Cisco Unveils Smart Switches with Embedded AI Security for Next-Gen Data Centers

"It is literally driving our product development direction" - how Cisco is redefining networking security to better protect against cyberattacks and human error

At the recent Cisco Live! 2025, I saw the unveiling of Cisco's new N9300 Series Smart Switches, designed to improve security and networking capabilities for multi-cloud environments and AI workloads. The new Smart Switches feature Cisco E100 Silicon One network processors and AMD data processing units (DPUs), alongside Hypershield with Cisco Security Cloud Control. To find out more, I spoke to Tom Gillis, SVP and General Manager of the Cisco Security, Data Center, Internet & Cloud Infrastructure Group, on how the design and implementation of these Smart Switches could help mitigate the threats faced by datacenters today. 2024 saw its fair share of cyber disasters, from the CrowdStrike outage that seemingly took half the world offline, to the Salt Typhoon attacks on US telecommunications networks. While not entirely similar events, both were a huge shakeup for technology and networking industries. For the CrowdStrike outage, an update was pushed live on the Falcon security platform that contained an error causing millions of Windows devices worldwide to get the blue-screen-of-death (BSOD) upon startup. Before being released, the update was 'successfully' tested, but the error was not picked up by the diagnostic software. "CrowdStrike showed you, if you're putting security updates - which are constantly updating - into a kernel module, it's a nightmare," Gillis explains. "You push a bad update, it takes the whole system down, a giant global outage, a huge, huge, huge impact." "So with this Smart Switch architecture, we create isolation between the network and the security stuff." The way the Smart Switch works is through a strict separation of networking and security. The networking side runs on the Silicon One processor, and the security side runs on the DPU. "Our software is running on both of them, but those are independent memory spaces, so the network stuff is updated independent of the Hypershield software that runs on that DPU," Gillis says. "The defining characteristic of this category is that you have a network processing element and a security processing element that are sitting in the same box, but they run in different memory space, which means their life cycle is managed independently." Gillis explains that by separating the two, security updates can be freely applied to keep the firewall up to date without risking a faulty update causing a shutdown on the networking side. Now when it comes to updating the firewall in the Smart Switch, there is a local AI engine running on the DPU, which is monitoring the individual firewalls running on every switch port - meaning that a single datacenter could have upwards of a million individual switch ports, each with its own firewall. What's especially interesting is it isn't just one firewall per switch port. In order to mitigate the potential for a bad update to be put live, each firewall has a primary data path that is running the active firewall, and a shadow data path which will be running the latest update. Checks are then constantly run on the infrastructure to monitor important metrics. "The local AI engine is comparing every single [switch port] and looking at packet formulation, jitter, latency, memory utilization, CPU utilization, [making sure] these things are the same, and then we cluster between the two data paths." "So without taking the system offline or disrupting, we move flows from the primary to the shadow. It's called a blue green migration. Now the shadow is the primary, and the primary becomes the shadow. We run that for five days, AI engine says things are still the same, and we load the next release," Gillis explains. When I ask if the recent Salt Typhoon attacks against US telecommunications companies are shifting priorities and focuses for security and design at Cisco, Gillis states that, "it is literally driving our product development direction. It's kind of one of those watershed events, in my opinion." "Infrastructure is fundamentally software, and the software is hard to upgrade, and so the vast majority of firewalls and switches and routers are running code that's 6, 12, 24, months old, and these very sophisticated attackers find these vulnerabilities and exploit them." "So we're building a different architecture that allows infrastructure to be more resilient and more self defending," Gillis says, referring to the design of the latest Smart Switch. "That's the first in a series of steps that we're taking to dynamically defend and instrument infrastructure against attacks like that," Gillis concludes.

Cisco Unveils New Nexus Switches With Embedded Hypershield For Data Center Security In The Age Of AI

