Extreme Networks: A CISO's Guide to Driving Cyber Resilience

Chief Information Security Officers face mounting pressure to secure expansive enterprise networks while supporting business agility.

For Phil Swain, CISO of Extreme Networks, the challenge lies in dismantling the barriers between networking and security operations – disciplines once separate but now merging into a unified function.

With more than 20 years leading proactive cyber strategies, Phil emphasises that true resilience starts at the network core. 

Extreme Networks delivers AI-driven network automation, offering seamless connectivity while embedding security directly within the infrastructure.

Seeing the network as cybersecurity’s backbone, Extreme supports organisations in adopting Zero Trust frameworks, enhancing visibility, and enabling proactive threat detection.

Its offerings integrate network and security operations, eliminating legacy silos and embedding defenses within infrastructure layers.

This strategy empowers enterprises with the controls, flexibility, and resilience essential to succeed in today’s fast-changing digital environment.

In this Q&A with Cyber Magazine, Phil explores the dangers of fragmented security tools, the dual role of AI in defending and breaching systems and why a unified, infrastructure-level security approach is vital to addressing current cyber threats and regulatory demands.

What drives tool and team fragmentation in security operations and how does it increase cyber risk?

Fragmentation usually stems from a mix of issues. It can start with well-meaning decisions to buy tools for specific problems. Over time, this creates siloed data, consoles and teams, and it can take a lot of additional work to manage all the information coming from different sources. 

Ironically, instead of improving security, it can introduce new risks. 

Another factor is the misalignment of business processes as needs change. As business needs evolve and grow, the pressure to address specific requirements can drive IT and security processes in different directions.

And finally, there is shadow IT, where employees attach new devices and applications to the network that haven’t been approved. 

If IT and security teams can’t keep pace with business initiatives, other teams across the organisation may seek to find their own solutions, sometimes bypassing official processes and adding to fragmentation.

 This can result in delayed alerts, inconsistent processes and difficulties in understanding and correlating events across systems. 

Ultimately, the greater the fragmentation, the less efficient and effective a cyber team will be. 

This is one of the reasons many IT and security teams are turning toward unified platforms that bring everything across networking, AI and security into one place, making it easier to manage and control. 

How do disconnected solutions impact security staff workload and incident response capabilities?

Disconnected tools make incident response slower and security work more stressful.

Security teams and data analysts often spend hours stitching together logs and alerts from different systems, hindering their ability to identify and respond to threats or work on implementing proactive strategies.

The bigger issue is that security teams risk becoming the ‘department of no’ instead of business enablers. A unified approach can help address this.

By consolidating networking, security and observability into one unified platform, organisations have a single source of truth for managing network security. 

They can even automate reporting in some platforms, eliminating hours of manual work.

With a single view of the entire network instead of putting together puzzle pieces from various applications, security teams see the big picture instantly, allowing them to prioritise what matters, respond faster and avoid burnout.

It’s with this foundational layer that security teams can work with the business to start adding value and supporting new solutions and ideas.

Will new regulations like the Cyber Resilience Act effectively address the need for unified, cohesive security strategies?

These kinds of regulations are becoming more common and they’re an important step in ensuring organisations are prioritising security efforts. 

They’re also useful in promoting healthy conversations about security and what it actually means for an organisation. 

But, here's the thing: compliance doesn’t necessarily mean resilience and the organisation must have people who are in charge of managing the operational realities. 

Regulation can help identify risks and help to mitigate them, but it can’t fully address issues caused by fragmentation like slow response times. 

Real progress requires unified strategies that can adapt as necessary, turning compliance into long-term resilience.

What immediate actions should CISOs and boards take to consolidate their security environment for maximum protection?

• Step 1: Identify the critical business processes and data for your organisation. What are your crown jewels that must be protected?
• Step 2: Take inventory of your security tools and organisational data, including user identities needed to access the data and processes. In terms of the tools, make sure to identify any overlaps.
• Step 3: Prioritisation based on your critical processes and data. Focus on unifying tools and processes where it matters most. And, even more importantly, implement comprehensive data tagging and classification at the source as data enters your systems. This becomes essential when AI models start multiplying that data. 

Once those steps are complete, CISOs can build a roadmap toward a unified security strategy with the network as the foundation. 

This ultimately empowers staff with clarity instead of drowning them in tools, while giving leadership the assurance that risks are being managed holistically. 

Critically, organisations need to see this not as a technical exercise, but as an investment in resilience. 

How can unified, infrastructure-level security help organisations counter AI-driven threats while easing staff burnout?

For external threats, unified security built into network infrastructure means IT and security teams have a single source of truth. That makes it easier and faster to identify, respond to and eliminate security threats, whether or not attackers are using AI.

Internally, the key mindset is treating AI as a user, because that's fundamentally what it is. 

AI accesses your network, analyses data and creates outputs just like any user. 

Ask yourself: would you give a human user full admin access to all your data sets? Probably not. Yet, we often give AI agents equivalent access, with less control, oversight and training.

Due to the speed and scale at which AI is being integrated, defending against AI-driven threats requires the agility and cohesion that a unified security strategy provides.

Fragmented tools can’t keep pace – only a unified approach can close the gaps and keep organisations secure and resilient.