as you  think about the announcement itself why should a   customer care about this becomes you know a thing  like a practitioner why should an admin you know   you know get tremendously excited. So let me let  me just take a minute if you don't mind I'll just   sort of just set up um you know a basic sort of  our a framing or a frame of reference of how we   at Cisco thinking about this right.When you sort  of see this the way we're talking about this we we   keep customers at the center of our conversations  right, so if if you're a customer you're wondering   why should I care about AI? Um the very first  you know thing that that comes to mind is the   the fundamental change in experience right? You no  longer are fiddling with knobs you're you're using   natural language to communicate with you know your  your security solutions and so fundamentally we're   changing the experience of how users engage with  security. The second part of it is really about  

the efficacy side of the house. Like are we able  to like do things at machine scale because we want   things that are you know security products are  able to detect things faster quicker better and   then ultimately it's all about the economics  like can I do more with less because I don't   have as many dollars to spend I'm doing you know  all of these things can I you know how can I do   more with less? And so those are the reasons why  customers absolutely have to care about AI right   now. The why quickly segue is you know wait great  I'm I'm bought into this but what is Cisco doing   for you know for for for me and that's where you  know you sort of get into the conversation of the   what and then and so we're breaking that down  into you know three pillars which is assist,   augment and automate when we talk about assist  we're talking about AI assistance we just talked   about what we're announcing what we're launching  AI assistants are fundamentally going to change   the way that humans and machines interact so  we're launching that experience first but then   we're combining that with you know the ability  to sort of correlate you know insights across   you know the the the number of you know vast  disperate signals that Cisco generates right   whether it's on the network or the email or the  the DNS, the endpoint, all of the native telemetry   that we have we want to able to correlate that's  where the augment piece comes in where we're able   to augment you know human insights with machine  intelligence. And the last piece is of course to   automate you know complex workflows that make the  lives of security admins a lot easier. So those  

are the three pillars in which we're building  technologies and uh and finally when you break it   down into how are we doing this we break it into  data models and governance. The data part really   focuses on the again the telemetry that we're  getting from different sources. The models are   specifically focused on the the third party models  and you know like OpenAI or Anthropic or Cohere   um or you know sometimes you know the open source  models that we're using or in fact the the models   that we're trying to start building ourselves,  foundation models that are needed to Cisco. So   we're picking the best of breed uh among those  models and and in in you know focusing on things   that you know make the most amount of sense with  the application that we're using and ultimately   governance is important right? Everybody  cares about what type of data are we using,   is the data like you know sanitized? Do we have  like the right type of Guardrails rails in place?   Making sure no data is leaking. That's absolutely  important to us like we are a security company   in at Cisco we're a trusted business partner  for a lot of lots and lots of enterprises. So   responsible AI is absolutely non-negotiable so  that's that's sort of how we're thinking about   you know the framing of the entire conversation  and uh we're launching specifically experiences   in each one of these segments as you can see. So  firewalls is just the beginning right? Firewall  

