The week ending May 31 was dominated by a single gravitational event that hadn't yet produced its news: Cisco Live 2026 opens Sunday, May 31, at Mandalay Bay in Las Vegas, running through June 4. With 20,000 attendees from 75 countries and CEO Chuck Robbins headlining Tuesday's keynote, this is the largest single-vendor enterprise networking event of the year. The headline framing — "AI That Fixes Networks Itself" — is not a surprise to anyone tracking this report over the past four weeks, but the conference format will amplify it in ways that matter to field sellers. Expect a wave of product announcements, customer case studies, and partner program updates to land Monday through Wednesday of next week. For Mist sellers, Cisco Live is not background noise — it is a customer conversation event, and buyers who attend or follow the coverage will arrive at their next meeting with Cisco talking points pre-loaded.
The most operationally significant story this week, largely absent from trade press coverage, was the sixth Cisco SD-WAN zero-day patch of 2026. The flaw — an authentication bypass allowing remote attackers administrative control across entire networks — was patched on May 27. This is the sixth emergency SD-WAN patch in five months. That cadence is not a patch management story; it is an architectural signal about the attack surface of a platform that was originally engineered as an on-premises appliance and has been progressively cloud-extended. In any enterprise account where Cisco SD-WAN or Viptela is in the current or proposed stack, this vulnerability history is now a legitimate procurement-level question, not just a security team concern.
The Pulumi provider for Juniper Mist continued its now five-week unbroken release cadence, with five alpha builds of the 0.11.0 series published across the week — one per business day. This is no longer a signal of active development; it is a signal of mature, pipelined development. The transition from 0.10.x to 0.11.0 alpha confirms the version progression is real and sustained. For a Mist seller engaged with any prospect where a platform engineering team has a seat at the table, this is five weeks of continuous, publicly verifiable investment in IaC tooling — the kind of evidence that survives procurement scrutiny in a way that a vendor slide deck cannot.
Beyond these two stories, the research set this week was thin. Arista had no campus-specific activity — now four consecutive weeks without a campus product, customer, or partner announcement, even as the company carries a Gartner Magic Quadrant Leader badge from last week into field conversations. Extreme Networks produced no identifiable activity this week. Fortinet's campus/branch silence extends to a fourth consecutive week. The Tier 1 competitive landscape, outside of Cisco, is quiet — which makes the Cisco Live news cycle next week even more disproportionate in its market impact.
On the practitioner side, Reddit threads this week surfaced two recurring complaints worth noting: Meraki's Advanced Security licensing costs are generating active friction among resellers and end users, and Cisco's mandatory DNA subscription bundling on Catalyst 9500 switches continues to draw criticism in infrastructure refresh conversations. A third thread directly evaluated Fortinet, Cisco, and Aruba in a campus refresh context, with price sensitivity to licensing as the primary driver. These are real buying conversations happening right now, and they present a live opening for Mist positioning.
For Mist sellers, the tactical priority going into next week is simple: Cisco Live will produce a marketing wave on Monday and Tuesday. The Cisco SD-WAN vulnerability history, the Meraki licensing frustration on Reddit, and the Catalyst DNA subscription complaints are the three counterweights that belong in your back pocket before those conversations start.
Cisco Live 2026 opens Sunday May 31 at Mandalay Bay, Las Vegas, running through June 4. The event's anchor narrative is "AI That Fixes Networks Itself" with CEO Robbins keynoting Tuesday. So what: Every Mist seller needs to anticipate a wave of Cisco-framed customer conversations next week. Prepare your Marvis-vs-Cisco AI response now, not after the keynote lands. 🟡
Cisco patched its sixth SD-WAN zero-day of 2026 — an authentication bypass granting remote admin access across entire networks. Six emergency patches in five months represents a structural vulnerability pattern, not an isolated incident. So what: In any account where Cisco SD-WAN is in scope, this vulnerability cadence is a legitimate risk question to raise at the procurement level. Session Smart Router does not share this attack surface. 🟡
Pulumi provider for Juniper Mist published five 0.11.0 alpha builds this week — one per business day — continuing a five-week unbroken development cadence. So what: For DevOps-oriented enterprise prospects, this is five weeks of publicly verifiable, daily IaC investment. Use it in deals where platform engineering teams have vendor selection influence. 🟢
Reddit practitioners actively complaining about Meraki Advanced Security licensing costs and Cisco Catalyst mandatory DNA subscriptions this week. These threads reflect live, active purchase friction in accounts currently refreshing infrastructure. So what: These are real openings for Mist positioning in refresh conversations. Licensing total cost of ownership is a live objection Cisco reps will have to answer. 🔴 (practitioner forum)
A Reddit thread explicitly evaluated Fortinet, Cisco, and Aruba for a campus network refresh, with licensing cost as the primary deciding factor. So what: Any Aruba or Mist seller in a three-way refresh bake-off should lead with TCO; price sensitivity to recurring licensing is the customer's stated primary concern in at least one documented live deal. 🔴 (practitioner forum)
Forrester published a blog stating networking vendors are "finally starting to build platforms — not just dashboards." The framing validates Mist's multi-year investment in a unified AI platform over feature aggregation. So what: Use the Forrester framing to contextualize Mist's platform-native architecture in contrast to Meraki's dashboard-centric model and Aruba Central's AIOps overlay. 🟡
Arista absent from campus-specific activity for the fourth consecutive week. Despite holding a new Gartner Magic Quadrant Leader badge, Arista is producing zero campus operational news. So what: Arista's campus story is analyst-certified but operationally thin. Use this window — it may close when Arista announces new campus product activity. 🟡
Extreme Networks and Fortinet both had zero identifiable activity this week. Fourth consecutive quiet week for Fortinet campus/branch; Extreme similarly silent. So what: Neither competitor is generating new urgency in their installed bases. Any accounts where these vendors are the incumbent are stable targets for Mist outreach. 🟡
Cisco Live 2026 — Opens Sunday May 31. 🟡 The conference runs May 31–June 4 at Mandalay Bay, Las Vegas, with 20,000 attendees from 75 countries. CEO Chuck Robbins keynotes Tuesday. The event's public-facing headline is "AI That Fixes Networks Itself" — consistent with five weeks of AI-era narrative building in this report. Specific product announcements are not yet published at the time of this report's research cutoff; they will arrive Monday–Wednesday of next week. This is the single most important competitive event to track in the next seven days.
Cisco SD-WAN: Sixth zero-day patch of 2026. 🟡 On May 27, Cisco shipped an emergency patch for an authentication bypass vulnerability in its SD-WAN platform that allowed remote attackers to gain administrative control across entire networks. This is the sixth such emergency patch in 2026 — a rate of more than one per month. The pattern suggests an architectural attack surface problem, not an isolated software defect. Worth noting: this is Cisco's SD-WAN/Viptela platform, not Meraki MX, which has a different codebase and attack surface.
Marketing narrative: Unchanged from prior weeks. "AI-Native Networking" and the "networking super cycle" framing from the JPMorgan conference remain the dominant public narrative. Cisco Live will either deepen this with product substance or expose it as ahead of shipping reality.
