Cisco has launched a comprehensive new strategy to transform the Security Operations Center (SOC), introducing agentic AI-powered options that unify complex workflows for threat detection, investigation, and response (TDIR) by leveraging its recent acquisition of Splunk. This initiative directly tackles the reality that while adversaries are now leveraging AI to launch sophisticated attacks, security teams are still drowning in data, struggling with tool fragmentation, and dealing with massive alert fatigue.
The new offerings are designed to shift security analysts away from routine, manual tasks, allowing them to focus on high-value, strategic decision-making while AI handles the drudgery.
Agentic AI: Transforming the SOC Workflow
The core of this strategic shift lies in the concept of the “agentic SOC,” where AI agents do more than simply automate; they actively orchestrate and streamline comprehensive threat management. These AI agents transform previously manual workflows into proactive, autonomous security operations, accelerating response time from hours to mere minutes.
To empower this transformation, Cisco introduced two flexible new solutions built within the market-leading Splunk Enterprise Security 8.2 SIEM (Security Information and Event Management) solution:
- Splunk Enterprise Security Essentials Edition: This solution combines the foundational capabilities of Splunk Enterprise Security 8.2 with the Splunk AI Assistant in Security. This is designed for organizations needing core AI and SIEM capabilities, delivering a powerful experience that significantly reduces alert noise and provides instant AI guidance for daily tasks, such as generating SPL searches in plain language and summarizing findings.
- Splunk Enterprise Security Premier Edition: This comprehensive offering expands the Essentials core by integrating Splunk SOAR (Security Orchestration, Automation, and Response) and Splunk UEBA (User and Entity Behavior Analytics). By unifying SIEM, SOAR, and UEBA into one workspace, Premier eliminates the need for analysts to switch between fragmented tools, drastically boosting efficiency and accelerating investigation and response times.
Specialist AI Agents for High-Value Tasks
A series of specialized AI features are being released to empower analysts further by tackling the most time-consuming and technically demanding aspects of security operations:
- Triage Agent: This AI-powered agent evaluates, prioritizes, and explains security alerts—even low-volume, long-tail cases. The practical impact is substantial: it is designed to drastically reduce alert fatigue by filtering out low-value alerts before they reach analysts, allowing teams to focus on imminent, high-risk threats.
- Malware Reversal Agent: Addressing a specialized skill gap, this AI-driven reversing agent explains malicious scripts line-by-line, extracts indicators of compromise (IoCs), flags evasion techniques, and groups recurring malicious behaviors.
- AI Playbook Authoring: This capability democratizes automation by translating natural language intent into functional, tested SOAR playbooks, with AI assisting every step of the way.
- Personalized Detection SPL Generator: This tool allows security teams to move from a general detection hypothesis to a live, production-ready rule in minutes, personalizing the detection scripts to align with their unique SOC environments for immediate use.
Accelerated Defense through Cisco Integration
By deeply integrating Splunk’s analytics platform with Cisco’s robust security solutions, the new offerings help security teams detect and respond to threats with greater speed and precision across the entire network.
One significant enhancement is the integration of Isovalent Runtime Security (eBPF) into Splunk, which provides immediate, granular visibility across workloads to quickly pinpoint potential security breaches and infrastructure anomalies. Furthermore, Cisco is enabling Federating Cisco Firewall Data, allowing analysts to perform security analytics on firewall logs stored in Cisco Security Analytics and Logging (SAL) directly from the Splunk Cloud Platform without the performance penalty of ingesting the data first.
The TDIR workflows across these platforms are consolidated into one unified, intuitive workspace, matching the way security teams actually work and ensuring context and speed are maintained throughout the security lifecycle.
Availability
Splunk Enterprise Security Essentials Edition and the Splunk AI Assistant in Security are available globally today. Splunk Enterprise Security Premier Edition is currently available in early access.
The specialized agentic AI features and integrations, including the Triage Agent, Malware Reversal Agent, AI Playbook Authoring, and Personalized Detection SPL Generator, are scheduled to be available in 2026.
