To some, Artificial Intelligence and Machine Learning (AI/ML) might seem scary. However, applying AI/ML to analytics and troubleshooting can transform how IT teams operate. Last November at AI Field Day, Cisco spotlighted its AI Endpoint Analytics, part of Cisco DNA Center. Cisco AI Endpoint Analytics has the intelligence to classify and profile endpoints with AI/ML, resulting in far fewer unknown endpoints and an ultimately more secure network.
Who’s Afraid of Big, Scary AI?
For some people, fear surrounds the very idea of AI/ML. Will AI/ML invade our privacy, perpetuate our biases, or more practically steal our jobs? Like many things in life, we want to apply a good or bad label to make sense of the world. The truth, though, often defies labels and is more complex and nuanced.
One less controversial aspect of AI/ML is that it can optimize and transform how organizations work. IT teams are no exception. Tasks like analytics or troubleshooting are often time-consuming and involve a lot of guesswork. AI/ML can potentially bring automation, intelligence, and predictability to these tasks and free up staff to work on other business value-adding tasks. One of the best things about AI/ML is that as organizations continue to use it and add more data points, predictions typically become more accurate.
Tackling Device Proliferation and Unsecured IoT devices
Cisco AI Endpoint Analytics is an on-premises solution that sends anonymized telemetry data through cloud-based AI/ML training models for insights and predictions. For AI Endpoint Analytics to support analysis on Software-as-a-Service offerings or Working From Home (WFH) traffic, any network flows will first need to be exported back to Cisco DNA Center on-premises.
Visibility is critical to securing networks and creating more effective segmentation. Device proliferation, unsupported OSes, and unencrypted IoT are significant obstacles to network security. Cisco AI Endpoint Analytics, though, tackles these challenges and aims to bring visibility and context to the plethora of devices or endpoints that an organization might find on its networks.
Adding Context and Reducing the Number of Unknown Network Devices
By leveraging AI/ML, Cisco AI Endpoint Analytics has the power to significantly reduce the number of unknown devices and classify and profile endpoints. Additionally, in cases where devices cannot be profiled, AI crowdsourcing can help create labels based on device type, hardware model, hardware manufacturer, operation system. Admins can approve or reject AI/ML-generated labels. The labels can then be used to create ISE rules. Cisco AI Endpoint Analytics integrates with workflows like ServiceNow and Cisco ISE for additional automation and operational efficiency.
Cisco considers validating endpoint behavior to be a key differentiator in the future. By leveraging ML analytics, AI Endpoint Analytics may detect when devices deviate from the model. This kind of intelligence can be used to prevent or stop man-in-the-middle attacks and other attacks like MAC address spoofs. Currently, blocking spoofed devices is a manual process. However, in the future, organizations may be able to leverage ISE or other automation to block the endpoint or device.
Conclusion
Cisco has been on a ten-year journey in developing AI Endpoint Analytics with DNA Center. Cisco uses cloud-based AI/ML to reduce unknown devices and support anomaly detection on endpoints. In the future, Cisco AI Endpoint Analytics will take more proactive actions like automatically leveraging ISE and other workflows to block endpoints and thereby create more secure networks.
To learn more about Cisco AI Endpoint Analytics and how Cisco leverages AI/ML, check out Cisco’s presentation from AI Field Day.
