Security and resiliency are prerequisites for the agentic enterprise

Every major technology wave eventually forces a rethink; in the AI era, that rethink starts with the network. This week at Cisco Live, AI has been a central theme, reshaping applications, operations, and security.  But a more foundational shift is underway: the enterprise network itself is being rewritten.

For years, campus networks have been designed around predictable traffic patterns, manual operations, and centralized security. That model no longer holds. Today’s environments must support dynamic east–west traffic with a plethora of IoT devices and prepare for emerging edge AI with continuous change at scale – often with smaller IT teams, tighter budgets, evolving regulatory requirements, and infrastructure lifecycles measured in decades.

What makes this shift unique is a fundamental change in how the network must behave. As increasingly agentic systems become part of everyday operations, networks must enable systems to act, adapt, and respond in real time. Network resilience and security are the prerequisites to business success. Resilience brings the solid foundation on which new services are built, while security brings the trust needed to actually roll these out. The AI era is delivered via the network.

Downtime and “bolt-on” security are more than operational pain points; they are direct constraints on business growth. Smart networking is the best way to deliver the predictable operations and long-term resilience required when AI and next-gen requirements become foundational to the organization. The Cisco C9000 Smart Switches, powered by a redesigned IOS XE, provide the campus networking foundation for this shift – fusing security and simplifying operations to ensure success for today and future-proofing for tomorrow.

Secure by default, secure by design

The same advances in computing that enable AI services are also enabling new, faster, more automated threats. Quantum computing attacks – once theoretical – are now a boardroom concern. Bad actors are engaging in ‘harvest now, decrypt later’ attacks, capturing encrypted traffic today with the intent to decrypt it as quantum capabilities mature. Standards bodies like NIST have finalized quantum-resistant algorithms, and governments worldwide are accelerating mandates for post-quantum cryptography, such as CNSA 2.0. For campus networks expected to remain in service for decades, embedding quantum security now is the only way to protect data over its full lifecycle while staying aligned with evolving global regulatory mandates.

Cisco C9000 Smart Switches are the industry’s first enterprise switches to support full-stack post-quantum cryptography (PQC). Our practical, standards-based approach helps ensure quantum readiness and global compliance – without disruptive architectural redesign.

Here’s how it works.

• Integrity at power-up: Security begins at the first instruction. Using NIST-approved PQC algorithms, the switch verifies its own integrity, ensuring only authenticated hardware and authorized software run. This check thwarts supply-chain tampering before a single packet is forwarded.
• Process isolation: Within IOS XE, SELinux enforcement provides strict isolation between software processes. If one component is compromised, it cannot “move laterally” to others – drastically reducing the blast radius.
• Data plane enforcement: C9000 is the first campus switch to support data confidentiality with PQC at Layer 2 inside an owned network (MACsec), Layer 2 across an unowned network (WAN MACsec), and Layer 3 anywhere (IPSec).
• Identity-aware segmentation: Zero-trust principles are applied directly where traffic flows, integrated with all the PQC protection noted in the points above. Security becomes an inherent forwarding behavior, not a complex overlay.

Security must extend beyond the box. We have integrated NIST-approved PQC into MACsec, extending quantum protection across campus and WAN environments. For routed traffic, hardware-accelerated IPsec delivers high-throughput encryption with minimal latency. Soon, we will add PQC-enabled key exchanges to ensure Layer 3 protection evolves alongside emerging global standards without sacrificing performance.

Consistent security through automated fabric

Security is most effective when enforced by the fabric itself. With our new cloud-managed EVPN fabric, automation and security work together to simplify campus operations. Policy-based segmentation is defined once and enforced everywhere, adapting dynamically to user intent rather than static constructs. By reducing manual steps, the fabric turns access control into a predictable system – ensuring security is applied by default as the campus grows.

For traffic requiring deeper inspection, Security Service Insertion (SSI) – just announced – statefully steers specific flows to designated security services based on identity and context. This approach extends firewalling logically to any flow, such as east-west for robots within a factory or AI agents at the edge. Further, SSI maintains network simplicity and preserves performance by avoiding “hair-pinning” traffic through centralized firewalls.

Built for AI-driven scale

In the AI era, scaling securely isn’t just about capacity; it’s about autonomy. It’s about the network being able to grow, adapt, and recover without constant human intervention.  AI workloads are unforgiving. In healthcare, for instance, AI-assisted imaging and robotic surgery demand ultra-low latency. Even a millisecond of jitter can disrupt time-critical care.

Cisco C9000 Smart Switches are purpose-built to help ensure network capacity stays ahead of your evolving demands. They deliver massive throughput and predictable real-time performance. We’ve also unified the onboarding workflow across management modes, removing one more decision you have to make. Combined with AI-assisted operations, including Cisco AI Assistant and Cisco AI Canvas, IT teams can now diagnose issues earlier and manage large campus environments with fewer resources and less operational risk.

Secure, continuous availability

Maintenance should not require downtime. We’ve re-engineered the upgrade process to keep businesses running:

• Fast Reload reduces routine reload times by up to 50%. For common software, memory, or CPU recovery scenarios, reboot times are reduced by tens of seconds – minimizing disruption and shortening time spent in a degraded state.
• Next-Gen Extended Fast Software Update (xFSU) enables sub-second upgrades. Mission critical environments like hospitals and manufacturing plants can make changes quickly with confidence and near-zero downtime, often fully transparent to users and applications.

Policy-driven power for the modern campus

As enterprise networks take on more responsibility, power is no longer just a utility. It is a regulatory and operational priority, particularly in Europe, where sustainability goals, energy efficiency requirements, and stricter safety standards are shaping infrastructure decisions. Our Smart Power technology treats energy as a policy-controlled asset.

By grouping devices into a Smart Power domain, organizations can coordinate energy behavior across the campus. In manufacturing, teams can prioritize production-critical robotic lines while automatically throttling power to non-essential systems during off-shift hours. This intelligence helps meet strict energy-efficiency standards without adding operational complexity.

To ensure this intelligence scales beyond Cisco hardware, our Smart Power SDK enables seamless interoperability with third-party devices and building management systems (BMS). The network can orchestrate power for HVAC, lighting, and diverse IoT sensors under a single policy. The result is a secure, future-ready campus that helps you hit your business targets without adding operational overhead.

Built to evolve over time

Technology shifts do more than raise performance bars; they force us to rethink how we operate. The Cisco C9000 Smart Switches aren’t just a hardware refresh; they are a resilient foundation designed to adapt as the AI era unfolds.

Some of the products and features mentioned are still in development and will be made available as they are finalized, subject to ongoing evolution in development and innovation. The timeline for their release is subject to change.

Learn more about  Cisco C9350 Fixed Access Smart Switches
and  Cisco C9610 Modular Core Smart Switches.

Check out our Resilient Infrastructure program to see how we’re extending our secure by default, secure by design approach across the portfolio.