Cisco has announced the integration of its Talos threat intelligence across multiple Splunk security products, marking a significant milestone in the company’s efforts to combine capabilities following its acquisition of Splunk earlier this year.
Cisco Talos threat intelligence integration is now available for Splunk Attack Analyzer, with upcoming integrations planned for Splunk Enterprise Security and Splunk SOAR.
This move aims to provide Splunk users with enhanced threat detection, investigation, and response capabilities powered by Cisco’s extensive threat intelligence network.
Cisco Talos, the company’s threat intelligence research team, comprises over 400 dedicated responders and incident researchers. The team analyzes vast amounts of security data, including 800 billion security events observed daily and approximately 2,000 new samples analyzed every minute. This wealth of information will now be accessible to Splunk users, enabling them to better identify and respond to emerging threats.
Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Access
In addition to the threat intelligence integration, Cisco has announced the availability of Cisco Talos Incident Response services for Splunk customers. This offering combines Splunk’s security operations solutions with Cisco Talos’ expertise to provide a comprehensive approach to digital resilience.
The incident response services include both proactive and emergency offerings:
- Proactive services: These help organizations assess and strengthen their cybersecurity incident response readiness. Services include incident response readiness assessments, tabletop exercises, and cyber range workshops.
- Emergency response services: These provide 24/7/365 support during active incidents, leveraging Talos’ global intelligence and research teams. Services include triage and coordination, investigation and containment, remediation, and post-incident reporting.
Tom Gillis, Senior Vice President and General Manager of Cisco’s Security Business Group emphasized the importance of this integration: “It’s the first in a series of steps to bring analytics and infrastructure closer together [as well as] applying intelligence about how we gather data and how we process that data to drive more secure, more effective security outcomes”.
This integration is part of Cisco’s broader strategy to enhance its security offerings following the Splunk acquisition. The company has already integrated its XDR (Extended Detection and Response) product with Splunk Enterprise Security and made the Cisco Security Cloud Technology Add-on for Splunk available.
As cyber threats continue to evolve and increase in sophistication, the combination of Splunk’s analytics capabilities and Cisco’s threat intelligence is expected to provide organizations with more robust tools to defend against and respond to cybersecurity incidents.
Download Free Cybersecurity Planning Checklist for SME Leaders (PDF) – Free Download