You are currently viewing Cisco main points Splunk safety integrations, AI trends – TechTarget

Cisco main points Splunk safety integrations, AI trends – TechTarget


SAN FRANCISCO — At RSA Convention 2024, Cisco let go sunny on how it’s integrating Splunk era into its safety merchandise following the final touch of the blockbuster acquisition.

Cisco introduced latter September an agreement to procure analytics vast Splunk in a do business in importance $28 billion. When the do business in closed in March, Cisco laid out its plans for the brandnew acquisition, pronouncing the mixing of Splunk era would focal point on AI, safety, community control, observability and gear consolidation. For safety, the networking seller stated it might incorporate Talos’ warning logic with Splunk within the coming months and ultimately combine Cisco era into Splunk’s safety portfolio as smartly.

At RSA Conference 2024 Monday, Cisco unveiled its first inter-product integrations with the addition of ¬†features from its XDR product into Splunk Endeavor Safety (ES). The combination, in step with Cisco, will feed XDR indicators and detections into Splunk ES to make stronger consumers’ investigation and remediation efforts.

Tom Gillis, senior vice chairman and basic supervisor of Cisco’s Safety Trade Workforce, informed TechTarget Editorial that Splunk supplies context this is handed right down to the XDR for enrichment, and the XDR feeds indicators in keeping with that context again to Splunk.

“It’s the first in a series of steps to bring analytics and infrastructure closer together, and applying intelligence about how we gather data, and how we process that data to drive more secure, more effective security outcomes,” Gillis stated.

Cisco additionally realistic to life additional utility of AI and gadget studying into its merchandise such the cloud-native utility coverage platform (CNAPP) Panoptica. The corporate stated the platform now makes use of AI in two capacities; first, AI and gadget studying era generate real-time detections and indicators for rising warnings. 2nd, Panoptica’s GenAI Dynamic Remediation property trade in safety groups contextual descripts of doable warnings with actional remediation steerage.

Moreover, the networking seller’s AI Associate for Safety, which it introduced at RSA Convention 2023, introduced Monday. Cisco stated the AI worker is designed to support safety analysts reply sooner via offering them with contextual logic, suggestions and automatic workflows.

Along with Splunk integrations, Cisco open brandnew trends for its zero-trust safety product Cisco Duo in addition to Hypershield, the AI-native knowledge heart machine it announced last month.

For Cisco Duo, the corporate introduced two brandnew identification security-related options. The primary property in Duo Passport is designed to let fall authentication fatigue via minimizing repeated requests. 2nd,Cisco is integrating its recently announced Id Prudence instrument into Duo as a brandnew property referred to as “Continuous Identity Security.”

For Hypershield, in the meantime, the corporate stated it presented features to stumble on and forbid assaults originating from “unknown vulnerabilities within runtime workload environments.” Gillis defined that an AI agent may also be skilled on an assault’s ways, ways and procedures (TTPs) and forbid anomalous habits that appears like those TTPs.

“If attackers are using PowerShell to launch certain processes and modifying these registers, and we see something that that has similarity to that, then we know it can be bad even though we don’t know exactly what the vulnerability is,” Gillis stated. “It provides protection against unknown vulnerabilities as well as known vulnerabilities in this distributed mesh.”

Even supposing Splunk and Cisco era will turn into an increasing number of built-in, Gillis stated the plan is to nonetheless trade in each product suites one by one.

“What we’re showing at RSA is the Splunk Platform and Cisco platform interoperating in a way that they’re better together,” he stated. “Splunk is still a platform, Cisco Security is a platform, but we’re putting hooks in. Less than two months after the close of acquisition, we have product integration which we think is going to be meaningful and impactful.”

Eric Parizo, managing fundamental analyst at Omdia Cybersecurity, stated Splunk provides Cisco remarkable SecOps features.

“Cisco’s revamped XDR solution is more focused on an integration-centric approach to TDIR [threat detection and incident response], while Splunk gives Cisco a much broader play in not only SecOps, but also other related areas like observability, which is a key part of Cisco’s existing solution strategy,” he stated.

Parizo stated Splunk provides Cisco a significant method to building up its general addressable marketplace.

“For years, Cisco resisted acquiring a SIEM vendor, essentially stating that such an addition would be beyond its strategic remit, which has long been focused on network and cloud security,” Parizo stated. “However, more recently Cisco’s ambitions in enterprise cybersecurity have expanded through a long list of acquisitions that have made it a player in areas such as endpoint security, identity and access management, and vulnerability management, among others. In light of this more ambitious strategy, adding Splunk to the mix makes a ton of sense.”

Alexander Culafi is a senior knowledge safety information scribbler and podcast host for TechTarget Editorial.