At Cisco Live 2025, networking professionals explained that network security needs to drastically change to keep up with AI, including updated ZTNA and firewall practices.
Networks require updated security measures to keep pace with AI's evolving capabilities.
Networking professionals gathered at Cisco Live 2025 to discuss the current networking landscape, including ongoing technological developments around AI use. In one session, Tom Gillis, senior vice president and general manager of Cisco's infrastructure and security group, discussed how organizations must infuse better security practices and capabilities in their networks as AI continues to evolve.
"Security can be built into the infrastructure to protect AI-based workloads," Gillis said. "That really wasn't possible even two years ago."
Before organizations start reworking their network security practices, Gillis said, they should understand the changing threat landscape. When updating network security, organizations should consider the following:
Using AI to fight AI.
Expanding zero-trust capabilities.
Implementing a hybrid mesh firewall.
A changing threat landscape
AI has not only increased data workloads across multiple industries and networks, but has also given rise to new types of cyberattacks. Gillis said that cyberthreats are increasing in severity, and attackers have different targets and motivations than in previous years.
Before, cyberattacks focused on network infrastructure. While this is still true, Gillis explained cyberattacks are now also aimed at critical systems, including power supplies and systems, water systems and telephony.
"The motivation of these attackers is different than what we've seen before," Gillis said. "The motivation is to penetrate, get in and stay so they can turn the lights out at the right moment."
In addition to changing motivations and targets, cyberattacks are happening faster and with less warning. Mike Horn, senior vice president and general manager of security products at Splunk -- a subsidiary of Cisco -- said that, whereas exploitation used to take weeks, months or years, it can now happen in hours.
Gillis said he also noticed a drop in zero days. "Attackers are realizing they don't have to find a zero day. That's hard. … Existing vulnerabilities are a pathway in."
In this dramatically shifting landscape, normal security processes aren't going to cut it anymore. Whether organizations use AI to fight AI, implement new technologies or create a new blueprint for the data center, networking security practices must change.
"In the post-AI world, the nature of what we secure is changing so dramatically that security needs to change in a way it hasn't really done in the past decade," Gillis said.
To be good at AI in this world, you have to be good at security.
Peter BaileySVP and general manager of security, Cisco
Cisco unveils new security practices
"To be good at AI in this world, you have to be good at security," said Peter Bailey, senior vice president and general manager of security at Cisco.
To understand how security must change, organizations must first recognize that applications have fundamentally changed. IT professionals previously thought of applications in three layers: presentation, application and data. However, AI use has caused a new paradigm to emerge, with the model wedged between the application and data layers.
"The model ingests all your data," Gillis said. "It's going to learn all your secrets. But what you may not realize is that, when a model learns something, it never forgets."
Organizations must put safeguards in place to ensure AI isn't tricked into revealing secure data. AI's nondeterministic nature makes it possible to trick it, Gillis said.
One possible way to prevent data leakage is to use AI to protect AI, Gillis said. He likened this method to a perpetual game of 20 questions.
"AI defense will play the game of 20 questions a billion times over," he said. "It will constantly keep asking a model [questions], looking for vulnerabilities to see if the model will reveal your secrets."
However, networks need more defense than a game that ensures guardrails are always active. Security has multiple aspects, and this is something Gillis said network security professionals must keep in mind. Cisco breaks down security platforms into three major divisions:
User protection.
Cloud protection.
Security and analytics response.
User protection
Cisco builds user protection on zero-trust network access (ZTNA). This is the assumption that no user is privileged to access an organization's entire network. Instead, access is granted to authorized users but only to the resources they need. However, Gillis said the problem with this approach is that it only considers people, not necessarily devices.
"I often say people forget that printers are people, too," he said. "But that printer in your remote office needs to access the print manager. … You don't want the printer accessing a customer database."
Gillis said another problem with zero trust is the lack of continuous risk assessment. Once a network deems a device trustworthy, it has free rein of its authorized portion of the network. However, devices aren't always consistent and can change even when in use on the network.
"In a traditional approach to zero trust, you authenticate, check the posture of the machine when it's authenticated and allow it in," Gillis said. " But, once you're in, you're in. You can do whatever you want."
Gillis explained Cisco's Universal ZTNA addresses both these problems. Instead of just addressing a user or device at the time of authentication, it continually looks for changes.
"If a host-based firewall has changed, then the security posture goes down," Gillis said.
Cloud protection
Cisco uses a hybrid mesh firewall, an evolution of traditional firewalls, for cloud protection. These firewalls consist of many smaller firewalls and can live anywhere on the network, Gillis said. Possible locations include hardware appliances, VMs or even the host itself using Extended Berkeley Packet Filter.
"The idea is that you have multiple different form factors that allow you to put firewalls in lots of places," he said. "We really want to be able to take network security -- I wouldn't even use the word firewall -- and break it, literally, into a million pieces."
Furthermore, according to Gillis, the heart of Cisco's hybrid mesh firewall services lies within security cloud control.
"It's the one control where policies live all the time. The enforcement points underneath can change over time, but policy doesn't," he said.
As advanced AI threats continue to plague networks, hybrid mesh firewalls have also begun to include AI defense. This provides guardrails for the network independent of any AI-based applications, Gillis said.
Security and analytics response
Gillis said he thinks of security and analytics response as a bow that ties user protection and cloud protection together.
Worldwide data usage continues to grow. Organizations are using petabytes of data daily, especially as they include and encourage AI usage. Simply training AI can take terabytes or petabytes of data, and that doesn't account for the significant amount of content AI produces. As such, it's become crucial for organizations to have proper analytics and reporting to keep track of their data.
"Data volumes are going up 30% to 40% a year, and so it's getting more and more arduous and expensive to bring all of that data back and analyze it and make sense of it at the core," Bailey said.
Not only do organizations need to track their data, but they also need to properly secure it.
Bailey further explained that, in the coming years, it will become more common for organizations to deploy network architectures that already include security considerations. Not only will this ensure that data -- which includes client data -- is well protected, but it also safeguards against attacks.
Nicole Viera is assistant site editor for Informa TechTarget's SearchNetworking site. She joined Informa TechTarget as an editor and writer in 2024.
