Cisco Systems, Inc. ($CSCO)

I'm joking. So thank you very much for joining us. I'm happy. I'm so glad and grateful for Cisco for joining us because they had their own event and they join us kind of to the third day. Peter Bailey is SVP and GM of Cisco Security, and I'm happy to actually speak with you now because as you articulated on the last conference call, we are going to see better growth. So the purpose of the call is really to understand Cisco Security business to understand what drove the slow growth before and what is driving the acceleration of growth in the future to understand the portfolio, the target markets, et cetera. And the -- I'm going to start with an easy question just because maybe there are some people that don't understand the story. And the easy question of kind of kind of just to start the discussion is what's in your portfolio? Meaning, can you think -- can you articulate the portfolio and the portfolio strategy? Where are you going, what you're going after?

Sure, so I'm about a year in. So have kind of had the chance to kind of really get my arms around the portfolio and make some changes. And so there's 2 big chunks of Cisco Security business. It's sort of what we think about as our net SAC which include Zero Trust and identity and there's some network prediction response things there and then obviously the Splunk business. And so if I kind of really dig in on the first 1 and then the second one, we reorganized our business around sort of 3 pillars. They are hybrid mesh firewall, if you understand the terminology, which is basically firing as a mesh across physical, virtual and even workload levels. Zero Trust, which is zero trust access and more -- and then we had identity as sort of our third pillar, but more and more identities is really a foundational element because we see identity as being critical for how we're going to secure agentic environments going forward because everything needs an identity, whether it's a machine, an agent to human, what have you. And so identity is -- and then there's sort of some cats and dogs parts of the business, which is more of the legacy stuff. We had some e-mails, media or things like that. But those first 3 are areas of tremendous focus of ours. And we were in this R&D in our focus around those 3 pillars. And when we get to kind of performance, we're seeing performance based upon that focus. And then, of course, you have the Splunk business. And there's really obviously the existing business, but really the opportunity then to dramatically expand what Splunk is doing in terms of being more of a broader data fabric to get signal, not just from but also from machine data and incline workloads because that visibility across all the infrastructure is 1 critical if you're going to get in secure AI, which is traversing everywhere. And 2 is also the way we're going to be able to start training AI beginning to automate the visibility and management of that infrastructure.

We did research, I don't know, maybe 2 years ago, maybe 3 years ago, and we looked into your security portfolio and back than we estimated. Of course, we don't have exact data. But based on market share data, we estimated that over 70% or 70% of your revenues came from appliances. Where are we today? And I'm not looking for the number. I'm looking for how is the -- how did the portfolio evolve from on-prem appliance to be cloud service and software, et cetera?

Yes. So listen, we are really focused on and this is going to be kind of an avoidance to your question, but I will answer your question. We're hyper focused on customer outcomes across some certain areas, and that includes the delivery of hardware and software, in some cases, just software. Cisco is also needs to be a multi-cloud business. It can't just be on-prem. We have to be thinking about private, but our customers have assets in the cloud as well. And so as we extend our capabilities beyond just a physical device, it has to be software that is traversing multi-cloud. And so that is a key carrier of focus of ours. And so we don't sit around and think about our business in terms of hardware versus software because these are highly integrated solutions. And -- but we obviously are seeing more and more uptake on pure software. Zero Trust, obviously, is a completely a SaaS solution and sitting across network infrastructure. And so that business is absolutely growing as a consequence of where we're reaching out and where we're serving customers.

So I've been talking to G2 for, I don't know, so many years about the strategy. And the strategy was always articulated well. But the execution numbers gone to negative levels. We got to minus 4% and minus 2%. Why did margins get to negative territory in a solid environment, security is good. And how does it change? What drives the change to the growth trajectory?

So listen, I think if you go back in time with Cisco, 10 years ago, I think the business was very strong in firewall in these areas and somewhere in the middle of the last 10 years, that changed, right? And in the last 3 years, since Tom Gillis, who I report to and before that G2 started refocusing the business we started seeing this narrowing of focus on excellence and execution around the areas I described. And I probably added a bit more focus to that since I've been here. But listen, I think we've got a very, very strong portfolio today. I don't know if that was true 3 or 4 or 5 years ago. We have continued to really focus our execution across those pillars I mentioned. Those 3 pillars are 86% of our business today on the SBG side. And so I think that execution. And then the second piece of this, obviously, is that the more and more we are infusing security into the network architecture into how we design networks and how we design the data center there's obviously a much easier selling motion there for our go-to-market, and that you're seeing that play out right now.

So on the last call, you noted -- the company noted that you expect security to accelerate. What drives it -- what drives acceleration?

