Research Finder
Find by Keyword
Cisco’s New Agentic AI Capabilities Ready to Transform the SOC
Cisco has launched new AI-powered security offerings, including Splunk Enterprise Security Essentials and Premier Editions, to streamline the SOC using agentic AI to unify and automate security workflows.
Key Highlights:
- The new solutions use agentic AI to automate and unify security workflows, transforming manual tasks into proactive, autonomous operations.
- The agentic AI in cybersecurity market is experiencing rapid growth, with projections to reach nearly $8 billion by 2030 due to a surge in cyber threats.
- To provide a competitive advantage, Cisco is deeply integrating Splunk's analytics capabilities with its own network and endpoint infrastructure.
- Cisco plans to release a series of new AI features in 2026, including a Triage Agent and a Malware Reversal Agent, to further enhance its security portfolio.
- Over the next year, Cisco's strategy is to boost its competitiveness by improving go-to-market messaging, enabling its partners, and continuously innovating its products.
The News
Cisco introduced Splunk Enterprise Security Essentials Edition and Splunk Enterprise Security Premier Edition, providing customers two agentic AI-powered SecOps options that unify security workflows across threat detection, investigation, and response (TDIR). The Splunk Enterprise Security Essentials Edition is now available globally, while the more advanced Splunk Enterprise Security Premier Edition is in early access. The Splunk AI Assistant in Security is also available worldwide. Looking ahead to 2026, additional capabilities and integrations, including the Triage Agent, AI Playbook Authoring, Response Importer, and AI-enhanced detection features, are all planned for release. For more information, read the Cisco press release.
Analyst Take
Cisco has launched new AI-powered security offerings to streamline the Security Operations Center (SOC). The company introduced two new options, Splunk Enterprise Security Essentials Edition and Splunk Enterprise Security Premier Edition. These solutions use Agentic AI to unify security workflows, from threat detection to investigation and response. Delivered as part of the market-leading Splunk Enterprise Security 8.2 SIEM solution, these advancements aim to provide customers with a faster and simpler way to handle threats. In addition, Cisco unveiled a series of upcoming AI features designed to create an "Agentic SOC of the future." The goal is for AI to automate routine tasks, allowing security analysts to concentrate on more strategic decision-making.
Cisco is leveraging its existing integration of security products with Splunk to put agentic AI at the heart of the Security Operations Center (SOC). This approach extends security intelligence seamlessly across the entire network. Unlike traditional automation that simply follows a script, this new system uses AI agents to transform manual tasks into proactive, autonomous security operations, empowering security teams to manage threats more efficiently and respond faster.
Agentic SOC Market Burgeoning
I see the market for agentic SOCs as experiencing explosive growth, driven by the escalating volume and sophistication of cyber threats and a persistent global cybersecurity talent shortage. The traditional SOC model, which relies heavily on human analysts and static, rule-based automation, is struggling to keep pace with modern attackers who use AI to launch highly adaptive attacks. Agentic AI, which enables autonomous systems to reason, make decisions, and take action without constant human oversight, offers viable solutions to this challenge.
This market is a rapidly expanding segment of the broader AI and cybersecurity markets. As of 2025, the global agentic AI in cybersecurity market is valued at over a billion dollars, with some reports projecting it to reach nearly $8 billion by 2030, representing a remarkable CAGR of over 30% (according to Mordor Intelligence). This significant growth highlights the urgent demand from enterprises for more efficient, scalable, and proactive security solutions that can reduce alert fatigue and free up human analysts to focus on intricate, strategic tasks.
Despite its promising prospects, the adoption of a fully agentic SOC model faces challenges. The most critical hurdles include building trust and ensuring the explainability of the AI's decisions, as a single error can have devastating consequences. The high cost of the necessary infrastructure, particularly for powerful GPU clusters, and the complexity of integrating new AI systems with a company's existing legacy security tools can also pose major barriers.
Furthermore, organizations must address ethical and governance concerns, such as data privacy and the potential for shadow AI agents to operate without proper oversight. While large enterprises are currently leading the charge due to their substantial budgets and complex attack surfaces, the market for small and medium-sized businesses is also poised for rapid growth as providers offer more accessible, cloud-based, and consumption-based solutions.
Cisco Agentic SOC Solutions: Competitive Benefits
To help organizations build a more visible and contextual agentic SOC, Cisco is offering two flexible solutions. The Splunk Enterprise Security Essentials Edition and Splunk Enterprise Security Premier Edition both combine Splunk Enterprise Security 8.2 with the Splunk AI Assistant in Security. This integration can provide a unified user experience within a single offering, allowing customers to choose the solution that best fits their needs.
As security threats grow more complex, organizations require integrated solutions that improve visibility, speed up detection, and streamline response efforts. To meet this need, Cisco is introducing new AI-powered advancements to strengthen security operations.
A Triage Agent is designed to evaluate, prioritize, and explain security alerts, even for less common, low-volume incidents. By doing so, it significantly reduces the workload on security analysts and highlights the most critical issues. For deeper analysis, a Malware Reversal Agent uses AI to explain malicious scripts line-by-line, extract indicators of compromise (IoCs), identify evasion techniques, and group recurring behaviors.