Channel/pricing: No new announcements this week. Practitioner complaints about DNA subscription mandates on Catalyst 9500s and Meraki Advanced Security licensing costs continue to surface organically on Reddit (see Section 6).
Personnel/analyst: No notable moves this week.
Quiet week — fourth consecutive week with no campus-specific product, customer, partner, or analyst activity. Arista entered this week carrying the Gartner Magic Quadrant Leader badge from last week's placement but produced no operational campus news to build on it.
Quiet week — no identifiable product, customer, partner, or marketing activity. Fourth consecutive week of silence. Research queries returned zero relevant results.
Quiet week — fourth consecutive week of zero campus/branch activity. No product, channel, or customer news. Fortinet's campus motion continues to run on prior-period momentum without new investment signals.
Nile (NaaS): No results returned this week. No material activity.
Meter (NaaS): No results returned this week. No material activity.
CommScope RUCKUS: No material activity. Research queries returned no relevant results.
Huawei: No material activity relevant to international enterprise campus context.
Tier 3 vendors (ALE, H3C, Allied Telesis, TP-Link, Join Digital): No material news this week.
Moves this week: No HPE Aruba-specific product, marketing, or customer announcements surfaced in the research set this week. The research query for "HPE Aruba" returned a single irrelevant result (a UNESCO listing). This is a quiet week for Aruba's outbound narrative.
Current narrative and landing: Aruba's strongest recent moment — the autonomous AIOps announcement from the week of May 17 — has not been followed by additional amplification this week. The narrative window from that announcement is closing without reinforcement. No new Central, CX switching, ClearPass, or EdgeConnect content published this week.
Competitive poaching signals: The most concrete live signal this week is a Reddit thread in r/networking titled "Network Refresh — Considering Fortinet + Cisco + Aruba," posted four days ago, in which a practitioner explicitly cited Meraki's price as unacceptably high and was evaluating Aruba alongside Fortinet and Cisco. This is the profile of an Aruba-competitive entry account, not an existing Aruba shop. No signals of Aruba installed-base poaching activity were found — though absence of signals in a research-sparse week should not be read as absence of activity. 🔴
Gaps that could surface in a renewal conversation:
- The HPE/Juniper integration narrative continues to generate customer questions about platform roadmap certainty. No public statement clarifying the Central-vs-Mist convergence timeline was published this week.
- Aruba ClearPass continues to carry legacy complexity perception in practitioner forums, though no new complaints surfaced this specific week.
- EdgeConnect SD-WAN: Cisco's sixth SD-WAN zero-day is a Cisco problem, not an Aruba problem — but it will prompt security-conscious customers to ask about the security posture of any SD-WAN platform in their stack, including EdgeConnect.
What to watch: With Cisco Live opening Sunday, expect Cisco field teams to lead with AI-era messaging in Aruba accounts during the conference week. The risk is not that Aruba customers defect immediately — it is that they put renewals on hold to evaluate Cisco's refreshed story.
Pulumi provider for Juniper Mist — five 0.11.0 alpha builds published this week. 🟢 Builds 0.11.0a1779693335 (May 25), 0.11.0a1779779125 (May 26), 0.11.0a1779866084 (May 27), 0.11.0a1780007516 (May 28), and 0.11.0a1780123782 (May 30) were published to PyPI across the week. This is one build per business day — a consistent, pipelined release cadence that has now run for five consecutive weeks. The transition from 0.10.x alpha to 0.11.0 alpha confirms the version tree is progressing, not spinning in place.
How to use this in deals: The Pulumi provider provides Infrastructure-as-Code management of Mist resources — APs, switches, WAN edges — via Terraform-compatible declarative configuration. For enterprise prospects with platform engineering teams, a DevOps-native network management workflow is a differentiated capability. The fact that it has daily public releases on PyPI means procurement due diligence can verify investment without trusting vendor slides. This is a falsifiable competitive claim.
Mist AI / Marvis narrative vs. competitors claiming AI: With Cisco Live opening this weekend around "AI That Fixes Networks Itself," the market's AI vocabulary is about to be saturated with Cisco content. The differentiator to defend is implementation specificity: Marvis's AI pipeline runs on real-time telemetry from the Mist cloud microservices architecture — every AP, switch, and WAN edge streams event data to a cloud-native backend that has been AI-first since 2016, not AI-layered-on since 2023. Cisco's self-healing AI framing is not yet grounded in publicly available customer case studies showing specific MTTR reductions at scale; Marvis has published case studies with named customers and measurable SLE improvements.
Customer wins / pipeline signals: No new customer wins or case studies published this week in the research set.
Competitive positioning for net-new deals: The Cisco SD-WAN zero-day story is directly relevant in any campus+WAN deal where the prospect is also evaluating Cisco's SD-WAN or SASE stack. Session Smart Router (SSR) has a fundamentally different forwarding architecture — session-aware, source-routing — that does not expose the same administrative API attack surface as Viptela. This is a legitimate architectural differentiator, not a feature comparison.
No HPE executive statements or product announcements about the Aruba/Mist integration surfaced this week. The research queries for "HPE Networking Portfolio Integration" returned zero results.
Current state of the seam: The autonomous AIOps announcement from May 17 — where HPE explicitly claimed agentic AI capabilities across both Mist AI and Aruba Central simultaneously — remains the last public signal of integration progress. There has been no follow-on communication this week to clarify what "shared backend" means for customers, what the roadmap for platform convergence looks like, or whether a unified management plane is on a published timeline.
Customer-facing confusion risk: The "which platform when" question — should a new customer buy into Aruba Central or Mist AI? — remains unanswered by public HPE communications. Any customer asking this question in a meeting this week has no clear public answer to reference. Field sellers are carrying this ambiguity without air cover from the product org.
Watch for: Any Cisco Live messaging that specifically targets HPE integration uncertainty. Cisco field teams are trained to exploit competitor instability narratives, and the Aruba/Mist seam is a documented vulnerability. If Cisco frames its "complete portfolio" story against "fragmented HPE platforms," that is a prepared attack, not an improvised one.
Cisco — Non-Campus Activity:
- Cisco Live 2026 opens Sunday May 31 with AI-era messaging spanning data center, security, and cloud networking — the full portfolio will be on display across the week. 🟡
- The sixth SD-WAN zero-day patch of 2026 (authentication bypass, remote admin access) was shipped May 27, applicable to the Viptela/SD-WAN platform. 🟡
- No other non-campus Cisco activity surfaced in the research set this week.
Arista Networks — Non-Campus Activity:
No non-campus activity in research set this week.
Extreme Networks — Non-Campus Activity:
No non-campus activity in research set this week.
Fortinet — Non-Campus Activity:
No non-campus activity in research set this week.