So I think, listen, first of all, the market right now is obviously very, very strong I think with the advent of -- the number of security problems are growing dramatically, and they're very extreme. And with all the money going into the ground to support infrastructure build-outs, if we can't secure these use cases, it's going to impact the ROI on those investments. And so there's tremendous pressure. If I go talk to a large customer, the CSO is under tremendous pressure to figure out how to make AI use cases secure for their environment because the Board and the CEO is pushing so hard on that. And so in general, we're seeing an additional ramp-up of security. Our positioning within sort of a securing AI, I think, is very strong, that is obviously helping the growth of our business.

Got it. And maybe a question to Sami because I have you here, Sami, we always -- I always ask you about the mix and meaning how is mix impacting legacy versus new -- and there was also an issue that the recurring revenue, our -- the ratable revenues are going up, but it takes time to ramp it, where are we in the cycle, meaning where are we in the cycle? -- when do you expect all the good things that happened in the last 3 years to translate into growth acceleration?

Yes. To start, Peter is talking about the market is typically strong. And then what we have in the security business is really the 2 buckets. We have the Cisco core, that will be the Splunk category. The reality is we have still a couple more quarters of difficult compares mainly hitting these tough comps that really are affecting us on the Splunk side. But by the time we get to fiscal 2Q 27, these mixed compares become a lot more normalized. So you will not be dealing with these very difficult compares side by side. And the Cisco Security core though, you're already starting to see some improvements, and that's starting to drive some better performance. Part of that was seen in -- and then like we've discussed in our live call that we do expect that to continue into Q4. And this kind of gets us to a much better position, but kind of exiting FY '26 and starting FY '27, the mix and mix compares will start improving, the ratable composition will also increase. So you have all these factors that have taken a lot of time, but we're finally getting to a place that we're feeling very comfortable. This really gets us into the first half of FY '27, where we're going to be feeling much better about how things look.

And if I might add to that, just 1 more comment is when I -- even a year ago, I think Cisco is not so much in the mix in the security conversations. And we are very much in the mix today. And so talking to our customers, the CISO and the CIO are much more in the same room these days because security needs to be considered in thinking about these AI rollouts and those conversations are very robust for us on the security side as well, and that's really encouraging.

So actually, that's I wanted to ask you about it. If I asked your competitors, any security company, where is Cisco in the market, they would tell you how we're taking share from Cisco. How or where are we now when it comes to your position, and I don't even know how to articulate the question, but I think that you just -- you just said it, I want to basically go deeper into it, where are we today in the completeness of our portfolio and the vision of our portfolio and execution, your ability to execute when it comes to positioning you back the way you used to be 10 years ago is the leading cybersecurity company.

So a couple of things. I think when we talk about relevance and positioning -- we also have to look at the market we're in right now. And so the next 6 to 12 months are going to be dominated by mythos, vulnerability management, vulnerability packaging and shielding and it's going to be about securing AI, right? And so in the context of that, infrastructure is the front lines of the mythos concerns. And Cisco is we've just announced Live Protect. We have some very effective solutions for how to protect infrastructure and that we're rolling out. Secondarily, we've got technology like capabilities that is very, very effective at shielding and protecting applications. And you're going to see us continue to push forward on that. And then relative to AI security, whether it's infrastructure, whether it's a workload, whether it's Zero Trust access that now has agentic controls where we can authenticate an agent, authorize an agent, monitor its behavior and be able to enforce policy on an agent that is a very critical capability that our customers are asking us about. And so what I would sort of say is the market is changing. The good news is that we saw some of this change coming, and we've been able to reposition ourselves for this part of the market. And I think the market looking backwards at the silos of firewall or EDR or NDR or what have you, there's going to be consolidation here because what really needs to happen is we need much more broader set of sensors that can be everywhere. By the way, the network is everywhere. We have visibility everywhere. We need sensors everywhere, we need enforcement everywhere and we need to have the intelligence to understand what's going on in the network to be able to secure AI because it traverses trust foundries, it traverses a single control and these silos start to fall apart. And so we are very well positioned to take advantage of that.

Got it. And this week, you had Cisco Live. What was your key message on cybersecurity in Cisco Live?