is just the beginning I love how you put it and  it's it's absolutely just a beginning and uh and   let me show you you know one of the things that  you just mentioned was that there's there's a   a ton of hype around this and um you know and  it's uh and it's hard because you know one of   the interesting things about AI right now is that  it's moving incredibly fast. Things are changing   almost on a daily you know weekly basis. A lot of  times when you take a look at some of the demos   that are online it's interesting it shows you the  art of what's possible, it seems fascinating but   when you have when you take the step from like a  demo to like a product it's a very different ball   game. Yeah I think I mean I you you've got a demo  and I want to get to that the the audience a lot   of people are working with firewalls and um a lot  of us have had like experiences with technologies   over the years and you mentioned Copilot um I  think one of the concerns a lot of Engineers   will have is can I trust this? No, I think I think  that's it's the number one thing right you know   when we do our own you know conversations with our  customers when uh we're talking to the analysts,   we're talking to you know practitioners that are  using this on a daily basis, I think the number   one thought that that sort of crosses their mind  is like hey I don't know is this going to be safe,   is this not going to you know is this going to do  the right sets of things, you know how do I think   about this how do I position this, there's there's  a lot of lot of thinking around that that that's   sort of happening and and I think we' we've been  very thoughtful about how we want to approach this   right I think we made sure that we're uh when we  think about um you know one of the common topics   is really about hallucination right, people say  that if I were to ask it a question is it going   to come back with the right response and um and  so so what we have done you know with respect   to hallucination is that we've come up with a  a technology stack that uses something called   grounding where it is grounding all of its answers  based on knowledge that you're pointing the the   large language model to saying hey um answer the  question that I'm asking you from this repository   of information or from this database, if you don't  know the answer don't make it up and um and the   best part is like you know when you say that it  actually starts you know behaving appropriately   it only comes back with the answers from the uh  you know from the data store from the knowledge   base that it has. And so um so yeah so you're spot  on I think trust is the the number one thing that   we have to go out and solve for and again and  as I walk you through the demo you'll see that   we're trying to build the right types of user  experiences to sort of improve and enhance the   trust that you know that they have and then  the one point I'll just you know articulate   before I dive into the demo is that it is a  challenge right when you think about you know   uh people getting on planes, planes are by and  large you know being driven by you know control   systems that are that are powering the autopilot  mechanism the Pilot's really watching for like   abnormal things but you know by by and large the  plane sort of flies itself trying to get that you   know into a reality for cars has been a lot harder  because you know you now have like a much larger   population as opposed to just the a small group  of Pilots that are piloting you know aircrafts you   now have like a vast majority of people that are  still uncomfortable letting go of control but it's   starting to happen you know with uh self-driving  cars becoming a reality. I think we're going to   go through that same face of like you know a  lot of skepticism to like wait it's starting   to be useful I'm starting to use it every once  in a while to like I'm starting to use it every   day to like I completely trusted to do its job. I  think we'll see that same transition happen here  

as well and we're just at the beginning of that  curve. So here's a a quick view of um what it is   that we are building and um and then we will be  announcing very very shortly. Here's the Cisco   defense orchestrator we use the uh the CDO to be  able to um control, manage uh your firewall rules,   your policies and uh and what you're going to  see over here is um an instance where we um we've   actually deployed the AI assistant you can see it  right on top you're in by clicking on a button it   pops right over and um you know this sort of has a  UI and a UX that's easy to use easy to understand   in this case it looks a lot like you know um what  you might see from a ChatGPT right. It asks you  

hey what what would you like to ask today? Here's  an initial setup guide. Here's an admin you know   super admin experience access control you know  these are sample prompts that you can ask. So   for instance here what access control rules are  disabled you can click into it and uh it's going   to come back come back with a response. You also  have the ability to sort of go back into like   history of conversations that you've asked. Here's  an example of hey uh you know what is a shadow   rule I'm trying to understand what a shadow rule  is, it comes back to the response it gives you   the sources and the links. What's interesting over  here is that you've got um you know uh the ability   to give feedback. So you can give it a feedback  and you can say hey wait a minute I was not with  

the response that just came back and then you  could give it a a thumbs down and then when you   do that uh it'll come back with a few options you  can say Hey you know it was factually inaccurate,   it was uh irrelevant, it was you problem with the  citation and so on and so forth and uh and that   automatically provides feedback that makes the  models better. You know it's not just that you   know we're constantly you giving you answers we're  we know for a fact that you know the answers that   that you see are mostly going to be right but when  they're not right you have the ability to give   feedback and and make the models better. So that's  really what we have you know built into this but   you know going back to the uh conversation you  know, you can you can basically ask questions   about a specific policies. It's like hey list  all of the policies that are actively deployed  

