Cisco Elevates the SOC with Agentic AI for Faster Threat Response and Reduced Complexity
Cisco (NASDAQ:CSCO) has unveiled two new AI-powered security solutions: Splunk Enterprise Security Premier Edition and Essentials Edition, designed to unify threat detection, investigation, and response (TDIR) workflows. The Premier Edition combines Splunk Enterprise Security 8.2, SOAR, UEBA, and AI Assistant, while the Essentials Edition includes Enterprise Security 8.2 and AI Assistant.
The company announced several upcoming AI-powered features including Triage Agent, Malware Reversal Agent, AI Playbook Authoring, Response Importer, AI-Enhanced Detection Library, and Personalized Detection SPL Generator. These features aim to transform manual tasks into proactive, autonomous security operations, helping security teams respond faster to threats.
Additionally, Cisco is expanding integrations with Isovalent Runtime Security and implementing federated Cisco Firewall Data capabilities. The Essentials Edition is currently available globally, while the Premier Edition is in early access. Most AI features will be released in 2026.
Cisco (NASDAQ:CSCO) ha presentato due nuove soluzioni di sicurezza basate sull'IA: Splunk Enterprise Security Premier Edition e Essentials Edition, pensate per unificare i flussi di lavoro di rilevamento, indagine e risposta alle minacce (TDIR). La Premier Edition integra Splunk Enterprise Security 8.2, SOAR, UEBA e AI Assistant, mentre l'Essentials Edition include Enterprise Security 8.2 e AI Assistant.
L'azienda ha annunciato diverse funzionalità AI in arrivo, tra cui Triage Agent, Malware Reversal Agent, AI Playbook Authoring, Response Importer, AI-Enhanced Detection Library e Personalized Detection SPL Generator. Queste funzionalità mirano a trasformare attività manuali in operazioni di sicurezza proattive e autonome, permettendo ai team di rispondere più rapidamente alle minacce.
Inoltre, Cisco sta ampliando le integrazioni con Isovalent Runtime Security e introducendo capacità federate per i dati del firewall Cisco. L'Essentials Edition è già disponibile a livello globale, la Premier Edition è in early access e la maggior parte delle funzionalità AI sarà rilasciata nel 2026.
Cisco (NASDAQ:CSCO) ha presentado dos nuevas soluciones de seguridad impulsadas por IA: Splunk Enterprise Security Premier Edition y Essentials Edition, diseñadas para unificar los flujos de trabajo de detección, investigación y respuesta ante amenazas (TDIR). La Premier Edition combina Splunk Enterprise Security 8.2, SOAR, UEBA y AI Assistant, mientras que la Essentials Edition incluye Enterprise Security 8.2 y AI Assistant.
La compañía anunció varias funciones con IA próximas, como Triage Agent, Malware Reversal Agent, AI Playbook Authoring, Response Importer, AI-Enhanced Detection Library y Personalized Detection SPL Generator. Estas funciones buscan convertir tareas manuales en operaciones de seguridad proactivas y autónomas, ayudando a los equipos a reaccionar con mayor rapidez ante las amenazas.
Además, Cisco está ampliando integraciones con Isovalent Runtime Security e implementando capacidades federadas de datos del firewall de Cisco. La Essentials Edition ya está disponible globalmente, la Premier Edition está en acceso anticipado y la mayoría de las funciones de IA se lanzarán en 2026.
Cisco (NASDAQ:CSCO)는 AI 기반 보안 솔루션 두 가지를 공개했습니다: Splunk Enterprise Security Premier Edition 및 Essentials Edition으로, 위협 탐지·조사·대응(TDIR) 워크플로를 통합하도록 설계되었습니다. Premier Edition은 Splunk Enterprise Security 8.2, SOAR, UEBA 및 AI Assistant를 결합하고, Essentials Edition은 Enterprise Security 8.2와 AI Assistant를 포함합니다.
회사 측은 Triage Agent, Malware Reversal Agent, AI Playbook Authoring, Response Importer, AI-Enhanced Detection Library, Personalized Detection SPL Generator 등 향후 제공될 여러 AI 기능을 발표했습니다. 이들 기능은 수동 작업을 능동적이고 자율적인 보안 운영으로 전환하여 보안팀이 위협에 더 빠르게 대응할 수 있도록 돕는 것을 목표로 합니다.
또한 Cisco는 Isovalent Runtime Security와의 통합을 확대하고 Cisco 방화벽 데이터의 연합(federated) 기능을 구현하고 있습니다. Essentials Edition은 전 세계에 출시되어 있으며, Premier Edition은 얼리 액세스 상태이고 대부분의 AI 기능은 2026년에 공개될 예정입니다.
Cisco (NASDAQ:CSCO) a lancé deux nouvelles solutions de sécurité pilotées par l'IA : Splunk Enterprise Security Premier Edition et Essentials Edition, conçues pour unifier les workflows de détection, d'investigation et de réponse aux menaces (TDIR). La Premier Edition combine Splunk Enterprise Security 8.2, SOAR, UEBA et AI Assistant, tandis que l'Essentials Edition inclut Enterprise Security 8.2 et AI Assistant.
