Joint first-time participation! Cisco & Splunk as One Team ~ Hardening 2025 Invisible Divide ~

What is the Hardening Project?

At its core, the Hardening Project is designed to "significantly enhance practical cybersecurity skills through events." The official website describes it as a mission to discover specialists with a "discerning eye" for protection, specifically those who can masterfully blend technical solutions with practical implementation.

The setup is unique: participants are randomly assigned to teams of 9 or 10 and tasked with running a fictional e-commerce company. In 2025, 101 participants across 12 teams spent over a month preparing for the main event: an 8-hour battle for sales supremacy.

But this isn't just about sales numbers. It is a comprehensive business simulation. Teams must manage procurement, drive marketing, handle customer support, and optimize HR by assigning roles based on individual strengths. And they must do all of this while under constant fire from cyberattacks. It is an 8-hour endurance test where you must defend your infrastructure and ensure business continuity while maintaining team cohesion. Success demands more than just technical chops; it requires true resilience and an awareness of the broader societal impact of security.

The 2025 event operated under the theme "Hardening 2025 Invisible Divide," with a rallying cry to "unite beyond invisible divides." The scenario specifically challenged teams to protect their systems while navigating the complexities of being physically separated across different organizations and environments. Learn more HERE.

Cisco × Splunk Joint Team: First Participation in the Hardening Project

I knew the name "Hardening Project" long before I experienced it. The reputation preceded the event: it is described as literally hard—a grueling, sometimes unreasonable gauntlet where you face moments of despair again and again. Yet, paradoxically, everyone says it’s addictive. Once you survive it, you immediately want to return, refine your strategies, and push your team’s abilities further. The demand speaks for itself; the competition is so fierce for both participants and sponsors that entry is often left to a lottery, with some companies sponsoring the event just to guarantee their seats.

Cisco has been a fixture at this event since 2016, providing a "marketplace" of supportive security technologies. This time was different. Through our recent integration, Splunk stepped up alongside Cisco as a literal "One Team," delivering unified Cisco x Splunk solutions. In this post, I’ll cover the Hardening Project from the fresh perspective of Splunk during our inaugural collaboration. Please keep in mind that this is a personal account of my experience on the ground, rather than an official corporate statement.

Contributing to 'defense' as a marketplace

In this context, Cisco participated in the role of providing products and services called 'marketplace' to support participants in such situations.

Products provided and members participated this time

Technical members:

• Itaru Urikura: Cisco Japan Professional Services Security Architect
• Masanao Matsumoto: Cisco Japan SOC Security Analyst
• Yukinori Nemoto: Cisco Japan Customer Success Specialist
• Kento Omae: Splunk Japan Solutions Engineer

Observer:

• Noriko Ito (Noito): Splunk Japan Business Development Manager

Products and Services Provided as One Cisco

Below, I will explain how these products were actually deployed in the field. (This section is based on an account by Itaru Urikura from Cisco Security PS)

Products and Services Provided

For this event, we approached the competition as "One Team" by utilizing the following three products:

1. Cisco Secure Firewall Threat Defense to protect traffic and networks
2. Cisco Secure Endpoint to protect files and endpoints
3. Splunk Enterprise Security to cross-analyze security events and detect threats

Specifically, we provided value to the "Marketplace" by offering operations and threat hunting services using these products, as detailed below:

Service Name: "Cisco NGFW/EDR/SIEM Operations & Threat Hunting Service"

1. NGFW Operation Services Products

• Cisco Secure Firewall Threat Defense (FTD)
• Firewall Management Center (FMC)

These Next-Generation FW/IPS products primarily protect traffic and networks. They prevent unauthorized communication and malware intrusions at the perimeter, providing advanced detection and blocking capabilities.

2. EDR Operation Services Product

• Cisco Secure Endpoint (formerly AMP for Endpoints)

This solution primarily protects files and endpoints, functioning as the last line of defense against malware that has evaded network security measures. It conducts detailed analysis of file behavior to detect and eliminate both known and unknown threats.

