All articles

Cisco Live 2025 Amsterdam – Security Focus

Author:

Stephen Faulkner

Security

•  Feb 27, 2025

Cisco Live Amsterdam 2025 is the premier destination for Cisco customers and partners to gain knowledge and build a community. It is a networking and security event that brings together the global Cisco community to showcase the latest innovations and inspire attendees to strive for a more inclusive future for all.

In this article I will zero in on the Cisco Security elements of Cisco Live and provide our readers with some insights as to what I thought about the event and my thoughts on where Cisco are today in terms of what they offer to the market and their overall direction of travel.

First of all, this event is huge and there is so much going on. Even with just a focus on Security it would be impossible for me to attend every Keynote, Breakout or Learning session. I must say though that the overall event was well attended and everything I attended was either full or oversubscribed, in other words everything that was being show cased had interest and there were no dead zones or anyone talking to an empty room. The Amsterdam RAI is a huge venue and sometimes if I’m honest not the easiest place to navigate especially if it’s your first time in attendance. There were of course plenty of support staff on hand to offer guidance and direction when needed but even they struggled sometimes such is the size of this venue.

So, let’s start zeroing in on Cisco Security. It would be of course no surprise to anyone that AI was the most dominant theme at the event , but for me it really came down to how it was being applied and the trajectory in the innovation space that intrigue me the most.

To get us started here let’s start by acknowledging that for some of you that already have experience or knowledge of the Cisco Security portfolio it’s probably been fair to say that over the years Cisco haven’t always got it right, either through overall platform development and cohesion or acquisition and adoption in the broader Cisco ecosystem. That being said Cisco as a company has been undergoing years of transformation that is purposely pulling them away from being typecast as just a routing and switching business, which is what happens when you’re so dominant in a particular market, where your product is found in evert corner of the Globe. Even today some people still think of Cisco in this way. However if this Cisco Live event was anything to go by, you would absolutely get a sense that Cisco are a serious player in the world of technology and innovation.

That leaves me to say, “what a difference a year makes”. First of all Cisco announced that’s it’s opening the doors to playing the integration game and moving away from proprietary development that locks customers into to only buying into a Cisco ecosystem. They have realised that customers demand and frustration is a voice that needs to be heard when it comes to innovation and new technology.

To start with Cisco have brought us , Hypershield one of Cisco’s latest innovations which has been built on open-source eBPF which has been purposefully designed from the ground up using AI. Hypershield securely connects and protects cloud-native workloads in hyperscale cloud environments and is essentially constructed of three principal components.

  • AI-Native: Hypershield is architected to operate autonomously and with predictive capabilities right from its inception. Once it establishes trust, it manages its operations independently, enabling a broad and scalable approach to security across distributed environments.
  • Born in the Cloud: Hypershield is rooted in the open-source technology eBPF, the cornerstone for securing and interconnecting cloud-native applications in extensive cloud infrastructures. Cisco’s recent acquisition of Isovalent, a front-runner in providing eBPF solutions for the enterprise, underscores its commitment to cloud-native security.
  • Hyper-Distributed: Cisco is revolutionising the concept of network security by integrating sophisticated security mechanisms directly into servers and the underlying network infrastructure. Hypershield offers comprehensive coverage across all cloud environments and utilizes advanced technologies such as Data Processing Units (DPU) to meticulously scrutinize and react to unusual patterns in application and network behaviour, bringing security measures directly to the doorstep of the essential workloads it aims to protect.

This groundbreaking suite of security tools and protocols is designed to redefine how businesses safeguard their infrastructure, data, and digital assets in the era of sophisticated cyberthreats.

I must say though when I listen to what’s being said or what I’m learning I’m always trying to translate what this means to real world customer problems. As an example,  something that stood out to me was the fact that for years businesses and organisations have being trying to implement micro segmentation and to say it’s been challenging and besieged with problems would be an understatement. So, I really like they way Hypershield can mimic or shadow a production environment in real time so that enforcement security controls can be tested and the potential impact verified before changes are committed. What this means for customers is that they can essentially derisk change failures and enforce dynamic security controls on the fly and autonomously.  In essence if the life blood and revenues of any organisation are dependent on the production environment which is often the case, then being able to mitigate the risk of cyber-attacks with autonomous dynamic security protection whilst simultaneously maintaining up time is a game changer.  It should mean that organisations can uncross their fingers and be more assured of risk mitigation and high availability.

Cisco Security also unveiled Cisco AI Defense and I was fortunate enough to attend the executive leadership dinner at the Andaz Hotel in Amsterdam on the Tuesday evening which included one of the founders of a little known start up called Robust Intelligence which was Cisco acquisition back in August 2024. I can’t reveal all that was discussed as this was a private event but let me share what Cisco AI Defense is all about. Before I start though I know that the demand for this sort of product is in high demand if the customer conversations I’ve had is anything to go by.

