Security teams can often find themselves staring at a wall of logs, runtime events, firewall alerts, and workload signals, knowing the answer is probably in there somewhere, but not having the time to examine the details.
Applications now span Kubernetes clusters, cloud workloads, data centers, and branches, while teams try to connect signals from workloads, users, agents, logs, and firewalls. Each signal can tell part of the story, but with vulnerabilities being exploited faster than ever, it is easy to lose time chasing noise instead of finding threats.
That is why Cisco is bringing richer product telemetry into Splunk, along with the detections and correlation needed to make that telemetry useful. As organizations build toward a hybrid mesh firewall architecture, Cisco provides deeper visibility from runtime workloads and advanced firewall logging, while Splunk helps turn that visibility into detection, investigation, and action.
Move from isolated alerts to a clear picture of workload risk
Because modern applications are dynamic across containers, Kubernetes workloads, and services, it’s not enough to get an alert that something happened. Teams need to know what workload did it, what process caused it, and whether that behavior was expected.
Cisco Isovalent Enterprise Platform provides runtime visibility across Kubernetes and Linux workloads, including process execution, network connections, file access, and workload identity. Splunk brings that telemetry into the SOC with purpose-built detections and correlation, helping analysts understand suspicious behavior in context. Now, teams can move from manually interpreting direct runtime events to acting on correlated, high-confidence detections inside the Splunk workflows they already use.
Get detections with detailed logs as a native firewall capability
As a high-volume telemetry source, security teams rarely have time to move beyond alerts and examine firewall logs looking for small changes, unexpected patterns, or subtle signs of attacker behavior. Now, in its latest software release, Cisco Firewall introduces a native advanced logging capability, giving customers detailed, structured logs for richer protocol-level detail.
Splunk turns that detail into usable detections and correlation, helping teams surface meaningful patterns in DNS, HTTP, FTP, connection behavior, anomalies, and inspection events without manually sorting. With custom detections and correlation, Splunk can help analysts identify patterns that basic logs may miss, such as command-and-control behavior, DNS tunneling, suspicious downloads, beaconing, or unusual protocol activity.
Detect threats faster, before the incident escalates
Many attacks are not obvious at the point of entry, so when prevention misses something, detection speed matters. This is where the combination of Cisco telemetry and Splunk analytics becomes especially valuable.
For example, in an environment where Kubernetes egress traffic is inspected by Cisco Secure Firewall, a compromised web-service pod suddenly spawns a shell and starts reaching out through DNS. Splunk detections using Isovalent telemetry can show the pod, process, timing, and destination, while Cisco Secure Firewall advanced logging adds context like unusual query patterns or abnormal response sizes. Together, these signals help analysts connect workload behavior to network behavior, investigate with confidence, and respond faster.
Over time, this means customers have the advanced ability to:
- Detect: Less manual event stitching for faster threat detection
- Investigate: Get better context to increase confidence to act
- Act: Respond faster across hybrid environments
Cisco and Splunk are making that possible by bringing deeper product telemetry and purpose-built detection together in one security workflow. To multiply this advantage, check out the advanced threat detection, investigation, and response with Cisco Firewall Promotional Splunk Capacity (FTD).
We’d love to hear what you think! Ask a question and stay connected with Cisco Security on social media.
Cisco Security Social Media
