Cisco has introduced Splunk Enterprise Security Essentials Edition and Splunk Enterprise Security Premier Edition, two new offerings designed to enhance security operations centres through the use of artificial intelligence.
The new editions are built into Splunk Enterprise Security 8.2, a security information and event management (SIEM) solution. Both editions aim to unify workflows for threat detection, investigation, and response, with the goal of helping customers respond to security threats more swiftly while reducing workflow complexity.
Agentic AI integration
Cisco has outlined its intention to position agentic artificial intelligence at the centre of the security operations centre (SOC). According to the company, the new AI features will enable analysts to focus on strategic tasks by automating routine operations with AI agents that both orchestrate and automate complex workflows. This is intended to allow security teams to move from manual tasks toward proactive, autonomous security operations.
"Adversaries are already using AI, so defenders need to seize every possible advantage," said Mike Horn, SVP and GM for Splunk Security. "Our security offerings unify detection, investigation, and response into a single, intuitive workspace, eliminating tool fragmentation and significantly boosting efficiency. Built-in AI can help cut alert noise and reduce investigation time from hours to minutes. Now every SOC can better position to stay ahead of advanced threats and empower analysts at every level."
Splunk's AI-powered agents are designed to actively manage and coordinate workflows involved in detecting and responding to threats, incorporating proactive capabilities into security environments.
New Editions detailed
Cisco is offering customers two options to address varying organisational requirements for security operations:
Splunk Enterprise Security Premier Edition includes Splunk Enterprise Security 8.2, Splunk SOAR (Security Orchestration Automation and Response), Splunk UEBA (User and Entity Behaviour Analytics), and Splunk AI Assistant. This provides a comprehensive suite within a unified user experience.
Splunk Enterprise Security Essentials Edition offers Splunk Enterprise Security 8.2 and Splunk AI Assistant in Security, also within a unified user experience, targeting organisations needing foundational AI and SIEM capabilities.
Industry perspective
"With today's increasingly sophisticated threats and sprawling attack surfaces, security teams can't afford to waste time switching between fragmented tools and operating with siloed visibility," said Michelle Abraham, Research Director, Security and Trust at IDC. "By integrating multiple security capabilities into a single, cohesive environment, security platforms empower organisations to move from reactive to proactive security, streamlining workflows, improving detection and response, and ultimately reducing risk."
AI-powered security features
A series of AI features accompany the new editions to advance the management of modern security challenges. The new tools include:
- Triage Agent: Uses AI to assess, prioritise, and clarify alerts, reducing analysts' workloads by highlighting significant incidents.
- Malware Reversal Agent: Analyses and explains malicious scripts, extracts indicators of compromise, identifies evasion techniques, and groups recurring behaviours.
- AI Playbook Authoring: Converts natural language prompts into tested SOAR playbooks, with AI support throughout development.
- Response Importer: Imports standard operating procedures into response plans using multi-modal large language models.
- AI-Enhanced Detection Library: Facilitates rapid transition from detection hypothesis to production.
- Personalised Detection SPL Generator: Customises detection scripts to fit unique SOC environments for immediate use.
These features are designed to enhance visibility, speed up detection, and make response processes more efficient for security teams dealing with expanding threat landscapes and large volumes of data.
Cisco integrations
Splunk's integration with Cisco's security products will allow for more precise and timely detection, investigation, and response to threats. As part of this integration, Isovalent Runtime Security (eBPF) can be included with Splunk to deliver detailed, real-time visibility across workloads, assisting in swift identification of security breaches or infrastructure anomalies.
Another enhancement includes the ability to federate Cisco firewall data, as the integration between Splunk Cloud Platform's Federated Search for Amazon S3 and Security Analytics and Logging enables analysts to review firewall logs stored in Security Analytics and Logging directly from the Splunk Cloud Platform. This eliminates the need for additional data ingestion.
Availability
Splunk Enterprise Security Essentials Edition has been made available in all global regions, while the Premier Edition is accessible through early access. Splunk AI Assistant in Security is also globally available. Cisco has announced that extended capabilities, including Triage Agent, AI Playbook Authoring, Response Importer, AI-Enhanced Detection Library, and Personalised Detection SPL Generator, will become available in 2026.
