Okay, we can start. Great. Jeetu, thank you.
Thank you, brother.
For coming.
Yeah.
We—you hosted Cisco Live, or you had Cisco Live just recently, and we listened to the presentations. And I'm gonna ask you a little bit about your strategy, long-term. This is not meant to speak about the quarter. It's the session is about what's your kind of the high level. What's your strategy for security over the next few years? And I wanna start from—I don't know who came to our Cisco dinner last night, but we hosted three CISOs from small companies, relatively smaller companies. And we asked them about security, and we asked them about who do they buy from. And one of the questions was, Cisco, what do you—and they described you as a gold-plated solution that is very expensive. But then I asked them, when did you meet Cisco? And that's like a five-year-old view.
Yes.
That's not a recent view.
Yes.
So, talk—if you don't mind, talk about, first of all, the high-level of Cisco security. How, where do you wanna see the company three years from now? What are the things you're investing in, things you're going after, the opportunities? What have you done to get, take the time? It's, we have plenty of time to speak about kind of deep into the strategy of where do you wanna be. And then how do you change the perception of those CISOs that didn't meet you since you joined, right? Didn't meet you in the last 24 or 36 months, so.
Yeah, I think if you think about the industry and what's happening in the industry, I think there's a move that's happening from point solutions to integrated platforms. That is not just my point of view; it is a fact. That's what's happening in the market right now. And the reason for that is because there's 3,500 vendors in the market, and on average, most customers have between 50 and 70 vendors in the cybersecurity stack. And that's no longer tenable because the complexity is too high. That's 70 different policy engines, that's 70 different places where policy contention can happen. And so I think you have to change from that to an integrated platform. And I think Cisco is gonna be one of the, you know, prominent kind of platform providers in the market.
So where I'd like to see us in three years, five years, seven years, 10 years from now is continuing that journey of being one of the prominent platform providers for Cisco. If you think about our strategy and our differentiation and what it is, why is it, that we have an advantage in the platform? It's because security is largely a data game. And the more telemetry that you have and the more signal you can extract, the better off, you're gonna be as a company to differentiate and keep, keep safe, safe against someone else. So if you assume for a moment that the attacker is already in the system and the name of the game is lateral movement and containing lateral movement, where does lateral movement happen? It happens on the network.
Who's gonna have the most amount of telemetry on every packet that actually traverses the network? Cisco. And so we actually have an inherent advantage in the kind of telemetry and data that we have. And so what we're trying to do is three things to differentiate, right? Number one, and we talked about this in Financial Analyst Day, is, we're gonna differentiate by being the most comprehensive end-to-end platform for security. Number two, I think the architecture for applications, especially in the AI era, is changing to be hyper-distributed. And as that happens, we need to make sure that we've actually got a corresponding security architecture movement that is also hyper-distributed. And so, that's the second big area that we are doing a lot of innovation.
We launched a product called Hypershield, which I believe is, categorically the most consequential product that we have launched in the 40-year history in Cisco, in cybersecurity, right? Then the third area is, making sure that we can really help, reimagine the future of the SOC for companies at any level of maturity, from the people that don't have a SOC to the people that have the most sophisticated SOC. We now have solutions for all of them between Splunk and Cisco XDR and what we can do together. So that's the three-part strategy for differentiation. And that I'd urge you to look at because the common question that gets asked is, "Hey, how come you're not growing faster?" Well, the reason you're not growing faster is we had to actually build out the platform.
Last quarter's earnings, we actually indicated that our order growth was actually in high single digits. So you are starting to see the leading indicators to be very, very positive. The thing that gets me most excited is when I talk to customers and when I talk to partners and when we actually talk about the new technologies. We launched six new products that we built in the last 12 months. These are not new versions of products that we have. Those, there's several of those, but these are new products that we built from the ground up, right? So the innovation velocity at Cisco, I've been in the business for about 30 years. I've actually worked for SaaS companies that were very high-velocity companies like Box.
I have never seen a company execute at the velocity from a product standpoint is what I'm seeing right now within Cisco. Like, the teams are doing a fantastic job. It just takes a while because a lot of our revenue is ratable. And so by the time that you actually have that flow through the revenue, it takes a while. Cisco security is a long sales cycle. That takes a while. But overall, the combination of assets we have in networking, plus security, plus observability, plus the data side all pulled together, I think put us in a very unique position. And in fact, our competitors, they would not even acknowledge us as competitors three years ago. And now I don't think there's any doubt. I think it would not be intellectually honest to say that Cisco is not moving extremely fast on innovation at this point.