L'entreprise a annoncé plusieurs fonctionnalités IA à venir, telles que Triage Agent, Malware Reversal Agent, AI Playbook Authoring, Response Importer, AI-Enhanced Detection Library et Personalized Detection SPL Generator. Ces fonctionnalités visent à transformer des tâches manuelles en opérations de sécurité proactives et autonomes, aidant ainsi les équipes de sécurité à répondre plus rapidement aux menaces.
Par ailleurs, Cisco étend ses intégrations avec Isovalent Runtime Security et met en place des capacités fédérées pour les données du pare-feu Cisco. L'Essentials Edition est disponible à l'échelle mondiale, la Premier Edition est en accès anticipé et la plupart des fonctionnalités IA seront déployées en 2026.
Cisco (NASDAQ:CSCO) hat zwei neue, KI-gestützte Sicherheitslösungen vorgestellt: Splunk Enterprise Security Premier Edition und Essentials Edition, die darauf abzielen, Workflows für Erkennung, Untersuchung und Reaktion auf Bedrohungen (TDIR) zu vereinheitlichen. Die Premier Edition kombiniert Splunk Enterprise Security 8.2, SOAR, UEBA und AI Assistant, während die Essentials Edition Enterprise Security 8.2 und AI Assistant enthält.
Das Unternehmen kündigte mehrere kommende KI-Funktionen an, darunter Triage Agent, Malware Reversal Agent, AI Playbook Authoring, Response Importer, AI-Enhanced Detection Library und Personalized Detection SPL Generator. Diese Features sollen manuelle Aufgaben in proaktive, autonome Sicherheitsabläufe verwandeln und Sicherheitsteams helfen, schneller auf Bedrohungen zu reagieren.
Zusätzlich erweitert Cisco Integrationen mit Isovalent Runtime Security und führt föderierte Cisco-Firewall-Datenfunktionen ein. Die Essentials Edition ist weltweit verfügbar, die Premier Edition befindet sich im Early Access, und die meisten KI-Funktionen sollen 2026 veröffentlicht werden.
- Integration of multiple security capabilities into a unified platform reduces tool fragmentation
- AI-powered features can reduce investigation time from hours to minutes
- New AI agents automate complex workflows and handle routine tasks
- Enhanced visibility and context across security operations
- Most advanced AI features won't be available until 2026
- Premier Edition currently limited to early access
Insights
Cisco's new Splunk security editions leverage agentic AI to streamline threat detection and response, positioning them strongly in the evolving cybersecurity market.
Cisco's announcement of two new Splunk Enterprise Security editions represents a significant strategic shift in the cybersecurity market. The Premier and Essentials editions consolidate previously fragmented security tools into unified platforms, addressing a critical pain point for security operations centers (SOCs) that typically struggle with tool sprawl and workflow inefficiencies.
The incorporation of agentic AI as a core component marks an important technological evolution. Unlike basic AI implementations that provide suggestions, agentic AI actively orchestrates and automates complex security workflows. This capability allows AI to handle routine tasks autonomously, enabling human analysts to focus on strategic decision-making—a crucial advantage given the industry's persistent talent shortage.
The upcoming AI features scheduled for 2026 are particularly noteworthy. The Triage Agent could substantially reduce alert fatigue by evaluating and prioritizing threats, while the Malware Reversal Agent's ability to explain malicious scripts line-by-line addresses a specialized skill gap in many security teams. The AI Playbook Authoring capability democratizes automation by allowing teams to create SOAR (Security Orchestration, Automation and Response) playbooks using natural language, potentially accelerating response times.
The integration with Isovalent Runtime Security using eBPF technology is technically significant, as it provides granular visibility into workloads without performance penalties—a capability that traditional security tools often lack. This approach aligns with the industry shift toward deeper system-level monitoring.
By consolidating SIEM (Security Information and Event Management), SOAR, UEBA (User and Entity Behavior Analytics), and AI capabilities into unified offerings, Cisco is challenging competitors to match this level of integration while positioning themselves as an end-to-end security provider in an increasingly complex threat landscape.
Splunk Enterprise Security Premier Edition and Essentials Edition advance unified threat detection and response
With many Cisco security products already integrated with Splunk Enterprise Security, the latest features will place agentic AI at the core of the SOC and extend security intelligence seamlessly across the network. With Splunk, AI agents do more than actively orchestrate and automate complex workflows; they transform manual tasks into proactive, autonomous security operations. This transformation streamlines comprehensive threat management, empowering security teams to act faster and more efficiently.
"Adversaries are already using AI, so defenders need to seize every possible advantage," said Mike Horn, SVP and GM for Splunk Security. "Our security offerings unify detection, investigation, and response into a single, intuitive workspace, eliminating tool fragmentation and significantly boosting efficiency. Built-in AI can help cut alert noise and reduce investigation time from hours to minutes. Now every SOC can better position to stay ahead of advanced threats and empower analysts at every level."
