Announcing General Availability of Cisco Talos Intelligence in Splunk Attack Analyzer

While it’s always hard to pick a favorite, if you asked the customers attending .conf24 what new product announcement they were most excited about, the integration of Cisco Talos threat intelligence into Splunk’s security products would likely feature near the top of their list.

Today, we are pleased to announce the general availability of Cisco Talos threat intelligence to all Splunk Attack Analyzer customers globally.

Splunk Attack Analyzer Overview

Splunk Attack Analyzer automates analysis of suspected malware and credential phishing threats, such as emails with embedded QR codes, threats behind captchas, lure docs impersonating known brands, and more. Its unique capabilities allow security analysts to:

• Follow and analyze complex attack chains: Visualize the attack chain without requiring security analysts to conduct manual work
• View detailed forensics: Access the technical details of attacks, including a point-in-time archive of threat artifacts from the time of reporting, as well as screenshots
• Integrate directly with Splunk SOAR: Fully automate a complete end-to-end threat analysis workflow
• Interact with malicious content: Seamlessly generate dedicated, non-attributable environments within Splunk Attack Analyzer to access malicious content, URLs and files — without compromising the safety of the analyst or enterprise.
• Uplevel threat hunting capabilities: Seamlessly investigate suspected threats with out-of-the-box phishing and malware detections

As a result, Splunk Attack Analyzer helps security analysts better understand active threats, reduce alert volumes, enhance detection efficiency, and accelerate investigations and decision-making for rapid resolution. For example, with Splunk Attack Analyzer, Southern Farm Bureau Life Insurance Company has:

• Decreased file scan time by 70%
• Reduced false positives from 26% to near zero in 6 months
• Reduced analysis time from ~20 minutes to ~5 minutes for analysis, orchestration, and response combined

Splunk Attack Analyzer and Cisco Talos Integration

Cisco Talos is a proven and trusted threat intelligence research team comprised of world-class researchers, analysts and engineers with unmatched visibility across the threat landscape, seeing more than 800 billion security events per day, 2000 new malware samples per minute and 2000 domains blocked per second.

Intelligence from Cisco Talos allows Splunk Attack Analyzer to detect net new threats, particularly those that are ephemeral in nature, and might already be taken down before they reach Splunk Attack Analyzer for analysis. Integrating with Cisco Talos allows Splunk Attack Analyzer to leverage Cisco’s rich threat intelligence and enrich URLs discovered in the attack chain with reputation results. Each URL analyzed by Splunk Attack Analyzer receives a threat level and threat category from Cisco Talos.

These capabilities are globally enabled for all Splunk Attack Analyzer customers and do not require any configuration for customers to realize further improvements to their threat detection efficacy.

^{Integration of Cisco Talos threat intelligence with Splunk Attack Analyzer}

Following the announcement at .conf24, several customers had expressed their excitement about this integration. “We're excited to get additional depth of analysis by integrating Talos Threat Intelligence into Splunk Attack Analyzer. This will help us be more confident in automated actions we take and continue to bring the best of Splunk and Cisco together.” says Tony Iacobelli, Sr. Manager of Advanced Threat Response at Splunk.

Learn More About Splunk Attack Analyzer

Ready to automate threat analysis? We’ve got you covered! Visit the Splunk Attack Analyzer webpage or speak to your account manager to learn more.