SAN DIEGO – Cisco unwrapped a variety of advanced firewall and AI software enhancements aimed at further combining and simplifying its network and security technology across enterprise infrastructures.
At its Cisco Live event, the vendor rolled out a new Hybrid Mesh Firewall portfolio, bolstered security support with partner Nvidia, and further tightened its own technology integration with its Splunk platform. The announcements share a common goal of protecting all things AI – workloads, inferencing, models and more – as Cisco works to secure the core infrastructure that supports the AI build-out.
“Without AI trust and security built-in to the underlying network infrastructure, there won’t be AI, and every new AI agent is both an asset and a new security risk. As such, agentic AI will force us to challenge assumptions, such as how we validate identity and how quickly we must respond to threats when something goes wrong,” said Jeetu Patel, Cisco’s president and chief product officer. “The only scalable way to deal with the complexity of agentic AI is to fuse security into the network, and that’s what we are rapidly developing.”
Secure Firewall 6100 and 200 series
For starters, Cisco rolled out two new families of mesh firewalls – the high-end 6100 and branch network 200 series – designed to tackle the scalability challenges that AI-ready data centers will present to customers.
Delivering 400 Gbps of Layer 7 performance in a compact two-rack-unit (RU) design, Cisco’s 6100 delivers superior performance, wrote Rick Miles, vice president of product management, cloud and network security, in a blog post about the firewalls.
By clustering up to 16 Cisco 6100 units, customers can achieve more than 4 Tbps of performance. Even with just eight clustered units, the 6100 delivers performance and cost efficiency, while requiring less space, power, and cooling. This modular approach ensures organizations can scale incrementally without overhauling infrastructure, Miles stated.
“Offering over 1.5Gbps of AI-powered, on-box threat inspection in a compact, cost-effective package, the 200 is three times the market’s typical price-to-performance ratio. This powerhouse enables advanced threat use cases, like encrypted visibility engine and Snort ML in Snort 3, to be deployed directly at branch locations. Beyond its impressive capabilities, the device has built-in SD-WAN with pre-built templates, easy setup, SASE configuration, and robust security cloud control, providing a comprehensive, streamlined experience for modern network management,” Miles wrote.
Mesh policy engine and segmentation
Cisco Hybrid Mesh Firewall offers a distributed security fabric that features a zero-trust security framework integrated into the network for segmentation, AI application protection and advanced threat protection across diverse environments, including data centers and IoT, Miles stated.
In addition, the vendor announced a Mesh Policy Engine that lets customers define a single intent-based policy that can be enforced across Cisco and third-party firewalls. The engine is implemented in Cisco’s Security Cloud Control management platform, an AI-native, cloud-based security management system, and is a key part of the vendor’s overarching Cisco Security Cloud portfolio.
This simplifies day-to-day operations as well as enables organizations to change enforcement points without rewriting policy, Miles stated:
“Mesh Policy Engine redefines how the network access is granted and managed by shifting the focus away from firewall-specific policies and instead to the actual application access request. Administrators create policies that directly match what the request is—Mesh Policy Engine handles the heavy lifting of converting that to traditional firewall rule, computing the effective total policy, and updating the policy on the relevant firewalls,” Miles wrote. “Teams can easily review the Security Cloud Control dashboard to understand not just the “what” and “where” of the policy, but also the “why”, ensuring no rules exist on the firewalls that don’t map back to a specific request. This intent-based logic ensures clarity and continuity in policy management—across Cisco and third-party firewalls.”
Miles said Cisco is also expanding the enforcement points for the Hybrid Mesh Firewall to now include Cisco Application Centric Infrastructure (ACI). ACI is Cisco’s flagship software defined networking system for handling and managing data center and cloud networking. It will be a key component for supporting AI workloads moving forward, Cisco says.
The result is smarter segmentation, according to Miles: “Secure Workload, a key component of Cisco Hybrid Mesh Firewall, is Cisco’s industry-leading microsegmentation capability that uses AI/ML to process the network topology, workload metadata, netflows, and application process data, which is used to generate intelligent microsegmentation policy to reduce the attack surface without impacting application access. The policy is then enforced either agentlessly leveraging the Cisco ACI fabric along with others such as Secure Firewall, cloud providers, application delivery controllers, or through the Secure Workload agent that can be deployed on modern and legacy operating systems.”
Eliminating firewall choke points
The combination of the mesh firewall and Cisco’s Hypershield security platform addresses several enterprise security ills, said Neil Anderson, vice president of cloud, infra, and AI solutions with IT service and global systems integrator World Wide Technology.
Hypershield includes AI-based software, virtual machines, and other technology that will ultimately be baked into core networking components, such as switches, routers or servers. It promises to let organizations autonomously segment their networks when threats are a problem and gain rapid exploit protection without having to patch or revamp firewalls.
“For about 25 years, we’ve had this kind of architecture that I call the choke point firewall design where customers bring all their traffic through a beefy firewall, and then let it go on its way again,” Anderson said. “We’re so far beyond that now. When you think about the speeds that AI is operating at, you really can’t have a choke point mentality anymore. You’ve got to have distributed enforcement points.”
“The idea of having this mesh of firewalls wherever you need enforcement, and then being able to control those very simply, from Cisco Cloud Control, Secure Cloud Control is huge. It solves so many problems for our customers just trying to scale out,” Anderson said.
Splunk integration
Also in the firewall realm, Cisco strengthened integration with its Splunk security platform. For example, Cisco Secure Firewall customers will be able to unlock deeper threat insights within Splunk by ingesting firewall log data.
In addition, the Cisco Security Cloud App for Splunk now supports Cisco Secure Firewall Threat Defense, improving correlation and detection content from threat detection, investigation, and response workflows. Combined with telemetry from Cisco AI Defense, Cisco XDR, Cisco Multicloud Defense, Cisco Talos, and other sources, Splunk accelerates detection use cases across hybrid environments, Cisco stated. In addition, extended security orchestration, automation, and response details can now include Cisco Secure Firewall-specific actions to support containment and response within TDIR workflows. The idea is to let customers isolate hosts, block outbound connections, and apply policy controls, reducing manual effort and accelerating resolution, Cisco stated.
Expanding Cisco’s Nvidia partnership
Cisco announced an extension of its AI partnership with Nvidia, saying its Cisco AI Defense and Hypershield security platforms can now tap into Nvidia AI, which features pretrained models and development tools for production-ready AI, to deliver visibility, validation and runtime protection across entire AI workflows. AI Defense offers protection to enterprise customers developing AI applications across models and cloud services.
The integration expands the vendors’ recently introduced Cisco Secure AI Factory with Nvidia package, which brings together Cisco security and networking technology, Nvidia DPUs, and storage options from Pure Storage, Hitachi, Vantara, NetApp, and VAST Data.
“Cisco AI Defense and Hypershield integrate with NVIDIA AI for high-performance, scalable and more trustworthy AI responses for running agentic and generative AI workloads. The Nvidia Enterprise AI Factory validated design now includes Cisco AI Defense and Hypershield to safeguard every stage of the AI lifecycle — which is key to helping enterprises confidently deploy AI at scale,” wrote Anne Hecht, senior director of product marketing for enterprise software products at Nvidia, in a blog post.
Open models post-trained with Nvidia NeMo and safeguarded with Nvidia Blueprints can now be validated and secured using AI Defense, Hecht stated. “Cisco security, privacy and safety models run as Nvidia NIM microservices to optimize inference performance for production AI. Cisco AI Defense provides runtime visibility and monitoring of AI applications and agents deployed on the Nvidia AI platform,” Hecht wrote.
Cisco Hypershield will soon work with Nvidia BlueField DPUs and the Nvidia DOCA Argus framework, bringing pervasive, distributed security and real-time threat detection to every node of the AI infrastructure, Hecht stated.
The moves show how deeply Cisco and Nvidia are partnering to solidify the security stack and how Nvidia sees that Cisco AI Defense and Hypershield together will be critical for enterprise AI architectures, WWT’s Anderson said.
“There’s nothing that can shut down or stall an AI project quicker than security and governance concerns. So, if you can apply a technology like AI Defense to that, and Hypershield, it just helps customers mitigate risk and get on with delivering outcomes for the business,” Anderson said.
Securing agentic AI
In the agentic AI realm, Cisco is expanding its Universal Zero Trust Network architecture to secure agentic identities. It will also offer full tracking of agent actions.
“The emergence of agentic AI is revolutionizing workplaces while introducing critical security and safety challenges. These AI agents autonomously access enterprise resources, make decisions, and act on behalf of users, necessitating robust safeguards,” according to Cisco’s Patel.
“Cisco’s vision integrates cutting-edge capabilities, including automated agent discovery, delegated authorization, secure zero trust agentic access, and native support for the Model Context Protocol (MCP),” Patel said. MCP offers a standardized way for AI models to interact with external tools and services, such as code repositories, databases and web services.
Cisco is extending the principles of zero trust to agentic AI and using a number of its products in combination, according to Raj Chopra, senior vice president and chief product officer for Cisco Security. “… this means Duo Identity & Access Management (IAM) provides the authorization, Secure Access does semantic inspection so that the end user does not have to be prompted repeatedly for access permission, AI Defense is invoked to evaluate that agent actions align with its purpose, and Cisco Identity Intelligence monitors the actions and provides visibility,” Chopra wrote in a blog post.
“We are building the ability for an enterprise to implement dynamic, context-aware permission management that evaluates agent requests against both explicit policy rules and semantic analysis of the agent’s stated purpose,” he wrote. “The system enables employees to delegate granular permissions—say allowing an agent to read emails for summarization while preventing it from deleting emails—through a consent-driven workflow that tracks and manages narrow permission lifecycles. By combining OAuth 2.1 [authorization] compliance with semantic inspection, we can detect and block prohibited activities automatically, thereby keeping the user experience fluent. Critical actions would require a user’s explicit authorization to avoid mishaps.”
Related to Cisco’s agent technology, Patel said the company is offering a real-time, live patching system that applies security controls at the kernel level to defend against newly spotted CVEs without requiring switch or router reboots. The Live Protect feature can be triggered or managed via Cisco’s AI assistants or Hypershield workflows.