Why Network Security Convergence Is Shaking Up the Market

Bluelocksecure

By: R. Scott Raynovich
February 27, 2025


(This is a premium Cloud Tracker Pro article that will be provided at the free level for two weeks.)

For years, the networking industry has been talking about the need to converge network security and cybersecurity. The premise is simple: All application traffic traverses a network, so you need to secure the network first to secure the applications. Now it looks like it's finally starting to happen—perhaps catalyzed by AI.

Developing trends in the architecture of distributed applications such as the use of hybrid cloud, cloud networking, Kubernetes, and AI are about to accelerate these trends. AI has the potential to increase data traffic by orders of magnitude, and massive networks are being built to secure this traffic—not just inside of datacenters, individual clouds, or AI LLMs—but everywhere! All of this data will be pulsing through networks. It needs to be secured end-to-end, not only at the application level, but at the network layer as well. This theme has emerged from many of the companies in this year's Futuriom 50.

In addition to providing a huge traffic boost, AI can also be used to help manage the traffic. We are on the cusp of an avalanche of new data that will feed AI models left and right, whether that’s AI at the edge in an SLM or in the largest hyperscalers in the world. That data can also be used to secure and automate the network.

Salt Typhoon and Agentic AI Change Things

The recent series of typhoon attacks has changed everything. Supply chains are at risk. As I recently pointed out in a Forbes article, new startups such as Eclypsium, a Futuriom 50 company, are going after this challenge. The Salt Typhoon attacks, which the U.S. government has accused China of sponsoring, compromised the networks of America's largest telecommunication providers, including AT&T and Verizon. Another attack group believed to be sourced from China, Volt Typhoon, penetrated critical infrastructure such as military bases.

The message of the typhoon attacks is that you can’t trust third-party infrastructure—your traffic must be secured end-to-end. This means using a variety of tools such as encryption and zero-trust approaches.

Factoring into this is the arrival of agentic AI technologies. One vision of agentic AI is that pervasive network telemetry can be constantly collected and fed into AI systems that will eventually control the network. Agentic AI could be used, for example, to instantaneously defend against the typhoon attacks.

“Agentic AI is the ‘why now’ moment where network security vendors now realize they need to deliver network security visibility in the fabric of the network and not just [by] arbitrary choke points of old-world, VM-based firewalls in the cloud,” said Steve Mullaney, a longtime networking and security executive who has served as CEO of Aviatrix, Nicira (VMware), and Palo Alto Networks. “It’s all about the data for telemetry and location of enforcement in the flow of traffic without unnatural diversions to choke points.”

There’s a lot of synchronicity evolving on this idea. Mullaney’s message came to me just an hour before a briefing this week with Chris Wade, the CTO of network orchestration software company Itential (another Futuriom 50 company), who also mentioned the growing need to use network data to feed agentic AI models.

“I’ve come to the realization that teams are thinking about moving to higher level operating mode,” said Wade. “They want to build cloud operating models for infrastructure so their app teams and infrastructure teams can be decoupled. You are going to harness all your data centrally to manage your infrastructure. Business logic will be replaced by AI.”

Wade’s sci-fi vision is that AI agents will gather up all the telemetry and network data and feed it into LLMs that tell the network what to do—without waking up engineers with calls at 2 AM. He asks: Why aren't large vendors such as Cisco providing an application or data for customers to do this? He thinks it's coming soon.

Cisco’s Gillis on Hypershield: Pervasive Security

The holy grail is combining observability, analytics, and AI to drive better automation—which can help manage security as well as networking. The traditional networking vendors such as Cisco will need to move quickly in this direction, but many nimble startups are also chasing the problem. Futuriom 50 network automation and orchestration vendors such as Itential, Selector, Kentik, and IP Fabric are working on the challenge, but it's the largest vendors that have the most data as well as the installed base.

Cisco is in the early process of using AI to leverage its significant data platforms into network automation and security. This is what the Splunk and Isovalent acquisitions are all about. Cisco's GM of Security, Tom Gillis, has been focused on these trends. One of the anchors to the strategy is Cisco's Hypershield product.

“The changes that are afoot in the industry, powered by AI, really cannot be understated,” said Gillis, according to report by fellow analyst Zeus Kerravala in SiliconAngle, after the launch of Hypershield last spring. “So the way we think about AI is that we have security to protect AI-scale data centers. So, as you look at the amount of computing going into the data center — the density of that compute — we think there’s an opportunity to rethink how we deliver security. And it’s much more like the hyperscalers do.”

