Cisco has announced its plan to integrate its Cisco XDR software with Splunk, which it recently acquired in March 2024 for a staggering $28 billion. The vision behind Cisco’s acquisition of Splunk is to create a comprehensive Security Operation Center (SOC) service. This service encompasses Threat Detection, Investigation, and Response (TDIR).
Formerly, Cisco’s software, Cisco XDR (extended detection and response), emphasized speed and ease of use, requiring minimal data analysis (able to detect up to 95% with less than a year’s worth of data accumulation). This was suitable for organizations just beginning to implement TDIR systems for the first time.
However, as organizations grew larger, the need for more sophisticated TDIR systems that could integrate with other systems and offer increased automation became evident. This necessitated the implementation of Security Incident and Event Management (SIEM) tools like Splunk Enterprise Security (ES) to complement the data volume weaknesses of Cisco XDR. This is why Cisco opted to purchase Splunk, as it possesses the top SIEM system in the industry. Customers of Splunk can now utilize Cisco XDR to enhance network-level data analysis and threat detection on endpoints and in the cloud.
Cisco XDR will remain a separate service from Splunk ES, at least in the short term, but they can be interconnected to complement each other. Customers have the flexibility to choose the systems they require while having the option to add additional features for enhanced completeness.
TLDR: Cisco is integrating its Cisco XDR software with Splunk post-acquisition to provide a comprehensive Security Operation Center service, catering to Threat Detection, Investigation, and Response needs. The integration aims to address the evolving requirements of organizations for more sophisticated and automated systems in the cybersecurity landscape.
Leave a Comment