Cisco and Splunk Strengthen Enterprise Digital Resilience in the AI Era

In an era where hybrid environments and AI-driven innovations redefine enterprise operations, organizations face increasing complexity, disruption, and vulnerability in their systems. To overcome this growing challenge, Cisco and Splunk are working together to harness the power of AI to help customers ensure that digital resilience is an inherent part of their systems.

Our latest innovations focus on what matters most: giving customers actionable insights across their entire digital footprint. Whether it’s strengthening your security posture, improving how you see and respond to performance issues, modernizing your data platform, or making AI accessible to non-technical teams, these updates are designed to help you move faster, stay secure, and make smarter decisions with confidence.

Expanding Observability for the Network

For many organizations, gaining full visibility into the health of their systems is still a struggle. The shift to hybrid work, multi-cloud architectures, and edge computing has made it harder to pinpoint the root cause of issues before they impact users or the bottom line.

Today, Splunk is announcing innovations across its observability portfolio to provide organizations deeper visibility into their network health through integrations with Cisco, and faster troubleshooting with the help of AI:

• Get deeper visibility into network health

  • New product integrations with Cisco ThousandEyes: With the new bidirectional integration between Splunk Observability and Cisco ThousandEyes Assurance, organizations can better connect the dots across their digital stack — from application to infrastructure to network. The ThousandEyes integrations with Splunk ITSI and Splunk Observability Cloud are a major step toward unified observability and assurance, helping to better anticipate problems, accelerate response, and deliver resilient, always-on digital experiences.
  • Splunk ITSI integrations with Catalyst and Meraki [*]: Through the Splunk ITSI content pack for enterprise networking, organizations achieve greater visibility into Campus and Branch networks via Catalyst Center device and interface health, and Meraki-managed infrastructure (including switches, gateways, and access points).

• AI enhancements for more accurate, faster detection and remediation

  • EventIQ in Splunk ITSI [*]: Powered by Splunk AI, EventIQ drives cross-domain correlation so organizations can see all of their data in one place. EventIQ allows organizations to quickly correlate and identify the most business-critical issues with plain-text explainability, even if they’re coming from the network — ThousandEyes, Catalyst, or Meraki — and pinpoint root cause to restore services.
  • AI enhancements across Splunk AppDynamics: New observability innovations drive intelligent investigations to reduce false positives and ensure more accurate detection of business-impacting issues.

• New unified observability experience: Splunk AppDynamics and Splunk Observability Cloud now enable organizations to see the business impact of performance problems across three-tier and microservice applications in one solution.

Observability for AI [*]

Agentic, LLM-based applications and GenAI infrastructure add new layers to the tech stack that require specialized observability to help ensure performance, reliability, and a seamless user experience.

Splunk Observability for AI-enabled applications, expands observability into the LLM stack. New capabilities in Splunk Observability Cloud and Splunk AppDynamics provide real-time monitoring of AI orchestration, app and cloud model platforms, base language models and infrastructure, so ITOps and engineering teams can manage performance and scale their GenAI platforms.

Building on AI Capabilities in Splunk with External LLM Integration

As AI becomes more deeply embedded in enterprise workflows, one challenge remains: how to make these technologies usable by everyone, not just data scientists. That’s where a new Splunk platform feature comes in.

This new feature, enabled by Machine Learning Toolkit (MLTK) 5.6, allows customers to connect to external large language models — from services such as those from OpenAI, Anthropic, Google Gemini, Amazon Bedrock, Groq, or from your desktop with Ollama — directly into the Splunk search experience. Analysts can upskill their knowledge and leverage the power of these large all-purpose LLMs to ask questions, generate summaries, surface trends, and explore datasets within Splunk. Instead of doing external research or writing complex queries and sifting through logs, analysts can easily get richer, contextual insights about their data in return.

For organizations, this means faster data insights and higher productivity for their teams to deliver more secure and reliable digital operations.

