Cisco aims to relieve beleaguered network and security teams with its AI-driven, platform-based approach to enterprise security.
With new leadership, key acquisitions, and a platform-based vision, Cisco is betting big on security.
Cisco’s dominance in networking and telecommunications products and services is well established, but its role in cybersecurity is less cemented. It has provided security software and network security appliances for some time, and it’s one of the dominant players in network firewalls and network access control, according to Neil MacDonald, vice president and distinguished analyst at research firm Gartner. However, these segments are not growing as fast as newer areas of security such as secure access service edge (SASE), security service edge (SSE), and cloud security, MacDonald says.
Cisco was late to market with its SSE offering, Cisco Secure Access, MacDonald says, and its SASE offering is based on its mid-market Meraki core Cisco Secure Connect. In addition, he says, Cisco has yet to deliver a unified SD-WAN offering based on Cisco Catalyst SD-WAN.
“For years, Cisco has talked security but not delivered,” says Zeus Kerravala, founder and principal analyst at ZK Research. “While Cisco’s revenue is certainly near the top end of the market, they accomplished this by selling good products primarily into its networking install base. One reseller echoed the sentiment best when he said, ‘Cisco had a collection of great products, but no security strategy.”
That all changed last year with the arrival of Tom Gillis as the new general manager of security. Gillis, who previously worked at Cisco, but more recently was at VMware, “was willing to sacrifice ‘right now’ revenue for a better long-term plan,” in the form of the Cisco Security Cloud platform, Kerravala says.
The platform brings together all of Cisco’s security products and enables the company to build more security offerings faster, he says.
Cisco has certainly made security a priority in its product strategy. “In the last couple of years, we have significantly expanded our product portfolio to address many of the biggest security challenges our customers are facing,” says Jeetu Patel, executive vice president and general manager of security and collaboration at Cisco.
“The reality of our industry is that security has gotten way too complex,” Patel says. “The industry has evolved as a patchwork of point solutions, and now most organizations have between 50 and 70 point solutions in their cybersecurity stacks, on average. It’s gotten to be untenable to manage, and it’s making us less safe.”
That’s why Cisco took the platform approach. Patel points out that “it’s built with a pervasive fabric of AI, because security can no longer be done at human scale alone. It must be done at machine scale.”
Security acquisitions add new capabilities
Cisco has made several significant security announcements recently and delivered on key acquisitions.
- Hypershield enables segmentation in distributed environments
The company introduced its new Hypershield “AI-native” architecture, built on technology it acquired from Isolavent.
“Cisco has been a dominant player in ingress/egress network firewalling, but there is growing market interest in a rich set of network security services that can be enforced east/west,” MacDonald says. “Hypershield is exactly this — a distributed set of software-based network security policy enforcement points that can be managed using a cloud-centric centralized control plane.”
Hypershield “is unique in the market at this point, and its capabilities go far beyond simply firewalling and segmentation, although it can address these use cases,” MacDonald says. “It would make sense for Cisco to integrate the technology into its own Catalyst switches, but no specific plans and roadmaps for this were announced.”
The Hypershield architecture represents “a very different approach,” Kerravala says. “Think of traditional security as a series of fences around specific domains such as endpoint or the network. Hypershield is designed to be a fabric where security capabilities are available everywhere. This lets Cisco do things like autonomous segmentation.”
Hypershield, which will be available in August, “infuses security into the fabric of the network, giving customers thousands of distributed control points across both public and private data centers,” Patel says.
“With Hypershield, we’re solving some big problems that weren’t being solved before. Segmentation in hyper-distributed environments is hard, so we automate it by using AI to learn about application behavior over time and dynamically adjust segmentation rules to stop lateral movement.”
- Splunk security integrations bolster Cisco XDR
At the recent RSA conference, Cisco announced plans to integrate its extended detection and response (XDR) platform with technology it gained from its acquisition of Splunk in March 2024.
With the move, Cisco aims to provide customers with enhanced security, including threat prevention, detection, investigation, and response. Among the products in Splunk’s portfolio are security information and event management (SIEM) technology, which supports threat detection, compliance and security incident management through the collection and analysis of security events.
“Splunk adds a lot of data to Cisco security,” Kerravala says. “The cyber industry is changing from reactive tools to AI-based security platforms that can find needles in a stack of needles. The efficacy of AI will be based on the quality of the AI algorithms combined with [Cisco security]. Plus, Splunk gives Cisco more data than any other security vendor. It should be able to use this to create differentiation for itself.”
