David Goeckeler doesn\u2019t wear all of the hats at Cisco but he certainly wears one of the biggest.\nResponsible for 20,000 engineers and $32 billion worth of the networking giant\u2019s business, Goeckeler, executive vice president and general manager, masterminds Cisco's network and security strategy which now features ever more emphasis on software. In fact, at the recent Cisco Live, Goeckeler emphasized that notion saying, \u201call the routers and switches and wireless access points (and in big networks there are going to be tens of thousands of those in a single enterprise network) we're thinking about that as one large software system.\u201d\n\nAt the show Goeckeler sat down with Network World Senior Editor Michael Cooney to talk about some of the big topics on Cisco\u2019s radar like networking, machine learning, security and SD-WAN trends. Here is an edited transcript of some of that interview.\nCooney: In terms of networking what do you see as the greatest challenges in the next three-to-five years?\nGoeckeler: I think when I look at the big picture in the networking business, I mean, I think you have to look at what I consider the two sides of the network. The access network and then the data center. The access network, just the number of devices that are going to be connected to the network. [Here] I think IoT is real, and there\u2019s going to be just an enormous number of devices connected to the network. I think the big thing in future networking is how do we simplify what is a very complex domain? Now we\u2019re going to connect more and more and to drive more automation and simplicity into that so we can continue to connect the world. That\u2019s the big thing in the access networks. It\u2019s all about automation and the number of devices and scaling those networks.\u00a0\nOn the data-center side, it\u2019s how do I deal in a multi-cloud world? I think the predominant view two years ago was everything is going to move to the cloud, which is why the cloud is a seminal technology transition. There\u2019s a reason why there\u2019s such great adoption of it but it\u2019s not so simple as moving everything out of the private data center or the private cloud into the public cloud. There\u2019s multiple public clouds and there\u2019s multiple SaaS providers. How do you deal with that world? It\u2019s something where we are spending an enormous amount of R&D to understand how do you build networks and how do you secure them in a multi-cloud world?\nCooney: That to me seems pretty complicated to do, the automation piece. Are there things you do to ease that?\u00a0\nGoeckeler: In the access network you deploy DNA Center, and it actually starts to simplify your life.\u00a0 You think of the network as an integrated software system now as opposed to a bunch of discrete parts.\u00a0 Right now you manage all the discrete parts.\u00a0 You have a wireless access network, and it\u2019s got access points and controllers. And then you\u2019ve got a switching access network and you manage that separately. And if you want to implement policy or you want to implement something across your network you go to all those different devices and you get them all configured the same or you configure the same policy across them. There may be scripting to automate that. People have come up with their own tools. That\u2019s great.\nBut now we\u2019re talking about turning the whole network into essentially a big software system where you define your policy in one place and then all the devices get provisioned. That policy gets translated into what you want the network to do, and then you have an automation layer that activates all of those changes across your network fabric. Then you collect a bunch of data in real time as to what\u2019s going on in your network. You can use that to verify what\u2019s happening. I think the way you manage networks is just radically changing and the capabilities that these architectures give users really is fundamentally changing the networking business.\u00a0\nCooney: I think that leads somewhat to my next question which was the impact of machine learning and AI going forward.\u00a0 It seems that that\u2019s obviously involved in some of what you\u2019re talking about there.\nWhen you have large sets of data you\u2019re going to want to use machine intelligence to process that data to develop insights because you can\u2019t process all of it.\nGoeckeler: Yes. I think the prevalence of AI and machine learning is important when you have large datasets. When you have large sets of data you\u2019re going to want to use machine intelligence to process that data to develop insights because you can\u2019t process all of it.\u00a0 You can find more insights with the scale you can process through AI and ML, so you look at parts of the portfolio where you have very large datasets like our security portfolio.\u00a0 We\u2019re streaming telemetry from all around the world from all the different parts of the security architecture, billions and billions of DNS queries. We\u2019ve got billions of emails that are flowing through email systems. What\u2019s happening in firewalls? What\u2019s happening in web gateways? What\u2019s happening on endpoints? You\u2019re getting all this telemetry that\u2019s coming back to a central place.\u00a0 That\u2019s where the [Cisco] Talos team is then applying machine and human intelligence to find out where the threat actors are.\u00a0\nI think what we\u2019re seeing now and what\u2019s exciting is we\u2019re at the front end of that same type of approach for networking data.\u00a0 There\u2019s all this data that is coming out of the network, but we really haven\u2019t had access to it in an organized way. When we talk about DNA Center, Assurance or we talk about Tetration, we\u2019re talking about collecting all of this data traversing the network and then we can use machine intelligence to figure out things we couldn\u2019t figure out before.