Bolstering Splunk Enterprise 10.0 and Splunk Cloud Platform 10.0

As organizations scale, the need for more secure, performant, and manageable data platforms becomes even more critical. The latest versions of Splunk Enterprise and Splunk Cloud Platform — version 10.0 — aim to deliver exactly that.

These updates introduce key enhancements that help customers reduce operational overhead and strengthen their compliance posture. With modern encryption protocols, support for FIPS 140-3, and updates to underlying library components like Python, OpenSSL, and MongoDB, the platform is more secure and reliable. These improvements aren’t just technical upgrades; they translate directly into reduced risk and more time for teams to focus on strategic priorities rather than infrastructure maintenance.

Customers will also see improvements in how data is ingested and visualized, allowing them to have more control over cost and pipeline management. These offerings also better integrate the Splunk Platform and Splunk Observability portfolio, bringing context-rich insights directly into ITOps workflows. This eliminates the need to switch tools to run parallel investigations, and gives teams the confidence to make data-driven decisions faster.

Splunk Enterprise 10.0 and Splunk Cloud Platform 10.0 will be available globally later this summer.

Building Stronger Security Operations with Cisco and Splunk

As organizations face a rising tide of threats, the need for more resilient and responsive security operations has never been greater. Protecting systems now demands visibility into every layer of the environment. By integrating with Cisco’s security solutions, Splunk helps security teams detect, investigate, and respond to threats with greater speed and precision. These expanded offerings include:

• Gain Insights from Cisco Secure Firewall with Splunk [*]: Customers using Cisco Secure Firewall will be able to unlock deeper threat insights within Splunk by ingesting firewall log data. This enables advanced detections and helps security teams maximize the value of their Cisco and Splunk investments.
• Expand TDIR Coverage with Enhanced Detection Integration with Cisco Secure Firewall Threat Defense: The Cisco Security Cloud App for Splunk now delivers deeper support for Cisco Secure Firewall Threat Defense (FTD), enabling enriched correlation and detection content aligned to TDIR workflows. Combined with telemetry from Cisco AI Defense, Cisco XDR, Cisco Multicloud Defense, Cisco Talos, and other sources, Splunk accelerates detection use cases across hybrid environments.
• Streamline TDIR with SOAR integrations for Cisco Secure Firewall: Expanded SOAR integrations now include Cisco Secure Firewall-specific actions to support containment and response within TDIR workflows. This is in addition to the currently available Cisco Talos Threat Intel integration. Playbooks can automatically isolate hosts, block outbound connections, and apply policy controls, reducing manual effort and accelerating resolution.
• Connect Application Risk Signals from Splunk AppDynamics: By forwarding Secure Application events into Splunk, security teams gain visibility into application-layer vulnerabilities and threats, helping to contextualize findings within broader business risk.

A Clearer Path Toward Resilient Operations

Cisco and Splunk are working together to turn complexity into clarity with innovations aimed at solving customer problems. Whether it’s simplifying platform management, reducing response times, or applying AI to operational data, we are delivering connected solutions across observability, security, and AI. Digital resilience takes ongoing effort, but with better visibility and actionable insights, organizations can respond faster and operate more effectively to protect and grow their businesses.

[*] Coming soon

Forward-Looking Statements

This blog may contain forward-looking statements regarding future events, plans or the expected financial performance of our company, including our expectations regarding our products, technology, strategy, customers, markets, acquisitions and investments. These statements reflect management's current expectations, estimates and assumptions based on the information currently available to us. These forward-looking statements are not guarantees of future performance and involve significant risks, uncertainties and other factors that may cause our actual results, performance or achievements to be materially different from results, performance or achievements expressed or implied by the forward-looking statements contained in this blog.

The forward-looking statements made in this blog are made as of the time and date of its drafting. If reviewed later in time, even if made available by us, on our website or otherwise, it may not contain current or accurate information. We disclaim any obligation to update or revise any forward-looking statement based on new information, future events or otherwise, except as required by applicable law.

In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. We undertake no obligation either to develop the features or functionalities described, in beta or in preview (used interchangeably), or to include any such feature or functionality in a future release.