it comes back and says hey here are some of the  policies that that have been actively deployed   and then I can ask it a question to say hey can  you turn this policy on, can you set it a block,   can you give me a list of objects, um you know  give me step-by-step instructions to make this   change and you know we've also built a Guardrails  now if you were to ask it a question about hey   what is the weather like today? It's going to come  back and say hey thanks for a question but I'm a   firewall expert and this is my area of expertise  so um if you want to ask about the weather you   might want to try different websites to do so.  So we've implemented those basic Guardrails as   well so that's a a quick view you will have the  ability to make this full screen if you want to   you know if you are constantly using it which is  what we like you to do uh and if if things work   out well and and it's sort of solving the you know  the problems for you you know you would you know   potentially put this on a on on a second screen  and start using this as your default way to be   able to talk to uh you know your security products  and so and at the same time when you're done with   the work you just you know close it out and uh you  can always look it back you know it comes back the   same way you can move it around if you like it  as a side right rail and experience so you can   just say hey you know pop it to the side. So we've  made sure that from a usability perspective it's   got the right sets of things. You know we've been  doing this for a long time in the old days it was   CLI was the way that we managed devices and then  it's moved to like GUI and this is just another   iteration of an interface is that is that kind  of fair to say? It's a it's a great point that   you raised right I think you're spot on about how  we're moving back to a a text based interface but I   think the um the fundamental shift though is that  you don't have to learn a new language anymore.   You don't have to learn how the CLI spec works.  You can come and ask a question as you normally  

would it's like how do I create a basic security  policy for FTD and then you're off the races it   breaks it down for you, it gives you the sources so  you feel confident that hey I can go read up the   source you know you can click into it to say oh um  you know can I get more details on that specific   link and then you know exactly that oh it's it's  it's pulling all of this information from here.   Imagine now this working across portfolio products,  it's not just one product, it's like you know your   your firewall, your XDR, your you know think about  you know every single speed of products that are   seamlessly now interfacing using a a singular  assistant it starts to make a lot of a lot of   sense from a you know from from where we are  headed perspective. So so this is today what   you're seeing is for the firewall and this is  the big announcement. We are actively adding   more capabilities um this is going to be launched  uh you know in private preview for our customers   that are using CDO and and and CD FMC which is the  the the Cisco Defense Orchestrator and the Cloud- Delivered Firewall Management Center and then you  know we're rolling this out to the On-Prem FMC's   as well which is really interesting right I think  when you think about a lot of customers that are   still running their firewalls on Prem that're not  connected to the cloud we are still offering them   the ability to leverage the AI assistant by summer  they'll be able to start using this as well. So it  

really changes the game for all of the firewall  you know uh users and admins and our goal is to   be able to give them you know a unified you know  a single pane of glass if you will but your   point it's going to be a you know a conversational  interface. Yeah I mean that's fantastic I mean I   think ChatGPT really brought it home to a lot of  people how powerful it is to have a chat interface   before that AI was this like thing somewhere out  there in the ether but it kind of brought it to   a lot of people that you can configure stuff  and get a lot of information just by chatting   to a machine. You you're spot on right I think  I think that is the big you know game changer   right I think um and again it's you know one of  the interesting things that's happening from an   evolution perspective is that we're starting to  see multimodal responses right so it's not just   the a text based response it's able to come back  to you you know uh in a tabler format you're able   to now start providing it with pictures and it  recognizes what the picture is about and it's   able to respond back as well so what's what's sort  of happening and again the same thing's happening   with voice to text in our transcription as well  we're very rapidly sort of headed to the place   where the conversational way of engaging with  machines is going to become the default way of   you know getting things done and you know as much  as it might seem unnatural to begin with you know   it's like people are used to using keyboards uh  they used to using a mouse if you remember there   was a big transition from like folks that just  used a text based interface to like giving them a   a mouse and saying hey start to use the GUI and  uh and there were people that were holding out   saying no no I'm going to still use my I'm still  going to use my whim yeah right and so um so we're   we will have an initial phase of like people saying  wait a minute this feels a little unnatural before   they start to recognize that it is saving them a  lot of pain. We've already done some user studies   where um the user research response have come  back and and and you can see a marked improvement   in in the rate of learning for people that are not  familiar with something it gets them to a point of   being productive much faster but more importantly  for those that are experts as well you know once   they recognize that the system is doing what it's  supposed to and their trust factor increases they   start using this more than going down and like  clicking on knobs you know five pages deep that   they just you know trust the assistant to go out  and execute on it over and over again. The problem   in cyber security right is it we just don't seem  to be winning, so it looks like the old way is just   not working and it sounds like this is we have to  do this we have no choice cuz we're overwhelmed   there's there's too many attacks, companies are  getting hacked every day it sounds like this   is we have we have no choice to rely on a manual way of  doing things right? Absolutely I think I think this   is truly that moment in time where you know um AI  starts tipping the uh you know the battle in favor   of the defenders right and and that's really what  we're seeing right now um because it is not cheap   to be able to you know run inferences on models  um which directly you know means that you know   the the economics for an attacker is fundamentally  starting to shift. When you are able to correlate   things at at a at a speed faster than what humans  are able to do you are forever changing the way   you know the economics of an attack happens and  so so that's why this is incredibly interesting. 