Like, that's, it's not even a credible statement. You would hurt your credibility by saying it. So that's kind of where we are, you know, from what we're doing on a strategy perspective. On the platform side, I think it's very important to understand that we, one of the big challenges we had was we were, we kind of looked like a holding company four years ago. There was a bunch of acquisitions. They weren't all tied together. They all kind of felt very different. Today, if you see our products, it is a fully integrated product, common telemetry, common design language, common policy constructs, common management plane. But most importantly, we actually have deep hooks into the infrastructure, where you can have enforcement points baked into the fabric of the network, you know, in security. And that's what we've got in place.
Instead of having 31 products and thousands of SKUs, we can now sell a User Protection Suite Right. So you launched many platforms, five or six platforms the last 12 months. Are the platforms...
I would say we launched.
Products.
five or six products and capabilities that are. We have one platform in security, Cisco Security Cloud.
I know I'm gonna make a mistake.
No, no, that's okay. That's okay.
So you launched five or six products. The question I have is, are the products?
5 or 6 products from zero to one. There's probably, you know, several tens of products that we launched.
Right.
New versions of—
New headsets. Right.
Yeah.
Are the products that are addressing big opportunities, right? XDR, SASE, I mean, big opportunities. Are these products at the point of being ready to the market? Meaning, you have the features that you wanna have that, that enables you to get, go to the market and get meaningful revenues, et cetera. Is—or is this still a work in process? Where are we on the stage of the life cycle of the product?
So I'll give you a two-part answer to that. One is the traction that we are seeing tells us that these products are extremely successful in the market. XDR, just a few quarters, in the market, I think a couple quarters. And it's already got over 300 customers, right? In my mind, a product is always in only one of two states. It's either incomplete or obsolete, right? You're either continuing to innovate on the product and build it to keep enhancing it, which we will keep doing, or you've actually given up on the product and you're just cash cowing it. Our products, the way we think about them, there's a fair amount of kind of work that we will continue to do to keep enhancing and expanding markets for.
But there is a tremendous amount of growth opportunity of the products the way that they are right now. And we are enhancing this on a very regular cadence. I think like last quarter in our Secure Access product, we had like 56 different enhancements. So like there's a fair amount of momentum and innovation velocity, and that'll continue for the next foreseeable future.
What do you need to do with go-to-market, with educating customers? What do you, how do you change the perception of those that even your distributors and retailers, et cetera? How do you change the perception in the market of, of those that don't know the changes, don't, are not familiar with the changes that went through the company in the last few quarters?
Yeah, I think, I think there's, you know, when you have a completely revised architecture and a new product that's been built and a new platform that's been built that you're taking out to market, it just takes a while for the market to get the take rate. I'll just give you an example and the kind of feet on the ground work that we are doing. I personally participate and keynote at about 11 to 12 major events with thousands of people every year. I'll just give you a few examples. Cisco Live in the US, Cisco Live in EMEA, Cisco Live in APJC, RSA Conference. You know, you've got a partner conference. These are just some off the top of my head. So I think what we're doing is we're getting out with our customers and field in a pretty aggressive way.
You're from a year ago to now, if I were to measure success, if you talk to your, our partner ecosystem, and you talk to customers, there is a palpable shift in perception in those customers where our people have gotten in front of them. Now, we have not gotten in front of everyone, right? So I, we recently, for example, I'll, I'll give you an example. You mentioned the CISOs. We had a CISO event in the St. Regis Hotel over here, like probably like two months ago, two and half months ago, 41 CISOs, major companies that were all there. You know, a lot of them the night before were telling me like, "I'm not really sure about Cisco.
You know, I've got a lot of, other players that I'm looking at." 100% of them at the end of them said, "Not only was this a great use of our time, this was game-changing. Cisco is a disruptor in the market. In fact, you make some of your competitors look like legacy companies. And we wanna make sure that we work with you." And we were oversubscribed on the product that we had talked about over there, which was Hypershield. And we don't actually have any more early access customers we can take until the GA happens in August. And I told Chuck, I'm like, "Hey, I got good news and bad news. The good news is 41 customers completely changed their mind, you know?" The bad news is we have to do this more and more, right? We have to just get in front of customers.