I think, again, Mythos has been dominating the headlines -- and again, I think that's going to be something we're operationalizing with our customers over the next 6 to 12 months. as the concerns which are merited by the way, around advanced threat actors using these types of models is number one. Live Protect was associated with that. I think that was a really exciting announce for our customers because this means we can actively start defending their infrastructure going forward. And then obviously, the agentic security things that we're doing. So we've really made some significant advances around how we can identify and help secure agentic activity on the network, and we're manifesting that through, whether it's traditional firewall capabilities that have the ability to sense Zero Trust Access. We also launched an agentic app that sits across all of the platform. And then the third 1 is platform. Cloud Control, which is all of Cisco coming together through a platform experience very, very valid for security as well because in the background, we can start integrating data plans. And when you integrate data plans, it's much easier to do analysis across many different use cases. And that integration is how we can create really integrated use cases from a customer experience perspective that leads to, frankly, just better outcomes and better user experience.

And why are you positioned well for this, meaning why you and not someone else? What do you have in your portfolio -- it could be the legacy portfolio, it could be switches and routers could be in security control. But what do you have in your portfolio that makes you in a better position to benefit from all these changes because of AI.

Yes. So I think it's a few different things. But first of all, we are leveraging the network, leveraging our position there, leveraging data center infrastructure one of the demos you might have seen is that we're actually putting little baby firewalls in the Nexus switches, right, the smart switches, right? And that allows us to start having a much more distributed security presence, right? And so -- the key message is security needs to be more distributed. So we have visibility everywhere. We have sensors everywhere. And because we own the infrastructure in many cases, we can put that in place. And I don't know if anyone else can say that, right? So we can really take advantage of ownership of the infrastructure. And then we can still connect that back to if I need to -- and again, remember, data is going to increase 10x, 100x, depending on who you ask here in the future, are we going to create a firewall that's 10x the capacity or 100x. No, no, we're a lot smarter about how we route traffic. We're going to be sensing traffic. We're going to be identifying a small percentage of it maybe to route back through a firewall to do deeper inspection. But it's going to be much more about distributed security where things are happening at the edge. And if you look at the investments we've made, if you look at how we position our portfolio, that is a very big differentiator for us. And then when you add in firewall Zero Trust identity to this picture, you get to see a much broader portfolio that can come together and work together.

Take us through the Splunk journey, meaning what's happening in the company, plant security just security. What's happening there, Sam spoke about the transition. But what is this transition -- and how long does it take to go through it? And what's the risk in the transition?

Yes. So we're going through a phase. Journey as an industry to automate the stock, right? And Splunk is aggressively investing to do the same work, right? And the fact that we have as much data as we have puts us in maybe a better position to train models faster, get agents more proficient, faster, reduce false positives and the kind of work that they do. And so I would say that, that is a tremendous focus for that business over the next year to 2 years to continue to automate that. And then the second piece is really expanding the set of use cases we can support across things like Observability, the Galileo acquisition. We need to have visibility everywhere so that we can drive security outcomes on top of that. So being able to incorporate data plug-and-play across just the Cisco infrastructure, obviously, that's basically done at this point, but across all their sorts of infrastructure so that we can have that broad view and therefore, be able to create these security outcomes for customers. And so it's a little bit of the same playbook we've had historically there, but with a much broader view. And then we're putting automation on top of that. And listen, if we look out 5 or 6 years, agents are going to be driving these things, right? We're not going to have kind of as much human-led workflows here, it's going to be identic by nature. -- and you're going to then be looking at dashboards that are going to show your is compliance and other kind of audit compliance. And that is the vision we see, that's the journey we're on, and we're working towards that..

Right. And maybe a question for Sammy, we spoke a lot about it in the past. Take us through the numbers, again, not from a numbers perspective, but just conceptually, -- why are we seeing this deceleration and then acceleration? What happens behind the scenes that creates this kind of volatility in growth rates? .

I think the biggest driver is how customers want to consume Splunk -- so when Splunk was a standalone company, they were able to manage the business 50% term software, 50% cloud. And they really ran it down the middle because the company had a different mandate than what Cisco altogether has. Since we've given the customers the freedom to really decide how they want to consume the product, they've opted more into the ratable scheme. And that's -- I think you've seen like that accelerate, right, especially in FY '26. And at some point, the mixes will become more favorable, and that gets us into the first half of FY '27. Let's see if I can add any additional elements here. The other thing is, I mean, like exactly what Peter said, right? Like there are a lot of changes happening -- and also, I just want to connect 1 other thing is Cisco has the switching. We have the telemetry, domain knowledge. We have the security offerings on top of that. We've made all these very proactive investments to get ahead of it. And an additional thing that I think people are forgetting is we also have our own silicon. This just gives us significantly more vertically integrated programmability into the stack. And if you think of like networks running hotter with agentic flows, hotter just means more demanding networks with lower latency requirements. If you own every element of the stack, you're going to be able to put out some other compelling products.

And is AI laying to your strength of having control over the stack? Or is AI irrelevant for it? Or is it -- how is AI playing -- or how do you benefit from AI given that you have full control of the stack?

