Splunk and Cisco Umbrella: See what you’ve been missing…

The following is a guest post by Rachel Ackerly, product marketing manager, Cisco Umbrella.

Screen Shot 2017-02-13 at 9.40.19 AM

Do you have eyes in the back of your head? (Unless you’re my mother, there is a good chance you don’t.) Many security products claim to provide visibility into what’s happening on your network, but how many actually deliver on that promise?

So how do you see what’s happening on the internet, beyond your perimeter? Isn’t that the question security professionals have been struggling with as the world becomes more mobile? Your employees connect to the internet from many different locations and devices. VPN is no longer necessary to get work done, they use Software-as-a-Service (SaaS) apps. But that leaves users more vulnerable to threats, and you also have to figure out how to control sensitive data, apps, and infrastructure in the cloud.

As security professionals, we deploy more and more security tools in hopes of keeping everything (data, users, devices) locked down and protected.  But the more data we collect, the more we need to analyze… and most times we don’t have the luxury of time to weed through it. We need actionable threat intelligence that can help us make better decisions when identifying and remediating attack campaigns.

Cisco is proud to be partnering with Splunk, the market leader in analyzing machine data to deliver operational intelligence. Splunk and Cisco have collaborated on several dozen free Splunk apps and add-ons that provide ready to use functions for Cisco’s industry-leading security, networking, wireless, data center, and collaboration portfolios.

Screen Shot 2017-02-13 at 1.37.09 PM

Together, Splunk and Cisco are changing the way organizations approach and respond to threats. Most recently Cisco has focused on new points of integration between Umbrella Investigate and Splunk, making it quicker and easier to access Investigate’s rich context to speed up decisions during investigations.

With the new Cisco Umbrella Investigate Add-on, you can automatically enrich security events in a Splunk security environment with threat intelligence about the domains, IPs, and file hashes used in attacks.

What does this mean? It’s sort of like having eyes in the back of your head… you can see the connections you’ve been missing during investigations. You can expose valuable connections within an attacker’s infrastructure — including co-occurrences, related domains, geolocation, categorization, and reputation scores. This power gives security analysts the power to make hard decisions, faster and with confidence. And it gives more insight for researching potential threats, too.

Screen Shot 2017-02-13 at 9.41.00 AM

You already have the data. Now you just need to learn how to make it work harder for you. Imagine if you could…

  • Gain internet-wide visibility into your network & predict attacks
  • Amplify your existing security investments with Investigate
  • Provide better enforcement for malicious destinations via API-based integrations with Splunk and Cisco products

We believe seeing is believing. Learn why Splunk was recognized (twice!) as Cisco Global ISV Partner of the Year and a few months ago Cisco received the honor of receiving Splunk’s Inaugural Revolution Partner Award!

Check out the following resources for more information:

And don’t forget to come say hello at RSA. Visit booth #S-1721 to see how Splunk integrates with Cisco Umbrella Investigate and Cisco CloudLock at RSA. You’ll be able to see how the integration works and ask our team of security experts questions.


Rachel Ackerly
Product Marketing Manager

Splunk at RSAC

Posted by


Show All Tags
Show Less Tags