Global networks have faced relentless attacks for years with recent and dramatic increases in sophistication, scale, and speed. The current dynamic requires urgent change. Organizations must assess their current risk posture and use technology vendors’ guidance and tools to securely implement, maintain, and operate their networks. We recognize that the vast amount of information across products and services from different vendors can create insurmountable complexity for customers attempting to secure their infrastructure. To that end, we are simplifying our offerings so that secure configurations, protocols, and features are the default. We are proactively alerting network administrators when insecure choices are being made and deprecating legacy methods that have served as operational mainstays for over two decades, all to create a more secure, resilient, and modern network.
At Cisco, we have spent years making technology that allowed our customers the ultimate flexibility in how to configure and deploy networks. We also have a long history of constant improvement in the design of our portfolio to be secure and resilient to evolving threats, remaining trustworthy and transparent throughout its lifecycle, and equipping our customers with the tools and information they need to manage risk. This technology is useless if it is not deployed securely.
Running global networks is complex. While experts once thrived in this environment, today’s landscape has turned past complexity into vulnerability. Network infrastructure that was designed, built, and deployed in decades past did not anticipate today’s hostile security environment. This is further amplified by the fact that many organizations have not updated and maintained their network infrastructure, missing opportunities to fix known vulnerabilities and update configurations based on the latest security best practices. A new Cisco-commissioned report found that 48% of network assets worldwide are now aging or obsolete, creating significant technical debt that diverts budgets toward maintenance rather than modernization. It is the equivalent of a city relying on a rusted, cracked bridge for all its traffic. As dependence on global networks grows, failing to break the current cycle of escalating threats could have a significant impact on our ability to trust future digital systems.
We believe it is the responsibility of all trustworthy vendors, including Cisco, to inform customers when the use of certain technology may expose them to potential risks. That is why we are doubling down on the model where security is the default and any reduction in security requires an explicit choice. It moves our customers from facing unexpected risks to managing known and deliberate ones. In some cases, we will completely remove the ability to do things insecurely regardless of choice.
Introducing Resilient Infrastructure
Today, we are announcing the next step in our security evolution focused on reducing the attack surface in our portfolio, increasing protection of sensitive data, and enabling the defender with more robust capabilities to monitor and detect threats in network infrastructure. Resilient Infrastructure is a Cisco effort to strengthen network security by increasing default protections, removing legacy insecure features, and introducing advanced security capabilities which reduce the attack surface and enable better detection and response. Simply put, we are making it incredibly obvious when our customers are configuring insecure features that introduce new and unnecessary risks into their networks. Initially, customers will receive increased security warnings that recommend discontinuing the use of any insecure features. In subsequent releases, features will be disabled by default or require additional steps to allow for configuration. Eventually, insecure options will be removed entirely.
Most importantly, we are furthering our commitment to our customers, and the industry, to provide visibility in areas where customers and large network providers are exposed to risk. We encourage all technology vendors to adopt the same approach to transparency.
Using the Network as THE Risk Control Point
Historically, network infrastructure has not received the same level of monitoring and scrutiny as other parts of the IT infrastructure…if it ain’t broke, don’t try to fix it. That is no longer the case. We want to emphasize the importance of, and make it even easier to perform, effective monitoring, detection, and response within network infrastructure when (not if) vulnerabilities and attacks manifest. Addressing newly discovered vulnerabilities often requires patching or updating systems, which can create operational disruptions and cause unwanted downtime. Instead of waiting for a patch or scheduling emergency upgrades, we will be designing features to deploy targeted real-time shields that protect against specific vulnerabilities soon after they are identified. This method allows teams to mitigate potential risks immediately, without the need to interrupt operations or perform unplanned maintenance. It means faster response to threats, fewer operational headaches, and a more resilient network, so critical services stay online, even as the threat landscape evolves.
A Secure and Updated Network is Critical for the Future
We know security and trust in technology will look different in 2040, as it did 15 years ago. As we evolve the network to be secure today, we must prepare for the future. It is crucial we get this right. The network is the foundational infrastructure that powers every aspect of our lives, enabling technologies like Artificial Intelligence (AI). We rely on the network to protect our most sensitive data, but quantum computing is poised to upend today’s encryption algorithms, therefore, the network must evolve to support post-quantum cryptography (PQC) and must be secure by default. This is not simply a switch to be flipped in the next decade as AI becomes the norm and quantum computing inches towards mainstream adoption. Those that do not act now will unfortunately be doing so at their own peril.
No measure can guarantee perfect security, but as the threat landscape evolves, so will our security practices. To put that promise into action, we will continue to invest in innovation to help our customers effectively manage risk, overcome threats, and work to earn and maintain their trust. We remain committed to raising the bar, giving defenders the tools they need to operate, detect and respond securely, and doing so with trust, transparency, and accountability.
We urge all network operators to act now to comprehend and mitigate infrastructure risk. Actively protect your organization by keeping systems up to date, using secure configurations, and planning for device lifecycle management.
Now is the time. As an industry we must raise the collective bar for securing our global critical infrastructure. Join us as we collectively move toward a more resilient future.
For more information on Cisco’s long-term journey and commitment to security and trust, visit our Trust Center.
