Field Report · Cisco Live 2026 · Las Vegas
Cisco IQ is powerful because it does not add new data to your environment. It connects the data that was already there to a system that acts on it before you have to ask.
By Shashi Bellamkonda · June 3, 2026
John Hoenemier, Director of Data Network Security at GlobalFoundries, was not supposed to be the quotable moment. He was a customer reference on a vendor stage. When he said "you cannot navigate what is coming with a map, when what you really need is a GPS," Liz Centoni, who had spent 45 minutes on the Michelob Ultra Arena stage making the same argument with data and live demos, said she was going to steal it. The line landed because it named the actual problem: the map existed, the data existed, the telemetry existed. None of it was connected to a system that acted on it continuously.
Cisco IQ is not a new data source. Forty years of infrastructure presence, support history, device context, and configuration data has been sitting in disconnected systems. The intelligence layer that acts on it continuously is what Cisco built. The Day 1 post covered the platform architecture and Cloud Control agentic demo. Day 2 was customer proof under real operating conditions.
End-of-Life Hardware Is the Attack Surface Now
Centoni opened with a question most IT leaders can answer only approximately: do you have a complete and accurate inventory of every asset in your environment and its current security posture right now, not as of your last audit? The lag between what the team can see and what exists in the network is structural. Spreadsheets, decommissioned devices still in records, fragmented systems that do not talk to each other.
According to Cisco-cited threat data, 40 percent of top targeted vulnerabilities last year directly impacted end-of-life devices, with more than 32 percent targeting network edge hardware past its support window. That hardware used to be an operational drag. It is now the preferred entry point for AI-enabled attacks that can map an entire network in minutes.
Human-speed reactive defense against machine-speed threats is the equation that does not close.
The First Thirty-Five Minutes of Every Technical Assistance Center Call Go Nowhere
Anyone who has been on a Technical Assistance Center (TAC) call knows this. Collecting show-tech logs, uploading files, explaining the environment to an engineer who should already have that context. Thirty-five to forty minutes before a single line of troubleshooting begins. When a case opens inside Cisco IQ, that context is already assembled: topology, configuration history, prior cases, device telemetry. According to Cisco, the platform routes the case to the right engineer 88 percent of the time, and that engineer is troubleshooting from the moment they join.
"Your engineer does not brief TAC. TAC briefs itself."
Liz Centoni, Cisco Live 2026 Day 2 Keynote
GEODIS: Uptime Is a Promise, Not a Metric
Scott Malone from GEODIS, the global supply chain and logistics operator, put a dollar figure on what network downtime costs: hundreds of thousands in lost throughput, service-level agreement penalties, and recovery labor inside thirty minutes of unplanned outage. A delayed shipment does not just affect GEODIS. It affects its customers' reputations with their own customers.
Before going into production with any platform, Malone required three things: application programming interface (API) integration with existing automation systems, centralized visibility from remote distribution sites through to core data centers in one view, and a phased end-of-life device roadmap that does not require touching production during replacement. In the live demo, Cisco IQ's assistant surfaced every device reaching end-of-life within four months at a specific site, categorized by device type and product identifier, and produced a budget-ready report. A planning exercise that used to consume engineering cycles came back as a query result.
His first reaction: this cannot be right. Then he realized it simply reflects what it looks like when the system already knows the environment.
GlobalFoundries: Zero Maintenance Windows Is a Physical Constraint, Not a Policy
Semiconductor manufacturing runs 24 hours a day, 365 days a year. Hoenemier said it plainly: every sensor, every robot, every precision tool converting raw materials into silicon depends on that network. No maintenance windows. He repeated that twice. A blunt-force network response does not cause downtime at GlobalFoundries. It shuts down a fabrication facility.
When a suspected defect surfaces inside Cisco IQ, the platform confirms whether the device is vulnerable, identifies every other device across the network carrying the same exposure, suggests workarounds, and if no workaround is viable, pinpoints the minimum software version that resolves it. Impact assessments that used to take days now take hours or less. Temporal modeling lets the team run refresh scenarios against live risk data before committing anything to production.
Cisco chose the hardest operating environment available as its public proof point. If the platform holds in a fab with no tolerance for disruption, the bar for most enterprise environments is lower.
On-Premises, Quantum Readiness, and Peer Benchmarking Ship in July
Quantum Ready Assessments. Harvest-now-decrypt-later attacks are already in motion. Encrypted data being collected today becomes readable once quantum computing reaches sufficient capability. This feature maps cryptographic exposure and builds a path toward a crypto-agile architecture. The timeline on quantum capability is contested. The data collection is not.
On-Premises Deployment. Air-gapped environments and organizations with data sovereignty requirements get the same intelligence layer running inside their own perimeter, customer-controlled.
Peer Benchmarking. Asset posture against actual peers at comparable size and sector. A logistics company benchmarking against healthcare organizations is measuring the wrong population.
Resilient Infrastructure Services for the AI Era. Maps attack surface, addresses AI-enabled threat resilience, and covers the new risk categories that Cisco's threat data has surfaced. Available inside standard and signature support tiers, meaning no separate budget line for existing services customers.
2,036 Customers in Five Weeks Against a Forecast of 800
Cisco IQ is included in existing services contracts. No new budget required for customers already in Cisco Support and Professional Services. That removes the procurement conversation and turns adoption into an activation decision. Centoni's chief labs officer had forecast around 800 onboarded customers at this stage. The actual number at keynote time was 2,036. Whether that gap reflects pent-up demand or aggressive activation by Cisco's customer success organization is worth tracking through the next earnings call.
The Quantum Ready Assessments announcement will not get the conference coverage the customer demos will. It deserves more attention. Harvest-now-decrypt-later is a current collection activity whose consequences arrive later. The organizations assessing cryptographic exposure this year have a remediation runway. Waiting until the capability gap closes publicly removes that option.
CIO/CTO Viability Question
Cisco IQ is already inside your services contract. The real question is whether your team knows what is actually running in your environment right now, and whether you want to find out before or after your next board conversation on AI threat exposure.
Centoni, Liz. Day 2 Keynote. Cisco Live 2026, Michelob Ultra Arena, Las Vegas, 3 June 2026.
Hoenemier, John. Customer Presentation. Cisco Live 2026, Michelob Ultra Arena, Las Vegas, 3 June 2026.
Centoni, Liz. "Cisco IQ: Redefining Customer Experience While Driving Partner Value." Cisco Blogs, 4 Nov. 2025, blogs.cisco.com.
Cisco Systems. cisco.com, 2026.
GlobalFoundries. globalfoundries.com, 2026.
GEODIS. geodis.com, 2026.
