Cisco has released the latest version of its SD-WAN software, version 26.1.1, with a strong focus on bolstering security and integrating AI capabilities. The update aims to help enterprises consistently apply security policies, gain end-to-end visibility, and transition from traditional WANs to high-performance, AI-ready fabrics without a major architecture refresh, according to a company blog post by Sunakshi Tickoo, product marketing manager for Enterprise Networks & Cloud.

Security Enhancements

The security improvements are part of Cisco’s Resilient Infrastructure plan announced in November, which aims to strengthen network security by increasing default protections, removing insecure legacy features, and introducing new capabilities to reduce the attack surface. In the SD-WAN release, vulnerabilities in CLI and UI configurations are addressed to protect the control plane from unauthorized access and privilege escalation.

A key feature is the Insecure Configurations dashboard, which provides a single, centralized view to identify outdated or insecure configurations across the SD-WAN fabric. It allows real-time assessment of device trust posture and guided remediation actions. Outdated commands are categorized into line transport, device server configuration, file transfer protocols, SNMP, and passwords. In the corresponding Cisco IOS XE 26.1.1 release, all insecure CLI commands are blocked by default, with an option to enable legacy commands via the system mode insecure command.

Anthony Grieco, senior vice president and chief security and trust officer at Cisco, previously stated that the company is making it clear when customers configure insecure features, initially with warnings and eventually removing insecure options entirely.

Firewall Policy Management and TLS Decryption

Another notable addition is the ability for Meraki SD-WAN sites to define firewall policies at the organization level and apply them everywhere, eliminating the need to configure each site individually. This centralized approach reduces operational overhead and ensures consistency.

TLS decryption capabilities have also been improved. The Catalyst 8375-G2 router, designed for large enterprise branches, can deliver up to 1.6 Gbps throughput on 100% HTTPS traffic, enabling strong security without performance bottlenecks.

AI Traffic Management and Assistant Enhancements

With the growing adoption of AI applications, Cisco has enhanced the SD-WAN software to automatically identify and classify AI-based application traffic across cloud, edge, and hybrid environments. This visibility allows organizations to differentiate between business-critical AI workloads and non-critical usage, applying policies for performance optimization and governance. Security is built in, with zero-trust enforcement applied directly to AI traffic and the ability to redirect traffic to Cisco Secure Access for deeper inspection.

The natural language AI Assistant in the SD-WAN software has also been upgraded to handle troubleshooting, monitor network performance, search documentation, and manage Technical Assistance Center (TAC) trouble ticket cases from a single tool, improving operational efficiency.

Overall, Cisco SD-WAN 26.1.1 represents a significant step toward a more secure and intelligent networking fabric, enabling enterprises to better support emerging AI workloads while maintaining robust security postures.

Source: Network World News