Cisco Redefines Security at RSA Conference: A Platform Approach for the AI-Driven Future

RSA Conference continues to be the epicenter for cybersecurity innovation, and this year, Cisco made significant waves with a series of announcements that underscore its commitment to delivering an integrated security platform. Moving beyond disparate point solutions, Cisco’s vision focuses on empowering customers with better security outcomes, reduced operational complexities, and optimized costs. This blog post dives into the key announcements from Cisco at RSAC, highlighting their advantages and what sets Cisco apart in an increasingly crowded security landscape.

The Core Vision: An Integrated Security Platform

At the heart of Cisco's announcements lies a fundamental belief that the cybersecurity industry is undergoing rapid transformation, particularly with the rise of AI-based workloads. Recognizing the novel security challenges these advancements introduce, Cisco has been strategically focusing on converging individual security solutions and infrastructure domains into a cohesive platform. As Tom Gillis, Senior Vice President and General Manager, Cisco Infrastructure & Security, eloquently stated, the goal is to enable customers to achieve superior security with lower operating and capital expenses. This platform approach is not just about bundling products; it's about deep integration that allows for enhanced visibility, coordinated enforcement, and streamlined management.

Securing the AI Revolution: AI Defense and Beyond

One of the most pertinent announcements revolves around security for AI. Cisco has now made its capabilities for securing both the development and usage of AI applications generally available. This isn't merely about monitoring AI; it involves fine-grained controls for validating AI models and securing the use of 3^rd party SaaS applications like ChatGPT and DeepSeek. For organizations developing their own AI-powered applications, Cisco offers the ability to enforce crucial guardrails.

The significant advantage is that this robust AI security is enforced on existing Cisco infrastructure, eliminating the need to deploy new, standalone solutions. The telemetry gathered from AI security measures seamlessly feeds into Splunk and provides enhanced visibility within Cisco XDR. This integration ensures a holistic view of the security posture, encompassing traditional threats and emerging AI-related risks.

Furthermore, Cisco acknowledges that securing AI requires an ecosystem approach. This is evidenced by its brand-new product and go-to-market partnership with ServiceNow. This collaboration aims to hydrate ServiceNow's AI risk and governance portfolio with Cisco's security intelligence, providing joint customers with comprehensive value as they increasingly adopt AI. This partnership spans visibility into application usage and model vulnerabilities to real-time protection and incident triage. By working closely with leaders in adjacent domains, Cisco is differentiating itself by offering a more comprehensive and integrated solution for managing AI risks.

The Distributed Future of Security: Hybrid Mesh Firewall

Cisco is betting big on a future where security enforcement is distributed, moving beyond the limitations of traditional perimeter-based firewalls. Its hybrid mesh firewall initiative embodies this vision, fusing security into the very fabric of network connectivity. This approach extends across physical and virtual firewalls and modern workload environments like VMs and containers, leveraging technologies such as Secure Workload, Isovalent Enterprise Platform for Cilium (with eBPF), and Hypershield. The key advantage here is the fungibility of enforcement – customers can apply consistent security policies across diverse environments without the need for a disruptive "rip and replace". Licensing is designed to be flexible, with customers using a pool of tokens that can be applied to different enforcement points as their needs evolve.

A groundbreaking component of this strategy is the introduction of new smart switches where every switch port functions as a layer 4 stateful line-rate firewall. This radical integration simplifies network architecture, reduces operational overhead, and addresses challenges like space and cooling. This is a unique offering in the market, showcasing Cisco's ability to deeply embed security within its core networking infrastructure.

Recognizing that customers often have heterogeneous environments, Cisco's hybrid mesh firewall will also support the security policy management of third-party firewalls. While initially focusing on layer three and layer four policy groups for segmentation, this capability allows for centralized policy management through Security Cloud Control. Support includes major vendors like Fortinet, Palo Alto, Juniper, and Checkpoint. This demonstrates Cisco’s commitment to providing value even in multi-vendor environments, moving towards a unified security posture management.

Centralized Policy and Control: Security Cloud Control

The linchpin of Cisco’s integrated security vision is the Security Cloud Control. This serves as a single pane of glass where customers can define their security policies and intent and enforce them consistently across all their diverse enforcement points. Whether it’s firewall variants, Secure Workload, Hypershield, Secure Access, or AI Defense, policies are managed from one central location. Critically, Security Cloud Control extends its reach to managing policies on third-party firewalls, eliminating the need to swivel between multiple control planes. This simplification of policy management is a significant advantage, reducing complexity and the potential for misconfigurations.

Extending Security to the Edge and Beyond: IoT/OT Integration and Universal ZTNA

Cisco is also keenly focused on extending robust security to often-overlooked environments. The enhanced integration between Cyber Vision (Cisco’s IoT/OT visibility platform) and the broader security portfolio is a testament to this. Cyber Vision now seamlessly integrates with Cisco Secure Firewall to help industrial organizations segment industrial networks by enforcing network access policies based on the inventory of industrial assets. This dynamic approach ensures that security policies are automatically adapted without manual intervention as the landscape of managed IoT devices changes. This tight integration of OT intelligence into the hybrid mesh firewall simplifies policy management in complex industrial environments.

