Organizations come in all shapes and sizes. From big companies to small, local companies to multi-nationals, unregulated to highly regulated — the size and sophistication of organizations operating in today’s economy is incredibly diverse. Equally, the size and sophistication of their security operations also varies. The reality is that there is not a one-size-fits-all approach to security operations. That is why I am so excited about the integration of Cisco XDR and Splunk Enterprise Security. Because now, there is a security operations platform that can meet a customer where they are on their SecOps journey and grow with them as their needs change.

A holistic approach to security operations is Threat Detection, Investigation, and Response (TDIR). TDIR goes beyond traditional SIEM features by integrating capabilities such as behavioral analytics, threat intelligence, extended detection and response (XDR), and SOAR to deliver a comprehensive SOC platform.

For customers who are just getting started on their journey, or even those who aren’t sure where they should start, Cisco XDR is the fastest, easiest way for them to integrate TDIR into their security posture. Cisco optimized for speed and simplicity by creating a product that correlates only the telemetry necessary to detect threats like ransomware, lateral movement and identity attacks. By holding data for less than a year, integrating with a handful of other EDR, firewall, email, identity and cloud vendors that make up 95% of the security infrastructure and focusing on automating only the response actions that are necessary to remediate and recover from those attacks, we’ve made it possible for any organization to start detecting and responding, regardless of their size, sophistication or budget.

Accelerate the future with Cisco + Splunk

But what happens when an organization matures, becomes more sophisticated and is ready to add more bespoke integrations or automate industry or organization-specific playbooks? What happens when they need to store data for longer periods of time for compliance requirements? What happens when an organization is ready to start automating their non-security workflows to help them scale? How is a solution that may have worked perfectly for them yesterday going to meet their needs of today or tomorrow?

We can answer those questions through the integration of Cisco XDR with Splunk Enterprise Security. As this organization matures and starts adding more capabilities, all the detections, integrations, automation and workflows they learned and developed in Cisco XDR seamlessly migrate with them as they step into a full-blown Security Incident and Event Management (SIEM) solution like Splunk Enterprise Security. They don’t have to worry about starting with a solution that may not scale as they grow because they will have full investment protection plus peace of mind that the solution is ready for them. Splunk ES is the best SIEM in the market for the past 9 years, with the largest community of security practitioners who can fully operationalize it. Why would you want to end up anywhere else?

And for those organizations who are already Splunk ES users, the integration of Cisco XDR enables analytics on network, endpoint and cloud telemetry that were previously unavailable to them. Until today, you couldn’t use that data for detection and response without it being in your SIEM, but most of that data doesn’t belong in your SIEM to begin with.

Cisco XDR’s integration with Splunk ES allows us to apply Cisco’s unique analytics and promote those detections into Enterprise Security while providing the context needed for the SOC to operationalize them, without requiring sending high-volume telemetry to a SIEM that increases ingestion costs and slows down query performance. And we don’t force the operator to leave their preferred security tool that their SOC is built around. It is the best of both worlds.

Drive your success with Cisco and Splunk

Organizations need to choose the right tool for the job. My passion is cars. McLarens are for the track, not for a run to the grocery store. Even though you could get groceries, learning to slip the clutch in traffic, navigate speed bumps in the car park and dodging potholes would be a nightmare in a high-performance vehicle. Conversely, you wouldn’t buy a Honda Accord to take racing, you buy it to run to the grocery store. Either one of these two vehicles could be used in place of the other, but wouldn’t you rather use the right tool for the job?

Cisco XDR and Splunk Enterprise Security is the most complete security operations platform in the market today because it doesn’t try to force the company into something that it’s not — or not yet. It helps organizations get up to speed quickly and allows you to adapt and expand as your needs grow.

Are you at the RSA Conference 2024?

We’re looking forward to connecting with you at our booth and discussing ways you can accelerate your SOC with Cisco + Splunk.

Stop by:

  • North Hall #5845
  • South Hall #926


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social Channels



AJ Shipley

Vice President

Product Management - Threat, Detection & Response