Palo Alto Networks — Non-Campus Activity:
- No material PANW announcements; the AI vs. AI cybersecurity story (Sysdig documenting the first LLM-agent intrusion in the wild) is adjacent context for security-sensitive enterprise buyers, but not a PANW-specific event. 🟡
Zscaler — Non-Campus Activity:
- Zscaler reported stronger-than-expected fiscal Q3 2026 results, with record annual recurring revenue growth highlighted on the earnings call. 🟡
- ZS stock is down over 40% in 2026 despite strong Q3 results, reflecting broader SSE sector multiple compression rather than business deterioration. 🟡
- Relevant context: Zscaler's SSE platform competes with the security overlay components of both Mist AI (Juniper Connected Security) and Aruba's EdgeConnect/SSE stack. Strong ARR growth signals that enterprises are continuing to buy ZTNA/SWG/CASB — the question is whether they buy from a network vendor or a pure-play security vendor.
Research quality note: Reddit queries this week returned a high proportion of irrelevant results (sports scores, gaming threads). The following reflects the subset of practitioner-relevant threads that were returned. Volume is lower than prior weeks. Treat all items below as 🔴 practitioner sentiment, not verified fact.
Meraki — Licensing Friction (🔴 Practitioner Sentiment)
A thread in r/meraki posted within the past week: a practitioner who is "new to the Meraki ecosystem" purchased an MX85 and access points for testing and immediately encountered friction around Advanced Security licensing requirements and costs. A separate r/meraki thread from four days ago showed a long-tenure Meraki reseller saying they had "sold Meraki for a long time, but have never sold Essential licenses" and were struggling to produce a renewal quote at current pricing. 🔴
A thread in r/NetworkGearDeals posted five days ago titled "Anyone else tired of mandatory DNA licensing on Catalyst switches?" described a practitioner working through a campus refresh quote for C9500 switches who was "reminded again that the mandatory DNA subscription is still bundled in." The post framed it as a recurring frustration across multiple quote cycles, not a one-time surprise. 🔴
Analyst signal (weak): These are two separate complaint categories — Meraki subscription pricing and Catalyst DNA bundling — but they are both surfacing in the same week in active refresh contexts. The pattern aligns with what has been visible in prior weeks. This is not a new complaint, but it is an active one.
Aruba/Fortinet/Cisco — Active Campus Refresh Comparison (🔴 Practitioner Sentiment)
A thread in r/networking from four days ago, titled "Network Refresh — Considering Fortinet + Cisco + Aruba," shows a practitioner actively comparing all three for a campus refresh. The stated primary driver was price — specifically, wanting "something under the Meraki price." The practitioner noted that Fortinet+Cisco+Aruba combinations come with higher licensing and ongoing support costs than expected. This is a live three-way comparison happening in real time. 🔴
Implication: Neither Mist nor Aruba was explicitly mentioned as the lead option, but Aruba is in the consideration set. The practitioner's price sensitivity to licensing is the dominant filter. Mist is not mentioned, which suggests either it was out of scope for this buyer's segment or it was not top of mind — both of which are pipeline signals for prospecting.
HPE Juniper / HPE Acquisition Sentiment (🔴 Practitioner Sentiment)
Reddit threads from r/Juniper and r/networking around the HPE acquisition remain accessible in search results, though the specific recent thread content was not readable due to link restrictions. The presence of these threads in search results for "enterprise networking HPE Juniper" suggests continued practitioner interest in the acquisition narrative — either concern about direction or curiosity about the combined portfolio.
No actionable Reddit signals this week for: Arista campus, Extreme Networks, Nile, Meter, or Mist-specific practitioner experience. The research volume was insufficient to draw practitioner sentiment conclusions for these vendors.
No capability matrix cells changed this week. No vendor made a product announcement, published a shipping update, or issued a roadmap clarification that would move any cell in the matrix. The full current-state matrix is in Appendix A.
Apparent Parity
Both vendors offer cloud-managed Wi-Fi, campus switching, and AI-assisted network operations. Both claim self-healing or autonomous network remediation. Both have SD-WAN products with security integration. On a feature checklist, they look comparable.
Implementation Reality
Cisco's "AI that fixes networks itself" — the Cisco Live headline — is a marketing claim built on top of a heterogeneous product stack: Meraki (cloud-native, closed API, SMB-heritage), Catalyst (on-premises-heritage, DNA Center/Catalyst Center cloud extension), and Viptela/SD-WAN (acquired, separate codebase). The AI/assurance layer sits across these three architectures as an overlay, not as a native data pipeline. Mist AI was architected cloud-native from inception in 2016; every AP streams telemetry to a microservices backend that feeds Marvis directly. There is no "bridge" from a legacy management plane to a new AI layer — the AI layer is the management plane. The practical difference shows in mean time to root cause: Marvis can correlate wireless, wired, and WAN events in a single query; a Cisco operator correlating the same event would typically navigate Meraki Dashboard, Catalyst Center, and potentially a separate SD-WAN portal.
Additionally, Cisco SD-WAN has now accumulated six emergency zero-day patches in 2026 — one per month on average. This is not a Meraki problem or a Catalyst problem, but it reflects the attack surface consequence of bolting cloud management onto an appliance-era WAN architecture.
Where Mist Has Stacked Advantage
- AI pipeline depth: Marvis operates on a single telemetry stream across wireless, wired, and WAN from a purpose-built cloud backend. Cisco's AI sits across three separate product stacks.
- Operational surface reduction: A Mist operator manages wireless, EX switching, and Session Smart Router from a single pane of glass with a shared policy model. Cisco requires separate tooling for Meraki, Catalyst, and SD-WAN.
- SD-WAN security posture: Session Smart Router's session-aware forwarding architecture does not expose the same admin API attack surface as Viptela. Six zero-days in five months is a verifiable differentiator.
- IaC/programmability: Five consecutive weeks of daily Pulumi provider releases is publicly verifiable investment. Cisco's Meraki API is documented but the IaC ecosystem is thinner.
Where Mist Is Structurally Weaker
- Ecosystem scale: Cisco's TAC, partner network, certified engineer pool, and global professional services bench are structurally larger. In accounts where "can you staff this globally?" is a procurement criterion, Cisco wins on resources.
- Enterprise switching depth: Cisco Catalyst's enterprise switching feature set — particularly for large-scale modular chassis, advanced QoS, and legacy protocol support — is deeper than Juniper EX. Brownfield accounts with complex Catalyst deployments face real migration friction.
- Meraki SMB-to-enterprise bridge: For accounts that started on Meraki in SMB and grew into enterprise, the switching cost to Mist is real. Meraki's simplicity is a feature, not a bug, for that buyer profile.
Deal Impact
With Cisco Live opening this week, every deal that has a Cisco rep in it will have fresh talking points by Tuesday. Prepare a specific, falsifiable response to "AI that fixes networks itself" — ask the Cisco rep which AI model, trained on what data, using what telemetry pipeline, producing what specific customer outcome. Make Cisco's AI claim as specific as Mist's. The SD-WAN zero-day story is a legitimate escalation path in any deal where security posture is a procurement criterion.