There's 2 things to look at this. From the customer lens, they are assessing various tools, and they're going to have very significant requirements to mobilize and tool AI technologies. Cisco can be the main vehicle to allow that to happen. Then on the flip side, internally, we are using a significant amount of AI tooling to develop our own products and also help us accelerate key parts of the company. So cloud control as well, and G2 has also talked about developing products almost completely using AI software, right, like AI tools. So there are kind of 2 parts to this, and both parts kind of get us to this very compelling delivery and matching what we can offer versus what customers actually need right now to adopt these technologies. So there's a bit of a 2-sided focus here. And then I think silicon and the stack really plays into that.

Peter, the question. So last year, I spoke about hyper .

What kind of category right? As I think about it is our next-generation workload security and distributed security. And so -- what I would say is that the Nexus Smart Switch and what we demoed here is Cisco Live represents one of the big outcomes of that effort. And so think about you're going to buy a data center switch that is a classic switch or one that also has firewall and capability built into it using that technology, okay? And then the second piece of that is when we look at all the vulnerabilities that primarily like Linux-based applications have that is sort of the thing that everyone is focused on right now and because being able to use that agent that agent technology to be able to shield those applications. That is also something that we are doing. And so HyperShield is finally kind of coming into its on the execution there was slower than what we had hoped, but it's the right idea for the right moment. It's a distributed strategy for doing enforcement, whether it's policy enforcement or segmentation. And so that is as we kind of think about sort of the future, we think that's going to be kind of a ramping aspect of that mesh portfolio. But the mesh, it's physical firewalls, it's cloud firewalls, right? It's things like -- like Hypershield. The thing we've also done is we created a single policy plan for all of this. And so a lot of times, customers struggle to operationalize all these things because everything causes a policy or a rule. And historically, this has been sort of a rules and policy based business that is very complex to manage. And so through AgenticOps and through integration of a single policy plan, we've also dramatically simplified how customers can operationalize it because at the end of the day, you're going to need thousands of these sensors out there. And this distributed network of sensors, that's really tough to manage is just a human writing policies. And so a unified policy plan and then be able to start automating the writing of those policies and managing those policies and on that journey, too.

Who is the customer? Or what kind of deployments do you address with the smart switch, meaning who needs switch together with a firewall?

I mean as you're building out data centers, you're looking to protect workloads segment the data center? I mean, it is the perfect solution for that. .

Got it. And that is basically enterprise data centers. .

Yes, yes. Yes, sorry.

Okay. What about legacy firewalls? I mean it's a big part of your business. You're still -- you have -- although you lost some share in the last few years, you still have -- you're 1 of the big players in the space. What are the trends with legacy firewalls -- and what are the trends also in terms of your portfolio? How did the portfolio evolve?

Yes, sure, sure. So we just refreshed the whole line -- so I would say like there's nothing legacy out there anymore, but we literally refreshed the whole line. And listen, these are very, very advanced products that high throughput doing deep packet inspection. We've built incredible ML models that can do on-the-fly detection of threats and what have you. And so these are very, very sophisticated solutions that are designed to operate in line, right? And so that is still a very poor requirement. And we're -- I think you saw this last quarter, we actually saw a very, very strong growth in that business. And so I think that's a very viable part of the business going forward. But I think it's an end answer -- or question and answer is that -- it's not enough, right? And that's where we have to try to think about these more distributed means to actually be able to do security more at the edges of the network, in the data center, protecting workloads and those things can all work together. So I want to make the point that -- it is not a siloed product for us. This is part of this mesh strategy. All these things working together, policy, we can write policy once and enforce it across all these services.

Got it. Agent security. So companies start to make acquisitions in general in the space, companies start to make acquisitions in the space, who made acquisitions in the space. articulate your position and your vision to secure agentic AI?

Yes, sure. So to secure agentic is really, first and foremost, about identity, believe it or not, right? You need to basically always understand exactly what the agent is, what it should be doing, what it's connecting to and what have you. And so our strategy is to take identity and make it a horizontal across our platform and our infrastructure so that our customers know everything an agent might be connecting to and not just a simple identity but actually rich metadata about that identity. So you actually understand okay? This is a workload that's running very sensitive information, and we know that sits behind a certain network and what have you. So that once you do introduce agents, and I'll get to the agent piece in a second, we have great visibility about what's happening on the network. So for agents, we have introduced so far through Zero Trust, also through just our identity stack the ability to discover, authenticate, authorize and now start managing the behavior of those agents on the network, right? And so that agentic strategy, which, by the way, can be enforced by what we see at the workload level, it's enforced by how we authenticate and bring them through identity into the network and then the ability to have visibility in firewalls to see a genetic traffic to C MCP calls to see tool access. We've introduced defense claw on the endpoint, but also looking at what's happening on the endpoint. All of these things, again, working together to be able to see agent activity across the network. And then on agentic app, we just introduced that brings signal from all of these products. So cross-cuts everything. It's not a siloed product. It cross-cuts firewall, secure access, Zero Trust access, identity to present a view of what is happening with agents on the network. And again, I think one that's very unique. Two, because we own the network, we also can see things, others cannot. And we can bring in all this signal to give that perspective and that's going to be absolutely required for securing agentic going forward.