\nSomething like encrypted-traffic analytics is a perfect example of trying to solve a very difficult problem. How do I figure what\u2019s malware when the traffic is encrypted at the application layer, and I can\u2019t decrypt it?\u00a0 It turns out, if you look at the right set of data you can infer.\u00a0 Using machine learning you can infer what is malware because you\u2019re comparing it to known samples, but instead of looking inside the packets you\u2019re looking at the behavior of the packets.\u00a0\nCooney: That describes what's\u00a0 happening in the security realm. How is that different from the networking side?\u00a0\nGoeckeler: The way to think about it is you just see AI and ML as techniques, and you see it show up across the whole portfolio. You see it in the security portfolio in what we do in Talos, and you see it in \u2026 NetFlow metadata and applying very sophisticated machine learning to it to find where anomalies are. You\u2019ve got encrypted traffic analytics where you\u2019re taking data out of the switches and data from the security apparatus, and you\u2019re mixing them in real time [to find] malware and then you\u2019ve got the whole area of Assurance, which is what\u2019s happening in my data center, and how do I build a policy around that and learn?\u00a0\nYou\u2019ve got it in the campus on how do I understand everything that\u2019s happening in my network and learn and then recommend solutions to our customers?\u00a0 In the networking space I think we\u2019re earlier than the security space but the level of techniques we\u2019re providing or that we\u2019re applying are the same.\nCooney: Can you talk a little about Cisco\u2019s business groups and why networking and security are together.\u00a0 Why is that important?\nGoeckeler: There\u2019s some history to it but the short answer is you can\u2019t build a world-class security architecture today without leveraging the network.\u00a0 That\u2019s where the world has evolved to. A number of years ago a lot of security was about protecting the enterprise, and it still is. You should block everything you possibly can, but you can\u2019t keep everything out. Everybody knows that. You can\u2019t block everything. If you can\u2019t block everything, there\u2019s going to be something in your network. Now there\u2019s something in your network, and the network is a pretty good place to defend and to look for it. There are several things the customers need to do. One is they need to what I call \u2018constrain the operational space of the attacker.\u2019 If somebody gets into your network through compromised credentials, which is a very prevalent technique.\u00a0 I get your credentials, and I can get in your network.\u00a0 You want to isolate them to only the part of the network they have access to. That\u2019s segmentation. It turns out that\u2019s the first thing we automated with DNA Center was software-defined access, which is like software-defined segmentation. It helps you protect your network. The problem with segmentation is it\u2019s hard to implement, so we automate it.\u00a0\nThe third thing is you need to automate remediation. Once I\u2019ve found a problem I need to automate the response to it as quickly as possible. It seems simple but it\u2019s a perfect example of the integration of networking and security. Security determines that an endpoint is malicious. We figure out Jim\u2019s got malware on his phone there. The network can automatically reconfigure to put his device in a segment of the network where the device only has access to the internet and no access to anything internal. Instead of sending an alert to a SOC, and somebody has to look at it and go enter a bunch of commands to do something, we can now automate all of this through the intersection of networking and security.\u00a0\nI\u2019m just absolutely convinced that you cannot build a world-class security architecture without leveraging the network, and that\u2019s why they\u2019re together.\nCooney:\u00a0 Strategically, Cisco has made purchases around SD-WAN. Why has SD-WAN become such a focus, and how important is that going forward?\nGoeckeler: Well, part of it is kind of the move to the cloud because as Chuck was talking about, the traditional network architecture is to get everything to the data center because that\u2019s where your applications are. Now your applications aren\u2019t necessarily in the data center. They might be in the cloud so you might not want to backhaul all your traffic through a data center. On your branch you want to do internet breakout or move to the internet for some of your traffic. SD-WAN is the control plane in the cloud that helps you make those decisions about what traffic is going to go where, and it\u2019s just a very important part of the network right now.\u00a0\nThe branch is a very complicated part of the network when you think about it because when you think about a global business where you\u2019ve got all the different types of interconnect you have around the world and you\u2019re trying to manage all that. That part of the network is going to a software-defined WAN, and it\u2019s an area we\u2019ve been investing in heavily. We had an iWAN solution.\u00a0We have an SD-WAN solution from Meraki, and then we purchased Viptela because they had innovated on the cloud side and we wanted to marry that up with the [Integrated Services Router] franchise that we had in iWAN. We are well down the path of that integration, and I think we\u2019re seeing big projects move forward now in the SD-WAN space. It\u2019s a market that had been kind of stalled because I think customers were trying to figure out what to do. It\u2019s not out of the woods yet but SD-WAN is really moving into the mainstream.