Apparent Parity
Both vendors carry Gartner Magic Quadrant Leader status in campus networking. Both offer cloud-managed operations (CloudVision vs. Mist AI). Both claim AIOps capabilities. On paper: comparable.
Implementation Reality
Arista's campus motion is built on the strength of its data center routing and switching heritage, extended into the campus via EVPN/VXLAN fabric and CloudVision management. CloudVision's AIOps layer (AVA — Arista Virtual Assist) is real and functional, but it is a feature layer on top of a network management system, not a purpose-built AI platform. Arista has been absent from campus-specific product activity for four consecutive weeks; its campus story is being advanced by analyst recognition (Gartner MQ Leader) without new product or customer evidence.
Mist's campus architecture is wireless-first and AI-native. The Mist AI backend collects telemetry at a granularity — per-frame, per-client — that CloudVision does not attempt to match on the wireless side. Arista's Wi-Fi solution is OEM'd (historically via Mojo/Cognitive Wi-Fi), which means the wireless telemetry pipeline is not natively integrated into the same model as the switching telemetry pipeline.
Where Mist Has Stacked Advantage
- Wireless telemetry depth: Per-client, per-frame wireless telemetry is native to Mist's architecture. Arista's Wi-Fi heritage is OEM'd and the telemetry integration is shallower.
- Campus operational cadence: Mist is actively publishing IaC tooling and maintaining a daily development cadence. Arista's campus operational news has been absent for four weeks.
- AI training data: Marvis's AI pipeline has been running on production campus telemetry since 2016 — a seven-year head start on training data for wireless and wired correlation models.
Where Mist Is Structurally Weaker
- Data center to campus extension: Customers already running Arista in the data center will find CloudVision's campus extension architecturally consistent. The operational model, CLI, and policy framework are the same. Mist has no data center switching story — the EX series tops out at campus aggregation.
- EVPN/VXLAN fabric depth: Arista's campus fabric implementation using EVPN/VXLAN is architecturally superior to Juniper EX's campus fabric implementation for large, complex multi-building deployments with demanding segmentation requirements.
- Financial and engineering scale: Arista's market cap and R&D budget dwarf HPE Networking's networking division. Arista can sustain investment in both data center and campus simultaneously; HPE is managing two platform narratives under integration pressure.
Deal Impact
Arista's four-week campus silence is an opportunity window, but it may close at any time. The Gartner MQ Leader badge is now in play. When Arista enters a campus deal, their opener will be the Gartner citation plus data center continuity. Mist's counter is operational specificity: ask for a CloudVision live demo of Marvis-equivalent capabilities — natural language queries, SLE dashboards, proactive anomaly detection on wireless clients. The demo gap is real.
Apparent Parity
Both claim enterprise-grade AI-driven campus management. Platform ONE and Mist AI both offer cloud-managed Wi-Fi and switching. Both are targeting education and government verticals with AI network operations narratives.
Implementation Reality
Extreme's Platform ONE is a cloud management platform built through acquisitions (Aerohive, Avaya networking, Brocade data center, Zebra/Motorola Wi-Fi). The integrations are functional but the underlying code bases are architecturally heterogeneous. The AI layer (ExtremeCloud IQ CoPilot / Director) is a management-plane overlay. Mist AI is a purpose-built microservices backend with a single telemetry model; Platform ONE is an integration achievement, not an architectural unity.
In education and government — Extreme's primary vertical push — budget cycles and procurement requirements create different competitive dynamics. Extreme's installed base in these verticals is larger than Mist's, and switching costs are real.
Where Mist Has Stacked Advantage
- Architectural coherence: Single telemetry model, single policy model, single AI backend. Platform ONE's coherence is layered over acquisitions; Mist's was designed-in.
- Marvis specificity: Marvis's natural language query interface and SLE framework are more mature and more demonstrably functional than ExtremeCloud IQ CoPilot in head-to-head demos.
- IaC ecosystem: The Pulumi provider gives Mist a programmatic management story that Extreme has not matched in the research period.
Where Mist Is Structurally Weaker
- Installed base in education/government: Extreme's depth in these verticals — through the Aerohive and Avaya inheritance — creates real switching-cost barriers that are not closeable by product features alone.
- Price positioning: Extreme competes aggressively on price in education and government. Mist's cloud-managed, AI-native premium is harder to justify in price-sensitive public sector procurement.
- Physical switching breadth: Extreme's switching portfolio (inherited from Brocade/Avaya) offers chassis and stackable options that match or exceed Juniper EX at some price points for education network densities.
Deal Impact
Fourth consecutive quiet week from Extreme. No new talking points have been published. If you are in an education or government account where Extreme is the incumbent, the competitive pressure this week is unchanged from last week. The opening remains available — demonstrate Marvis specificity in a live demo, then TCO model against Extreme's subscription pricing.
Apparent Parity
Both offer Wi-Fi, switching, and SD-WAN/SASE under a single management framework. Both claim integrated security and network operations. On a security-led buyer's checklist, they appear to cover similar ground.
Implementation Reality
Fortinet's campus play is FortiAP + FortiSwitch + FortiGate as a security-first stack, managed through FortiManager or FortiCloud. The integration is genuine — FortiGate is a real network security platform, and FortiAP/FortiSwitch share policy enforcement with the firewall layer natively. However, Fortinet's AIOps is thin by Mist standards: FortiAIOps exists but does not have the wireless-specific SLE framework, per-client telemetry depth, or natural language query interface that Marvis provides.
For security-first buyers, Fortinet's native firewall integration is architecturally superior to Mist's connected security model, which relies on integration with SRX and third-party policy enforcement. The argument "buy your network from your firewall vendor" is coherent and Fortinet makes it effectively.
Where Mist Has Stacked Advantage
- Wireless operations depth: FortiAP is a functional enterprise AP; Marvis's wireless SLE framework is not comparable in maturity to anything Fortinet has published. Head-to-head on network assurance for wireless, Mist wins.
- Wired+wireless+WAN AI correlation: Marvis can correlate client-level events across wireless, wired, and WAN in a single query. Fortinet's management plane does not offer an equivalent.
- Cloud-native architecture: Mist's backend is cloud-native by design; FortiCloud is a cloud extension of an on-premises-heritage management model.
Where Mist Is Structurally Weaker
- Security-first buyer persona: In accounts where the CISO drives the network refresh, Fortinet's "one vendor, network + firewall + SASE" argument wins architectural coherence points that Mist cannot match without an SRX/Connected Security pitch that adds complexity.
- SASE integration depth: Fortinet's Universal SASE integrates directly with FortiGate and FortiAP policy — the security enforcement is not a separate plane. Mist's SASE integration requires Juniper Connected Security or a third-party SSE layer.
- Price in mid-market: Fortinet's campus stack is price-competitive in mid-market and SMB segments where Mist's AI premium is harder to justify without a large enough estate to demonstrate ROI.
Deal Impact
Fortinet's fourth consecutive quiet week in campus/branch is an opportunity. In accounts where Fortinet is the incumbent and security integration was the original justification, probe whether the AIOps gap has grown visible to the operations team — IT ops teams managing FortiCloud often wish for better root-cause analysis. That's Marvis's entry point.
