Ever since Cisco acquired Splunk last year, the cyber-defense community has been buzzing with excitement about what these powerful security innovators could accomplish together.
And with new or upgraded solutions like AI Defense, XDR, and Splunk’s Enterprise Security and SOAR platforms, the full promise of this potent combination is being realized.
In anticipation of some key announcements at the annual RSA cybersecurity conference in San Francisco, we spoke with Mike Horn, Splunk’s SVP and GM for security products — about how customers can gain unparalleled visibility into hyper-distributed ecosystems, respond quickly and effectively to sophisticated threats, and capture the great benefits of AI, safely and securely.
Thanks for meeting with us today, Mike! I’m sure you could write a book on the topic, but what are some quick, high-level thoughts on security today? And what concerns will be top-of-mind at RSA this week?
Thank you, Kevin! One of the things that makes security unique — and it's both a blessing and a curse — is the fact that it's constantly changing. New technologies, new threats, new actors trying to exploit things for different reasons. So, how do you keep up with all of that?
AI is obviously a big part of it.
Yes, generative AI and large language models (LLMs) are helping defenders become more efficient. But they are also being used by attackers to create better and faster attacks, and for finding new exploits. Then there’s the expanding attack surface. Suddenly your own people are using generative AI to solve business problems, but that can lead to things like data poisoning or prompt injections. So, those are a few things that will be top of mind for the folks coming to RSA.
Splunk is helping to transform Cisco’s entire portfolio. What does Splunk bring to security?
Splunk has been a strong player in security for 20 years. And the first thing that Splunk does is provide unique visibility and insight. We have an unrivalled ability to bring in data from anything in the ecosystem. Then we've got a set of analytics capabilities that help people find even the weirdest, most esoteric needles in the haystack. So, if you have some emerging new threat or activity in your environment, Splunk gives people a unique set of insights. And we make it all super easy.
What are some specific Splunk products that make all that possible?
So, we have our Enterprise Security, which is a security information and event management platform (SIEM). It’s very much targeted at the security analysts and the people that are sitting in a security operations center. They are looking through all the different security alerts, figuring out which ones are real, investigating, and responding. Then we dig into security automation with our Splunk SOAR platform. And there’s a range of complimentary capabilities, like our Splunk Attack Analyzer, which helps organizations investigate threats, and our Asset and Risk Intelligence — because you can't protect what you don't know about.
Can we expect new Splunk announcements at RSA?
Yes, for one, Enterprise Security 8.1 expands on the ability to detect, investigate, learn, and respond, all from a single pane of glass, seamlessly. Enhancements include investigation improvements and the ability to more easily detect threats across multiple events using our Findings Based Detections technology. It brings more capabilities to customers that are managing their own platforms. This release also includes support for Splunk SOAR on Azure and support for customer managed environments. And Splunk SOAR 6.4 further accelerates its ability to automate complex and repetitive security tasks, while connecting and coordinating the most complex workflows.
At the same time, Cisco products like XDR have been taken to the next level.
One of the big things that XDR is announcing relates to leveraging agentic AI for instant attack identification. And it creates specific, crafted investigation and response plans.
As Splunk and Cisco products become increasingly integrated, they all benefit, don’t they?
Yes! For example, Enterprise Security fits very nicely with XDR. Because XDR gives you expanded visibility into things like network traffic that often isn't sent to Splunk. And it gives you visibility into endpoint activity that also often isn't sent to Splunk. And so, with the combination of Cisco XDR with Splunk Enterprise Security, you get the entire coverage of low-level networking detections and endpoint-based detections. It’s the most complete coverage across the spectrum of threats that customers are facing today.
Along with their other headaches, security professionals complain about mounting complexity. It sounds like these new product integrations will simplify their lives.
Yeah, exactly. One of the natural tensions in security is the difference between an individual point product, which may be the best thing in solving a very specific pain, versus a collection of capabilities that are designed to work together and help you solve a broad set of needs. And so, we keep hearing from customers that they want to consolidate their spending power and budget, along with products that work seamlessly together, to get a faster, easier, more accurate set of set of outcomes. This is often referred to as a platform approach.
AI-powered agents are a big part of that simplicity, aren’t they?
AI is a fundamentally game-changing technology. At Splunk, we’re working on AI assistants can help a security analyst respond faster, and to be more accurate. It’s not about reducing the number of analysts, but about helping them go from being reactive, with the flood of alerts, to being more proactive — where the system is taking care of the initial triage and validation and then the human reviews and responds.
That speaks to probably the third biggest headache for security professionals after mounting threats and complexity — the talent shortage.
Yeah, exactly. Automation — like with Splunk SOAR — and AI agents can augment and amplify the efforts of people. But there's still a lot of work for people to do. Because somebody has to train these things, somebody has to review their output. So, the need for skilled cybersecurity workers is not going away anytime soon.
At the same time, it takes out many of those onerous, time-consuming processes.
That’s a great point. One of the skills in our upcoming AI Assistant for Enterprise Security is the ability to automatically generate an investigation report. So, you've detected something, you’ve investigated it, but before you can close it out, you need to report what you did, what you found, etc.. Soon the AI Assistant will do it for you. An analyst just needs to review, make any tweaks and submit it. So huge time savings, but also to your point, it takes away one of the analysts’ least favorite, most onerous tasks.
What do you see next for Cisco and Splunk?
AI offers tremendous opportunities. But with opportunities come challenges. At Cisco and Splunk we really want to help companies use AI safely. And that's where things like Cisco's recently announced AI Defense technology comes into play. We’ve talked about AI for security, how AI can help defenders protect their organizations. AI Defense is security for AI. It helps protect an organization’s AI applications, whether it's their internal large language models or third-party applications. And it detects and responds to things like data poisoning and prompt injections. The technology is evolving so fast that you need to find ways to put governance and guardrails around it, without slowing down your users’ ability to take advantage of the latest and greatest that AI can offer. It’s exciting to be able to help with that.