Powering the Agentic SOC
Many organizations drown in data but struggle to know what matters and when to act. This leads to operational blind spots and inefficiencies across SecOps, ITOps, and engineering teams. It delays timely detection and response exposing the business to avoidable threats.
To help prevent these issues and build an agentic SOC with greater visibility and context, customers can select between two flexible solutions:
- Splunk Enterprise Security Premier Edition: Brings together Splunk Enterprise Security 8.2, Splunk SOAR, Splunk UEBA, and Splunk AI Assistant into a comprehensive offering with unified user experience.
- Splunk Enterprise Security Essentials Edition: Combines Splunk Enterprise Security 8.2 and Splunk AI Assistant in Security into a single offering with unified user experience.
"With today's increasingly sophisticated threats and sprawling attack surfaces, security teams can't afford to waste time switching between fragmented tools and operating with siloed visibility," said Michelle Abraham, Research Director, Security and Trust at IDC. "By integrating multiple security capabilities into a single, cohesive environment, security platforms empower organizations to move from reactive to proactive security, streamlining workflows, improving detection and response, and ultimately reducing risk."
Agentic AI for Security
As security challenges become more complex, organizations need integrated solutions that enhance visibility, accelerate detection, and streamline response. Additional AI-powered advancements are being released to strengthen security operations through the following:
- Triage Agent: AI-powered triage evaluates, prioritizes, and explains alerts—even in long-tail, low-volume cases—reducing analyst workload and surfacing what matters most.
- Malware Reversal Agent: AI-driven reversing explains malicious scripts line-by-line, extracts indicators of compromise, flags evasion, and groups recurring behaviors.
- AI Playbook Authoring: Translates natural language intent into functional, tested SOAR playbooks, with AI helping every step of the way.
- Response Importer: AI agents adhere to standard operating procedures (SOPs) defined by the SOC and use multi-modal LLMs to import SOPs into Enterprise Security response plans.
- AI-Enhanced Detection Library: Helps detections to go from hypothesis to production in minutes.
- Personalized Detection SPL Generator: Personalizes detections within the library to align with unique SOC environments to make them usable out of the box.
Cisco Integrations Accelerate the SOC with Agentic AI
By integrating with Cisco's security solutions, Splunk helps security teams detect, investigate, and respond to threats with greater speed and precision. Expanded offerings will include:
- Isovalent Runtime Security (eBPF) into Splunk: Delivers immediate, granular visibility across your workloads, quickly pinpointing potential security breaches and infrastructure anomalies.
- Federating Cisco Firewall Data: Integration between Splunk Cloud Platform's Federated Search for Amazon S3 and Security Analytics and Logging (SAL) will enable analysts to perform security analytics on firewall logs stored in SAL directly from Splunk Cloud Platform without the need for ingestion.
Availability
- Splunk Enterprise Security Essentials Edition is available to all global regions, and Splunk Enterprise Security Premier Edition is available in early access.
- Splunk AI Assistant in Security is available to all global regions.
- Cisco integrations and additional capabilities including Triage Agent, AI Playbook Authoring, Response Importer, AI-Enhanced Detection Library and Personalized Detection SPL Generator will be available in 2026.
For more details on all of Splunk's .conf25 announcements, please visit our newsroom. Availability dates and regions are subject to change.
About Cisco
Cisco (NASDAQ: CSCO) is the worldwide technology leader that is revolutionizing the way organizations connect and protect in the AI era. For more than 40 years, Cisco has securely connected the world. With its industry leading AI-powered solutions and services, Cisco enables its customers, partners and communities to unlock innovation, enhance productivity and strengthen digital resilience. With purpose at its core, Cisco remains committed to creating a more connected and inclusive future for all. Discover more on The Newsroom and follow us on X at @Cisco.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the
About Splunk LLC
Splunk, a Cisco company, helps build a safer and more resilient digital world. Organizations trust Splunk to prevent security, infrastructure and application issues from becoming major incidents, absorb shocks from digital disruptions, and accelerate digital transformation.
Splunk and the Splunk> logo are trademarks or registered trademarks of Cisco and/or its affiliates in the
Futures Disclaimer: Many of the products and features mentioned are still in development and will be made available as they are finalized, subject to ongoing evolution in development and innovation. The timeline for their release is subject to change.
View original content to download multimedia:https://www.prnewswire.com/news-releases/cisco-elevates-the-soc-with-agentic-ai-for-faster-threat-response-and-reduced-complexity-302549929.html
SOURCE Cisco
FAQ
What are the main features of Cisco's new Splunk Enterprise Security editions?
When will Cisco's new AI security features be available?
What AI capabilities is Cisco adding to its security operations?
How does Cisco's new security platform improve SOC efficiency?
What new Cisco security integrations are being implemented?
