The Future of Threat Detection and Response
Mike Horn, Tom Gillis
RSA Conference 2025 · Day 3 · West Stage
Cisco's Tom Gillis and Splunk's Mike Horn argue that the traditional centralized security architecture is fundamentally inadequate for an AI-driven world where attack surfaces are expanding and data volumes are growing by orders of magnitude. They introduce a three-pillar blueprint — distributed data storage, distributed analytics, and distributed enforcement — as the foundation for a new security architecture. At the heart of that architecture sits a new class of device they call the "smart switch," fusing network and security processing on a single chip. ---
AI review
Cisco and Splunk's first joint keynote since the acquisition makes a technically serious case for distributed security architecture — the smart switch concept in particular is genuinely interesting hardware-level thinking. The post-acquisition positioning is visible but does not overwhelm the substance; Gillis and Horn actually have something to say about why centralized architectures are structurally inadequate for AI-scale data volumes.