Is this an opportunity here and now? Or is this an opportunity that is in the future.

This is an opportunity right now. Like we are in many different consumer customers like so air defense as an example, a product we built for builders to safely build applications that's a product that's a little over a year old and has a huge pipeline and backlog. And there is a right now conversation, the ability to use Zero Trust access to control and monitor what agents are doing on the network. That's a right now conversation. And so every one of our customers begin -- remember what we talked about at the beginning, the CISOs are under incredible pressure to adopt these technologies, but also to secure them. And so this is very much a right now conversation.

You previously noted it used to be good, bug is coming to me. You previously few quarters ago, you spoke about pressure on cybersecurity from federal government. And it's a big part of your segments. So give us an update on, if you can, please, on the federal segment or a federal part of cybersecurity.

Well, I think the thing everyone has seen as the orders coming down for the federal government to update infrastructure to make sure it's quantum ready and to really get rid of all the LDOS support type infrastructure and upgrade that. And so that is sort of probably the headline to the answer to your question. And so with that, we are bringing everything we have to bear to help support the government in making those changes as well as having lots of discussions around what else do we need to do, for example, to help protect and kind of met those type scenarios. And a lot of a lot of discussion with the government and other vendors, too, around how we're collectively going to help solve some of these problems. And I think that, again, is going to be a big topic here the next 6-plus months.

I forgot to ask you something about AI when we spoke about -- is it -- is your -- what you're doing in AI? Is it synergistic to what you currently have? Or is it just a stand-alone opportunity that is now growing?

So if you remember the description, hopefully, it landed of the agentic app. So imagine you've got this view into what our agents on the network, what it's connected to, what tools it's using. Maybe it's associated with a user -- all of that is a signal that's coming from the products and infrastructure that Cisco is deploying, right? And so whether it's Secure Access or your trust access platform, whether it's identity, whether it's coming from a firewall whether it's signal we're getting from a workload or something is interacting with the workload, looking at the process flows. That is all signal we're bringing up to give you the agentic view. And the thing I want to sort of reinforce is you need great breadth and depth to secure agents. If you're just an identity player, you can't see what happens past the trust boundary, right? So you have to have great depth and breadth. And because we are at the network layer all the way up to L7 in the stack, we have incredible ability to operate all areas in the stack to give this comprehensive picture to our customers about what agents are doing on the network. And agents are going to go everywhere. They're going to do things we don't want them to do. We're going to have to be able to enforce everywhere, have visibility everywhere, and that is really the ecosystem that we are building.

Last question is not about products and portfolio. It's maybe about your go-to-market and your ability to deliver to execute on your strategy. Where are you in -- what do you think about your own strength and weaknesses when it comes to go-to-market for cybersecurity, not Cisco's in general, yes?

So listen, we have I think my personal getting the world's best go-to-market, it's an incredible sales force. Our DNA is the network and infrastructure, right? And so a smart person running a site security business in Cisco will do whatever they can to attach their train to what's happening on the network side of the business. And so when we're talking about fusing security into the network, that is really a security story that goes with a network sale and infrastructure sale as well. And I think that is landing for us. But really how we think about it is once we are in with a customer with some security offerings that might be outcomes that are tied to the network as an example or might be outcomes tied to Splunk, which is broadly deployed. We have this vast portfolio, we can upsell and cross-sell that is integrated with whether it's the network or with Splunk, to help solve these new use cases we're talking about because security typically is about what's the house on fire thing I need to solve today? What's the new attack surface, right? And everything we talked about today is that new intact surface and we can tie that back to the infrastructure, leverage the infrastructure and the network to deliver those outcomes. And so that allows our go-to-market to actually have a very integrated sale process going from what would be kind of your network sellers for our security sales force. And so putting those 2 pieces together is obviously really important for us.

Got it. So Peter, thank you so much, Sami we ran out of time. Thank you. .

Great thank you. Appreciate it. This was great.