Skip to Main Content
 

Major Digest Home Cisco details Live Protect’s real-time threat mitigation capabilities - Major Digest

Cisco details Live Protect’s real-time threat mitigation capabilities

Cisco details Live Protect’s real-time threat mitigation capabilities
Credit: Network World

Cisco this week shared more details about its new Live Protect package and how it will help Nexus-based data center operators safeguard valuable resources.

Announced and demoed at the recent Cisco Live event, Cisco Live Protect for Nexus infrastructure replaces disruptive, traditional patching cycles with real-time shields that mitigate vulnerabilities instantly, according to Shankar Varanasy, product management leader with Cisco’s data center networking team.

“By orchestrating these proactive defenses through Cisco Nexus One and Cisco Nexus Dashboard on premises, administrators can neutralize threats the moment they arise, ensuring a hardened security posture without sacrificing operational uptime,” Varanasy wrote in a blog post this week. “This approach effectively eliminates the traditional trade-off between security and availability, allowing data centers to maintain a hardened, high-performance posture while ensuring continuous, uninterrupted service delivery.”

“Live Protect uses extended Berkeley Packet Filter (eBPF) technology, a powerful Linux kernel feature, through the Tetragon agent embedded in NX-OS. This allows deep visibility and enforcement directly within the kernel, monitoring system calls, file operations, process control, and network traffic to detect and prevent privilege escalation, control-plane attacks, and other sophisticated threats,” Varanasy wrote.

The Live Protect vulnerability shields are basically policies for a selected, validated vulnerability condition, according to Varanasy. These shields are intended as temporary measures and should be decommissioned once a permanent software fix is applied, he said.

“Live Protect is not a patch,” wrote Tom Gillis, senior vice president and general manager of the Cisco infrastructure & security group, in blog post about Live Protect in June. “It does not replace the need for core lifecycle discipline or permanent software updates. Instead, it serves as a temporary, targeted shield that mitigates the risk of a specific vulnerability with a few clicks. It is intended to be a ‘finger in the dike’, an emergency control that is applied to a running system without disrupting that system between more frequent maintenance windows.”

Live Protect works by using eBPF to run sandboxed programs within the operating system kernel, Gillis wrote: “This gives us the deep visibility and surgical control to intercept and block exploit attempts at the source without changing the kernel’s source code or requiring a system reboot.”

“The unique capabilities of eBPF allow us to make very fine grained, pin-point controls that shield a known vulnerability from being exploited. The shield can be as specific as ‘do not allow this particular process to access this particular file.’ Because these shields are so fine grained and specific, they are designed to have ultra-low false positive rates. In simple terms, that process should never access that particular file. So, we don’t allow it,” Gillis wrote.

“Data center environments are becoming more complex,” Varansasy wrote. “This increases the number of possible entry points for attackers. Older systems and outdated infrastructure make things even harder because they often lack hardened products, software compatibility, and the latest security features. Legacy systems therefore require frequent manual updates, troubleshooting, and patching to react to security threats—especially with technologies like Claude Mythos, Anthropic’s AI model that can autonomously discover and exploit software vulnerabilities at unprecedented speed. Teams spend more time maintaining and securing infrastructure than focusing on business-critical outcomes.”

“Traditional security patching methods require scheduled downtime and maintenance windows, which can delay the deployment of critical fixes and leave networks exposed to zero-day attacks. These delays create windows of vulnerability that sophisticated attackers can exploit,” Varanasy wrote.

World Wide Technology on Cisco Live Protect

Technology provider World Wide Technology (WWT) has been closely watching the development of Cisco Live Protect and called new capability “genuinely exciting.”

“One of the most practically impactful announcements this week was the general availability of Live Protect on the Cisco Nexus 9000 series,” WWT wrote in a blog post following the Cisco Live event.

“The problem Live Protect solves is one that every infrastructure and security team knows well,” WWT wrote. “When a critical vulnerability is disclosed, the permanent fix requires a patch cycle: testing, change control, maintenance windows, coordination across teams. In a high-velocity threat environment, that process takes time an organization may not have. Live Protect inserts Cisco-validated runtime protections immediately, closing exposure while the permanent remediation proceeds through its normal workflow. No reboots required. No disruption to operations.”

Some other Live Protect facts from Cisco:

  • Live Protect is a compensating control designed to mitigate risk during the interim period between vulnerability disclosure and remediation. Customers should continue to prioritize regular software maintenance and deploy permanent patches or fixed software releases.
  • Live Protect doesn’t protect customers from everything. Shield availability is determined by a range of factors, including the nature of the vulnerability, exploit characteristics, supported platform, software release, policy, mode, and Cisco validation status.
  • Availability is specific to the supported Cisco product, software release, policy, mode, delivery path, management surface, and lifecycle support, though currently Nexus systems are the only portfolio offered support now. Other systems such as campus and branch products are expected later this year.
  • What is Cisco Cloud Control and why should customers care?
  • Cisco Live: The network is back, and AI rewrote the rules
  • How Jeetu Patel made Cisco unrecognizable
  • Cisco sees quantum networking as the future of networking
  • How Cisco IT cut observability costs by 86% and eliminated major network outages
  • Cisco brings agentic ops platform and security overhaul to Cisco Live

Sources:
Published: