The role of the network is critical in the AI era — it’s your greatest asset, your primary target, and your most critical line of defense. Cisco IT and Security leaders Jon Woolwine and Jack Klecha share how Cisco embeds security directly into the network to keep pace with AI-driven threats. Keep reading and watch the short video below, or tune into to the full one-hour discussion to hear more. 

In the AI era, defense starts with the network

Cloud, hybrid work, IoT, and now an explosion of AI agents — these aren’t just added complexities of today’s digital environment, they are potential entry points on an ever-growing attack surface. Our digital footprint is expanding faster than we can secure it. And attackers know it.  

As our existing processes struggle to keep up, visibility fragments, and policies and security controls drift — creating exactly the gaps attackers seek to exploit.   

This is compounded by a shift in attacker strategy: years of hardening user endpoints have led attackers to the network as their new target of choice. And with AI, they are now moving at machine speed and scale that traditional defenses weren’t built to handle. AI innovation fundamentally changes how attackers discover and act on vulnerabilities, shrinking the time to exploit from weeks to hours. And with new, more powerful frontier models emerging, that risk will continue to increase.    

Because the network is the common thread through all of this — connecting users, data, and applications across every branch, campus, data center, and cloud — it is the ultimate prize for attackers, and the ultimate risk for the enterprise.  

Bad actors are also harvesting encrypted network traffic today — storing it until quantum computing makes it readable. We must act today to prevent threats tomorrow. 

That is why Cisco IT and Security teams view the network as our critical line of defense. 

From reactive to resilient: How Cisco fuses security into the network

Bolting security tools onto an existing network adds complexity and leaves gaps. Our approach is different: we embed security directly into every layer of the network, from the campus and branch to the data center and cloud.  

This allows us to use the network to see, authenticate, and defend every connection in real-time, creating a unified, interconnected fabric. Here is a look at our unified approach: 

• A resilient infrastructure foundation: If the infrastructure is compromised, every security tool above it is bypassed. We harden operating systems and boot processes across our infrastructure so that the foundation itself can’t be compromised. And we’re integrating post-quantum cryptography to get ahead of ‘harvest now, decrypt later’ risks. When vulnerabilities are found in the network infrastructure, we’ll be able to put compensating controls in place with Cisco Live Protect. 
• Identity-first access control: With the foundation secure, the next question is: who, or what, is connecting to the network?  It is no longer just humans, but thousands of IoT devices and AI agents. We take an identity-first approach — continuously verifying every identity and granting least privilegeaccess
• Limiting the blast radius: Even with strong preventative measures in place, we prepare for a breach. Segmentation is our primary defense against lateral movement. We moved past static VLANs to software-defined segmentation. Using Cisco Identity Services Engine (ISE), and TrustSec to we can identify, profile, and enforce policy on every connection, compartmentalizing the network. If an attacker does get in, lateral movement is contained in a single, isolated area. 
• Protection extended from campus to branch to the data center and beyond: A breach at the perimeter can’t be allowed to become a full compromise. Today, we deploy Secure Firewalls to control traffic across our data centers — protecting our most critical applications and data from east-west threats. As we extend toward Hybrid Mesh Firewalling, that same consistent protection will be distributed to our applications and infrastructure everywhere they live, across data centers, cloud, and hybrid environments — enforced at scale, without gaps. 
• Visibility and insights across the environment: By centralizing signals from ThousandEyes and our network controllers into Splunk, we get a real-time, cross-domain view of every device, connection, and dependency — inside our walls and beyond. That visibility is what gives every other layer of this architecture its teeth. 

These layers function as an interconnected fabric—if a threat bypasses one, the next is already there. But traditional human-led processes alone cannot operationalize this at the speed required.

Operating at machine speed—across every layer

Each layer of this architecture is only as strong as the policy behind it — and only as effective as the operations supporting it. AI-driven threats have exposed the breaking point of traditional approaches: fragmented policies create gaps, and manual processes can’t respond at machine speed.  

Our work toward Common Policy will allow us to define once and enforce consistently everywhere — from branch access switches to data center firewalls — replacing the fragmented, system-by-system approach that creates gaps attackers exploit. 

Where Common Policy defines the what, our advancements toward AgenticOps will handle the how and when— autonomously detecting changes, triaging incidents, and enforcing updates at machine speed. This will allow us to resolve multi-week ticket processes in just minutes — a critical capability to keep pace with AI threats. 

Security is a team sport: How Cisco IT and Security win together

Technology is only part of the equation. The teams operationalizing it need to be just as strong. 

Traditionally, networking teams focus on uptime while security teams focus on risk reduction — incidents are tossed over the fence, creating slow response times and fragmented defense.  

When the network is the primary target, security is a performance and uptime issue. A breach isn’t just a security alert — it’s a business disruption that affects everyone. 

At Cisco, we treat security as a team sport. Our IT and Security teams share visibility, planning, and goals — not because of an org chart, but because a breach is a network outage, and a network outage is everyone’s problem. We conduct quarterly planning together, operate with shared metrics, and move as one team. Aligning our teams has allowed us to stop playing defense and start building resilience to protect the future. 

The impact of converging security and networking

This combination of having security deeply embedded in the network and unified teams has allowed us to stop firefighting yesterday’s threats and focus on proactively protecting our future. We’ve seen a 50% improvement in our incident response SLA — not because of a single tool, but because we eliminated the manual handoffs that once slowed us down. It’s built a foundation for operational excellence that allows our teams to innovate at speed. 

AI-driven threats don’t stop at our walls — and neither do our learnings. Through work with Project Glasswing and OpenAI Daybreak, we are stress-testing our own network at unprecedented scale and speed, sharing what we discover as repeatable, proven practices every organization can use to build stronger defenses. 

The takeaway is simple: the network is the foundation of our business; it must also be the foundation of our defense. We’ve moved beyond the perimeter to secure the entire fabric, using our own telemetry to turn our greatest risk into our most powerful asset. That is the only way to achieve true digital resilience in an AI-driven world.
 

Watch the short video about Cisco’s internal approach to secure networking:

Dive deeper: Watch the full one-hour conversation

More resources: 

• Discover the technology behind it: Learn more about Cisco Secure Networking 
• Discover more Cisco on Cisco success stories