'If you think about what's on the minds of our customers, [they] are looking at AI massively transforming everything they do in the data center. The data center is a huge topic of conversation again. Everybody's looking at how they can refresh their data center,' Cisco's SVP and GM of Cisco networking, data center and provider connectivity, told CRN ahead of Cisco Live EMEA 2025. Cisco Systems has introduced a new Nexus 9300 series of smart switches with embedded data processing units and is offering Hypershield, the company's AI-powered security architecture for data center protection, as a service embedded on the new switches, the tech giant unveiled at Cisco Live EMEA 2025 on Tuesday. The latest announcements come as many enterprises refresh their traditional data center environments to prepare for AI, which is demanding increased power, compute, and networking, Kevin Wollenweber, senior vice president and general manager of Cisco networking, data center and provider connectivity, told CRN ahead of Cisco Live EMEA. "If you think about what's on the minds of our customers, [they] are looking at AI massively transforming everything they do in the data center," said Wollenweber (pictured). "The data center is a huge topic of conversation again. Everybody's looking at how they can refresh their data center." [Related: Cisco Amplifies AI Security With AI Defense] The latest 9300 series smart switches powered by programmable AMD data processing units (DPUs) can be deployed as regular switches or with advanced features. Services can by embedded directly into the switch series as customers need to scale up or adapt to their changing IT needs, without adding more hardware, Wollenweber said. "Think of it as a switch that can do service acceleration. Certain things that normally couldn't be done in an ASIC or in a [neural processing unit] NPU, we've added some technology to the switch that allows us to accelerate services, and so you can think of it as being able to process more than just the forwarding of packets, like a lot of our switches did before," he said. DPUs, as opposed to NPUs, are a little more programmable and flexible, Wollenweber said. If administrators don't turn on any accelerated services, the new switch series can act as a traditional top of rack switch. The first integrated service on the new Nexus Smart Switch series is Hypershield. Cisco's Hypershield technology comes from the company's 2024 acquisition of Isovalent, a provider of open source, cloud-native networking and security. Cisco at the time said that Isovalent's technologies would become "a cornerstone" of the Cisco Security Cloud strategy and today, Hypershield enhances network security through micro-segmentation and policy enforcement across the infrastructure. With Cisco Hypershield offered as the first service embedded on the new switches, customers will have access to an advanced, AI-native, distributed security architecture built directly into their data center fabrics, the company said. "Instead of applying the policies at the server, we can move that security functionality into the network. We think that's really powerful because it allows you to have micro-segmentation and policy implementation anywhere you want, and actually fused into the network itself," Wollenweber said. The combination also helps in closing the gap between the security and networking layers because administrators can automatically update security policies across their entire infrastructure from a single offering, Wollenweber said. This will help enterprises keep their security environments up to date with minimal manual effort, he added. End users can manage their security policies in the cloud or on premise through the Nexus dashboard. The Nexus 9300 24-port 100G model, which is designed to be placed at the edge of the data center as a cloud "on-ramp," will be generally available this spring. The 48-port 25G, 6-port 400G, and 2-port 100G models will be generally available this summer, according to San Jose, Calif.-based Cisco. Networking, Security As One Cisco continues to bridge the gap between networking and security by way of leadership changes announced last year. In August, Jeetu Patel, formerly Cisco's executive vice president and general manager of security and collaboration, was promoted to chief product officer and is responsible for both Cisco's core networking and security businesses. Reporting to him is Tom Gillis, Cisco's senior vice president and general manager of Cisco Security, Data Center, Internet and Cloud Infrastructure Group as of December. Gillis was previously responsible for Cisco's Security Business Group. The significant changes in Cisco's product strategy and bringing data center networking and compute, and the company's hyperscaler business under Gillis and the security organization shows that Cisco is bringing together all the components needed for data center buildouts, whether for service providers or enterprises, Wollenweber said. The latest Nexus smart switches are the result of Cisco's security and networking organizations uniting under Patel, he added.

Cisco embeds security services in new line of programmable switches - SiliconANGLE

Cisco embeds security services in new line of programmable switches Cisco Systems Inc. today announced a family of data center switches that enable services to be embedded directly into the switching layer, beginning with security services. Cisco's Nexus 9300 Series Smart Switches (pictured) combine the company's Silicon One E100 network processors and programmable data processing units from Advanced Micro Devices Inc. The switch functions as a high-capacity, multifunctional service-hosting device. Cisco said they're an attempt to simplify data center infrastructure design as organizations increasingly adopt artificial intelligence applications, which may run at the center or edge of the network. Traditional data center architectures require a specific device for each new service, creating complexity. In addition, security policies must be configured for each new service or workload. In contrast, the Nexus Smart Switches embed services directly into the data center fabric. They include two processing engines: a Cisco Silicon One network processor for data transfer and a network services sidecar for security processing. Traffic is intelligently steered between the two engines for optimal performance. "The security services run on top of the DPU, and Silicon One provides smart routing," said Murali Gandluru, vice president of product management and data center networking at Cisco. "This value proposition is unique because it can intelligently forward traffic that needs to be forwarded and traffic that doesn't need forwarding goes to DPU." The first embedded service to be offered is Cisco Hypershield, an artificial intelligence-based native security system that embeds protection across applications and servers in both public and private cloud environments. It employs extended Berkeley Packet Filter, a Linux kernel feature that makes it possible to run sandbox programs within the kernel. DPUs provide distributed security, enabling features such as autonomous segmentation, real-time exploit protection and continuous updates. Hypershield embedded in the switching layer reduces the number of appliances and allows data center operators to create a "micro perimeter" around each service that makes up a workload, Cisco said. Updates can be applied automatically to the right enforcement points and organizations can apply self-qualifying policy updates before deployment. Policies are managed by a Cisco Hybrid Mesh Firewall. Gandluru described Smart Switch as a "top of rack solution," with a 1u form factor that sits at the top of the server rack and aggregates all communication traffic going in and out of servers. "You have the ability enable security services seamlessly across that whole data center fabric," he said. "We announced last year the ability for Hypershield to provide policy in the virtual machine, container and bare metal use cases. Now we're bringing it into the network to drive simplicity from an architecture perspective, efficiency from power and cooling, total cost of ownership and point-to-point visibility." Gandluru said Cisco was sensitive to respect the operations that are typical of an enterprise data center. "The sec ops team gets access to the data processing unit and the ability to turn on security services while the network team manages the lifecycle of the switches, so we are fitting into the existing paradigm that operators have," he said. Cisco didn't say what other services you plan to provide on the switches in the future but Gandluru said network address translation is a natural next step. "These will be network-focused use cases," he said. "We not going to turn them into [graphic processing unit] processors." A 24-port 100 gigabits per second model will be available in the spring with 48-port 25G, six-port 400G and two-port 100G models coming in the summer. Pricing wasn't disclosed.

