5 Big Cisco, Splunk Security Announcements At RSAC 2024

Cisco Systems is announcing a number of security product updates, including a major advancement related to its acquisition of Splunk.

Cisco Systems on Monday announced a number of major security product updates at the RSA Conference 2024, including an XDR advancement stemming from its acquisition of Splunk and an expansion of capabilities for its recently debuted Hypershield offering.

Meanwhile, Splunk made an announcement of its own Monday in connection with the first day of RSAC 2024 in San Francisco.

[Related: Cisco Hypershield For AI Data Center, Cloud Security ‘The Most Consequential’ Announcement In Cisco’s 40-Year History: Execs]

What follows are the key details on five big security announcements from Cisco and Splunk at RSAC 2024.

Cisco XDR, Splunk Integration

Cisco unveiled a much-awaited integration for its XDR (extended detection and response) platform with core technology from Splunk, which Cisco acquired in March for $28 billion.

First announced at last year’s RSAC, Cisco’s XDR platform is getting a big boost through the integration with Splunk’s SIEM (security information and event management) system, said Tom Gillis (pictured), senior vice president and general manager of Cisco’s Security Business Group, in an interview with CRN.

The integration between Cisco XDR and Splunk SIEM was accomplished “as fast as we possibly could,” Gillis said. It will enable Cisco XDR to operate more effectively in its detection of threats across multiple tools and environments.

“Splunk has the broadest context of any security tool in [our] inventory,” Gillis said. “Splunk sees systems that XDR will not see.”

By feeding Splunk’s telemetry into Cisco XDR — which provides greater capabilities for spotting potential threats in real time — Cisco will be able to provide an unprecedented level of detection and response, he said.

The integration with Cisco’s technology should also yield benefits for the effectiveness of Splunk going forward, Gillis said.

“I think we can make Splunk 10 times better by having these deep hooks into the infrastructure,” he said.

Hypershield Update

Other major updates announced Monday by Cisco included the addition of new functionality to its recently debuted Hypershield architecture, which will now be endowed with capabilities for detecting and stopping attacks exploiting unknown vulnerabilities.

“Because we can see into memory, we look at the sequence of process [executing], and we can understand the tactics, techniques and procedures of an attacker,” Gillis said. “And we use AI to say, 'This is what we see with all these attack patterns.’”

Ultimately, “that allows us to identify the next attack that we don't know about,” he said. “So we’ll have both known and unknown vulnerability protection in Hypershield.”

Duo Security Updates

Meanwhile, Cisco also unveiled new features for Duo Security, which will remove the need for users to continually authenticate by keeping track of sessions at the operating system level.

This should help to cut down on what’s known as MFA fatigue, Gillis said.

“We've done a bunch of engineering work to now do that authentication at the operating system level, which means when you're logged in — whether you're doing a web session, or checking your email, or going to a different SaaS app — you log in and authenticate once you never have to do it again,” he said.

AI Assistant For Security In XDR

Cisco also announced Monday that its AI Assistant for Security capability is now available as part of the Cisco XDR platform.

The AI Assistant in XDR “empowers security analysts of all skill levels to make faster, more informed decisions about evolving threats by offering contextual insights, guided responses, recommended actions and automated workflows,” the company said in a news release.

Splunk Asset and Risk Intelligence

Additionally, Cisco-owned Splunk unveiled a new offering of its own Monday in connection with RSAC 2024.

The company announced its newest tool for Security Operations Center (SOC) teams, Splunk Asset and Risk Intelligence, which aims to improve visibility into security risks through correlating and aggregating data from numerous devices, tools and environments.

The offering ultimately makes it possible to “provide a continually updated inventory of assets and identities,” Splunk said in a news release.

Other key functionality includes capabilities for mapping the relationships between identities and assets to accelerate the pace of security investigations, as well as “out-of-the-box and customizable dashboards and metrics” to enable improved compliance and posture, the company said in the release.