It’s been just less than two months since Cisco completed its largest acquisition — the $28 billion Splunk deal. Jeetu Patel, EVP and GM of security and collaboration at Cisco, shared the progress the two teams have made in integrating Splunk into Cisco's extensive security portfolio.
Splunk operates as a separate business unit under Cisco, but the team has been working very closely with the Cisco Security team, Patel told SDxCentral. “What you want to do, when you acquire a company like this, is you don't want to make too many changes to the org right away. And so Splunk is going to keep running as its own unit.”
Cisco’s leadership for observability is now under Splunk, but the Cisco Security Business Group and Splunk are still under two separate leadership teams. “You will see that there's tight integration with two separate [units] to start with. And then of course, over time, we'll know these things evolve,” he added.
Patel noted the security offerings from Cisco and Splunk were “completely complimentary.”
“They were not overlapping, so one plus one equals three here … which is one of the reasons that we saw so much advantage in this acquisition,” he added. “We will utilize our data platform in even bigger ways than we've been doing to date.”
The integration progressPatel detailed the integration progress, highlighting the immediate technical enhancements.
The first thing that the two teams did was update 30 of Splunk’s technical add-ons to be “gold standard.”
Splunk add-on is a type of app that runs on its platform to support and extend the functionality and provides specific capabilities to other apps, such as getting data in, mapping data or providing saved searches and macros.
In addition, the two teams have started working on the future road map including making sure their products can tie together and building more connection points with each other, Patel said.
“From day one, our products are getting integrated,” he added. “For example, Splunk is going to utilize the Cisco design language system so that the products are going to look and feel the same. Our AI [artificial intelligence] assistant will integrate with Splunk’s AI assistant and we will make sure that those things come together. Our products [like] XDR [extended detection and response] and enterprise security are going to get integrated. ”
Cisco integrates its XDR with Splunk security information and event management (SIEM)CEO Chuck Robbins in March revealed several Splunk integration plans including enabling Splunk’s SIEM and security orchestration, automation, response (SOAR) platform to use cloud, network and endpoint analytics available from Cisco’s security portfolio.
At this week’s RSAC 2024, Cisco announced the integration of Cisco XDR with Splunk’s SIEM solution — Enterprise Security (ES), which will feed alerts and detections from Cisco XDR into Splunk ES to accelerate investigation and remediation.
Patel explained that SIEM tools collect long-term retention data and then the XDR tools, which include endpoint detection and response (EDR) plus network detection and response (NDR), provide short-term data.
“It seamlessly feeds high-fidelity alerts and detections from our XDR that are purpose-built for today's common attack patterns that we see in the market, such as ransomware, lateral movement, all that kind of stuff, and that will actually go into Splunk,” he said.
Patel added the integration also encourages customers to buy the two products together to work hand-in-hand. “Customers will have more functionality to go out and do a better job at detections, shorten the time for investigation and expedite remediation.”
Image: Screenshot of the RSAC 2024 keynote livestream