Cisco Redefines Data Center Architecture with New Smart Switches, Embedding Services Directly into the Network

New switches with embedded AMD Pensando DPUs are highly adaptive and scalable for AI demands -- enabling enterprises to add services as needs evolve News Summary AMSTERDAM, Feb. 11, 2025 /PRNewswire/ -- CISCO LIVE -- Today, Cisco (NASDAQ: CSCO) announced a family of data center Smart Switches, disrupting traditional data center network design by enabling networking and security services in a compact all-in-one solution. Utilizing programmable AMD Pensando™ data processing units (DPUs), the switch functions as a high-capacity, multifunctional service-hosting device, architecturally transforming data centers to simplify their design and make them more efficient. Cisco's first integrated offering, the Smart Switch with Cisco Hypershield, introduces a new approach to securing AI data centers by fusing security directly into the network fabric. As AI workloads multiply, building and managing data centers has become much more complex. Data center operators require a simpler way to design, build, and deploy infrastructure to fully benefit from AI. AI applications must sit where they are needed, whether a massive large language model sitting in centralized hyperscale facilities or a network drone monitoring crop irrigation at the very edge of the network. This shift in where data is created, accessed, and stored requires a new type of simplified data center infrastructure-one that integrates compute, storage, networking, and security in new ways, and allows for automated and predictive operations via simplified management platforms. "Data center infrastructure needs be reimagined for both AI training and inferencing workloads that dwarf even the largest enterprise jobs of the past," said Jeetu Patel, EVP and Chief Product Officer, Cisco. "Simply upgrading data center infrastructure with higher 'speeds and feeds' switches does not address the requirements of modern data centers, which require acceleration of security and network services natively within the data center fabric." "Cisco's innovative approach to data center design, leveraging leadership AMD Pensando DPUs, marks a significant milestone in transforming enterprise infrastructure to address the evolving security demands of data center networks while dealing with the fast paced AI deployments," said Soni Jiandani, senior vice president and general manager, Networking Technology and Solutions Group, AMD. "Our collaboration with Cisco enables enterprises to achieve high-capacity throughput and impressive network security without compromising on workload performance on Cisco UCS servers or Hypershield enabled platforms. Together, we are paving the way for a new era of intelligent, adaptive, and secure data centers." Cisco Smart Switches: a Game Changer As AI drives rapid growth, organizations must manage significantly increased power, compute, and networking demands. In traditional data center architectures, when each new service required a specific device, growth led to complexity. It also required adding, changing, or upgrading the enforcement of security policies with each new service or workload. Cisco Smart Switches offer a simpler, more efficient and extensible architecture by integrating services directly with the data center fabric, rather than bolting them on top. By combining Cisco data center networking, Silicon One, and AMD DPUs, customers can scale services and adapt quickly to evolving business needs, all without the need for any additional hardware. The switches feature two processing engines: a high-performance network processor for stable data transfer and a network services sidecar for agile security processing. Traffic is intelligently steered between the two engines for optimal performance. This architectural shift drives cost savings through hardware consolidation, reduced power consumption, and operational simplicity. Cisco Smart Switches embrace all the capabilities of a NX-OS switch and management through Nexus Dashboard, and will unlock a diverse set of use cases like stateful segmentation, IPSec encryption, enhanced telemetry, DDoS protection and more. Reimagining Data Center Security with Smart Switch and Hypershield The first integrated service will combine Cisco Smart Switches and Hypershield to form a new approach to data center security. It will combine an advanced, AI-native, hardware-accelerated, distributed security architecture directly within the data center fabric to: Fusing security directly into the data center network changes the fundamentals of data center security. Combined with Cisco Firewall Threat Defense, new AI Defense capabilities, and Security Cloud Control, Cisco will offer the first Hybrid Mesh Firewall optimized to protect AI applications in the data center and public cloud. General Availability The first available Cisco N9300 Smart Switch, which features 24 100G ports, is targeted for shipment in spring 2025. A top-of-rack model, which will feature 48 25G ports, two 100G ports, and six 400G ports, is targeted for first availability in summer 2025. Cisco (NASDAQ: CSCO) is the worldwide technology leader that is revolutionizing the way organizations connect and protect in the AI era. For more than 40 years, Cisco has securely connected the world. With its industry leading AI-powered solutions and services, Cisco enables its customers, partners and communities to unlock innovation, enhance productivity and strengthen digital resilience. With purpose at its core, Cisco remains committed to creating a more connected and inclusive future for all. Discover more on The Newsroom and follow us on X at @Cisco. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at http://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word 'partner' does not imply a partnership relationship between Cisco and any other company. Futures Disclaimer: Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. The delivery timeline of these products and features is subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth herein.