Cisco’s ‘security everywhere’ mantra has just taken on new meaning with the launch of a series of smart network switches it says will redefine the way firewalls, the old stalwart of cybersecurity, work entirely.
Unveiled at Cisco Live in Amsterdam, Cisco said its N9300 Smart Switches will introduce new capabilities to help businesses defuse some of the lateral movement techniques used by the most sophisticated groups operating in today’s threat landscape.
The N9300 switches are equipped with data processing units (DPUs), that allow the for the deployment of advanced services such as Cisco Hypershield directly into the switching fabric.
Hypershield is a firewalling capability launched by Cisco in 2024 that enables the micro-segmentation of a network, but it required hardware with built-in DPUs, which did not exist at the time.
But now Cisco's souped-up N9300s don’t just switch traffic, they run services like Hypershield with high performance at high throughput rates.
The firm said that as customers upgrade their hardware the combination of its new switches and Hypershield will unlock unprecedented levels of protection at the data center and beyond.
Redefining the firewall
Speaking during a panel session on AI-ready data centers, Tom Gillis SVP and GM of the security, data center, internet, and cloud infrastructure group at Cisco, said the N9330 switches mean the firm is in a position to ‘redefine’ the way firewalls function in modern ICT infrastructure.
“A firewall used to live in a box at the edge of the network. So with Cisco Hypershield we’ve taken that concept and broken it into a million little pieces. So instead of a box you try to shield at the edge, you have the ability to put a micro perimeter at each one of those services that make up an application.”
Gillis explained that Cisco is leveraging its in-house switching ASIC, Silicon One, to enable the performance required to deliver advanced inspection at every connection across distributed applications with minimal orchestration.
“The net of this is that it lets folks like you put firewalls in places you couldn’t even imagine. You don’t have to cable up an appliance, you don’t have to write a bunch of rules, and here’s the best plus: it’s dynamic and upgrading itself.”
Cisco’s unified firewall management system, Secure Firewall, enables automated deployment of firewalls to the cloud that can be managed centrally, scaled up automatically, and are ‘self-healing’.
‘Self-healing’ refers to the fact that if the firewall detects any type of failure, Cisco Security Cloud will take that image down, redeploy a new image, and sync it back with the cluster.
Automating the deployment, scaling, and upkeep of these appliances will be increasingly important if firms are to rigorously segment their increasingly distributed and fine-grained application ecosystems, which are often made up of thousands of microservices running across multi-cloud services.
Neutralizing the Typhoon
Cisco emphasised that this is a significant step forward for the securing applications, and network security more broadly.
In recent years, state-sponsored threat actors have been found targeting complex vulnerabilities in network infrastructure and using that to establish persistence on sensitive enterprise and government networks.
The various groups tracked under the Typhoon moniker in Microsoft’s threat actor taxonomy - and thought to be based in China - have been responsible for a number of highly sophisticated attacks on critical national infrastructure and government institutions in the US.
In December, a senior White House security official confirmed that the Salt Typhoon group was able to record conversations of senior political operators in the US after hacking several major telecom providers in the region.
Last month, the Treasury imposed sanctions on several Chinese firms accused of having some role in recent cyber intrusions attributed to the Flax Typhoon group.
Speaking to ITPro, Martin Lee, technical lead of security research at Talos, Cisco’s threat intelligence arm, described this type of activity, noting that threat actors have been observed using complex techniques to compromise network devices and using these as ingress points on the network.
“If you can find your way in through the network infrastructure, you can then get inside of your environment and use that target device as a platform to launch attacks against the target systems,” he explained.
“This kind of threat actor and this kind of activity underlines why getting the network architecture and segmentation right is so important. If they’ve managed to compromise one environment, you’re forcing them to do work to compromise the other one and it’s that work that is the noise that you can detect.”
MORE FROM ITPRO
Cisco polishes its platform but the network is still king
‘Divorced from reality’: HPE slams DOJ over bid to block Juniper deal, claims move will benefit Cisco
Sam Altman thinks OpenAI has been on the 'wrong side of history' with open source, but that could all change – the DeepSeek success has prompted a rethink for big tech AI leaders