So I think that that's just, it just takes a while to get the word out. But I think the way that the word spreads is not just by us doing it. It's word of mouth. You get the first 100 customers successful, they get the next 100 customers, and they get the next 100 customers. So I think the virality is starting to pick up right now. And you're starting to see it because we are winning deals with customers against competitors, at a very, very different tempo now than what we were doing before.
I wanna ask about all the new stuff because it's exciting, but I wanna start with firewalls.
Yes.
The first question is a general market question. It's we had here multiple speakers, and every speaker comes from a different angle.
Mm-hmm.
Zscaler says you don't need a firewall. It's gonna be zero trust SASE. Everything goes to the cloud. No firewall. And then the firewall company, Palo Alto, says the opposite. There's no way. You have to have a firewall. So what is your view on the future of firewall? Kind of high level before we get to Cisco. Is there, this is, it's a big part of your security. Do you think that the underlying demand stays for the long term? And what are, how does it change? And then how do you use your leading firewall position as a way, as a stepping stone to sell other things?
Yeah, look, I think it's, you know, every time you have a company who has a point solution in an area, they will always try to say, "You don't need the other stuff. Everything can be done with a point solution." That's just like, you know, that you just have to give, competitors, you know, accolades for their enthusiasm. That's misplaced. You know, you're gonna need a firewall. I think we have to make sure that we actually invest in every form factor of the firewall because the goal over here is you have to make sure that you have multiple enforcement points for security in your network, you know? And so for the firewall, we think there's gonna be a very, very good demand for virtual firewalls, virtualized firewalls. There's gonna be a very good demand for appliances. But there's also a very good demand for cloud-based firewalls.
There's very good demand for firewalls being part of the SASE stack. There's very good demand for Hypershield, which is gonna be a completely hyper-distributed way of going out and enforcing security. What we are doing is we're not saying customers make a choice of one versus the other. We're saying that you've got them all, and you can have a single policy that can apply across all of those enforcement points. When you build a policy, you can build it once, and you can apply it across all those enforcement points. That's what we announced at Cisco Live with Security Cloud Control. That seems like a much better way to give customers value and take them from where they are to something else rather than say, "You don't need X and you need Y," and now move everything from X to Y.
It's like, and by the way, on SASE, we actually have one of the best offerings in SSE because what it allows you to do is you don't—you have a single stack for private access and public access. You actually have identity graph data that actually is getting in, that is enriching SSE. You, you know, you've got this tremendous amount of ease of use in the for the end user where because we've got a Secure Client that's already installed. We've got 250 million endpoints. And so that can actually really help with what's happening from an SSE standpoint. So I, I actually do feel like in the long run, we've got a very differentiated strategy. And one of the—I will acknowledge this—we were late to the market with SSE. Absolutely categorically late. It actually helped us out because we were able to build a better architecture.
Whereas if you look at some of our competitors, they have a private access application that's a very different stack from a public access application. And what we have is one experience. You could be an employee or a contractor, one experience. You can be at home or in the office, one experience. You can be using a private application, a public application, one experience. Our competitors don't do that, you know? And so, we're able to go out and take a much broader view of the end-to-end platform, which is why I think you can think about us as a, very, very credible platform in the market.
You speak about Hypershield, and we spoke multiple times the last few months, and you always mentioned Hypershield.
Mm-hmm.
Can you explain what it is in simple terms?
Hypershield in simple terms is a highly distributed architecture for security where you take security and move it to the workload rather than moving the workload to security. What does that mean in practical terms? And, you know, in practical terms, there are three big problems we're solving. There is a big problem in the market right now around segmentation. Segmentation is really hard, especially in a hyper-distributed environment with multiple microservices. You have thousands of microservices running on hundreds of Kubernetes containers and clusters. Very hard to go out and do segmentation. We've solved that problem through autonomous segmentation. You'd never have to write a segmentation rule ever again in your life, right? Number two, patching is really hard.
