Following the big acquisition of Splunk in 2023, Cisco launched Hypershield, an AI-led security solution, last year.
A centerpiece in the newest Cisco AI Secure Factory undertaking with NVIDIA, Hypershield puts security into the very things it secures, instead of creating a secure border all around.
“Hypershield starts as the first tangible thing in application security solution but it’s more than just one product,” said Andrew Ossipov, portfolio CTO at the Tech Field Day Extra at Cisco Live EMEA 2025, last month. “It’s an innovation framework that will continue expanding…across the entire network fabric.”
Hypershield builds on an older product on Cisco’s portfolio, Secure Workload, that provides firewalling functionality within the OS.
“[It’s] kind of foolish to put a firewall in front of every VM or every host. Secure Workload goes deep into the application, looks at the process trees and how processes interact, does various fingerprinting and behavioral analysis, and eventually feeds all that information into enforcement points like firewalls and built-in firewalls into the host operating system,” Ossipov explained.
Hypershield follows the same defense in depth strategy, but at the kernel level. “Hypershield takes what [Secure] Workload does at the application host OS level and turns it into proper inline security for pretty much every input/output call into every individual application,” he explained.
Embedding firewalling capabilities deep within the application allows Hypershield to do granular segmentation and bring visibility into the nooks and crannies of the application, including existing software vulnerabilities.
Cisco uses its deep and broad understanding of application interactions and behaviors to deliver autonomous policy creation compliant with government requirements with Hypershield. Hypershield is designed to intelligently tighten and relax policies depending on what’s needed for an application.
In the IT environment, segmentation is traditionally used for reasons like shrinking the blast radius, preventing lateral movement and meeting various compliance and policy regulations.
“There’s quite a lot of challenges with those things still today. [It’s] a tough nut to crack,” Jeroen Wittock, technical leader, noted, while demoing Hypershield at the event.
With Hypershield, Cisco taps into Extended Berkeley Packet Filter or eBPF, a Linux kernel feature.
“The whole idea behind autonomous segmentation is that we now are using this pretty cool technology.”
eBPF allows Hypershield to safely extend kernel capabilities without having to modify the code.
“Kernel, regardless of the operating system, probably qualifies as being one of the most complex pieces of code in existence today,” Wittock noted. “eBPF actually allows you to have certain specific previously-not-used or custom capabilities in the kernel, and we will run it inside the kernel.” This leads to both performance and security improvements.
As noted, Hypershield leverages a “hyper-distributed” architecture that aims to put a firewall engine inside every device, every enforcement point and the connectivity across the network, Ossipov said.
“It is taking a consistent enforcement threat protection engine and dispersing it across many different, little, tiny firewalls versus one big one.”
Hypershield supports dual data paths, namely a primary data plane and a shadow data plane. Real-world traffic is replicated between the planes with the latter acting as a digital twin where all software upgrades are tested and given a deployment confidence score before they are run in production. This allows Hypershield to self-quality all updates and self-update.
“Every software change, every policy change, all production traffic, should be tested automatically inside that secondary shadow data plane before we switch. So it gives you an opportunity to preferably not have an outage at all, but at the very least if you do have an outage, it is contained to a very small set of flows which are mirrored through that secondary data plane,” Ossipov told.
One of the force multipliers in Hypershield is artificial intelligence (AI), but not in the same predictable and obligatory way as with many solutions. Cisco emphasized that it intends “to introduce AI to reduce, for instance, policy complexity as you have tens of thousands of applications.”
“If you have to write a policy which looks at 10,000 connections across 400 applications, doing it by hand is a very difficult task,” said Ossipov, recalling a banking client who had a similar situation.
The AI in Hypershield reduces the amount of work making it swifter and free of human error.
“[Hypershield] eventually becomes this framework that incorporates these core concepts across all kinds of network security products that Cisco builds,” Ossipov told.
Hypershield is available to customers through an early access program, with general availability coming soon.