One of the so let's let's I just want to like  ask the questions that I'm pretty sure a lot   of people are ask are thinking about is the  problem with like ChatGPT and I'll just use   that as an example because it's like the posted  child if you like, hallucinations you've addressed,  so hallucinations are a big problem where it just  makes up random stuff um and then the other thing   is training data I think a big concern about  AI is what is it actually trained on? You know   I think I think the one of the things about you  know let's let's talk about ChatGPT because that   was the example but then we'll we'll talk about  the models that we're using as well. I think when   you use ChatGPT I think you know interesting part  of it is it's crawled the entirety of the web in   you know in some shape or form right but um what  we don't know and what they've not made public   is you know what else went into it, like what is  the training sources, how how do they curate the   the data there's a lot of um you know something  called Reinforced Learning through Human Feedback   that's gone in or you know RLHF for short it's  basically in a human sort of like curating the   data set and changing the shape of the model to  sort of respond appropriately so there's not you   know there's lower levels of toxicity, you know  there's lower levels of hallucination, so on and   so forth right. So a ton of work has gone into  building these you know these models and we're   seeing a huge movement where you know open source  models are starting to you know uh perform rather   well and uh and the same thing sort of happening  with you know some of the small models as well   which are not quite as large as the open models  but smaller models that are effective and useful   in being able to solve these problems so so we're  seeing a brand new ecosystem of models emerge and   each one of them have different corpuses of data  that they're training on. What's really interesting   is being able to um build domain specific models  that understand a specific domain starts to get   tremendously interesting right when you think  about a company like Cisco we've got data coming   in all the way you know from the network to the  um you know to the endpoints through email, through   DNS, to like pretty much you know there's data  that's coming across the board and and each you   know our ability to sort of like understand that  data is rather unique right because of all the   things that we do and so building custom models  that that sort of understand that data uh becomes   a a an an absolute requirement so that's something  that we are aware of and we're making sure that   when we look at that data we're we're training  in you know the right and the appropriate ways   you know um we've got the right amount of Guardrails implemented that make sure that there's   no you know PII PCI data inside of training  data that we that we use we've de-identified   any customer specific information sometimes we  you know we actually don't even use customer   data we're actually creating synthetic data based  off of the the statistical properties of the data   that we're seeing and then using that synthetic  data to be able to train the models to behave   in a particular way so that when you detect an  anomaly it's able to automatically sort of guess   what that anomaly could potentially mean and then  you know use that to be able to effectively you   know do the detection. So yeah we're uh you know  training data is really important and um as you   think about companies that will become successful  you know companies that have you know a massive   amount of data gravity will obviously become  the de facto winners in this game because um   it'll matter that you have unique algorithms but  it'll matter even more that you have access to   proprietary data and uh and that's where you know  we're very interestingly poised. I think that's   Cisco's huge strength you've got all this data that's  because I think the when I talk to people about   AI and networking or AI and that people say look  the problem is like ChatGPT or whatever was just   pulling the stuff off the internet and I mean you  can't trust a lot of that stuff at least I mean   the difference here is you're using proper data  for the specific domain. That's right that's right  

