“Splunk adds a lot of data to Cisco security,” Kerravala says. “The cyber industry is changing from reactive tools to AI-based security platforms that can find needles in a stack of needles. The efficacy of AI will be based on the quality of the AI algorithms combined with [Cisco security]. Plus, Splunk gives Cisco more data than any other security vendor. It should be able to use this to create differentiation for itself.”
The company also offers Splunk SOAR, which automates repetitive security tasks, enabling teams to respond to incidents more quickly; user behavior analytics to secure systems against unknown threats; and Splunk Attack Analyzer to automatically detect and analyze the most complex credential phishing and malware threats.
“Like Palo Alto [Networks] and Microsoft, Cisco can now fill out its security story with a security operations story that spans SIEM and SOAR technology,” MacDonald says.
- Oort buy adds to XDR options
Not every organization requires a SIEM, MacDonald says, so Cisco is offering the XDR platform, which was bolstered by its acquisition of Oort in 2023. Oort provides services to analyze data from an organization’s identity and access management (IAM) systems to discover workforce identities, protect them with best practices, and continuously monitor for identity threats.
- Armorblox + Lightspin
In 2023, Cisco acquired Armorblox, a provider of security software powered by AI and machine learning. Cisco says the acquisition will contribute to the expansion of its AI/ML capabilities and talent. It also provided email security telemetry capabilities, which is also critical to building an XDR, MacDonald says.
Prior to that, Cisco acquired Lightspin Technologies, which offers cloud security posture management (CSPM) across cloud-native resources. Lightspin uses graph-based technology to deliver key context, prioritization, and remediation recommendations. With the addition of Lightspin, Cisco says its customers will be able to identify and address cloud security risks without the need for extensive configuration.