Insights from the Cisco Live! “Redefining Security in the AI Era” Panel
The rapid proliferation of Artificial Intelligence (AI) across industries has adroitly shifted the paradigm of cybersecurity. At the recent “Redefining Security in the AI Era” panel held at Cisco Live! 2025, senior leaders from Cisco, and partner organisation Logicalis, met to discuss the complexities and opportunities facing security teams today. The conversation took an in-depth look at the changing threat environment, evolving customer needs, and the role robust partnerships play in enabling the security operations of the future.
From Left to Right: Raj Chopra, Lisa Fortey, AJ Shipley
From Product Aggregation to Outcome-Driven Security
To open, Raj Chopra, SVP and Chief Product Officer, Security, at Cisco, framed the organisations evolving approach to security. Rejecting the outdated approach of simply aggregating disparate products, Cisco instead focuses on “…melting, blending, fusing security into the network.”
This, Raj emphasised, is not just a slogan, but rather a practiced strategy. The goal is to create customer-centric outcomes rather than serve up isolated tools. For example, holistic protection of users, seamless incident response, and comprehensive application protection, whether on-premises, cloud, or hybrid environments.
The company’s Cloud Protection Suite exemplifies this shift. It offers cloud-like characteristics for application security while also covering varied deployment needs. This integrated approach improves operational simplicity and unifies policy enforcement, reducing friction for security teams who manage both Cisco and third-party technologies.
The New Security Architectures
Raj described Cisco’s two flagship architectures;
- The Hybrid Mesh Firewall offers protection across diverse infrastructure, virtual, cloud-native, containers, reflecting modern IT environments where static boundaries have disappeared. This mesh design enforces uniform policies, converting the classic noun “firewall” into the verb, “firewalling” – a practice distributed throughout the infrastructure.
- Equally pivotal is Zero Trust Access, predicated on Software-Defined Networking (SDN) and secure identity-driven access controls. Here, identity becomes “the only perimeter,” as users and devices require adaptive privileges based on dynamic risk assessments. In scenarios where user entitlements alone aren’t enough, signals such as failed logins, phishing test performance, and suspicious device activity drive more nuanced authorisation decisions.
Critical to both architectures is operational simplicity, enabling organisations to manage policies from a centralised place, regardless of the underlying hardware or provider.
Noteably, in my private conversation with Raj, we talked about the central nature of identity, emphasising that modern identity spans humans, devices, and non-human agents like scripts or agentic workloads, making the challenge far broader than just user authentication,
“So it is three kinds that we talk about. So of course human, of course devices, but then also [other] non-human identities. And we include agents in non-human workloads, non-human scripts, non-human terraform scripts… So this spans the gamut all the way from you and me as a user, this device; a device identity… and then, in the fullness of time, an agent working on my behalf, either starting from this laptop or from cloud, and accessing systems for accomplishing a task. All of that comprise as human and non-human identity. So the scope of this is pretty large.”
AI’s Dual Role,Tool for Defenders, Risk for Organisations
Artificial Intelligence emerged as both boon and challenge throughout the panel discussion. The panellists highlighted how AI drives exponential data creation, burdening legacy SOCs with more log aggregation and alert fatigue than ever. At the same time, adversaries use this expanding data surface to launch sophisticated, automated attacks.
AJ Shipley explained that in response, Cisco has fused vendor-provided and customer-specific detection engineering to keep pace. Their acquisition of Splunk enables deep log analytics, while the new XDR product focuses on vendor-wide patterns surfaced across Cisco’s immense customer base. This blend enables organisations with both deep in-house SOCs and those lacking expertise to benefit from high-fidelity and tailored threat detection.
Thus, the “SOC of the future” becomes “the marriage of SIM, SOAR, and XDR”, a system leveraging AI and automation to unburden human analysts, so their focus remains on incidents with real impact.
