Cisco Integrates Security into New Data Center SwitchesCisco Integrates Security into New Data Center Switches

Cisco has introduced new data center switches with built-in security management, allowing enterprises to enforce protections directly at the switch level.

The new family of N9300 Series Smart Switches combine networking and security services, helping data center operators streamline infrastructure and support AI workloads, the company said.

To enhance security, Cisco has embedded two technologies on its new switches: Cisco Hypershield security software and an AMD Pensando data processing unit (DPU), which will handle security-related tasks.

Analysts say data center operators will find the new smart switches appealing for their ability to simplify networks by integrating security features. Historically, facility owners had to deploy security capabilities such as firewalls on a separate overlay network, said Zeus Kerravala, founder and principal analyst at ZK Research.

“One of the reasons why network and security devices were deployed separately is because network devices don’t do security well, and security devices don’t do networking well,” Kerravala told Data Center Knowledge. “And so, by building the DPU into the switch, now all of a sudden, you’ve got a network switch that can act like a security device.”

Switching Up Data Center Security

Related:A Guide to Data Center Circuit Breaker Design and Deployment

DPUs are accelerator processors traditionally used for tasks like storage, security, and networking, freeing up CPUs in servers to focus on application processing.

Cisco, which announced the new switches at the Cisco Live conference in Amsterdam, Netherlands, yesterday (February 11), has become the second network equipment maker to incorporate a DPU into its switches to provide security services, said Steven Schuchart, principal analyst for enterprise networking at GlobalData.

Hewlett Packard Enterprise (HPE) introduced a network switch with DPUs in 2021.

Cisco’s N9300 Series Smart Switch integrates networking and security for more efficient data center operations. (Image: Cisco)

In Cisco’s new smart switches, the DPU works alongside the Cisco Silicon One network processor. While the network processor will focus on data transfer, the DPU will handle security.

Traffic is intelligently steered between the two processors for optimal performance, the company said.

Schuchart said he believes Cisco’s new smart switches will appeal to data center operators. Even though HPE came out with a DPU-embedded switch with security features first, HPE doesn’t necessarily have a first-mover advantage because the technology requires a change in data center networking architecture, and it takes time for the market to develop, he said.

“It’s an evolutionary timeframe,” he explained. “This isn’t a technology that is going to be so hot that everyone has to have it right now. It’s going to be a slower roll, but I think one that’s probably worthwhile in the long term.”

Related:White Box Switches: Benefits and Best Use Cases for Data Centers

Cisco’s announcement Tuesday reflects a broader trend of networking and security products coming together, Schuchart said. He believes Cisco can be successful with the new offering, but the adoption of the technology depends on many factors, including price.

“Cisco is a big security vendor and the largest switching vendor, so this is a natural win for them,” he told Data Center Knowledge. “The more products that you have in-house, the stickier you are.”

Cisco N9300 Series Smart Switch Details

Cisco described the N9300 Series Smart Switch family as an all-in-one network and security solution.

“We’re providing the one-two punch of what it means to be a modern AI ready secure data center,” said Murali Gandluru, Cisco’s vice president of product management for data center networking, in an interview.

The company has received strong interest from enterprises, particularly in regulated industries such as finance and healthcare, where they have to meet compliance requirements that include network segmentation, Gandluru said.

Enterprises are also interested because they want to reduce the complexity of their data center architecture, he said.

Related:How Insecure Network Devices Can Expose Data Centers to Attack

“Complexity is high. You see the span of what they have to manage. In such an environment, it’s absolutely essential to be able to do [security] quickly where it’s happening, instead of sending the traffic all the way to a central firewall,” Gandluru said.

Initial security services available on the new smart switches will include autonomous segmentation, distributed exploit protection and centralized policy enforcement. Future security services will include intrusion detection and protection, encryption and telemetry services, Gandluru said.

Read more of the latest data center hardware news

Security through Cisco Hypershield is just the first service available on the new switches. Cisco said the company can add other services onto the switches in the future, but did not provide details.

Cisco’s first N9300 Smart Switch, with 24 100G ports, ships this spring. A top-of-rack model (48×25G, 2×100G, 6×400G) arrives this summer. Pricing has not been announced.