Following the big acquisition of Splunk in 2023, Cisco launched Hypershield, an AI-led security solution, last year.

A centerpiece in the newest Cisco AI Secure Factory undertaking with NVIDIA, Hypershield puts security into the very things it secures, instead of creating a secure border all around.

โ€œHypershield starts as the first tangible thing in application security solution but it’s more than just one product,โ€ said Andrew Ossipov, portfolio CTO at the Tech Field Day Extra at Cisco Live EMEA 2025, last month. โ€œIt’s an innovation framework that will continue expandingโ€ฆacross the entire network fabric.โ€

Hypershield builds on an older product on Ciscoโ€™s portfolio, Secure Workload, that provides firewalling functionality within the OS.

โ€œ[Itโ€™s] kind of foolish to put a firewall in front of every VM or every host. Secure Workload goes deep into the application, looks at the process trees and how processes interact, does various fingerprinting and behavioral analysis, and eventually feeds all that information into enforcement points like firewalls and built-in firewalls into the host operating system,โ€ Ossipov explained.

Hypershield follows the same defense in depth strategy, but at the kernel level. โ€œHypershield takes what [Secure] Workload does at the application host OS level and turns it into proper inline security for pretty much every input/output call into every individual application,โ€ he explained.

Embedding firewalling capabilities deep within the application allows Hypershield to do granular segmentation and bring visibility into the nooks and crannies of the application, including existing software vulnerabilities.

Cisco uses its deep and broad understanding of application interactions and behaviors to deliver autonomous policy creation compliant with government requirements with Hypershield. Hypershield is designed to intelligently tighten and relax policies depending on whatโ€™s needed for an application.

In the IT environment, segmentation is traditionally used for reasons like shrinking the blast radius, preventing lateral movement and meeting various compliance and policy regulations.

โ€œThere’s quite a lot of challenges with those things still today. [Itโ€™s] a tough nut to crack,โ€ Jeroen Wittock, technical leader, noted, while demoing Hypershield at the event.

With Hypershield, Cisco taps into Extended Berkeley Packet Filter or eBPF, a Linux kernel feature.

โ€œThe whole idea behind autonomous segmentation is that we now are using this pretty cool technology.โ€

eBPF allows Hypershield to safely extend kernel capabilities without having to modify the code.

โ€œKernel, regardless of the operating system, probably qualifies as being one of the most complex pieces of code in existence today,โ€ Wittock noted. โ€œeBPF actually allows you to have certain specific previously-not-used or custom capabilities in the kernel, and we will run it inside the kernel.โ€ This leads to both performance and security improvements.

As noted, Hypershield leverages a โ€œhyper-distributedโ€ architecture that aims to put a firewall engine inside every device, every enforcement point and the connectivity across the network, Ossipov said.

โ€œIt is taking a consistent enforcement threat protection engine and dispersing it across many different, little, tiny firewalls versus one big one.โ€

Hypershield supports dual data paths, namely a primary data plane and a shadow data plane. Real-world traffic is replicated between the planes with the latter acting as a digital twin where all software upgrades are tested and given a deployment confidence score before they are run in production. This allows Hypershield to self-quality all updates and self-update.

โ€œEvery software change, every policy change, all production traffic, should be tested automatically inside that secondary shadow data plane before we switch. So it gives you an opportunity to preferably not have an outage at all, but at the very least if you do have an outage, it is contained to a very small set of flows which are mirrored through that secondary data plane,โ€ Ossipov told.

One of the force multipliers in Hypershield is artificial intelligence (AI), but not in the same predictable and obligatory way as with many solutions. Cisco emphasized that it intends โ€œto introduce AI to reduce, for instance, policy complexity as you have tens of thousands of applications.โ€

โ€œIf you have to write a policy which looks at 10,000 connections across 400 applications, doing it by hand is a very difficult task. It’s a combination of application manifests from DevOps team but also behavioral analysis,โ€ said Ossipov, referring to a situation that a banking client of Cisco faced.

โ€œ[Hypershield] eventually becomes this framework that incorporates these core concepts across all kinds of network security products that Cisco builds,โ€ Ossipov told.

Hypershield is available to customers on early access, with general availability coming soon.

TECHSTRONG TV

Click full-screen to enable volume control
Watch latest episodes and shows

Tech Field Day Showcase

SHARE THIS STORY

RELATED STORIES:

Announcements from Cisco Live | Gestalt IT Rundown: June 7, 2023

Achieving a Consistent Policy across Enterprise with Cisco Security Group Tag

The Power of Policy Made Simple with NSX Managerย 

Policy Management Gets Easier with Cisco AI Assistant