As AJ offered in my talks with him after the panel, “Along came XDR, which really shifted the burden of detection engineering onto the vendor… so that we can detect 80 to 90% of the stuff out there that most organisations are going to be hit with, the ransomware attacks, the crypto mining attacks, you know, the identity based attacks.”
Partners as Force Multipliers
For organisations unable to field in-house SOC teams, Cisco’s Managed XDR offering, provided globally by Logicalis, supplies a compelling alternative. Lisa shared that Logicalis leverages both XDR and Splunk to empower customers, especially in APAC’s mid-market segment, where security expertise and resources often lag behind threat actors’ capabilities. Managed services address not only alert fatigue (by harnessing automation and AI to triage mountains of log data) but overcome the “talent drought” that affects security teams globally.
This approach is vital, given data revealing that in 2025, among survey respondents in APAC, 93% had suffered a data breach and 43% had experienced multiple breaches.
Lisa noted, “You can’t do it on your own,” positioning managed security operations as an essential business resilience strategy.
Open Source, Democratisation, and Real-World Impact
Cisco’s investments in AI extend into research and open source. The panel described their Foundation AI Model, a 7 billion parameter open-source system trained on logs from Cisco’s prodigious security datasets. “We want that rising tide to lift everyone’s boats,” Raj remarked, highlighting the broader intent to democratise security innovation.
Beyond the technical explanation, real-world stories brought the impact of automation to life. For instance, Shipley cited a children’s hospital that reduced incident investigation time from eight hours to five minutes thanks to automation workflows, allowing for immediate response to ransomware campaigns.
Moreover, natural language interfaces atop Splunk have lowered skill barriers, enabling Tier 1 SOC analysts to interact with systems using English queries rather than specialised code.
Agentic Systems and Identity Management
The rise of agentic systems, AI agents acting on behalf of users, poses a new set of identity and access management dilemmas. Raj pointed out that a browser-based agent with expansive API privileges can, via automation, inadvertently (or maliciously) perform sensitive operations outside its intended scope. The granularity of access and the lack of deterministic boundaries make this a nontrivial risk.
Strategies to mitigate risk include strengthening both authentication and authorisation frameworks, and introducing governance controls capable of detecting and interrupting anomalous agent activity. Lisa chimed in on how threat actors now exploit AI for deepfakes and advanced social engineering, making continuous adaptation imperative for defenders.
The Interrelationships At Play, Redefining Security
Post-Quantum Cryptography Is Just On the Horizon
A forward-looking question addressed post-quantum security, how to future-proof cryptographic systems for the advent of quantum computing. While acknowledging the “cat and mouse” nature of cryptographic evolution, Raj explained that current approaches rely on expanding key lengths to deter feasible computation by quantum adversaries. The challenge is anticipating future advances and scaling security measures accordingly.
The Human Factor Amid Automation
Despite AI’s transformative power, panellists unanimously acknowledged the persistent need for highly skilled people. Lisa described Logicalis’ mandatory AI fundamentals training across APAC, arming employees with real-world competencies and a culture of applied innovation. Cisco supports this with educational initiatives and the development of tools designed to lower technical barriers to entry for SOC analysts.
Conclusion
As AI continues to reshape both the threat landscape and the tools to counteract it, the consensus from the panel is clear; no single organisation, solution, or human expert can defend alone. The next generation of security operations will be built on unified platforms, intelligent automation, strong partnerships, and continuous education. The race is not simply about technology but fostering a resilient, collaborative, and adaptive ecosystem, lifting every defender to meet attackers on smarter, fairer ground.
This panel stood as a testament to the necessity for outcome-driven security, the powerful role of AI, and the centrality of human expertise. As threats evolve, so must our responses, together.
Panel Discussion Memebers:
Rajneesh Chopra, SVP and Chief Product Officer, Security, Cisco
AJ Shipley, VP, Product Management, Threat Detection and Response, Cisco
Lisa Fortey, General Manager, Logicalis Australia