This is the concept behind Cisco Hypershield's "AI-native system," in classic Cisco marketspeak, that aims to make security more pervasive. According to this Gillis blog, it "puts security wherever it needs to be: in every software component of every application running on your network; on every server; and in your public or private cloud deployments."

Aryaka is another example of providers working on this trend. The company recently announced a major upgrade of its SASE and network-as-a-service platform. AI>Observe, powered by Aryaka's partner Sequretek, adds advanced threat detection, prevention, and analytics to Aryaka's worldwide NaaS and SASE services. This shows how security services can be deeply integrated with network services to give customers both at the same time.

MCN and Containers Will Be Key

Mullaney told me that to deliver on this promise, the many network technology vendors have an opportunity to provide embedded security in the network, potentially displacing point security products. The “old-world VM” firewalls of which Mullaney speaks were built for another world of traditional enterprise networks and datacenters, and they aren’t equipped to easily adapt to environments inside hyperscale clouds and other so-called “cloud-native” environments, including those based on the containerized platforms such as Kubernetes.

Traditional networking vendors such as Cisco as well as dominant security vendors such as Palo Alto Networks will have challenges as they try to integrate their portfolios to deliver on this promise. Integration is a heavy lift, with fragmented product portfolios that were accumulated by M&A.

This is where technologies such as eBPF, Cilium, Calico, and Istio, as well as multicloud networking (MCN), can come in. This basket of technologies, many of which leverage open-source projects, help provide security and control of containerized systems. They can be used to set up secure service meshes that connect applications and provide rules and policies for traffic in cloud-native and containerized environments.

Container networking and service meshes have picked up steam lately. For example, Cisco made the eye-popping acquisition of Isovalent in late 2023, rumored to be near $600 million for less than $50 million in annual revenue. Isovalent is the largest contributor to the Cilium open-source project and provides related commercial tools for building secure container networking. It's also said to play a big part in Cisco's Hypershield strategy.

Meanwhile, MCN vendor Aviatrix just this week announced Kubernetes Firewall, a new solution designed to provide secure networking in Kubernetes, one of the most popular cloud-native compute environments. Multicloud networking vendors such as Aviatrix are starting to provide cloud-native networking and security tools.

Cisco’s move on Isovalent is a key tell of where this is all going. There's additional activity. Futuriom 50 member Tigera recently gave me a business briefing which showed robust growth and a steady customer base using Calico, a competitor to Cilium that has solid traction. Tigera says it's bigger than Isovalent was when it was acquired by Cisco and that it is close to profitability with a 92% customer retention rate.

MCN technology is also important to the whole picture. Many traditional networking vendors have control and visibility of enterprise networks, but they don't see into the cloud. And then there's this: Palo Alto Networks recently quietly picked up MCN startup Prosimo in what I'm told was an asset purchase. What's this all about? Maybe Palo Alto is thinking it needs a more pervasive MCN strategy to tie its network security and SASE products into the cloud?

The Holy Grail: Secure Networking Anywhere

Hopefully, you can see how the idea of pervasive, end-to-end secure networking and telemetry is heating up—but it’s not easy. It requires piecing together connectivity and data from everything from cloud-native technologies to old-school firewalls and traditional enterprise routers.

Here at Futuriom, we have spoken with several enterprises about this topic. One of our private enterprise contacts (a VP of Network Infrastructure at a $25 billion financial services company), shared that they needed to combine technology from several networking, security, and MCN vendors to architect a solution that would meet their security, performance and operational requirements.

Without mentioning specific vendors, their approach was in four layers:

  • High-performance connectivity in 9 regions to, from, and between our clouds
  • Security, both traditional (firewalls), in-cloud segmentation, and end-to-end high-performance encryption
  • Consistent operational visibility and control across the entire infrastructure
  • Cloud services, IaaS, Kubernetes, serverless, different from each cloud provider

Today, this customer told me that these layers are delivered by seven different solution providers, including three different cloud providers. They believe that layers 1-3 could be combined by a single solution provider which for them would likely mean reducing from 7 vendors to 4, optimizing costs and operational efficiency. Today, they can only hope and continue building it by themselves.

This in a nutshell is where the industry is going. It's a huge challenge. But if a single vendor can pull it off, they will be the apple of the customers' eyes. Converged, AI-driven network security is what every network and security practitioner wants. They don't want to be woken up at 2 AM anymore.



Trending Articles