Cisco’s David Goeckeler talks security, networking, software and SD-WAN outlook

David Goeckeler doesn’t wear all of the hats at Cisco but he certainly wears one of the biggest.

Responsible for 20,000 engineers and $32 billion worth of the networking giant’s business, Goeckeler, executive vice president and general manager, masterminds Cisco’s network and security strategy which now features ever more emphasis on software. In fact, at the recent Cisco Live, Goeckeler emphasized that notion saying, “all the routers and switches and wireless access points (and in big networks there are going to be tens of thousands of those in a single enterprise network) we’re thinking about that as one large software system.”

At the show Goeckeler sat down with Network World Senior Editor Michael Cooney to talk about some of the big topics on Cisco’s radar like networking, machine learning, security and SD-WAN trends. Here is an edited transcript of some of that interview.

Cooney: In terms of networking what do you see as the greatest challenges in the next three-to-five years?

Goeckeler: I think when I look at the big picture in the networking business, I mean, I think you have to look at what I consider the two sides of the network. The access network and then the data center. The access network, just the number of devices that are going to be connected to the network. [Here] I think IoT is real, and there’s going to be just an enormous number of devices connected to the network. I think the big thing in future networking is how do we simplify what is a very complex domain? Now we’re going to connect more and more and to drive more automation and simplicity into that so we can continue to connect the world. That’s the big thing in the access networks. It’s all about automation and the number of devices and scaling those networks. 

On the data-center side, it’s how do I deal in a multi-cloud world? I think the predominant view two years ago was everything is going to move to the cloud, which is why the cloud is a seminal technology transition. There’s a reason why there’s such great adoption of it but it’s not so simple as moving everything out of the private data center or the private cloud into the public cloud. There’s multiple public clouds and there’s multiple SaaS providers. How do you deal with that world? It’s something where we are spending an enormous amount of R&D to understand how do you build networks and how do you secure them in a multi-cloud world?

Cooney: That to me seems pretty complicated to do, the automation piece. Are there things you do to ease that? 

Goeckeler: In the access network you deploy DNA Center, and it actually starts to simplify your life.  You think of the network as an integrated software system now as opposed to a bunch of discrete parts.  Right now you manage all the discrete parts.  You have a wireless access network, and it’s got access points and controllers. And then you’ve got a switching access network and you manage that separately. And if you want to implement policy or you want to implement something across your network you go to all those different devices and you get them all configured the same or you configure the same policy across them. There may be scripting to automate that. People have come up with their own tools. That’s great.

But now we’re talking about turning the whole network into essentially a big software system where you define your policy in one place and then all the devices get provisioned. That policy gets translated into what you want the network to do, and then you have an automation layer that activates all of those changes across your network fabric. Then you collect a bunch of data in real time as to what’s going on in your network. You can use that to verify what’s happening. I think the way you manage networks is just radically changing and the capabilities that these architectures give users really is fundamentally changing the networking business. 

Cooney: I think that leads somewhat to my next question which was the impact of machine learning and AI going forward.  It seems that that’s obviously involved in some of what you’re talking about there.

Goeckeler: Yes. I think the prevalence of AI and machine learning is important when you have large datasets. When you have large sets of data you’re going to want to use machine intelligence to process that data to develop insights because you can’t process all of it.  You can find more insights with the scale you can process through AI and ML, so you look at parts of the portfolio where you have very large datasets like our security portfolio.  We’re streaming telemetry from all around the world from all the different parts of the security architecture, billions and billions of DNS queries. We’ve got billions of emails that are flowing through email systems. What’s happening in firewalls? What’s happening in web gateways? What’s happening on endpoints? You’re getting all this telemetry that’s coming back to a central place.  That’s where the [Cisco] Talos team is then applying machine and human intelligence to find out where the threat actors are. 

I think what we’re seeing now and what’s exciting is we’re at the front end of that same type of approach for networking data.  There’s all this data that is coming out of the network, but we really haven’t had access to it in an organized way. When we talk about DNA Center, Assurance or we talk about Tetration, we’re talking about collecting all of this data traversing the network and then we can use machine intelligence to figure out things we couldn’t figure out before.