The time that it takes from when you announce a vulnerability in the market to when you actually have an exploit that happens, low single-digit days going down to hours and minutes. We will be able to do this, you know, but the amount of time it takes to patch a vulnerability is about 22-49 days. So you've got this kind of time window where you're exposed as a company. You remember some of the recent kind of pharmaceutical breaches that have happened and all of that. Those breaches happened in three days from the time that the—from the time that the vulnerability was announced. If they had Hypershield, you would've not had the breach because within 9-15 minutes, we would've had a compensating control that shields the vulnerability and protects you while you're testing and deploying the patch. It's the second problem.
So segmentation, first problem. Patching, second problem. Third problem, updates. Dated infrastructure getting updated, very, very hard to do, right? You have two change control windows in a year. One is during Christmas usually, one is during 4th of July. If you miss that change control window, you have to wait for six more months. You have to bring down your system. You have to have a sandbox. You have to test the environment. Then you have to bring down the system and upload the environment. Super cumbersome, right? We don't do any of that anymore. We can actually inline, while you're in production, have a second parallel packet pipeline that's going on live so that you can test between your main production version and your shadow version.
The primary data path and the shadow data path can be compared simultaneously for every packet that gets forwarded through the network, right? When you find that they're both performing at acceptable pace, you actually automatically the system can upgrade from version 1 to version 2. This is something that's unknown and like no one else does this in the industry. We're pioneers in this right now, and so this is something that we've been able to build out. And so those three problems allow us to basically melt security and infuse it into the core fabric of the network. I can now have security enforcement points in software right next to the kernel. I can have a security enforcement point on a server, on a DPU, or I can have an enforcement point on a top-of-rack switch. Why is Hypershield so strategic for us?
Because in the long term, we will have top-of-rack switches with DPUs, which will then allow us to create a switch refresh opportunity for an organization. So we're not just selling security. We'd also be able to sell more networking into an organization that we do have.
Cisco Security Cloud, what is it and what opportunities are you going after?
It is an integrated AI-powered global cloud-delivered service that solves three problems. How do I protect a user? How do I protect cloud and cloud infrastructure? And how do I protect against a breach? All built on a foundation of a firewall with the core fabric that has AI and Identity intelligence in it, right? It is one single integrated platform for security end-to-end, one common management plane, common set of telemetry, common design language, common policy objects, and most importantly, deep hooks into the infrastructure, into the networking infrastructure that you might have. So that's the definition. It's a global cloud-delivered service. I can acquire and steer any and all traffic to any of the cloud providers. And when I move my workload from one cloud provider to the other, I can persist policy. Why is this important?
Because every cloud provider today has further exacerbated the problem by having their own security stack, which then locks you in. And what customers want is they wanna make sure that they can have the public cloud economics without the public cloud lock-in. So if you abstract security from the public cloud providers, you can say, "I'm gonna have a layer from a neutral party. I can acquire and steer any and all traffic to any of the cloud providers, and I can persist policy." That actually gives you an integrated platform that works in a multi-cloud environment.
Yeah. And I have a follow-up, but you talk about end-to-end, big, big platforms. I mean, tons of capabilities, and we spoke about multiple things. Does it mean a lengthier deployment process? Does it mean a lengthier sales cycle? Does it mean that it's more complex to convince the customers to switch from whatever they have to Cisco?
The way that we're doing it to avoid that problem is we will have multiple insertion points that have been defined that can actually have, but, but look, the sales cycle in security is long. You know, like there's no way to avoid that sales cycle. Like people go through their POCs. They have to do all of that stuff. Enterprise sales cycles aren't short. You have to make, and part of the reason a lot of you ask sometimes saying, "Hey, Jeetendra, this is all, this is so wonderful. Why are you not growing faster?
Yeah.
Well, the reason you're not growing faster is because our order growth is actually getting faster, but it takes a while for that order growth to show up in the revenue. Sales cycles are long, and we've got a lot of our revenue that's ratable. And so the ratability of the revenue also takes a little bit more of an elongation. But if you start to think about it, we have insertion points in every single one of the suites of the Security Cloud. So think about what we talked about, the User Protection Suite, our lead anchor product in the User Protection Suite is Secure Access. Secure Access is something that can actually be inserted in, and we'll compete with, you know, the Zscalers and the Palo Altos handily every single day of the week, and we'll be happy to compete with them and make the best product with.