Structural Gap 1: No data center switching story.
Mist's switching portfolio (EX series) tops out at campus aggregation. Juniper QFX is the data center play, but it is not integrated into the Mist AI management plane in the same way EX is. Arista's ability to offer a single CloudVision management model from the data center core to the campus edge is a structurally durable advantage in accounts where the same team manages both. This is not a software problem; it is an architectural scope decision. EX and QFX are different product lines with different management models, and closing that gap would require either extending the Mist AI platform into QFX management (a multi-year architectural investment) or accepting the seam.
Structural Gap 2: Partner and services ecosystem scale.
Cisco's TAC organization, certified engineer pool, and global SI partnerships are structurally larger than Juniper/HPE Networking's equivalent. In deals where the enterprise procurement team asks "can you staff 24/7 support across 40 countries?", Cisco can answer more convincingly than HPE Networking. This is not a product gap — it is a go-to-market and organizational scale gap that the HPE acquisition partially addresses (HPE's global services org is larger than Juniper's was standalone) but does not fully close. Arista has the same problem in campus but is less affected because its campus motion is newer.
Structural Gap 3: SASE/SSE as a standalone offer.
Fortinet and Cisco both offer SASE/SSE capabilities that are natively integrated with their campus network products — Fortinet through FortiGate/Universal SASE, Cisco through Meraki+Umbrella+Duo. Mist's SASE story requires either Juniper Connected Security (SRX-based) or a third-party SSE vendor. In security-consolidated buying decisions where the CISO wants a single vendor for network and SASE, Mist cannot make that offer with the same native integration depth. This is an architectural position, not a feature gap — Mist was designed as a network-first AI platform, not a security platform with network capabilities.
Structural Gap 4: Campus switching installed base relative to Cisco.
Cisco's Catalyst installed base in enterprise campus switching is orders of magnitude larger than Juniper EX's. Brownfield accounts considering a full Catalyst replacement face real migration friction — configuration models, protocols, and operational muscle memory all point toward Cisco. While this is not a Mist product gap per se, it is a structural market position gap that limits the addressable replacement opportunity in large, deeply entrenched Catalyst environments.
Attack 1: "Cisco Live just demonstrated AI that autonomously remediates network faults at scale — and Cisco's AI runs across the same platform your team already knows: Meraki, Catalyst, and a unified operations console. Mist's Marvis is a good AI for a Mist-only environment, but the moment you have Cisco Catalyst in your core or Cisco firewall in your DMZ, you're adding a second management plane and a second AI engine that don't share context. Integration complexity is operational risk, and operational risk is your problem on Monday morning, not mine."
Why it will land: Most enterprise campus environments are not greenfield. Any brownfield account with Catalyst in the core is a real integration challenge. The "second pane of glass" framing exploits a real architectural seam.
Counter: Mist's EX switching integrates natively into the Mist AI management plane — the unified dashboard is not theoretical, it is the product. The question for the Cisco rep is: which "unified console" are you proposing? Meraki Dashboard and Catalyst Center are not the same console, and they do not share AI telemetry. Ask the Cisco rep to show you the unified AI query interface across both — then show Marvis doing it live.
Attack 2: "HPE just acquired Juniper. That means Mist's roadmap is now being decided by a committee that also has to preserve Aruba Central, HPE CX switching, ClearPass, and EdgeConnect. Every dollar of R&D has to serve two customer bases. Cisco has one networking architecture and one AI investment thesis. The question isn't which vendor is better today — it's which vendor's roadmap you trust for a five-year commitment. A company in mid-integration is not the right anchor for your network infrastructure."
Why it will land: This is the integration uncertainty attack, and it is the most dangerous vector in the research period. HPE has not published a clear public answer to "when do Aruba and Mist converge, and what happens to the platform I buy today?"
Counter: HPE has been explicit that both platforms receive continued investment — the autonomous AIOps announcement in May 2026 covered both Mist AI and Aruba Central simultaneously, confirming shared capability development. For a new Mist customer, the relevant question is: is Mist AI receiving active investment? Five consecutive weeks of daily Pulumi IaC releases, plus the agentic AIOps announcement, are public evidence of that investment. The integration is an Aruba customer concern, not a Mist customer concern.
Attack 3: "Cisco's SD-WAN had a security issue — fair. But look at the response: a patch was shipped within days, global TAC was activated, and Cisco's security intelligence organization documented the full disclosure. Mist is a smaller platform with a smaller security response capability. When a zero-day hits Mist's cloud backend — and every cloud backend eventually gets hit — do you have confidence that HPE Networking's security response organization has the same bench depth as Cisco PSIRT?"
Why it will land: The inversion attack — using Cisco's own vulnerability to question Mist's resilience — is clever and will land with security-conscious buyers.
Counter: The frequency is the issue, not the response speed. Six zero-days in five months is a pattern, not a disclosure process. Mist's cloud backend is a SaaS platform — the attack surface model is fundamentally different from an admin API on a WAN appliance. The relevant question is architecture, not patch velocity.
Attack 1: "Arista is a Gartner Magic Quadrant Leader in campus networking, and we've been in your data center for five years. CloudVision gives you one operational model — same CLI, same policy framework, same AI — from the data center spine to the campus edge. Mist AI is excellent for wireless. But the moment you ask it to manage your data center fabric, you're outside its scope. You're being asked to run two management planes and two AI engines by a company that acquired its data center switching product from a different engineering org. Arista is the only campus vendor that can honestly say: the same platform runs your entire network."
Why it will land: In accounts where Arista is already in the data center, this is architecturally true. The CloudVision-to-campus extension pitch is real and coherent.
Counter: Arista's campus motion is four weeks old in terms of any new product activity. Ask for a live demonstration of CloudVision's wireless AIOps — specifically, client-level SLE tracking, proactive anomaly detection on a per-AP basis, and natural language troubleshooting for a user with connectivity issues. The data center-to-campus extension is architecturally coherent but the wireless operations layer is where Mist has a genuine capability gap versus Arista's current shipping functionality.
Attack 2: "Mist is an HPE Networking product. HPE is in the middle of integrating two separate networking platforms — Aruba and Mist — and hasn't told the market which one wins. The product managers who built Mist at Juniper are now operating inside a larger HPE engineering org with competing priorities. Arista has one engineering culture, one networking platform, and zero acquisition integration overhead. The people who built EOS are the same people maintaining it today."
Why it will land: This is the talent/culture risk argument, and it is real for a vendor managing a large acquisition.
Counter: The Mist engineering team's continued commitment is evidenced by daily public releases. The Pulumi provider cadence is publicly verifiable. The agentic AIOps announcement shows HPE is investing in Mist capabilities, not harvesting them. Ask Arista for equivalent evidence of sustained campus investment — four weeks without a campus announcement from a Gartner Leader is not a sign of confidence.
