SAN FRANCISCO — Cisco today unveiled its intent-based networking software that it claims can detect malware threats in encrypted traffic.
Intent-based networking allows network managers to translate their business intent by automating policy, as opposed to manually translating intent into a lot of lines of code. This is increasingly necessary as IT departments are tasked with managing millions of connected devices in near-real time, said Cisco CEO Chuck Robbins.
At a splashy event in San Francisco, Robbins said intent-based networking will “redefine the network for the next 30 years.”
More than just automating policy, the network needs context, Robbins said. This means the network, with machine-learning built in, can interpret the data in context and provide the user with insights. “Over time the intuitive network can become smarter through machine learning, through artificial intelligence, through analytics,” he said.
But for intent-based networking to work, people have to trust the network. Cisco said it accomplishes this through security that maintains privacy. To this end, the network can identify threats even in encrypted traffic without decrypting it and impacting data privacy. Cisco says it’s the only vendor that can do this.
“This is a revolutionary breakthrough,” said David Goeckeler, senior vice president and general manager of networking and security.
To build this intent-based network, Cisco announced the following software and hardware. The software will be offered as a subscription service:
- The Digital Network Architecture (DNA) Center: This is the automation and learning engine for the network. The centralized management dashboard allows network managers to define intent, which then translates this intent into action. It spans design, provisioning, policy, and assurance. It also gives IT departments full visibility and context across the entire network.
- Software-Defined Access (SD-Access): This uses automated policy enforcement and network segmentation over a single network fabric. The aim is to simplify network access by automating day-to-day tasks such as configuration, provisioning, and troubleshooting.
- Network Data Platform and Assurance: This is the analytics platform, which categorizes and correlates all of the data running on the network. It uses machine learning to turn it into predictive analytics, business intelligence, and actionable insights through the DNA Center Assurance service.
- Encrypted Traffic Analytics: The security software uses Cisco’s Talos cyber intelligence and machine learning to analyze metadata traffic patterns. Cisco says it can enable IT departments to detect threats in encrypted traffic with up to 99 percent accuracy.
- Catalyst 9000 Switching Portfolio: The new switches are built on Cisco’s silicon and run the company’s IOS XE software. Cisco says the switches are secure and programmable, designed with mobility, cloud, and IoT in mind.
Some 75 global enterprises and organizations are conducting field trials with the software and switches, Cisco said. These include DB Systel GmbH, Jade University of Applied Sciences, NASA, Royal Caribbean Cruises, Scentsy, UZ Leuven, and Wipro.
This is a big deal for Cisco, and the entire networking industry, said IDC analyst Rohit Mehra.
“The combination of automation and security and the separation of hardware and software does up the ante for the industry as a whole,” Mehra said. “Cisco has thrown down the gauntlet. It has given all of its competitors the challenge of hey, let’s compete in meeting the digital needs of the next generation of IT.”
Intent-Based Networking and SDN
Cisco’s new intent-based network brings software-defined networking (SDN) to the enterprise level. Mehra added.
“Although Cisco didn’t talk much about SDN, they did talk about software-defined access security and automation, policy and automation, the issue of machine learning and how their security platform actually enables and empowers the network in real time,” he explained. “While Cisco may not have said it, we are now embarking on this new era of SDN for the enterprise network. That’s what Cisco is bringing to the table.”
Indeed, SDN has become a loaded phrase at Cisco and across the industry. The SVP and GM of Cisco’s Security Business David Ulevitch recently joked about redefining SDN as “security-defined networking.” Many Cisco employees say “SDN really stands for ‘still does nothing.’ But we think it might actually stand for security-defined networking,” he said.
At the San Francisco event, Sachin Gupta, VP enterprise switching and wireless at Cisco, said the company’s new technologies leverage SDN to meet customers’ needs. The DNA Center, for example, is essentially the network controller that’s programmable and has an analytics engine that can collect and analyze data.
“Customers aren’t looking for SDN because of SDN,” Gupta said. “They would like to be able to express intent. For example: I want my medical devices separated from my doctors and only doctors have access to medical records. Customers want a network that is programmable and can take the necessary actions to deliver on that intent.”
Intent-based networking, he said, addresses enterprise customers’ needs. “The result is you are moving toward a software layer that is helping you move more quickly, get a better experience and get better security.”
Photo: Cisco CEO Chuck Robbins announces the intuitive network of the future.