SAN FRANCISCO — At RSA Conference 2024, Cisco revealed how it is integrating Splunk technology into its security products after completing a major acquisition.
Cisco announced last September that it had agreed to acquire analytics giant Splunk for $28 billion. When the deal closed in March, Cisco announced new acquisition plans, saying the integration of Splunk technology would focus on AI, security, network management, observability, and tool integration. When it comes to security, this networking vendor said that in the coming months he will incorporate Talos threat intelligence into Splunk, and eventually he will integrate Cisco technology into Splunk's security portfolio as well. I did.
At RSA Conference 2024 on Monday, Cisco announced its first cross-product integration that adds functionality from its XDR products to Splunk Enterprise Security (ES). Cisco says the integration will feed XDR alerts and detections into his Splunk ES to enhance customers' investigation and remediation efforts.
Tom Gillis, senior vice president and general manager of Cisco's Security Business Group, told TechTarget Editorial that Splunk provides context that is passed to XDR for enrichment, and XDR sends alerts based on that context back to Splunk. said.
“This is a series of steps to tightly align analytics and infrastructure to apply intelligence on how to collect data and how to process that data to drive safer and more effective security outcomes. “This is the first step,” Gillis said.
Cisco also detailed the further application of AI and machine learning to its products, including its cloud-native application protection platform (CNAPP) Panoptica. According to the company, the platform currently uses AI for two purposes. First, AI and machine learning technologies generate real-time detections and alerts for emerging threats. Second, Panoptica's GenAI dynamic remediation capabilities provide security teams with contextual explanations of potential threats and actionable remediation guidance.
Additionally, the networking vendor's AI Assistant for Security, which was announced at RSA Conference 2023, went on sale on Monday. Cisco says the AI assistant is designed to help security analysts respond faster by providing them with contextual intelligence, recommendations, and automated workflows.
In addition to the Splunk integration, Cisco unveiled new developments in its zero-trust security product Cisco Duo and its AI-native data center system Hypershield, which it announced last month.
For Cisco Duo, the company announced two new identity security-related features. Duo Passport's first feature is designed to reduce authentication fatigue by minimizing repeated requests. Second, Cisco is integrating its recently announced identity intelligence tools into Duo as a new feature called “Continuous Identity Security.”
Meanwhile, for Hypershield, the company said it introduced the ability to detect and block attacks stemming from “unknown vulnerabilities within the runtime workload environment.” Gillis explained that AI agents are trained based on attack tactics, techniques, and procedures (TTPs) and can block anomalous behavior that resembles these TTPs.
“If an attacker uses PowerShell to launch a specific process and change these registers, and we find something similar to that, even if we don't know exactly what the vulnerability is, We can see that it can have a negative impact,” Gillis said. “This distributed mesh provides protection against known vulnerabilities as well as unknown vulnerabilities.”
Although Splunk and Cisco's technologies will become increasingly integrated, Gillis said the company plans to continue offering both product suites separately.
“What we're showing with RSA is that the Splunk and Cisco platforms are becoming more interoperable,” he said. “Splunk is still a platform, Cisco Security is still a platform, but we're introducing hooks. In less than two months since the acquisition closed, we've completed meaningful and impactful product integrations. did.”
Eric Parizo, managing principal analyst at Omdia Cybersecurity, said Splunk provides important SecOps capabilities for Cisco.
“Cisco's improved XDR solution focuses more on an integration-centric approach to TDIR. [threat detection and incident response]Splunk, on the other hand, allows Cisco to play a broader role not only in SecOps, but also in other related areas such as observability, which is an important part of Cisco's existing solution strategy. ” he said.
Pariso said Splunk provides a meaningful way for Cisco to expand its overall addressable market.
“Cisco has resisted acquisitions of SIEM vendors for years, essentially stating that such additions were beyond Cisco's strategic mandate given its long-standing focus on network and cloud security.” said Pariso. “More recently, however, Cisco's ambitions in enterprise cybersecurity have expanded through a long list of acquisitions, making it a player in areas such as endpoint security, identity and access management, and vulnerability management, among others. Given Cisco's more ambitious strategy, adding Splunk to the mix makes a lot of sense.”
Alexander Culafi is a senior information security news writer and podcast host for TechTarget Editorial.