and I think I think you know um it's it's it's  interesting right ChatGPT in itself like you know   it is they've not only just pulled the data but  they've done a lot of work on top of it to be able   to make it you know um really effective so the way  to also think about this is the models are good at   being able to like provide in an explanation  in natural language in in an English language   that we can understand but then there are other  techniques called Retrieval-Augmented Generation   or RAG which you know uses data from a database or  a corpus of data from from a knowledge base that   is very specific to the questions that you're  asking. When you are retrieving data from that   RAG and then you're couch it in the context of the  language model you sort of now have the ability to   you know get the best of both worlds so you can  easily now use a model like ChatGPT that the equal   under the GPT4 model or the GPT4 Turbo which is  just recently announced you could use the latest   and the greatest but then you're grounding it on  data that is very specific to what you have so   that really you know the combination really makes  a a huge difference you know um to a customer and   as they start using AI. I think the I mean I want  to talk about the um you've got the AI powered   encrypted visibility engine as well right and and  then I want to come back to some of the concerns   people have because we I don't know how much time  we got left so could you tell us what that's about   cuz that's really interesting cuz the big issue is  like I got all this traffic coming in everything's   encrypted these days I mean you try and do a  network capture it's all encrypted how on earth   do you know what's good what's bad? No I think I  think you're you're spot on so so going beyond the   assistance you know we're leveraging AI to be able  to effectively you know do detections right. Being   able to you know augment we we talked about assist  augment and automate the part where we're we're   augmenting human intelligence here is you know um  by looking at the the data packets that are going   from you know point A to point B but because  they're encrypted you know it's hard for you to   be able to like you know crack them open and and  decrypting it is expensive as well from a computer   perspective all the way you know up into the you know the application layer. What we've done  

