Today, at the Splunk .conf25 event in Boston, Splunk rolled out its product keynote. Two of the key pieces of news involved Cisco, which bought Splunk over a year ago. In the keynote, Splunk Enterprise Security Essentials Edition and Splunk Enterprise Security Premier Edition were both introduced. They provide customers with two agentic AI-powered SecOps options that unify security workflows across threat detection, investigation, and response.
The new solutions are delivered within the Splunk Enterprise Security 8.2 SIEM, where they streamline offerings and empower customers with faster threat response and simplified security solutions. Cisco also unveiled a series of AI features that it intends to release to power the agentic Security Operations Center (SOC) of the future, enabling analysts to focus on strategic decision-making while AI handles routine tasks. With Splunk, AI agents do more than actively orchestrate and automate complex workflows; they transform manual tasks into proactive, autonomous security operations, to empower security teams to act faster and more efficiently.
“Adversaries are already using AI, so defenders need to seize every possible advantage,” said Mike Horn, SVP and GM for Splunk Security. Horn’s focus is developing a security blueprint for the AI era, pushing the boundaries of how customers securely use data and AI to drive digital resilience. As co-founder and CEO of the threat analysis company TwinWave, he pushed the team to reimagine how threat analysis could leverage automation to deliver faster, better and deeper insights into the security threats that matter.
“Our security offerings unify detection, investigation, and response into a single, intuitive workspace, eliminating tool fragmentation and significantly boosting efficiency,” Horn said. “Built-in AI can help cut alert noise and reduce investigation time from hours to minutes. Now every SOC can better position itself to stay ahead of advanced threats and empower analysts at every level.”
To prevent organizations drowning in data with operational blind spots and inefficiencies across SecOps, ITOps, and engineering teams, Splunk has made two key moves to help prevent these issues and build an agentic SOC with greater visibility and context. Customers can select between two flexible solutions.
One is Splunk Enterprise Security Premier Edition, which brings together Splunk Enterprise Security 8.2, Splunk SOAR, Splunk UEBA, and Splunk AI Assistant into a comprehensive offering with unified user experience.
The other is Splunk Enterprise Security Essentials Edition, which combines Splunk Enterprise Security 8.2 and Splunk AI Assistant in Security into a single offering with unified user experience.
“With today’s increasingly sophisticated threats and sprawling attack surfaces, security teams can’t afford to waste time switching between fragmented tools and operating with siloed visibility,” said Michelle Abraham, Research Director, Security and Trust at IDC. “By integrating multiple security capabilities into a single, cohesive environment, security platforms empower organizations to move from reactive to proactive security, streamlining workflows, improving detection and response, and ultimately reducing risk.”
In addition, Horn noted that earlier that enterprise security 8.2 – available as of today – was very important for Splunk.
“It’s a really big step for us as far as creating unified workflows,” he said.
Agentic AI for Security is growing more important. As security challenges become more complex, organizations need integrated solutions that enhance visibility, accelerate detection, and streamline response. Additional AI-powered advancements are being released to strengthen security operations through the following: a Triage Agent sees an AI-powered triage evaluate, prioritize, and explain alerts. An AI-based Malware Reversal Agent explains malicious scripts line-by-line, extracts indicators of compromise, flags evasion, and groups recurring behaviors. AI Playbook Authoring translates natural language intent into functional, tested SOAR playbooks. AI agents adhere to standard operating procedures (SOPs) defined by the SOC and use multi-modal LLMs to import SOPs into Enterprise Security response plans. An AI-Enhanced Detection Library helps detections to go from hypothesis to production in minutes. Finally, a personalized detection SPL Generator personalizes detections within the library to align with unique SOC environments to make them usable out of the box.
By integrating with Cisco’s security solutions, Splunk helps security teams detect, investigate, and respond to threats with greater speed and precision. Expanded offerings will include adding Isovalent Runtime Security (eBPF) into Splunk. This delivers immediate, granular visibility across your workloads, quickly pinpointing potential security breaches and infrastructure anomalies.
Data federation is key here.
“Federation is being able to look at all these different things, but to provide that insight from a single location,” Horn noted. Leave the data where it lives and search across it. “You need those analytics to run close to where the data is. You need that analytics to follow where the data is. It makes it easier to bring data into Splunk and route that data to different data stores.”
Another critical expansion is federating Cisco Firewall Data. An integration between Splunk Cloud Platform’s Federated Search for Amazon S3 and Security Analytics and Logging (SAL) will enable analysts to perform security analytics on firewall logs stored in SAL directly from Splunk Cloud Platform without the need for ingestion.
Splunk Enterprise Security Essentials Edition is available to all global regions, and Splunk Enterprise Security Premier Edition is available in early access. Cisco integrations and additional capabilities including Triage Agent, AI Playbook Authoring, Response Importer, AI-Enhanced Detection Library and Personalized Detection SPL Generator will be available in 2026.