“Splunk adds a lot of data to Cisco security,” Kerravala said. “The Internet industry is changing from functional tools to AI-based security platforms that can find needles in a stack of needles. The performance of AI will be based on the quality of the AI algorithms integrated with it [Cisco security]. Also, Splunk provides Cisco with more data than any other security vendor. It should be able to use this to make a difference. ”
The company also offers Splunk SOAR, which automates repetitive security tasks, allowing teams to respond to incidents quickly; statistics of user behavior to protect systems from unknown threats; and Splunk Attack Analyzer to automatically detect and analyze the most sophisticated phishing and malware threats.
“Like Palo Alto [Networks] and Microsoft, Cisco can now complement its security story with a security operations story that combines SIEM and SOAR technologies,” said MacDonald.
- Oort buy adds XDR options
Not every organization needs a SIEM, MacDonald said, so Cisco offers the XDR platform, bolstered by its 2023 acquisition of Oort. Oort provides services to analyze data from an organization’s identity and access management (IAM) systems to determine employee identity. , protect yourself with best practices, and continuously monitor for proprietary threats.
In 2023, Cisco acquired Armorblox, a provider of security software powered by AI and machine learning. Cisco says the acquisition will contribute to expanding its AI/ML capabilities and talent. It also provided email security capabilities for telemetry, which is also important in building XDR, MacDonald said.
Prior to that, Cisco acquired Lightspin Technologies, which provides cloud security posture management (CSPM) for all cloud environments. Lightspin uses graph-based technology to deliver key context, prioritization, and remediation recommendations. With the addition of Lightspin, Cisco says its customers will be able to identify and address cloud security risks without the need for extensive configuration.
Source link