here at Cisco is that we've solved an incredibly  hard problem you know a very hard computer science   problem in like being able to recognize you know  which application is sending what type of traffic   even you know without decrypting those packets so  so Encrypted you know Visibility Engine or EVE is   able to see that you know whether it's you know  TLS or QUIC you know protocol recognize that   hey um you know this particular application is  now you know sending this type of traffic it can   recognize which Operating System the application  is running on, what browser it's using, what version   uh you know of the OS and the browser, what type  of headers are on top of it just by inspecting   the handshake, just by inspecting looking at  you know the the encrypted traffic itself and   um it's using a a bunch of different methods  inside it to be able to identify a malware um   that's uh that's sending traffic you know we're  using LSTMs by directional long short term memory   which is a technique in deep learning to be able  to identify these signatures and um and then on   top of that we're using you know you  know signatures as well uh to be able to recognize   that hey this application is this fingerprint and  give it you know a certain you know confidence   score uh based on what the uh what the classifier  comes back with. All of this is interesting but you   know if you're just identifying that's not going  to be enough right you've got to be able to take   an action on the traffic what we're announcing  is that we're we're effectively able to write   rules inside of the firewall that blocks this  traffic from a malicious you know process that   could be running inside of um you know an endpoint  without you having to decrypt the traffic and so   think about what happens when a ransomware comes  together right? You have a process that's running   inside of a device and this device could be  something that you could not run an endpoint agent   on it could be like a a heart lung monitor or it  could be a um you know a diabetic pump that you   know shoots out insulin that's running a Windows  Operating System and it's hard to like install an   endpoint agent so which means you might have to  like if if if it gets a process that starts to   encrypt things and you know start to behave like a  ransomware you have the ability to use those known   signatures to block the traffic that it would  send out to exfiltrate all the data out and   create the uh uh the ransomware part you have the  ability to stop that at the network level without   you know doing anything so so it's it's a it's a  huge thing that we're doing you know being able to   block malicious encrypted traffic you know from  egressing outside of your environment. In other   words you are able to see what's in the packets  even though you're not decrypting it? Correct we're   we're able to use like like know properties of  the packet the size of the packet being able to   see where it's originating, where it's terminating, we're able to extract you know just by looking at   the the characteristics of the encrypted packets  we're able to determine it's sort of where the   secret sauce comes in where it says hey we have  now you know we're now effectively able to with   the high degree of confidence state that this  packet belongs to this process and therefore we   can start taking actions on them you know on that  entire session, on those packets, on the stream and   uh and block that traffic from going out. I would  just want to address like elephant in the room for   a lot of people jobs is there a future for me you  get the you know the the one side of the of the   like sort of um story out there that no one's  going to have a job in 5 years or 10 years or   whatever because AI is going to eat all the jobs  and then you've got the other side which says AI   is nowhere near good enough to be deployed and I  mean this is like a real world example it's a bit   scary I think because you know ChatGPT writing  a letter or writing some poem or something is is   one thing but an AI writing firewall rules that  could affect a company is like a next level of   like seriousness. No I think that's a it's a it's  an excellent question uh David I think the the   the way to think about this is um anytime there's  a new technological Epoch there's a lot of things   that change when that Epoch comes together if it  weren't for the advancement of internet and uh   and us all collectively as a humanity embracing  internet you and I wouldn't be able to do this   call you know on a web browser right you know I  think I think what's going to happen is you know   we are now basically looking at an Epoch that's  moved faster than any other Epochs in the past   right because we now have an amazing distribution  mechanism which is basically the internet and uh   and AI is able to move a lot faster because we  have the connectivity that we need to be able   to effectively distribute AI in in some ways  I think the the reason for that fear might be   because of the speed at which it's moving but  that said I think it's about you know I don't   think it's you know ever going to replace a human  being I think the way I sort of see it you know   personally is that it's going to augment the human  ability it's going to provide us with you know   superhuman capabilities we're going to be able  to do things tasks that used to take a lot longer   a lot faster right now you know. It's like you  know if you go back to spreadsheets when before   spreadsheets existed we would have to spend time  writing complex you know instructions or writing   them on ledgers of like all the things that we had  to do spreadsheet sped things up it did not take   away the jobs it took away some different types of  job but it repurposed it into something a lot more   interesting for the knowledge workers I I I bet  you that that is what is going to happen I think   you're going to start to see you know certain  things about managing a firewall is going to   become easier which means you're no longer going  to see firewalls with six million rules or five   million rules out there anymore because it's  becoming it's going to become easier to manage   it's going to become easier to you know get in  there at a rule and you it's not going to require   ire a master's or PhD in managing firewalls right  so that is that part is going to get easier uh   which means you now have you know creative forces  and energies being spent on other more interesting   problems and uh and the best part about humanity  is that where we always find interesting more   interesting things to go out and solve you know  and so so that's really what we will see at the   next turn I don't think it's going to take away  all of our jobs it's going to make us really good   at our jobs and give us better things to do. I love  that it's a great explanation I think the the next  

question in 2024 what should I study or where do  you I mean this is like a major shift and there's   a lot of hype and it's always nice to talk to  someone who's an expert in the field to separate   the hype versus like reality and like actionable  things that I should do so I mean perhaps you can   just give us some guidance like career advice or  you know what where do you think we should if I'm   if I want to study something I mean I should study  AI whatever that means like any idea any like sort   of guidelines any advice? No for sure I think I  think what's what's sort of happening is that   AI is moving out of the the research labs into the  hands of people that can use it the the minute you   can actually access AI over an API call you you  know that at this point in time it's moved away   from like researchers to developers and Engineers  that can build amazing experiences on top of those   APIs it sort of happened with the cloud as well I  I'll use cloud as an analogy right. Previously if   you had to build your own data center you needed  to know everything about how do I rack and stack   each and every single one of my servers, how do  I solve for power, how do I solve for cooling, you   had to know all of that to be able to effectively  you know build an application that runs on top of   the data center you know when when what happened  with the hyperscalers was that they provided you   with a simple API call that allowed you to just  deploy your application everything got managed   by itself we're we're at that same sort of phase  of evolution where you don't need to know about   every single matrix multiplication that goes on  to be able to build or create these models you   have the ability to sort of come in and say hey  I'm going to use the APIs to be able to build   amazing experiences on top so um so in some ways  you know instead of AI researchers you're going   to start to see a lot of AI engineers and uh and  then along with this you're going to see a lot   of AI operations people that come along and say  hey in order to make sure that the AI APIs are   working properly I have like machine learning Ops  or AI Ops is going to become a thing as well. For   people that are looking at specializing you know  it's sort of you you just have to pick which you   know part of that you know gradient do you want  to be. Do you want to be part of the the research   team in which case you want to spend time learning  about the core mathematical you know foundations   that go behind building you know machine learning  and deep learning models. If you want to be more of   the AI engineer then you know you start you know  playing around with the APIs that are available   for GPT or you know playing around with API's for  Anthropic and like some of the other models that   are coming out, understanding how to like build  applications on top of them and if you want to   be on the operation side being able to understand  what it means to like server model, what it means   to you know leverage the GPUs you know in a cost  optimal fashion all of those problems become a   lot more interesting. So those are the spectrum and  that's sort of how I would break it down and  

