Cisco has unveiled a new wave of artificial intelligence capabilities designed to transform the operations of the Security Operations Center (SOC). The company announced the release of Splunk Enterprise Security Essentials Edition and Splunk Enterprise Security Premier Edition, two updated offerings built on Splunk Enterprise Security 8.2, its widely used Security Information and Event Management (SIEM) solution.
Both options place “agentic AI” at the center of security workflows, aiming to streamline detection, investigation, and response processes while reducing operational complexity.
The move follows Cisco’s acquisition of Splunk, and underscores how central the platform has become to Cisco’s broader security strategy. By integrating AI agents into Splunk, Cisco is promoting a model where analysts focus on strategic decisions while AI systems handle repetitive tasks such as triage, malware analysis, and routine incident response. Company executives say the end goal is to create what they describe as an ‘agentic SOC’ – a next-generation environment where AI operates as an active participant in security operations rather than a passive tool.
Mike Horn, Senior Vice President and General Manager for Splunk Security, emphasized the urgency of the shift. “Adversaries are already using AI, so defenders need to seize every possible advantage,” he said. Horn noted that built-in AI capabilities reduce investigation time from hours to minutes, cut through alert fatigue, and unify multiple functions into a single workspace.
The two new editions reflect different levels of functionality. The Premier Edition integrates Splunk Enterprise Security, Splunk SOAR (Security Orchestration, Automation, and Response), Splunk UEBA (User and Entity Behavior Analytics), and the Splunk AI Assistant into a single platform. The Essentials Edition focuses on core SIEM functionality enhanced with AI-driven features. Both versions aim to eliminate the need for security teams to switch between fragmented tools, a persistent challenge in enterprises managing sprawling attack surfaces.
Additional AI-driven Functions
Industry analysts view the consolidation as a step toward enabling security teams to move from reactive to proactive defense. Michelle Abraham, Research Director for Security and Trust at IDC, said that bringing disparate capabilities into a cohesive environment improves efficiency, reduces risk, and aligns better with the scale of modern cyber threats.
Cisco and Splunk are also previewing a suite of additional AI-driven functions slated for release in 2026. These include a triage agent to automatically prioritize alerts, a malware reversal agent capable of line-by-line code analysis, and AI-assisted playbook authoring that converts natural language into tested SOAR workflows. Other features will focus on translating security procedures into automated response plans, rapidly developing new detections, and customizing them for specific environments.
Integration with Cisco’s wider portfolio further expands the vision. For example, runtime security from Isovalent using eBPF will feed granular workload visibility directly into Splunk, while firewall data from Cisco’s Security Analytics and Logging system will be searchable in Splunk Cloud via federated queries. The aim is to extend AI-powered detection and response across the network without the delays of additional data ingestion.
The new editions of Splunk Enterprise Security are now available globally, with the Premier Edition currently offered through an early access program. The Splunk AI Assistant in Security is also generally available worldwide, while the more advanced agentic AI capabilities will be phased in over the next year.
Cisco’s bet is that agentic AI can help security teams address one of the most pressing problems in cybersecurity: an overwhelming flood of data and alerts that obscures real threats. By moving AI into a central, active role in the SOC, Cisco is attempting to redefine not just how fast teams can respond, but how they organize their entire security posture.
Discover more from WIREDGORILLA
Subscribe to get the latest posts sent to your email.
