Your confident guide to all the latest announcements from Cisco Splunk.Conf25
At Splunk .conf25, Cisco and Splunk unveiled a series of announcements that mark an important step in how organisations will manage complexity in the AI era. From supercharged observability to a reimagined Security Operations Centre (SOC) and a new Data Fabric architecture, the message was clear: businesses need real-time intelligence, not just raw data.
Cisco’s enhancements to Splunk Observability introduce “agentic AI”, intelligent agents that can automatically detect issues, correlate alerts and even recommend fixes. This shift from reactive monitoring to proactive insights means businesses can spot problems before they impact customers and connect technical performance directly to business outcomes.
In the Security Operations Centre (SOC), agentic AI is being applied to streamline investigation workflows and cut through the noise of endless alerts. For security teams stretched by increasing threats, this means faster responses, less manual effort and the ability to stay ahead of attackers who are already using AI themselves.
Perhaps the boldest move is the Cisco Data Fabric. By transforming machine data into AI-ready intelligence, it offers organisations the chance to reduce data costs, analyse information where it lives, and build new AI use cases with greater ease. Features like the Time Series Foundation Model and Cisco AI Canvas show what’s possible when AI and human expertise come together.
For Natilik clients, the takeaway is simple: the future of digital resilience lies in combining observability, security and data into a unified, AI-driven approach. The technology is moving fast, but the principles remain the same;
– Get the data foundations right
– Embed governance and
– Empower your teams to act on insights.
Cisco’s announcements show what’s possible, but the real opportunity lies in how you adapt these innovations to your own organisation. At Natilik, we’re here to help you navigate that journey so your people, processes and platforms are ready to thrive in the age of agentic AI.
Thoughts from an expert: Richard Beesly – Cyber Security Sales Specialist
One of the most interesting topics and takeaways from Splunk .conf25 for me was the Cisco and Splunk “Better Together” initiative which has resulted in some quick wins already for Security Teams and Cyber Defenders including the combination of Cisco Firewall (FTD) and Splunk analytics to provide enhanced observability and telemetry capabilities – as below:
Securing the Network Edge: Cisco Secure Firewall Threat Defence Detections for Splunk
By integrating Cisco’s Firepower Threat Defence (FTD) with Splunk’s analytics platform, your security team immediately gains comprehensive, organization-wide visibility into network threats far beyond what any single firewall can detect alone.
The Splunk Threat Research Team (STRT) identified this gap as an opportunity to demonstrate how these technologies can be more powerful when used together. The Cisco and Splunk “Better Together” initiative aims to provide immediate value for both customer bases:
- For Cisco customers: Out-of-the-box security detections translate FTD’s powerful network telemetry into actionable security detections without requiring advanced Splunk knowledge.
- For Splunk customers: The rich context provided by Cisco FTD devices enables detailed visibility into network-level threats
This initiative marks the first phase of a broader collaboration to deliver more integrated security monitoring experiences that emphasize the customer value across Cisco’s security portfolio and Splunk’s analytics capabilities.
As part of Cisco, Splunk’s Threat Research Team uniquely collaborates directly with the Talos threat research and FTD engineering teams, learning the data structure and detection capabilities of these devices.
This demonstrated how combining Cisco’s FTD telemetry with Splunk’s advanced analytics allowed us to develop 17 targeted detections including anomaly identification, suspicious file downloads, and high-volume intrusion alerts providing security teams threat visibility across their entire Cisco firewall deployment, rather than relying on isolated insights from individual devices
Better Together: The Power of Collaboration
This project represents the tangible benefits of collaboration between Cisco and Splunk. By combining Cisco’s deep network security expertise with Splunk’s advanced analytics capabilities, we’ve created detections that extract maximum value from both platforms. This partnership provided direct access to Cisco’s 60,000 Snort rules, allowing us to prioritize and integrate the most valuable alerts into Splunk’s detection framework. The result is a comprehensive set of detections that leverage the strengths of both platforms to provide better security outcomes for our customers.
Want to read more, check out the Splunk Newsroom
