Making Zero Trust Real: AI-driven segmentation with Cisco and ORDR

The challenge of securing the “things” every business depends on

Security starts with identity, and Cisco has long set the standard. With ISE and Secure Firewalls, enterprises have an enforcement backbone to decide who and what to trust on their networks, and under what conditions. That foundation has held strong for decades.

But enterprises don’t just run on users and laptops anymore. They depend on infusion pumps, MRI scanners, industrial controllers, HVAC systems, and cameras. These “things” are mission-critical, but they don’t behave like traditional IT — and they account for 42% of all enterprise assets. They can’t run agents. They aren’t patched regularly. And when compromised, they disrupt far more than data: they halt manufacturing lines, ground aircraft, and put patients at risk.

Dayton Children’s Hospital learned this firsthand. With Cisco ISE as their enforcement plane and ORDR providing AI-driven device context and traffic analysis, they were able to isolate at-risk MRI machines within minutes after ransomware entered through a partner connection. Patient care never missed a beat. That’s the power of pairing Cisco enforcement with ORDR intelligence: segmentation moves from aspirational to operational, measured by speed of execution and the resources required.

The network doesn’t lie

The history of enterprise security is really a story of closing gaps:

• Endpoints with EDR and agents.
• User-to-app traffic via SD-WAN and SSE.
• Cloud through CSPM and CNAPP.

But the device-to-system domain — the traffic between medical pumps and drug libraries, industrial controllers and HMIs, or cameras and recording servers — has remained a blind spot.

In this domain, the only reliable source of truth is the network. Passive observation of traffic doesn’t depend on an agent, doesn’t require a patch, and never disrupts operations. It simply shows what’s there, how it’s behaving, and whether it belongs.

At a major U.S. airline we work with, this AI-enhanced, network-centric approach made TSA compliance achievable. ORDR revealed the real communication paths between baggage systems, maintenance equipment, and building controls so firewalls could enforce least-privileged access. What had been a manual, error-prone effort became automated rule generation for segmentation — a necessity in an industry where every minute of downtime costs millions.

Segmentation, finally made practical with AI

Segmentation has always been the cornerstone of Zero Trust. In theory, it stops lateral movement, enforces least privilege, and minimizes blast radius. In practice, most organizations never get beyond “monitor mode.”

The blockers are familiar:

• Too many devices can’t be identified or profiled.
• Policies are either so broad they become meaningless, or so complex they can’t be deployed.
• Manual rule-writing across thousands of different types of switches, wireless controllers, and firewalls takes months — only to stall before enforcement.

Cisco doesn’t lack enforcement. ISE uses TrustSec methods to enforce on switches, wireless controllers, and firewalls at massive scale. What’s missing is behavioral context — insight into devices, how they communicate, and how they behave. ORDR delivers this using the latest AI-driven agents and infrastructure that:

• Identify and classify every device — from unmanaged IoT and OT to legacy medical systems — while continuously updating profiles as environments evolve.
• Analyze communication flows — showing how devices talk to each other, which connections are essential, and which introduce unnecessary risk.
• Recommend policies in plain business logic — grouping devices by roles and behaviors, so administrators can express intent in business terms and have it translated into enforceable rules.
• Automate enforcement across Cisco infrastructure — converting those policies into ISE groups, SGTs, VLANs, or firewall rules, and applying them with confidence at scale.

This is why segmentation projects that once required months of spreadsheets and coordination can now be implemented in days — driven by AI-powered intelligence that reduces manual effort and accelerates execution.

Integration that scales

What makes this work isn’t just vision, but the depth of integration between ORDR and Cisco. Customers don’t want another dashboard or silo; they want to maximize the value of their existing Cisco investments. ORDR provides the hardest piece — asset intelligence for unmanaged and IoT devices — and Cisco’s broad ecosystem of tools enriches that intelligence. The result is accurate, context-driven policies that flow directly into Cisco’s enforcement mechanisms.

In practice, that means ISE isn’t limited to broad or generic endpoint profiles. It receives more than 40 attributes from ORDR to classify even the most obscure medical or industrial devices. That enriched intelligence ensures firewalls aren’t stuck with static IP lists — instead, they’re continuously updated with dynamic device groups that reflect the real behavior of what’s on the network.

TrustSec policies aren’t theoretical — they’re populated with actual communication baselines mapped by ORDR. Cisco Catalyst switches and Meraki deployments become part of the enforcement fabric, with ORDR extending visibility and continuously feeding AI-driven context into the infrastructure teams already manage every day.

The result is not just more context, but more confidence. Enforcement only works when powered by the right intelligence — and that intelligence comes from both sides: Cisco’s ecosystem breadth and ORDR’s ability to solve the hardest unmanaged and IoT challenges. That’s what makes enforcement precise, adaptive, and scalable.

From hospital rooms to factory floors

The same pattern repeats across industries. In healthcare, hospitals rely on Cisco ISE with ORDR to segment tens of thousands of devices — in real-world environments where uptime and patient safety come first. In aviation, airlines use Cisco Firewalls with ORDR to meet TSA mandates, ensuring operational systems communicate only with approved systems. In manufacturing and finance, Cisco infrastructure becomes the control plane for Zero Trust, while ORDR’s AI-driven intelligence secures unmanaged OT and building systems without disrupting operations.

Each environment looks different, but the principle is the same: Cisco provides the enforcement backbone and ecosystem breadth, ORDR delivers the hardest lift with unmanaged and IoT intelligence, and together they make segmentation real.

AI-powered secure networking — faster, simpler, scalable

The future of enterprise security won’t be about bolting on more tools. It will be about secure networking — where the infrastructure itself enforces Zero Trust by design. Cisco has been advancing this vision for years with TrustSec, SD-Access, and Firewalls that merge networking and security into one fabric. ORDR extends that fabric by making every device visible and understandable, while simplifying segmentation and accelerating enforcement so Zero Trust can move from theory into practice.

That means:

• Zero Trust that spans cloud, campus, data center, and OT — implemented with speed and consistency.
• Policies that are vendor-agnostic but powered by Cisco enforcement — simple to define, accurate to enforce.
• Scale that extends from a single hospital to a global manufacturer with millions of connected devices.

This is the architecture that turns Zero Trust from an aspiration into an operating model — one that’s faster to achieve and simpler to manage.

Cisco + ORDR: powering the future of Zero Trust networking

CISOs don’t care whether segmentation happens in a firewall, a switch, or through ISE. They care that it delivers — that risks are contained, compliance is met, and operations keep running.

That’s why Cisco and ORDR fit so naturally together. Cisco provides the enforcement backbone and ecosystem breadth, while ORDR contributes the AI-powered device and IoT intelligence that makes segmentation practical.

Together, we can finally make Zero Trust not just a strategy, but a reality — across every environment.