Cisco Unveils the Latest Security Innovations for Modern Data Center Networks - by Murali Gandluru

jlagan74
Oct 8
4 min read

Back in February 2025, Cisco introduced a bold architectural shift to data center networking with the launch of the Cisco N9300 Series Smart Switches—a new class of switch that unifies networking and security into a single, future-proof platform. Today’s data center operators are looking for simpler and more secure ways to scale their environments, without the need to layer on multiple security solutions. N9300 Series Smart Switches, part of the Cisco Nexus portfolio, deliver on this need, providing robust L4 segmentation across both single- and multi-fabric deployments.

By embedding advanced security directly into the network fabric, this innovative platform enables advanced segmentation, greater visibility, and helps reduce total cost of ownership (TCO) with this transformative approach to network design.

With the general availability of top-of-rack (ToR) N9300 Series Smart Switches in Networking Mode, modern data centers are empowered to scale both efficiently and securely. ToR L4 segmentation with Cisco Hypershield integration will be available in an upcoming release.

Figure 1. The new ToR N9324C-SE1U and N9348Y2C6D-SE1U N9300 Series Smart Switches.

Always-on protection with Cisco Live Protect

Cisco Live Protect, another recent innovative release, adds an extra layer of resilience to N9300 Series Smart Switches and other Cisco Nexus series switches by instantly guarding against software vulnerabilities. The solution operates without requiring upgrades, reboots, patching, or downtime. Native to NX-OS, Live Protect uses real-time, eBPF-based policy enforcement to instantly mitigate advanced common vulnerabilities and exposures (CVE).

Future-proof top-of-rack switches with Networking Mode

The new Networking Mode release includes the new Cisco N9324C-SE1U Smart Switch and Cisco N9348Y2C6D-SE1U Smart Switch, both powered by Cisco NX-OS 10.6(1s). These versatile platforms are optimized for leaf, border leaf, and border gateway roles, supporting VXLAN-EVPN and BGP-routed fabrics for both single-fabric and multi-site deployments.

These smart switches deliver comprehensive L2/L3 capabilities, QoS, multicast support, and advanced features such as L2 mobility, active-active multi-site deployment, and disaster recovery continuity. When operating in Networking Mode with DPUs powered down, they provide the high level of performance needed to help future-proof data center infrastructure. Networking Mode also facilitates the seamless integration of new deployments and brownfield expansions with existing Nexus data center fabrics, while laying the groundwork for future ToR L4 segmentation.

The result is simplified operations, reduced deployment complexity, and significant TCO savings with ToR L4 segmentation.

Figure 2. Networking Mode supports VXLAN-EVPN and BGP-routed fabrics for both single-fabric and multi-site deployments.

Strengthening data center security with ToR L4 segmentation

The upcoming Networking and Security release will integrate ToR L4 segmentation directly into the network fabric, delivering advanced security at the edge—simplifying operations, strengthening security, and delivering tangible business outcomes, including:

Optimized operations: Nexus Dashboard streamlines NetOps management, helping reduce costs and accelerate issue resolution.
Stronger security and compliance: On-premises Hypershield and Cisco Security Cloud Control (SCC) SaaS deliver robust policy enforcement to NetSecOps teams, lowering risks and supporting regulatory adherence.
Faster deployment and investment protection: Flexible VXLAN/BGP fabric integrates seamlessly into both greenfield and brownfield environments, accelerating deployments while protecting existing investments.
Minimized risk and scalable protection: Advanced stateful or stateless L4 segmentation (up to 800G throughput) ensures security policies follow workloads, confining breaches and delivering consistent, adaptive security.
Reduced deployment risk: CRD schema-based policy management with validation/canary rollouts contribute to secure, stable deployments.
Enhanced control: On-premises Hypershield control plane provides greater operational control and improved data governance.
Increased agility: Streamlined upgrades minimize downtime and accelerate adoption of new capabilities.
Proactive insights: Comprehensive observability from Nexus Dashboard, Splunk, and Prometheus/Grafana integrations enable proactive issue detection and data-driven decision making.
Figure 3. Stateful segmentation ensures security policies follow workloads.

Air-gapped control and unified security with Hypershield

The on-premises Hypershield control plane is lightweight, highly available, and air-gapped for secure operation. Comprehensive global visibility is supported through both API- and UI-driven automation. Building on this, Cisco Security Cloud Control enables unified policy management for distributed segmentation across smart switches, agents, and perimeter firewalls—streamlining security operations and safeguarding critical assets.

Figure 4. The Hypershield control plane is air-gapped for secure operation.

Consistent protection with Hypershield’s distributed segmentation

Hypershield’s distributed segmentation ensures consistent, stateful protection by allowing security policies to follow workloads across the fabric. Inline enforcement across smart switches and agents (kernel to network) eliminates blind spots and supports distributed policies for agentless workloads such as bare-metal servers and mainframes.

Enhanced observability: total clarity and security

By integrating Cisco Nexus Dashboard with the on-premises Hypershield control plane, NetOps and NetSecOps teams maintain independent controls while working more collaboratively. This approach speeds up problem resolution and reduces operational overhead.

Additional integrations with Splunk and Grafana provide actionable, real-time insights, empowering data center operations teams to proactively detect issues, ensure continuous compliance, and optimize system performance—minimizing downtime and protecting critical business functions.

Unprecedented resilience with Live Protect

Organizations can now enhance security on Cisco NX-OS-based Nexus series switches without downtime or waiting for PSIRTs and software upgrades. Live Protect leverages the Isovalent Tetragon agent and eBPF-based shields to rapidly deploy compensating controls against threats such as privilege escalation CVEs.

Figure 5. eBPF-based shields protect against privilege escalation CVE threats.

Cisco is first to market with this innovative feature, helping data centers remain secure and operational against emerging CVE threats.

Ready now, built for what’s next

“We are excited about the potential of Cisco’s Hypershield-enabled N9300 Series Nexus Smart Switches. Our investment in this technology enables us to seamlessly align our security and networking strategies, while maintaining the flexibility to evolve each independently. This capability enhances our agility, reduces operational risk, and ensures our infrastructure continues to keep pace with the growing demands of our business.”

— Eric Bradley, Chief Information Officer, TaxSlayer

Cisco N9300 Series Smart Switches in Networking Mode offer immediate performance improvements and operational simplicity, meeting the requirements of today’s and tomorrow’s data center environments. For advanced segmentation and integrated protection, Network Mode ensures infrastructure can scale securely and provide lasting value. And with continuous vulnerability protection from Cisco Live Protect, data center operations benefit from resilience, scalability, and sustained value over time.