By Kurt Marko
Cisco’s still relatively new CEO Chuck Robbins has made clear that the networking behemoth is evolving into a company that differentiates itself based on software, not hardware, and is committed to increasing the software and subscription mix of its revenues. True to this strategy, Cisco’s latest announcement detailing its “network of the future” is heavy on new software and services and light on the big iron hardware Cisco is both known for and that still drives most of its sales. Sadly, the announcement is also laden with promises and hyperbole that are likely to leave customers and partners muttering “where’s the beef?” The reasons should become clear after we detail the news.
Like most companies, Cisco sees the potential for data analytics and new machine-learning algorithms to add intelligence to its products that can improve performance and security, automate operations, provide business insights and adapt to new situations through extensible software interfaces. These are keys to Cisco’s strategy, which it describes as a platform “powered by intent and informed by context.” The foundation is a rebranded SDN Cisco now calls DNA Center (nee ACI, application centric infrastructure). Like its progenitor, DNA Center provides a central network control plane and management platform that can consistently apply network policy and configuration across all network layers: core, edge, wireless and WAN. It does this by working with other elements of Cisco’s increasingly-intelligent network devices that provide software control and programmability.
So far, the new network sounds like any other programmable network. Where Cisco appears to be raising the bar is in the application of data analytics and machine learning to network flows and traffic patterns to better predict and mitigate performance bottlenecks, detect security anomalies, provide application-level usage statistics and business insights and improve troubleshooting. What Cisco calls the network data platform will be a separate product that works with the retooled DNA Center. Marketing puffery aside, Cisco is far from unique in seeing the value of ML and AI to network management and security. Whether established competitors like Brocade, Carbon Black and HPE Aruba or startups like Balbix, Deep Instinct and Preferred Networks, there’s a torrent of activity around the application of AI to networking and security.
Another significant software component to Cisco’s announcement is a new ability to analyze traffic, including encrypted packets, for security threats such as malware and APTs. Note that unlike deep packet inspection, Cisco’s technology can’t crack the encryption and analyze the payloads, but instead runs the flow patterns and other traffic metadata such as headers, source, destination and port numbers through some machine learning algorithms to identify suspicious flows with the “fingerprints of known threats.” Cisco claims this to be a unique feature that detects security problems 99 percent of the time with only one false positive out of 10,000; however, similar pattern analysis of encrypted traffic has been previously described by several security researchers including the SANS Institute, University of North Carolina and Tsinghua University. Indeed, some of these predate the publication of Cisco’s research underlying this feature. Furthermore, as mentioned above, there are many competitors applying machine learning to network security.
Of course, a major Cisco announcement wouldn’t be complete without some hardware, and this time it’s an upgrade to the Catalyst line of edge switches with the 9000 line. The 9000-series is comprised of both fixed and modular configurations that feature a programmable ASIC that will allow Cisco to add new features via software updates and are optimized for the DNA Center management platform. Built as edge switches for the age intelligent and wireless devices, the 9000-series can act as a wireless controller and supports both PoE+ and UPOE devices. The 9000-series will also be the only switches that initially support encrypted traffic analysis, although Cisco expects the feature to be added to other switches and routers in the future.
Other elements of Cisco’s announcement include:
Buried in all the new product build up is the cold reality that almost nothing will be available for quite a while. Indeed, the least exciting component, the updated Catalyst switches, is the only item currently orderable. Cisco claims that DNA center will enter “controlled availability” in August, which means who knows when it will arrive for the hoi polloi. The network data platform will be orderable in November, while encrypted traffic analytics is “scheduled to be available” (how’s that for hedging?) in September.
According to Jason Gallo, Cisco’s Global Director of Collaboration and Software Partner Business Development, the strategy offers three benefits to Cisco partners:
Unfortunately, the logic behind Gallo’s rationale for the first two benefits is dependent on the eventual pricing for these new products along with the competitive responses from other vendors. The third opportunity, software-driven service differentiation. is compelling, but requires a level of technical sophistication that will blunt the benefits to smaller partner organizations lacking development resources.
Regardless of one’s commitment to the Cisco ecosystem, the company has set out a product road map attuned to the era of dynamic cloud workloads and software-defined infrastructure. As always, its success will depend on execution, pricing and aggressively countering competitive incursions into its base of partners and customers.