IT Brief US - Technology news for CIOs & IT decision-makers
United States

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Modern security operations center analysts monitoring ai threat maps teamwork
#
UEBA
#
AI
#
Cybersecurity

Cisco launches Splunk AI-driven tools to streamline SOC security

Today
Author image
By Jed Nykolle Harme, Editor

Cisco has announced two new editions of its Splunk Enterprise Security solution, introducing agentic artificial intelligence to streamline security operations and unify threat detection, investigation and response workflows.

The Splunk Enterprise Security Essentials Edition and Splunk Enterprise Security Premier Edition have been made available as part of Splunk Enterprise Security 8.2. These solutions are designed to simplify security operations centre (SOC) practices and reduce the complexity associated with threat response.

Integrated AI capabilities

Cisco is placing agentic AI at the centre of the SOC, leveraging artificial intelligence to handle routine analysis and respond more rapidly to security threats. The company states that these new capabilities allow AI agents not only to orchestrate and automate workflows, but also to convert manual tasks into proactive and autonomous security operations.

Mike Horn, Senior Vice President and General Manager for Splunk Security, said:

"Adversaries are already using AI, so defenders need to seize every possible advantage. Our security offerings unify detection, investigation, and response into a single, intuitive workspace, eliminating tool fragmentation and significantly boosting efficiency. Built-in AI can help cut alert noise and reduce investigation time from hours to minutes. Now every SOC can better position to stay ahead of advanced threats and empower analysts at every level."

According to Cisco, the integration of Splunk with its security products will enable comprehensive and streamlined threat management. The improvements are intended to allow SOC teams to act more quickly and efficiently when responding to advanced security threats.

Flexible editions

The Splunk Enterprise Security Premier Edition combines several Cisco and Splunk capabilities, including Splunk Enterprise Security 8.2, Splunk Security Orchestration, Automation, and Response (SOAR), Splunk User and Entity Behaviour Analytics (UEBA), and the Splunk AI Assistant. The Essentials Edition incorporates Splunk Enterprise Security 8.2 and the Splunk AI Assistant.

Michelle Abraham, Research Director for Security and Trust at IDC, commented on the increasing complexity facing security teams:

"With today's increasingly sophisticated threats and sprawling attack surfaces, security teams can't afford to waste time switching between fragmented tools and operating with siloed visibility. By integrating multiple security capabilities into a single, cohesive environment, security platforms empower organizations to move from reactive to proactive security, streamlining workflows, improving detection and response, and ultimately reducing risk."

New AI-powered features

Cisco has detailed several new AI-powered advancements designed to further bolster security operations, including the Triage Agent, which uses artificial intelligence to evaluate and prioritise alerts, reducing analyst workload and drawing attention to the most critical issues. The Malware Reversal Agent provides line-by-line analysis of malicious scripts and flags potential threats. Other features include AI Playbook Authoring for the translation of natural language instructions into tested playbooks, a Response Importer for integrating standard operating procedures, an AI-Enhanced Detection Library, and a Personalised Detection SPL Generator to tailor detections to specific SOC environments.

Integration with Cisco security solutions

Splunk's integration with Cisco's security infrastructure is intended to accelerate and enhance SOC operations. Features include the integration of Isovalent Runtime Security (eBPF) into Splunk for increased visibility across workloads, as well as the federation of Cisco firewall data to allow security analysts to perform analytics directly in Splunk Cloud Platform. This means faster access to critical security logs without requiring additional data ingestion processes.

The Splunk Enterprise Security Essentials Edition is now available globally, while the Premier Edition is being offered in early access. The rollout of additional AI and Cisco integration capabilities, including solutions such as the Triage Agent and AI Playbook Authoring, is scheduled for release in 2026.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Cisco unveils advanced AI tools to boost Splunk Observability
Cisco introduces AI-powered Splunk Security editions for faster threat defence
Cisco announces Splunk & Snowflake integration for unified data
BlackLine unveils Verity AI to transform financial operations
Seeing Machines adds alcohol impairment detection to DMS for global safety

Top stories

Tata & Cisco team up to bring global eSIM IoT management to enterprises
Exabeam adds AI agent threat detection to New-Scale platform
Pedro Diaz named Tanium's Chief Revenue Officer to boost growth
Global spending on GenAI smartphones to hit USD $298.2 billion
Mitsubishi Electric acquires Nozomi in USD $1 billion OT cyber deal