Cisco is also making security automation more accessible with AI Playbook Authoring, which translates natural language commands into functional, tested SOAR (Security Orchestration, Automation, and Response) playbooks. Additionally, a Response Importer helps ensure consistency by using AI agents and multi-modal LLMs to integrate standard operating procedures (SOPs) into Enterprise Security response plans. The AI-Enhanced Detection Library helps security teams move from a detection hypothesis to a live, production-ready rule in minutes, with the Personalized Detection SPL Generator tailoring these detections to a SOC's specific environment, making them ready to use immediately.
Moreover, Cisco is enhancing its Security Operations Center (SOC) with agentic AI by integrating key technologies. The Isovalent Runtime Security (eBPF) is being integrated into Splunk to provide immediate and detailed visibility into workloads. This integration helps analysts quickly identify security breaches and infrastructure anomalies. Additionally, Cisco is enabling the federation of Cisco Firewall data with Splunk Cloud Platform. This allows analysts to perform security analytics on firewall logs stored in the Security Analytics and Logging (SAL) service directly from Splunk Cloud, eliminating the need to ingest the data first.
Cisco Agentic SOC: Delivering Competitive Advantages
From my perspective, Cisco's top competitors for its new agentic SOC offer are primarily major cybersecurity players with broad portfolios and established AI capabilities, such as Palo Alto Networks and Microsoft. Palo Alto Networks, with its Cortex XSIAM platform, provides a strong, unified security operations platform that integrates with a wide range of products and leverages AI for automation and threat management. Microsoft, through its Microsoft Security suite, benefits from its vast ecosystem and massive data sets, using AI to deliver powerful threat intelligence and automated response capabilities across its cloud services and endpoints. Both companies offer alternatives by consolidating multiple security functions into a single platform, a core promise of agentic AI.
Cisco, however, provides a distinct competitive advantage through its deep integration with Splunk and its pervasive presence in the network and endpoint infrastructure. By acquiring Splunk, Cisco gained a market-leading SIEM and security analytics platform, which is a foundational component for any SOC. This allows Cisco to deliver a single, unified experience that goes beyond simply integrating products; it embeds AI directly into the security workflow. Unlike competitors who may have to build this capability from the ground up or rely on a less-integrated approach, Cisco can leverage Splunk's powerful data analytics engine to ingest data from its own network, endpoint, and cloud security solutions, providing a unique, full-stack view of the threat landscape.
Furthermore, Cisco's competitive edge is strengthened by its existing relationships with a massive global customer base and a vast partner ecosystem. The company can roll out its agentic SOC capabilities to customers who already use its network and security products, creating a seamless and powerful value proposition. The direct integration of features like the AI Playbook Authoring and Malware Reversal Agent into the Splunk platform will empower security teams to be more proactive. By combining the strengths of Splunk's analytics with its own expansive network and endpoint intelligence, Cisco is well-positioned to offer a more unified, intelligent, and effective security operations solution than many of its rivals.
Looking Ahead
Threat actors are already using AI, so cybersecurity professionals must gain every possible advantage. I believe Cisco's security solutions directly address this by unifying threat detection, investigation, and response into one intuitive workspace. This approach can eliminate the inefficiency of using multiple tools and significantly boosts overall productivity. With built-in AI, security teams can dramatically reduce alert noise and cut investigation times from hours to just minutes. This can enable every SOC to better stay ahead of advanced threats and empower analysts at every skill level.
Over the next 12 months, I expect that Cisco can boost the competitiveness of its new Agentic SOC portfolio by focusing on three key areas: go-to-market execution, partner enablement, and product differentiation.
First, Cisco must clearly articulate the value proposition of its new offerings. This means moving beyond a discussion of features and explaining how the Agentic SOC directly solves the biggest challenges security teams face today: alert fatigue, staffing shortages, and the increasing speed of attacks. Cisco should use real-world case studies and quantifiable metrics to show how its solutions reduce investigation times from hours to minutes and enable analysts to focus on proactive threat hunting. This message should be delivered through a targeted, multi-channel marketing campaign that highlights the seamless integration of Splunk Enterprise Security with Cisco's security products.
Second, Cisco must empower its extensive partner network to sell, implement, and support this new portfolio. While the technology is a strong foundation, its success depends on the channel's ability to deliver value. Over the next year, Cisco should provide specialized training and certification programs focused on agentic AI and Splunk. This includes creating incentives for partners to develop new managed security services and professional service offerings around the Agentic SOC. By ensuring partners are not just resellers but trusted advisors, Cisco can differentiate its offering from competitors who rely on a direct-to-customer model.
Finally, Cisco needs to continue to swiftly futher innovate and expand the product's capabilities. With the Triage Agent and Malware Reversal Agent scheduled for release in 2026, Cisco should use the next 12 months to provide a clear roadmap that builds partner and customer confidence. This involves soliciting feedback from early access customers to refine features and demonstrate a commitment to continuous improvement. By prioritizing these areas, Cisco can solidify its position as a pacesetter in the next generation of security operations.
Ron Westfall | Analyst In Residence
Ron Westfall is a prominent analyst figure in technology and business transformation. Recognized as a Top 20 Analyst by AR Insights and a Tech Target contributor, his insights are featured in major media such as CNBC, Schwab Network, and NMG Media.
His expertise covers transformative fields such as Hybrid Cloud, AI Networking, Security Infrastructure, Edge Cloud Computing, Wireline/Wireless Connectivity, and 5G-IoT. Ron bridges the gap between C-suite strategic goals and the practical needs of end users and partners, driving technology ROI for leading organizations.