Cisco Infuses Security into Networking with New Nexus Smart Switch and Hypershield Integration
Among a blizzard of announcements in the keynote at Cisco Live EMEA 2025 in Amsterdam this month, Cisco unveiled the Nexus Smart Switch and Hypershield integration, a two-in-one solution that it says addresses the mounting security management pains amid sweeping artificial intelligence (AI) adoption in data centers.
The goal is to “melt security into the network itself” and in the process “make security better” so that protection is integrated instead of siloed, and enforcement and operations are simplified and consistent, Cisco says.
Javed Asghar, director of product management, while giving a technical presentation at Tech Field Day Extra at Cisco Live EMEA 2025, said, “Data center fabric has typically been a networking stack, but with security integrated natively, it will be a native capability of the fabric.”
The product that was developed from conception to launch in just seven months, according to Cisco, combines both hardware and software stacks. On the hardware side, it builds on the Cisco Nexus 9300 switch family with two newly unveiled SKUs – N9324C-SE1U and N9348Y2C6D-SE1U Smart Switches. Both estimated to GA in April, Asghar described them as “best of class”.
The first is a 24x100G port switch that packs two hero components among other things – AMD DPUs – 4 in this case, and the Cisco Silicon One E100 ASIC, a network processor. The second, a top-of-rack (ToR) 48x25G port switch, packs 2 AMD Giglio DPUs and uses the same Silicon One.
Silicon One comes loaded with some vital Nexus OS capabilities, and the highly programmable AMD DPUs support service offload.
Piggybacking on the switches, Hypershield, an AI-based solution for global security enforcement which Cisco inherited from its acquisition of Isovalent in 2024 and has placed at the center of Security Cloud Control, will provide a simpler policy lifecycle management ensuring a stronger security posture with distributed and consistent enforcement.
“One of the main benefits of Smart Switches is device convergence,” Asghar said. “Typically, data center switches are connected to multiple firewalls, making device management extensive. Cisco can consolidate [them] into a single switch. The forwarding is done by the Silicon One while the DPUs can be modelled as firewalls.”
Through a packet flow demonstration, Asghar explained how the Smart Switches provide stateful firewalling. As traffic comes into Silicon One, it inspects the traffic and obtains the incoming VRF. The policy in place tells which DPU to direct the traffic to. Within this DPU, Hypershield’s segmentation policy performs the traffic firewalling. Once done, the traffic is once again directed back to the Silicon One which then sends it out to the right egress port.
On the Smart Switches, Hypershield offers capabilities including autonomous policy creation, optimization and enforcement for all workloads, and self-validation of updates.
“We have a number of enforcement points within Hypershield that work together – they’re not disjointed. We have enforcement points directly within the kernel of the workload,” Jacob Rapp, senior director of product management for Hypershield, said.
One of the core things Hypershield addresses is policy change management. “Change is some of the most risky parts of security,” Rapp said. “When making some broad changes to zone-based firewall policy, while updating granular micro-type segmentation policies, or just updating code.”
“At scale across the network or at every single workload, no human can actually try to figure out where to place the policy,” he added.
To make things simpler, Hypershield allows users to manage policies globally and enforce them locally.
“The whole idea is to have a single intent-based policy – you write your intent at the top and then we can take care of compiling them to the right enforcement point. It’s order-independent and we take care of policy placement,” Rapp explained
Hypershield will ensure high performance and stateful segmentation on all network ports, Cisco says.
The combined Nexus Smart Switch and Hypershield integration solution, like the Smart Switch platforms, will begin its first customer shipment (FCS) end of April this year, Asghar told.