Essentially Cisco AI Defense is a comprehensive solution designed to safeguard artificial intelligence projects within enterprises. It includes four main components: AI Access, AI Cloud Visibility, AI Model & Application Validation, and AI Runtime Protection. This solution helps organisations understand and mitigate risks associated with AI tools, ensuring that models and applications are secure throughout their lifecycle. Additionally, it validates AI models to identify vulnerabilities and applies real-time guardrails to protect sensitive data from misuse and threats. As we are likely hearing from all around us AI is a force for good and its application with the evolutionary power of LLM’s , NLP and GenAI as a tool, we found there has been little hesitation in businesses wanting to adopt it. In the main to bring about the dramatic efficiencies and potential cost reductions it could achieve. However, in the paradoxical world of Cyber Security it’s not without risk. If you allow it to be used within your organisation without the appropriate levels of governance and control then it could present a risk not worth taking, especially when it comes to any sensitive data that may inadvertently or maliciously leave your organisation which you will never get back and there be no ransom demand , it’s just out there to the end of days. So, Cisco AI Defense is something that will become a must for those organisations in a hurry to adopt the benefits of AI but are smart enough to mitigate the risks. 

Cisco Cloud Security

Ok so now let’s touch on developments within Cisco Security Cloud. So firstly, what is it? Cisco Security Cloud is a Cloud-native and cloud-delivered, AI powered platform that delivers effective, scalable protection in the form of suites. This essentially is how Cisco is unifying their SSE, Identity Access, MFA, Email Security and XDR products into a single management platform. Which features three core pillars

User Protection Suite

This suite has two defining packages starting with a User Protection Essentials Package that includes Cisco Secure Access, Cisco Duo and Cisco E-mail Threat Defence. The upgrade from this is the User Protection Advantage which will give you everything from the essentials package but includes Cisco End Point Protection and Cisco ISE.

Cloud Protection Suite

This package is delivered in two guises. Essentials Segmentation which provides granular segmentation for any application on any form factor or environment, as well as the ability to protect against vulnerabilities using surgical compensating controls. This includes Secure Workload SaaS , Hypershield , Isovalent Enterprise platform and Security Cloud control with AI Assistant . I need to caveat something here that even though Cisco are generally saying Cisco Security Cloud is fully integrated as a management platform it doesn’t actually include Isovalent which I’m guessing will be integrated at some point, but I’ve not been given any indication as to when that will be. The second package delivered as part of Cloud Protection Suite is the Essentials Gateway package which delivers foundational security to stop inbound attacks, data exfiltration, and unauthorised movement, as well as advanced protection against zero day exploits and to block malware in encrypted traffic. This includes Virtual Firewall, Multicloud defence and Cloud control with AI Assistant. I would point out though when we talk about Multicloud defence we are only talking about public cloud in four flavours , AWS , GCP , Azure and Oracle . So, of you are using Alibaba or anything else for that matter it’s not fully supported.

Breach Protection Suite

This Suite is delivered in three packages depending on your requirements. There’s the Breach Protection Essentials which will give you Cisco XDR essentials, Cisco Email Threat Response and Cisco Endpoint Advantage which is Cisco’s EDR. The next level up is Breach Protection Advantage, which delivers everything you get in essentials but includes more advanced detection and protection capabilities that’s found in Cisco XDR Advantage, Cisco Secure Endpoint Premier, Cisco Secure Network Analytics and Cisco Telemetry Broker. Finaly, we have the Breach Protection Premier which brings in a managed element to the party with Cisco’s Managed EDR and Talos DFIR. Also included is a Cisco Technical Security Assessment Service which includes things like threat modelling, Security architecture and security operations assessment. 

Ok, so nothing new here, right? I mean all this has been out there since 2023 and there has been some further integrations and harmonising of the suites but is that newsworthy. Well no not especially.

So,  what is news worthy apart from the fact that now almost everything is fully integrated ? Well do you remember when I was talking about being open to integration? Well as it turns out the Cisco Security Cloud has been opened and enabled it to manage and integrate with other vendor technology. Now this is a real step change for Cisco. Furthermore, I have it on good authority that the pursuit of developing CNAPP is dead in the water and instead Cisco Security have opened the door to adopting an integration partner. They were a little vague as to who that might be in the security partner session I attended, but I’m not sure why because we all know it’s our friends and CDW partner Wiz. Which for everyone in the world is great news