that's how I would spend time focusing on which uh  which areas to focus. uh which areas to spend time   on I I I always advise people you know ride the  waves and this is just another huge wave that can   be life-changing right um and really enhance your  career I mean the problem a few years ago is I had   to go and get a PhD in math to try and understand  any of this stuff and statistics and all the rest   of it I mean a lot of us who who a lot of people  watching this aren't at that level but it sounds   like it's now more available like you said just  with API I could actually do something serious   with AI absolutely no I think I think that is the  that is the big shift that's happened right now I   think you're spot on right now and I think I think  and that's where you're seeing a a lot of a lot   of interesting applications being built you know  um you know all the way from like chat GPT is a   classic example but there are so many variations  of like tools like that that that's coming out   of bar that's coming and that's being built on top  of Anthropic and and each one of these experiences   are going to change how we you know how we  perceive techn technology know fundamentally we've   got ChatGPT as an example and Cisco have got this  new product and this is obviously going to grow   but that opens up a whole ecosystem doesn't it um  where if I write an application I could interface   with those APIs and like create something brand  new absolutely yes you know you're you know it's   the beginning of like you know a new journey you  know where we're going to start to see a whole   lot of interesting suite of applications being  built out in fact you know one of the interesting   concepts that that ChatGPT had was the notion of  plugins right being able to you know um bring your   plugin and then connect it in ChatGPT it's sort  of very similar to how co-pilot is thinking about   something called skills instead of the Microsoft  ecosystem we have a very similar perspective in   terms of how we sort of see ourselves unifying  this assistant across all of the security cloud   and uh and you're going to see us like you know  talk a little bit more about that you know as as   the you know as the weeks progress as the months  progress um but but that's definitely on top of   our minds in terms of how we can um supercharge  an entire ecosystem of capabilities on top of the   assistance we're running out of time so last  question where will the world be in 5 years   nice question but just like to give people kind  of like where where's it going where do you see   it going no it's uh it's going to be you know  absolutely interesting right I think it's uh   you know I don't have a crystal ball but my my my  instincts are that you're going to see compute and   computational pieces fundamentally change you know  it's going to be less and less of keyboards and   mouse and more of being able to you know talk to  Alexa and series of the world um you're going to   see a huge amount of intelligence come into like  you know day-to-day tasks opening a browser uh you   know filling out a form a lot of those things  are going to go through fundamental changes so   in five years from now you're going to see a very  different modality of like how you engage with you   know any type of compute any type of uh you know  the infrastructure that supports that compute is   going to go through a huge amount of change and  uh and I do believe that it's going to get very   interesting you know from a purely from like  you know user experience and and a usability   point of view DJ I really want to thank you I know  we're out of time I really want to thank you for   sharing you know not just the scary stuff but like  also future for people and how things are changing   thanks so much David it was a pleasure talking  to you thanks so much for having me on your show

2023-12-07 21:07

Show Video

Other news