In Breach Protection Suite, we will compete by going out and inserting XDR. In Cloud Protection Suite, we'll compete by inserting the lead anchor product will be Hypershield. And so what that'll do is give us very focused sales plays that we can go after in the market. But, you know, there will be lengthy sales cycles, but this is one way to actually compress the sales cycles. And I'm really excited about Gary taking on our go-to-market because he's got a SaaS background, he's got a software background, he's got a security background. And, like many of us, he's got this mentality of how do we make sure that we simplify the sales motion so that we can go after customers with a consultative sale with a very, very defined sales play that we can go after. And each one of those becomes sales plays.
You wanna protect the user, go after Secure Access, that becomes a sales play.
Cisco Live, just two days ago, you, you gave guidance for, not guidance, you gave indication of expected growth for both security and observability together. And if you remove the observability part, it means that security can grow double digits. If, if you, because we have expectations for Splunk separately, we have expectations for observability. So, so that's not, that's 26, 27. That's not tomorrow. Does, does it make, I'll ask you differently. What do you think could drive a double-digit growth? Meaning you look at the portfolio, where are you getting the most excitement out of your portfolio? Meaning that it could be meaningful, it could drive growth for overall. It's a big business. Your security business is a big business. Where, where do you, where do you put most of your focus on?
I wanna make one point on the 15%-17% and taking it out and making sure that you segment those pieces. I think as you, as you integrate Splunk and security closer and closer and observability closer and closer, it's gonna get very hard for us to distinguish between growth of Splunk and growth of the core security business.
Yeah.
So I think that's just, and you know, Gary had mentioned this at the analyst day as well. I think that is a real thing. It's gonna be harder and harder for us to decipher where the growth came from. What gets us excited is the move to the platform. It's a, look, why do people buy security? They buy it for three reasons. They buy it because they wanna improve their efficacy. They buy it because they wanna improve their experience from a management standpoint and reduce the complexity. Or they buy it because of economics, right? And we will provide favorable conditions in all three of those. What gets me really excited about this is we have built a world-class platform over the past two and a half-three years, and we've built a world-class team that's been completely overall.
You know, our head of security came, you know, Tom Gillis. He came from VMware, ran networking and security at VMware. Our head of products came from Netskope, built out Netskope and actually was a Proofpoint. Our head of, you know, Splunk R&D came from Microsoft. Our head of, you know, XDR came from Palo Alto Networks. So we've actually got a lot of people that have a startup-based mentality but understand scale and have actually built out, like the pace at which we've built this stuff out is nothing short of remarkable. In my 30-year career, I have never seen anything like this.
Yeah.
You know, like, I mean, think about it. Six products from zero to one from the ground up built within 12 months. That's insane. Like that's just a very, very exciting time to be here. And the tempo is high, the energy is high, the customers are seeing the progress, and you will see that flow through. We will gain share. We will actually grow revenues. It just is, you know, what's gonna happen first is you'll see the order growth and then you'll see it flow through the revenues. But you will see a very, very different Cisco because of this. And this is also gonna drive, most importantly, networking revenue for us because of the fact that, you know, top-of-rack switch refreshes will happen as a result of this because you will actually have Hypershield that runs on a DPU.
Yeah. We have less than a minute left, but is there any question, from the audience? Yeah. Okay.
So what about, you were talking a lot about now workloads, networking. What about the application itself? What about the code? What about preventing the risk from being deployed into your cloud?
Yeah. That's a great point. So, we built a product called Panoptica, and Panoptica is actually much more on the shift left side where, you know, there's a movement that's going on that says even before the code gets into production, you gotta make sure that you can bake security into it. Panoptica is gonna be part of the Cisco Security Cloud. It's part of the cloud, it's part of the Cloud Protection Suite. And it is a product that also included a few acquisitions that we had made of companies like Lightspin, and so that's all, you know, under the Cisco Security Cloud. We started that in the incubation team and we're moving it over into our team over here shortly. Right? But that's a very important area and I think it's a pretty high-focus area for us as we move forward.
You should expect a lot of innovation over there from us.
Jeetu is one of our panelists. He's talking his own book. He's the founder of a startup of application security.
Oh, interesting. Well, you should talk and partner as well.
Great. Thank you. We ran out of time. Thank you, Jeetu, so much. I only got to four questions and I have.
Is it my long, my answers?
No, no, no, no, no. It's great to have a discussion rather than a, it's actually great. Thank you so much.
Thank you so much.