So finally let’s talk about Splunk which was yet another smart Cisco acquisition in 2023. I’m not going talk about its full stack observability capability otherwise there’s a danger of me drifting away from the security focus I’ve promised by talking about AIOps, Digital Experience Monitoring and all that Jazz , impressive as it all is though. I do recommend Splunk SIE in London as that is the place to see an impressive end to end showcase of the power of Splunk. However, if you don’t mind, I’ll focus on its security prowess for now. It’s fair to say that Splunk as an enterprise SIEM tool is still the choice of many large enterprise and with many good reasons, however it occurred to me that it presents Cisco with a bit of conundrum that it is yet to solve and quite frankly couldn’t quite give the answers to the questions asked within some of the interactive sessions. What do I mean by this? Well quite simply all of its main competitors have combined or are combining their SOC tools under a holistic management platform. So, in essence SIEM, XDR, SOAR , and sometimes ASM are naturally a good combination for not only threat monitoring but threat response. De-coupling the SIEM element from the platform isn’t really practical as it has a dependency on the core elements that everything else is dependent on. So, does it really need too ? Well, it of course will ingest the logs and alerts from any flavour of XDR or ASM tool and it has its own SOAR capability. So what’s the problem? In my view I think it will inevitability come down to the cost of doing SIEM and therefor the risk is of competitiveness in the longer term and whether or not the single pane of glass story is important to a customer or MSSP provider delivering SOC services. I do have to mention though that as it’s been a long standing favourite of the large enterprise it has developed an impressive library of out of the box or downloadable threat base use cases , something that should always be considered a high value compared to competitors and it’s known for its high speed indexing and what the means is that it can perform almost real-time threat analytics and when we think of the impact of a breach time is really of the essence. Well that’s the conundrum mentioned but was there anything new announced. 

Well yes actually. It’s only been a matter of weeks since Cisco acquired SnapAttack

SnapAttack provides a solution that supports the complete detection content lifecycle, starting with curated detection content discovery that is prioritised by current threat activity, potential impact and other factors, all the way through to the continuous validation, testing and assessment of deployed content. Today, SnapAttack is used by some of the world’s largest organisations in industries with the most stringent cybersecurity regulations. 

With Cisco’s acquisition of SnapAttack, security teams using Splunk security products will see even more innovation with accelerated delivery of capabilities that offer even more control, visibility and advanced management of all their security content, including the content they develop themselves. 

Using a unique, threat intelligence-driven approach, SnapAttack monitors changes in the threat landscape and helps organizations understand if their current detection content protects them against the latest threats. If not, it recommends detection content that’s readily deployable for security teams to apply.  

Accelerating the SOC of the Future with SnapAttack

By bringing the new capabilities provided by SnapAttack together with Splunk’s existing security products, customers will benefit from an enhanced TDIR platform that enables them to quickly adapt to changes in the threat landscape. 

Key acceleration areas and benefits include: 

  • Enhanced detection engineering: Defenders will have the upper hand with leading capabilities such as detection content discovery, detection authoring and lifecycle management, continuous detection validation, detection content prioritization and detection coverage mapping - powered by proprietary AI and machine learning (ML) techniques. 
  • Enhanced insights: The insights gained from using SnapAttack’s solution provide a complete picture of current threat coverage, identifies detection gaps and helps prioritize those gaps, which then feed into threat detection engineering teams trying to refine and improve defensive strategies over time.   
  • SIEM modernisation: Using SnapAttack’s detection translation technology, organizations can seamlessly migrate to Splunk ES to modernize their SIEM. This includes autonomous migration capabilities that translate, validate, deploy and test existing SIEM content within Splunk ES. This will significantly reduce effort and lower transition costs while delivering enhanced security outcomes.          

There’s of course an element of integration to do here but if we believe in the path and trajectory in which Cisco is taking in security then I shouldn’t think it would take to long before we are seeing this latest acquisition being harmonised into the Splunk platform.

In summary then. Cisco Live 2025 delivered some real tangible show casing in terms of innovation and if I’m honest catching up with the competition. There was less wording describing future tense and more of the look at what we’ve achieved vibe about the event and the overall messaging was truly well received. There was of course the usual were elements with technology, partnerships and of course me myself and AI. In all a great showcasing a good vibe. I would just like to finish off with something for those eagle-eyed Cisco obsessed extraordinaries that there was no mention of Maraki in this article and that’s because I didn’t hear about much in the way of change here. So please forgive my omissions, but if you want to know more about that element of the Cisco portfolio then they are of course online.

Contributors
Share
Subscribe to email updates

Related insights

SECURITY TRANSFORMATION PART 3 SECURITY STRATEGY
  • Security

Security Transformation: Part 3 – Security Strategy

Embark on a Strategic Security Journey: Uncover Root Causes, Not Just Symptoms. Learn how to build a comprehensive security strategy for lasting protection.

Read article
PT4 Security Transformation Business Process And Security Summary
  • Security

Security Transformation: Part 4 – Business Process and Security 

Security Advisor to CDW, Greg Van Der Gaast, talks about how it’s important to increase the scope of your security beyond IT to your entire business. To be effective you should “do less cybersecurity, and do more business securely.”

Read article
Retail Security
  • Hybrid Platforms

Hybrid Platforms Trends Series - Retail Edition: Security

Rob Sims talks to a panel of retail experts about security in retail, and how retailers can adapt their practices to promote better security. 

Read article