With Splunk software in place, network operations teams can monitor network traffic for signs of malware, log activity, and meld data from multiple sources to identify the root cause of security problems or more quickly spot abnormal traffic patterns, according to the company.
The first of the Cisco/Splunk integrations brings together Cisco’s XDR service with Splunk Enterprise Security (ES), the company’s SIEM platform. Splunk ES offers security search, reporting, and analytics across various data sources, including devices, systems, and applications. Cisco XDR, meanwhile, ties together myriad Cisco and third-party security products to control network access, analyze incidents, remediate threats, and automate response from a single cloud-based interface. The offering gathers data from six telemetry sources that SOC operators say are critical for XDR systems: endpoint, network, firewall, email, identity, and DNS, according to Cisco.
“Cisco XDR’s integration with Splunk ES allows us to apply Cisco’s unique analytics and promote those detections into Enterprise Security while providing the context needed for the SOC to operationalize them, without requiring sending high-volume telemetry to a SIEM that increases ingestion costs and slows down query performance,” wrote AJ Shipley, vice president of product management with Cisco’s Threat, Detection & Response group, in a blog about the news.