Looking towards the future of secure access, Cisco is evolving its SASE offering into what it calls Universal ZTNA (Zero Trust Network Access). This progression builds upon SD-WAN and SSE (Security Service Edge) by placing identity at the forefront of enforcement. Universal ZTNA goes beyond simple user and device authentication, incorporating intelligence about identity, device posture, and dynamic user behavior to determine access privileges. The fundamental shift is from asking "can this user access this application?" to "should this user be able to access this application?" based on real-time risk assessment. This evolution underscores Cisco’s commitment to a more dynamic and context-aware approach to securing access in today’s distributed work environments. While specific details like campus NAC integration are unknown to me, Cisco emphasizes that NAC's capabilities are a crucial "identity-first" mechanism within Universal ZTNA.

Securing the Software Supply Chain for AI

Recognizing the unique risks associated with AI development, Cisco also addresses the security of the AI supply chain. This includes providing visibility and control over all artifacts related to AI, from the downloading of models to their development and deployment. Cisco is tackling the challenge of malware embedded in AI model files, ensuring organizations can build and use AI applications more confidently. This proactive approach to securing the entire AI lifecycle further differentiates Cisco by addressing a rapidly emerging threat vector.

Leveraging the Power of Acquisition: Splunk Integration

The acquisition of Splunk has significantly amplified Cisco’s security capabilities. At RSAC, several key integrations were highlighted, demonstrating the "better together" value proposition. Notably, Talos threat intelligence is now deeply embedded into the Splunk platform and provided free of charge to customers. This provides Splunk users with direct access to Cisco’s renowned threat research. Furthermore, Cisco is simplifying the ingestion of log telemetry from its products into Splunk through the Cisco Security Cloud app, available on Splunkbase. This free app provides pre-built dashboards and visualizations, reducing the manual effort required to map data and gain insights.

Splunk has also seen significant enhancements, including Enterprise Security 8.1, which expands the unified threat detection, investigation, and response (TDIR) approach to FedRAMP moderate environments and Azure. This serves government and Microsoft-centric customers. The underlying architecture of Splunk SOAR has been wholly rebuilt and integrated into ES for improved scalability and modularity, with deeper integration into the Cisco stack and added support for Microsoft Azure. These advancements showcase how the combined power of Cisco and Splunk is delivering enhanced security operations capabilities across diverse environments.

Cisco XDR 2.0: AI-Powered Detection and Response

Building on the success of its Extended Detection and Response (XDR) platform, Cisco announced XDR 2.0, introducing agentic AI capabilities for instant attack verification. This is a significant leap forward in addressing the critical challenge of alert fatigue and lack of confidence in automated responses. Unlike systems that summarize incidents with AI, Cisco XDR 2.0 uses AI to build and execute tailored investigation plans. Specialized AI agents can pull data from various sources, including Splunk, endpoint, threat intelligence (Cisco and third-party), and network telemetry, to determine the likelihood of malicious attacks. This increases the confidence in triggering automated responses like firewall rule updates, endpoint isolation, and account locking.

Complementing this is a new automated forensics capability that collects deep endpoint data (files, memory, processes) to provide conclusive evidence of malicious activity and recommend remediation plans. Additionally, the attack graph in XDR has been significantly enhanced with natural language and intuitive flows, making it easier for security teams to understand the progression of an attack and the actions taken. These advanced features, including forensics and instant attack verification, are included in the existing XDR licensing, delivering more value without additional costs. Cisco believes that XDR 2.0 will significantly accelerate response times and bring advanced security capabilities to organizations of all sizes, including those with lean security teams. Early estimates suggest the potential for dramatic time savings by automating the investigation of non-malicious alerts.

Competitive Differentiation: Cisco's Unique Strengths

Throughout these announcements, several key differentiators for Cisco become apparent:

• Deep Integration: Cisco's core strategy revolves around tightly integrating security solutions across the network, cloud, and endpoints, providing a unified and more effective defense.
• Infrastructure Advantage: Cisco's strong presence in networking infrastructure allows it to embed security directly into switches, routers, and other critical components, offering unique enforcement capabilities. Customers also value Cisco’s ability to drive a unified policy across both networking and security environments. Additionally, Cisco’s assurance approach, powered by ThousandEyes, delivers market-leading end-to-end visibility across customer environments.
• Ecosystem Partnerships: Cisco recognizes that no single vendor can solve all security challenges and actively collaborates with key players like ServiceNow to deliver more comprehensive solutions.
• AI-Driven Innovation: Cisco strategically leverages AI to defend against AI-powered threats and significantly enhance security operations through advancements in XDR and AI defense.
• Commitment to Hybrid Environments: Cisco's solutions are designed to seamlessly operate across on-premises, cloud, and hybrid environments, acknowledging the reality of modern IT infrastructures.
• Focus on Simplicity: Cisco is actively working to simplify security management through initiatives like Security Cloud Control and integrating security features into existing platforms.

Conclusion: A Bold Step Towards a Secure Future

Cisco’s announcements at RSAC 2025 paint a clear picture of their strategic direction: a commitment to an integrated security platform ready to tackle today's challenges and the evolving threats of the AI-driven future. By embedding security deep within the infrastructure, forging strategic partnerships, and leveraging the power of AI, Cisco is offering a compelling vision for a more secure and manageable digital world. The emphasis on integration, ease of use, and comprehensive coverage positions Cisco as a key player in helping organizations navigate the complexities of modern cybersecurity. The innovations unveiled at RSAC are not just incremental improvements; they represent a bold step towards redefining how security is delivered and consumed.