Something like encrypted-traffic analytics is a perfect example of trying to solve a very difficult problem. How do I figure what’s malware when the traffic is encrypted at the application layer, and I can’t decrypt it?  It turns out, if you look at the right set of data you can infer.  Using machine learning you can infer what is malware because you’re comparing it to known samples, but instead of looking inside the packets you’re looking at the behavior of the packets. 

Cooney: That describes what’s  happening in the security realm. How is that different from the networking side? 

Goeckeler: The way to think about it is you just see AI and ML as techniques, and you see it show up across the whole portfolio. You see it in the security portfolio in what we do in Talos, and you see it in … NetFlow metadata and applying very sophisticated machine learning to it to find where anomalies are. You’ve got encrypted traffic analytics where you’re taking data out of the switches and data from the security apparatus, and you’re mixing them in real time [to find] malware and then you’ve got the whole area of Assurance, which is what’s happening in my data center, and how do I build a policy around that and learn? 

You’ve got it in the campus on how do I understand everything that’s happening in my network and learn and then recommend solutions to our customers?  In the networking space I think we’re earlier than the security space but the level of techniques we’re providing or that we’re applying are the same.

Cooney: Can you talk a little about Cisco’s business groups and why networking and security are together.  Why is that important?

Goeckeler: There’s some history to it but the short answer is you can’t build a world-class security architecture today without leveraging the network.  That’s where the world has evolved to. A number of years ago a lot of security was about protecting the enterprise, and it still is. You should block everything you possibly can, but you can’t keep everything out. Everybody knows that. You can’t block everything. If you can’t block everything, there’s going to be something in your network. Now there’s something in your network, and the network is a pretty good place to defend and to look for it. There are several things the customers need to do. One is they need to what I call ‘constrain the operational space of the attacker.’ If somebody gets into your network through compromised credentials, which is a very prevalent technique.  I get your credentials, and I can get in your network.  You want to isolate them to only the part of the network they have access to. That’s segmentation. It turns out that’s the first thing we automated with DNA Center was software-defined access, which is like software-defined segmentation. It helps you protect your network. The problem with segmentation is it’s hard to implement, so we automate it. 

The third thing is you need to automate remediation. Once I’ve found a problem I need to automate the response to it as quickly as possible. It seems simple but it’s a perfect example of the integration of networking and security. Security determines that an endpoint is malicious. We figure out Jim’s got malware on his phone there. The network can automatically reconfigure to put his device in a segment of the network where the device only has access to the internet and no access to anything internal. Instead of sending an alert to a SOC, and somebody has to look at it and go enter a bunch of commands to do something, we can now automate all of this through the intersection of networking and security. 

I’m just absolutely convinced that you cannot build a world-class security architecture without leveraging the network, and that’s why they’re together.

Cooney:  Strategically, Cisco has made purchases around SD-WAN. Why has SD-WAN become such a focus, and how important is that going forward?

Goeckeler: Well, part of it is kind of the move to the cloud because as Chuck was talking about, the traditional network architecture is to get everything to the data center because that’s where your applications are. Now your applications aren’t necessarily in the data center. They might be in the cloud so you might not want to backhaul all your traffic through a data center. On your branch you want to do internet breakout or move to the internet for some of your traffic. SD-WAN is the control plane in the cloud that helps you make those decisions about what traffic is going to go where, and it’s just a very important part of the network right now. 

The branch is a very complicated part of the network when you think about it because when you think about a global business where you’ve got all the different types of interconnect you have around the world and you’re trying to manage all that. That part of the network is going to a software-defined WAN, and it’s an area we’ve been investing in heavily. We had an iWAN solution. We have an SD-WAN solution from Meraki, and then we purchased Viptela because they had innovated on the cloud side and we wanted to marry that up with the [Integrated Services Router] franchise that we had in iWAN. We are well down the path of that integration, and I think we’re seeing big projects move forward now in the SD-WAN space. It’s a market that had been kind of stalled because I think customers were trying to figure out what to do. It’s not out of the woods yet but SD-WAN is really moving into the mainstream.