Cisco has presented at the Splunk Users Conference held in Boston the new Splunk Enterprise Security Essentials Edition and Splunk Enterprise Security Premier Edition. Two dry -based dryps optionswhich offer customers a better unification of safety workflows in the detection, research and response to threats.
Cybercriminals have found in artificial intelligence a gold mine to develop and deploy malware and attack vectors of all condition. But the same technology can also be used to reinforce defenses, especially with the use of optimized AI agents for this task, as Mike Horn, senior vice president and general director of Splunk Security explained:
«Adversaries already use AI, so defenders must also make the most of their advantages … Our security solutions unify the detection, research and response in a single intuitive work space, eliminating tools fragmentation and significantly improving efficiency. Integrated AI can help reduce the noise of alerts and research time from minutes to minutes. Now, each SOC can be better prepared to anticipate advanced threats and train analysts at all levels ».
This is the case of Cisco solutions that are integrated into Splunk Enterprise Security 8.2 to offer customers a faster response against specific security threats and solutions. Cisco has also announced a series of AI functions that will allow Optimize the Safety Operations Center (SOC) of the futurehelping analysts to focus on strategic decision making while IA is responsible for routine tasks.
Many Cisco security solutions are already integrated with Splunk Enterprise Security, so the next functionalities They will place the AI of agents in the center of the SOC and extend the security intelligence to the entire network. With Splunk, AI agents do more than actively orchestrate and automate complex workflows; They transform manual tasks into proactive and autonomous security operations. This transformation improves the integral management of threats, allowing security equipment to act more quickly and efficiently.
Promoting the SOC with agricultural
Due to the large amount of data, many organizations have a hard time defining what is important and when to act, generating operational blind points and inefficiencies in the DRY, ITOPS and Engineering equipment and hindering the appropriate detection and response. To overcome these challenges and build a agent with greater visibility and context, organizations can choose between two flexible solutions:
- Splunk Enterprise Security Premier Edition: Combine Splunk Enterprise Security 8.2, Splunk Soar, Splunk EUBA and Splunk Ai Assistant in a comprehensive offer with a unified user experience.
- Splunk Enterprise Security Essentials Edition: Combine Splunk Enterprise Security 8.2 and Splunk Ai Assistant in a single offer with a unified user experience.
“With the proliferation of sophisticated threats and attack surfaces, safety equipment cannot be allowed to waste time between fragmented tools and operating with isolated visibility”Highlights Michelle Abraham, director of Security and Trust Research in IDC. “By integrating multiple security capabilities into a unique and cohesive environment, security platforms allow organizations to move from reactive protection to a proactive, optimizing workflows, improving detection and response and, ultimately, reducing the risk”.
AI OF AGENTS IN COMPUTER SECURITY
Organizations need integrated solutions that improve visibility, accelerate detection and optimize the answer. Splunk is implementing additional advances based on AI to strengthen security operations through:
- Triage Agent: Evaluate, prioritize and explain the alerts, even in cases of long duration and low volume, reducing the workload of analysts.
- Malware reversal agent: The reversal driven by AI explains the malicious lines line by line, extracts compromise indicators, indicates evasion and groups recurrent behaviors.
- AI Playbook Authoring: It translates the intention of natural language into functional and proven soar strategies, with artificial intelligence that helps in each step of the process.
- Importer of answers: IA agents adhere to standard operating procedures (SOPS) defined by the SOC and use multimodal LLMs to import SOPs in business security response plans.
- Improved Detection Library with AI: It helps the detections pass from the hypothesis to production in minutes.
- Personalized detection SPL generator: Customize the detections within the library to align them with unique socio environments and make them usable immediately.
When integrating with Cisco’s security solutions, Splunk helps security equipment to detect, investigate and respond to threats more quickly and precision. The expanded offer will include:
- Isvalent Runtime Security (EBPF) in Splunk: It offers immediate and granular visibility of all workloads, quickly identifying possible safety violations and infrastructure anomalies.
- Cisco Firewall Data Federation: The integration between the federated search for Splunk Cloud Platform for Amazon S3 and Security Analytics and Logging (PAL) will allow analysts to perform security analysis in the Firewall records stored in salt directly from Splunk Cloud Platform without the need for ingestion.
Splunk Enterprise Security Essentials Edition is available for all regions of the world and Splunk Enterprise Security Premier Edition is available in early access mode.