The company also offers Splunk SOAR, which automates repetitive security tasks, enabling teams to respond to incidents more quickly; user behavior analytics to secure systems against unknown threats; and Splunk Attack Analyzer to automatically detect and analyze the most complex credential phishing and malware threats.
“Like Palo Alto [Networks] and Microsoft, Cisco can now fill out its security story with a security operations story that spans SIEM and SOAR technology,” MacDonald says.
- Oort buy adds to XDR options
Not every organization requires a SIEM, MacDonald says, so Cisco is offering the XDR platform, which was bolstered by its acquisition of Oort in 2023. Oort provides services to analyze data from an organization’s identity and access management (IAM) systems to discover workforce identities, protect them with best practices, and continuously monitor for identity threats.
- Armorblox + Lightspin
In 2023, Cisco acquired Armorblox, a provider of security software powered by AI and machine learning. Cisco says the acquisition will contribute to the expansion of its AI/ML capabilities and talent. It also provided email security telemetry capabilities, which is also critical to building an XDR, MacDonald says.
Prior to that, Cisco acquired Lightspin Technologies, which offers cloud security posture management (CSPM) across cloud-native resources. Lightspin uses graph-based technology to deliver key context, prioritization, and remediation recommendations. With the addition of Lightspin, Cisco says its customers will be able to identify and address cloud security risks without the need for extensive configuration.
The acquisition of Lightspin helped Cisco build a cloud-native application platform called Panoptica, MacDonald says. The platform offers a number of cloud-based features such as attack-path analysis, application security, code vulnerability detection, cloud detection and response, and cloud security posture management.
To do: Beef up migrations to Cisco Secure Access
Cisco is continuing to add security expertise, as well as expanding its product portfolio.
“We’ve been building our team in many areas, including through acquisitions that brought us new talent,” Patel says. “The security business is a strategic priority for Cisco, and we’re committed to increasing our pace of innovation.”
One of the big challenges Cisco faces is also a challenge for the entire industry, Patel says, “which is the increasing sophistication of attacks and the way in which attackers are weaponizing AI in their attacks. In truth, the adversaries have always had an unfair advantage because they must be right just once, but the defenders have to be right every single time.”
AI and data will be the keys to start tipping the scales in favor of the defenders, Patel says. “And I believe that you can’t be a great security company if you’re not a great AI company, and you can’t be a great AI company if you’re not a great data company,” he says.
“One big area we’re focusing on is where security meets the network,” Patel says. “If you assume an attacker is already in, and all traffic is encrypted, then the name of the game is to stop lateral movement. And where does lateral movement happen? On the network. And with the Cisco Security Cloud, we have deep hooks into the network and infrastructure.”
Cisco needs to act quickly to migrate its substantial worldwide installed base of AnyConnect VPN users to a zero-trust network access (ZTNA) architecture using the Cisco Secure client combined with its cloud-based Secure Access offering, MacDonald says. Likewise, it needs to move its base of users of Umbrella, a cloud-based enterprise network security service, to Secure Access, he says.
“Both of these offerings have a large number of users that are subject to being replaced by competitive offerings,” MacDonald says. “Beyond this, Cisco needs to better integrate its own offerings so that the more Cisco offerings a customer uses, the better the protection provided. Cisco can’t be just a portfolio of disjointed security offerings. It needs a Cisco-wide security platform story that provides better security outcomes.”
Another challenge is getting the Cisco salesforce to understand the value of security software and software-based security capabilities, and focus less on selling security appliances, MacDonald says. “Appliances are absolutely important, but just one form factor for policy enforcement moving forward,” he says.
“Much of Cisco’s security success has come [from] selling security to networking pros, where companies like Palo Alto, Fortinet and Zscaler have the ear of the security pro,” Kerravala says. “As Cisco builds out its Security Cloud, it needs to direct more of its go-to-market motion at this audience.”
Having strong cybersecurity is a high priority for many organizations, and Cisco wants to be at the forefront of efforts to make IT infrastructures more resistant to threats, including further expanding its reach in the market.
“Going forward, we are committed to relentlessly innovating our portfolio through organic product development,” Patel says. “That said, if we see opportunities to accelerate our innovations inorganically, we won’t be shy about making acquisitions that fit within our strategy and direction.”