Attack 3: "EVPN/VXLAN campus fabric with CloudVision gives you a software-defined, policy-consistent network from access to core. Juniper EX with Mist management is excellent for SMB and mid-market campus. But for a large enterprise with 50+ buildings, multi-tenant segmentation requirements, and a network team that understands routing protocols, Arista's campus fabric is architecturally richer. You're not just buying a management dashboard — you're buying a network operating system."
Why it will land: In large, complex enterprise campus environments with sophisticated network engineering teams, Arista's EOS + EVPN/VXLAN is a genuinely deeper technical story than Mist's campus fabric.
Counter: Define the use case. For most enterprise campus environments — even large ones — the operational complexity of EVPN/VXLAN is not a benefit; it is overhead. Mist's campus fabric covers 95% of enterprise deployments with lower operational complexity. For the 5% that genuinely need EVPN/VXLAN depth, Arista is the right conversation. But lead with what the customer's actual requirements are, not what the most complex option supports.
Attack 1: "Extreme has been in your vertical — education, government, healthcare — for twenty years. We know your procurement cycles, your compliance requirements, and your budget constraints. Platform ONE manages your existing Aerohive APs, your existing switches, and your new deployments from a single dashboard. Mist is an excellent product, but it requires a forklift replacement of your existing infrastructure, and the HPE/Juniper acquisition has created uncertainty about roadmap continuity that makes a multi-year commitment to Mist a governance risk. Extreme is the incumbent that innovates; Mist is the new entrant that asks you to bet on its parent company's integration."
Why it will land: In education and government, incumbent advantage and procurement risk aversion are real. The "forklift" framing is powerful in budget-constrained verticals.
Counter: Mist's SLE framework and Marvis AIOps have documented ROI in education deployments — reduced help desk tickets and faster root-cause resolution are measurable. The "forklift" cost needs to be modeled against the operational savings of replacing a heterogeneous infrastructure with a purpose-built AI platform. Run the TCO model — Extreme's licensing model across multiple acquired product lines is not always simpler than a fresh Mist deployment.
Attack 2: "ExtremeCloud IQ CoPilot gives you AI-driven network operations on your existing hardware. You don't have to replace everything to get AI. Mist requires Mist hardware — you can't run Marvis on your existing Aerohive APs. That means your AI investment is tied to your hardware refresh cycle, which in government means four-to-seven-year procurement windows. Extreme lets you get the AI benefit now, on what you own."
Why it will land: In environments with long hardware refresh cycles, the "AI on existing hardware" argument is compelling.
Counter: Marvis's AI capability is a function of the telemetry quality and depth that Mist hardware provides. AI running on hardware designed for a different management architecture is AI with lower-quality inputs. The relevant question is not whether you can run AI on old hardware — it is whether the AI outcomes (MTTR reduction, proactive fault detection, SLE tracking) are equivalent. Ask for a live comparison of ExtremeCloud IQ CoPilot's output on Aerohive APs versus Marvis on Mist APs, on the same network segment.
Attack 3: "Extreme Platform ONE covers Wi-Fi, switching, and SD-WAN from a single vendor. With your security overlay requirements in government, the Fortinet integration on Platform ONE gives you firewall-to-network policy consistency without adding Juniper SRX to your stack. Mist's security story requires either SRX or a third-party SSE vendor — that's more vendors, more contracts, more complexity, and more attack surface."
Why it will land: In government accounts with tight vendor consolidation requirements, the multi-vendor security stack is a real procurement objection.
Counter: Juniper Connected Security integrates SRX natively into the Mist management plane — it is not a third-party add-on. The relevant question is integration depth: does Extreme's Fortinet integration provide the same policy consistency as Juniper's own SRX integration? Ask Extreme to demonstrate a unified policy push from ExtremeCloud IQ to a Fortinet FortiGate in the same workflow as a policy push to an Extreme switch.
Attack 1: "Your CISO bought FortiGate for a reason — it's the network security platform your team trusts. FortiAP and FortiSwitch extend that same security policy enforcement from the firewall to the access layer. Mist AI is an excellent network operations platform, but it requires Juniper Connected Security or a third-party SSE vendor to provide the security layer your FortiGate already delivers natively. You're being asked to add vendor complexity and licensing cost to replicate what you already own. The security-consistent campus network is not a new purchase — it's a logical extension of your existing FortiGate investment."
Why it will land: In Fortinet-installed accounts, the "extend what you own" argument is hard to overcome, especially when the CISO is the economic buyer.
Counter: The FortiAP/FortiSwitch combination is security-consistent, but network operations quality is not the same as security enforcement quality. Ask the Fortinet rep to demonstrate FortiAIOps's per-client SLE tracking, proactive wireless anomaly detection, and natural language troubleshooting for a user with connectivity issues. Network operations and security enforcement are two different disciplines; Fortinet excels at the latter and is thinner on the former. If the IT ops team is the pain-driver — not the CISO — Marvis wins the demo.
Attack 2: "Universal SASE from Fortinet means your campus network, remote access ZTNA, SWG, and CASB are all managed from FortiManager with a consistent security policy model. Mist requires Juniper Connected Security for on-prem, a separate SASE vendor for remote users, and a third integration point for CASB. In 2026, a SASE strategy that requires three vendor agreements is not a SASE strategy — it's a patchwork. Fortinet Universal SASE is the only architecture that closes the policy gap from the firewall to the campus AP to the remote user."
Why it will land: Security consolidation is a real enterprise priority, and Fortinet's Universal SASE story is coherent.
Counter: Mist's Juniper Connected Security + SASE integration story has gaps, but so does Fortinet's — FortiAP's operational quality in a large enterprise campus (10,000+ clients) has not been publicly demonstrated at the scale that Mist has. The SASE integration question is legitimate; the counter is to reframe from "who has the most integrated SASE" to "who provides the best network operations experience for your IT ops team while also providing adequate security." Most enterprises separate SASE procurement from campus network procurement for organizational reasons, not vendor limitation reasons.
Attack 3: "Fortinet's campus stack — FortiAP, FortiSwitch, FortiGate SD-WAN — is price-competitive with Mist for mid-market deployments, and it comes with firewall-grade security built in. Mist's AI premium is real and justified in large enterprise environments where Marvis ROI is demonstrable. But in a 500-seat regional office or a mid-market campus, you're paying a Mist AI premium for a feature set that your IT team of two doesn't have the bandwidth to fully utilize. The Fortinet stack gives you enterprise security at a mid-market price. Mist's AI requires a team sophisticated enough to use it."
Why it will land: The "AI you won't use" argument is genuinely effective in mid-market accounts where IT staff depth is limited.
Counter: Marvis is designed to reduce the expertise burden on IT staff, not increase it. The value proposition is that a two-person IT team with Marvis can resolve issues that would otherwise require a specialist or a vendor TAC call. Ask the Fortinet rep how many hours their IT team will spend per week managing FortiAP firmware updates, FortiSwitch configuration changes, and FortiGate policy reviews separately. Then show Marvis's consolidated operations workflow. The AI premium pays back in staff time, not in feature utilization.
