During Splunk’s annual .Conf event, the company introduced two new agent-powered security operations (SecOps) tools aimed at enhancing the security operations center (SOC) with agentic artificial intelligence (AI). These tools were unveiled by the Cisco-backed observability and data security specialist as part of their efforts to simplify workflows, accelerate SOC operations, and expand threat detection capabilities.
Mike Horn, Splunk’s security senior vice president and general manager, emphasized the importance of evolving SecOps to meet the changing landscape of cybersecurity. The new offerings, Splunk Enterprise Security Essentials Edition and Splunk Enterprise Security Premier Edition, are integrated into version 8.2 of Splunk’s Enterprise Security (SEC) solution, providing users with unified security workflows in threat detection, investigation, and response.
The Essentials Edition, which includes Splunk AI Assistant in Security, is available now, while the Premier Edition, featuring Splunk SOAR and Splunk UEBA, will be released in controlled availability later this month. Splunk and Cisco have collaborated to incorporate agentic AI into the SOC, enhancing security intelligence across the network.
These new features aim to streamline security operations by integrating detection, investigation, and response capabilities into a single workspace. By leveraging built-in AI, alert noise can be reduced, and investigation time can be significantly shortened, empowering security analysts to stay ahead of advanced threats.
Looking ahead, Cisco plans to introduce additional AI features to further enhance the agentic SOC, enabling cybersecurity professionals to focus on strategic aspects of their roles while agent bots handle routine tasks. These capabilities include triaging security alerts, malware reversal, playbook authoring, response importer, detection library, and personalized detection SPL generator.
Furthermore, Splunk has expanded its integration of Cisco Isovalent Runtime Security (eBPF) and announced Federated Search for Amazon S3 and Security Analytics and Logging (SAL) on the Splunk Cloud Platform, allowing cyber professionals to run security analytics on Cisco firewall logs stored in SAL directly.
Speaking at .Conf, James Hodge, Splunk’s GVP and chief strategy advisor for EMEA, highlighted the era of simplification ushered in by the agentic SOC. By abstracting complexity and focusing on user needs, cybersecurity professionals can now concentrate on their core responsibilities without being bogged down by technical intricacies.
Overall, the integration of agentic AI and advanced security features marks a significant step towards proactive and efficient cybersecurity operations, empowering organizations to mitigate risks and respond effectively to evolving threats.
Era of simplification
James Hodge, Splunk’s GVP and chief strategy advisor for EMEA, discussed the transformative impact of the agentic SOC on cybersecurity professionals, emphasizing the shift towards simplicity and user-focused solutions. By abstracting complexity and enabling users to access relevant information seamlessly, the agentic SOC promises to streamline operations and empower professionals to focus on strategic tasks.