Q1: "With Cisco Live happening this week, Cisco is making big claims about AI that autonomously fixes networks. How does Marvis compare to what Cisco announced?"
Honest response: The Cisco Live announcements were not published before this report's cutoff, so any comparison needs to be grounded in what is shipping today, not what was announced Sunday. Here is what is verifiable right now: Marvis has been running on production campus telemetry since 2016. It provides client-level SLE (Service Level Expectation) tracking — a per-client, per-application measurement of network experience, not a device-level health metric. It supports natural language queries ("Why can't John connect to the VPN in Building 3?") against a real telemetry database. Ask the Cisco rep to show you the equivalent capability live, on their platform, against the specific management interface your team would actually use. If their AI announcement is from a stage at Mandalay Bay on Monday, it is not shipping today.
Q2: "We've heard there are security vulnerabilities in Cisco SD-WAN. How does Session Smart Router compare from a security architecture standpoint?"
Honest response: Cisco SD-WAN (Viptela) has had six emergency zero-day patches in 2026, including an authentication bypass that grants remote admin access across entire networks. This is a pattern, not an incident. Session Smart Router uses a session-aware forwarding architecture where control and data planes are separated and the forwarding plane does not expose an administrative API surface in the same way Viptela does. This is an architectural difference, not a patching cadence difference. The right question for any SD-WAN evaluation is: what is the attack surface of the administrative management plane, and what is the blast radius of a credential compromise? Session Smart Router's architecture minimizes that surface by design.
Q3: "The HPE/Juniper acquisition creates uncertainty about Mist's roadmap. How do I know Mist isn't being sunset in favor of Aruba Central?"
Honest response: This is a fair question and you deserve a direct answer. HPE has not published a public statement committing to Mist AI as the long-term enterprise platform and sunsetting Aruba Central — nor the reverse. What is publicly verifiable: HPE announced autonomous AIOps capabilities on both platforms simultaneously in May 2026, which indicates continued investment in both. The Pulumi provider for Mist AI has published daily releases for five consecutive weeks, which is a publicly verifiable development investment signal that does not require trusting vendor slides. The HPE acquisition is real and the integration questions are real. What I can tell you is that the Mist AI engineering team is demonstrably active, and that HPE's stated position is continued investment in both platforms. If you want contractual protection, that is a conversation about SLA commitments and roadmap guarantees in the contract.
Q4: "Meraki is simpler to manage and my team already knows it. Why would I go through a migration to Mist when Cisco is our primary network vendor?"
Honest response: Meraki's simplicity is real and it is a feature, not a marketing claim. If your environment is primarily SMB, branch-light, or managed by a small IT team that values operational simplicity over operational depth, Meraki is a defensible choice. Where Mist makes the migration case: at scale (1,000+ APs, 10,000+ clients), Marvis's ability to proactively detect and resolve connectivity issues reduces help desk tickets and IT escalations in ways that Meraki's dashboard — which is reactive and alert-based — does not match. The migration question should be answered by a TCO model: what is the cost of your current support burden per incident, per month, and how does that compare against Marvis's documented MTTR reduction? If you want to validate that model, I can show you published customer case studies with named customers and specific metrics.
Q5: "Fortinet already manages our firewall, and they offer FortiAP and FortiSwitch. Why add Juniper/HPE as a second vendor when we could consolidate on Fortinet?"
Honest response: Fortinet's security integration is genuine — FortiAP and FortiSwitch share policy enforcement natively with FortiGate, and if your CISO is the economic buyer for this decision, that argument is coherent. The counter-question is: who is managing your network day-to-day? If it is the IT operations team and their primary pain is troubleshooting connectivity issues, resolving client-level problems quickly, and reducing time spent on routine configuration changes, FortiAIOps does not match Marvis in depth or maturity. I would ask you to run a parallel evaluation: on the same network segment, compare the time it takes your team to diagnose a specific user connectivity issue using FortiCloud versus Marvis. That is the operational gap that is hardest to see on a feature checklist and easiest to see in a live proof of concept.
[Continuing — Week 5] Cisco's AI-era narrative is now a sustained, financially-backed, conference-anchored market position. Five consecutive weeks of compounding Cisco AI narrative: thought leadership (week 1) → campus AI content (week 2) → earnings-backed AI infrastructure with HSBC upgrade (week 3) → CEO "networking super cycle" at JPMorgan conference (week 4) → Cisco Live "AI That Fixes Networks Itself" launching week 5. The conference format amplifies this from a messaging exercise into a customer-event-scale product narrative. Every Mist seller will face Cisco AI talking points based on Cisco Live content next week.
[Continuing — Week 5] Pulumi provider for Juniper Mist in sustained, accelerating daily development cadence. Five consecutive weeks of active releases, now at one build per business day in the 0.11.0 alpha series. The progression from 0.9.0 (stable), through 0.10.0 alpha, to 0.11.0 alpha in five weeks confirms both the release pipeline maturity and the version velocity. This is the most consistently verifiable development investment signal in the report's tracking period across any vendor.
[Continuing — Week 4] Arista absent from campus-specific product activity. Four consecutive weeks of zero campus product, customer, or partner announcements from Arista. The Gartner MQ Leader placement from week 4 is analyst recognition, not operational news. Arista's campus motion is generating analyst and financial coverage without generating product or customer evidence. This window may close — watch for a campus announcement to break the silence.
[Continuing — Week 4] Fortinet absent from campus/branch activity. Fourth consecutive quiet week. This is the longest Fortinet campus silence in this report's tracking period. No product, channel, or customer activity in the campus segment. The window for Mist to advance against Fortinet-incumbent accounts is open.
[Continuing — Week 2] HPE autonomous networking announcement bridges Mist + Aruba. The May 17 agentic AIOps announcement covering both platforms simultaneously has not been followed up with additional integration clarification. The signal from week 2 remains the last public data point. Watch for whether HPE uses Cisco Live week as an opportunity to counter-program with integration or roadmap clarity messaging.
[NEW — Week 1] Cisco SD-WAN six-zero-day pattern in 2026. The sixth emergency SD-WAN patch of the year, shipped May 27, establishes a pattern of more than one emergency patch per month on the Viptela platform. This is the first week this pattern has reached a threshold (six incidents in five months) sufficient to constitute a competitive positioning point rather than an isolated security story. Track whether this pattern continues or whether Cisco addresses the underlying architecture.
[NEW — Week 1] Meraki and Catalyst licensing friction surfacing in active purchase threads. Multiple Reddit threads this week show practitioners in active refresh conversations explicitly citing Meraki Advanced Security pricing and Catalyst DNA subscription mandates as primary friction points. This is the first week this has appeared in the same week across multiple platforms. If it recurs next week, it becomes a trend, not a coincidence.
[Closing] Extreme CEO stock trim following 28% post-earnings run. This trend has not generated additional evidence in subsequent weeks and is no longer producing signals relevant to the campus competitive context. Removing from active tracking.
Cloud and hybrid networking is the discipline of designing, operating, and securing network connectivity between enterprise on-premises infrastructure and one or more public cloud environments — primarily AWS, Microsoft Azure, and Google Cloud Platform. It encompasses the virtual networking constructs native to each cloud provider (AWS Virtual Private Cloud and Transit Gateway, Azure Virtual WAN and ExpressRoute, Google Cloud VPC and Cloud Interconnect), the physical or logical connectivity layers linking those constructs to on-premises data centers and branch offices (MPLS, SD-WAN, direct cloud interconnects), and the management and security policies that govern traffic flowing across that boundary. The segment is defined by the challenge of making an enterprise network behave consistently — in terms of routing, security policy, visibility, and performance — across environments that were designed by different engineering teams under different operational models.
The business problem is straightforward: enterprises moved workloads to public clouds faster than they evolved their network architectures to support those workloads. The result is a generation of hybrid networks built through expedient fixes — VPN tunnels bolted onto existing MPLS, SD-WAN appliances pointed at cloud on-ramps, security policies manually replicated across on-premises firewalls and cloud-native security groups — that work adequately until they don't. The pain appears as unpredictable application performance for cloud-hosted apps, inconsistent security policy enforcement between on-premises and cloud resources, and visibility gaps that make troubleshooting cross-environment connectivity issues extremely difficult.
The segment is growing because the cloud migration wave has not slowed — and because AI workloads are now creating a second wave of cloud networking demand. Training and inference workloads in cloud require high-bandwidth, low-latency connectivity between on-premises data and cloud GPU clusters; the TechTarget article in this week's research explicitly addresses how enterprises are optimizing cloud networks for AI workloads as a cost and performance imperative. The combination of ongoing migration and AI-driven cloud expansion makes hybrid networking one of the fastest-growing capital line items in enterprise IT.
AWS dominates enterprise cloud adoption globally. Its core hybrid networking construct is the Virtual Private Cloud (VPC), connected to on-premises via AWS Direct Connect (dedicated physical circuit) or VPN. AWS Transit Gateway aggregates connections from multiple VPCs and on-premises sites into a hub-and-spoke model — the practical equivalent of an enterprise WAN core, but in software. At AWS re:Invent 2025, AWS announced "Interconnect - multicloud," a platform aimed at simplifying multi-cloud and hybrid connectivity — a direct acknowledgment that customers are running workloads across multiple cloud providers, not just AWS.
Microsoft Azure offers Virtual WAN (vWAN) as its managed hybrid networking service — an Azure-managed hub that connects branch offices, data centers, and Azure VNets through a Microsoft-managed backbone. Azure vWAN is notable because it abstracts the routing and transit complexity from the enterprise; Microsoft handles the global backbone routing, and the enterprise connects its sites to the nearest vWAN hub. Azure ExpressRoute provides dedicated physical connectivity for high-throughput, latency-sensitive workloads. Azure's multicloud networking page (in this week's research) explicitly documents native interconnect between Azure VNets and AWS VPCs via VPN Gateway — acknowledging multicloud as the default enterprise architecture.
Google Cloud offers Cloud Interconnect (dedicated or partner) and Network Connectivity Center — a hub model similar in concept to Azure vWAN but with tighter integration into Google's global backbone, which is a genuine differentiator for latency-sensitive workloads. Google's investment in global backbone capacity (specifically subsea cable ownership) makes its hybrid networking offering attractive for enterprises with Pacific Rim operations.
Aviatrix and Kentik are the leading independent players in the cloud networking management and observability layer. Aviatrix provides a transit networking platform that abstracts AWS Transit Gateway, Azure vWAN, and Google Network Connectivity Center into a single control plane — effectively a cloud-native SD-WAN for cloud environments. Kentik provides network observability across cloud and hybrid environments, with native support for Azure vWAN flow visualization (referenced in this week's research). Both companies are growing because enterprises operating in multi-cloud environments find the native cloud networking tools insufficient for cross-cloud visibility and troubleshooting.
Cisco positions its multicloud networking story around Cisco Nexus Dashboard, Catalyst SD-WAN (formerly Viptela), and Cisco Secure Cloud Analytics. The narrative — what Cisco calls "multicloud networking" — claims consistent policy and visibility from on-premises to cloud. The reality is more complex: Cisco's on-premises networking tools and cloud networking tools were designed by different teams and integrated post-facto. The SD-WAN zero-day pattern this week is a reminder that Viptela's cloud extension was not designed cloud-native.
Arista focuses on "cloud-grade networking" for the enterprise data center, with CloudVision providing visibility into hybrid environments. Arista's cloud networking story is primarily about making enterprise data centers behave like cloud environments, not about managing connectivity to public clouds directly.
HPE/Juniper addresses hybrid connectivity through Session Smart Router's cloud-native forwarding model — SSR can run as a virtual instance in AWS, Azure, or GCP, providing consistent forwarding behavior from the campus to the cloud edge. The Mist AI management plane does not currently extend into cloud VPC management; it manages campus and branch. The hybrid story for HPE Networking is strongest in the branch-to-cloud edge layer, not in the cloud-to-cloud transit layer where Aviatrix competes.
The dominant debate in cloud and hybrid networking in 2026 is "native vs. overlay." Cloud providers want enterprises to use their native networking constructs — AWS Transit Gateway, Azure vWAN, Google Network Connectivity Center — because doing so deepens platform lock-in and generates cloud consumption revenue. Independent vendors like Aviatrix argue that native constructs are cloud-specific, create operational silos in multi-cloud environments, and require separate expertise for each provider. The enterprise reality, as documented in practitioner resources this week, is that most organizations end up with a mix: native constructs for single-cloud connectivity where they work well, overlay tools for multi-cloud visibility and policy consistency.
The second debate is SD-WAN as the hybrid networking backbone vs. direct cloud interconnects. SD-WAN vendors (Cisco, HPE/Juniper SSR, Fortinet, Arista) want enterprises to route cloud-bound traffic through their SD-WAN fabric, gaining visibility and policy enforcement at the WAN edge. Cloud providers want enterprises to use Direct Connect or ExpressRoute — physically dedicated circuits — for high-throughput workloads. The practical answer for most enterprises is layered: direct circuits for bulk data and latency-sensitive workloads, SD-WAN overlay for branch offices and policy enforcement. This architecture is called "cloud-first SD-WAN" in some vendor materials and "SD-WAN with cloud on-ramps" in others.
The third debate, newly relevant in 2026, is AI workload network optimization. Training large models requires bulk data transfer at cloud scale; inference requires low-latency response paths. Enterprise network architects are being asked to optimize cloud networking for AI — reducing data egress costs, optimizing routing paths between on-premises GPU clusters and cloud storage, and managing bandwidth allocation between AI workloads and operational applications. The TechTarget article this week addresses this directly, framing it as a cost and competitive advantage issue for IT leaders.
For a campus/branch-focused Mist seller, hybrid networking is most relevant in two specific situations.
First, the branch-to-cloud WAN refresh. When an enterprise is refreshing its WAN — replacing MPLS with SD-WAN or upgrading existing SD-WAN — the "how