3. Managed SIEM Services Products

• Splunk Enterprise Security (First-time use in 2025!)
• Splunk Universal Forwarder (First-time use in 2025!)

This service centrally collects and analyzes logs from NGFW, EDR, and endpoints. This enables visualization of the overall security posture across network and endpoint boundaries. By performing correlation analysis on vast amounts of data, it detects complex attacks and suspicious behavior at an early stage—threats that cannot be identified by a single device alone.

Service Usage Overview

Our service is essentially fully managed, meaning all deployment and configuration changes are handled by our team.

Prior to implementation, we consult with the participating teams to understand their specific needs, such as any particular communications they wish to block in advance. Since the service requires the installation of agent software, we also provided hands-on assistance with that process.

Once the competition began, we continued to field requests, modifying NGFW policies on the fly and verifying communications during anomalies. We also took a proactive approach, reporting threat intelligence discovered through our threat hunting investigations and issuing alerts to the teams.

In this threat hunting process, Splunk ES’s Risk-Based Alerting (RBA) and AI-powered investigation and reporting automation proved highly effective. We strongly feel these systems were instrumental in swiftly identifying crucial intelligence amidst the vast volume of alerts. In previous years, we spent a considerable amount of time analyzing NGFW and EDR logs in isolation; however, in 2025 we were able to gain a much more comprehensive view.

After the competition, we provide reports and logs to the participants to use as material for reflection during "Softening Day." Furthermore, we remain available for post-event investigations to answer subsequent inquiries, such as, "Did a specific communication occur at that time?"

The goal for competitors is twofold: protect their fictional company and maximize sales using products from the marketplace. As industry professionals, we in the marketplace don't just supply tools; we actively support the teams. We guide them on effective defense strategies, ensure proper configuration, and help build mechanisms that yield real results. Effectively, the marketplace fights right alongside the participants. We constantly observe which teams are leveraging our solutions, track how their sales are trending, and pinpoint exactly where and why performance might be lagging.

The organizer's vision

During the competition, I had the opportunity to speak with the organizers about the driving force behind the Hardening Project.

The venue for this event was the Karate Hall in Tomigusuku City, Okinawa Prefecture. In the past, these events have reportedly been held in regions far outside the metropolitan center, such as Hokkaido and remote islands. This approach stems from a core conviction:

"In cybersecurity, no one should be left behind, and all of Japan should be interconnected."

The project aims to involve local communities and put this philosophy into practice by broadcasting from locations that might initially seem difficult to access. The goal is to ensure that active information exchange isn't limited to the Kanto region (the Tokyo metropolitan area), but that the entire country can move forward together.

Additionally, the organizers place special emphasis on the Japanese word for "protect" (mamoru). They specifically choose the Kanji character ‘衛' (ei: to protect by patrolling/defense) rather than '守' (shu: to protect by obeying rules) or '護' (go: to protect by shielding).

The character  衛  originally represents "infantry" or guards. It depicts the stance of actively protecting something valuable from all sides—using one's feet to patrol the perimeter while embracing the asset with both hands. This choice reflects the Hardening Project's ultimate goal: to create a society where everyone in Japan can utilize information safely and securely through active, comprehensive defense.

From this, I learned that security isn't just about technology-specific measures or the domain of those who work in the field daily. Rather, it is about creating a country where everyone can progress together.

To date, professionals from diverse fields, including lawyers, police officers, and journalists, have joined these teams. They explore what unique contributions they can make and have consistently produced impressive results.

In Closing... Impressions from Participation

The Hardening Project describes itself as "a project that maximizes the value of defensive technology." In the cybersecurity industry, where study sessions and symposiums are the norm, categorizing this event as a "competition" yet billing it as a "project" initially seemed a bit strange to me. However, after hearing the organizers' vision and observing the participants in action, I was thoroughly convinced by the end.

Before participating, my primary desire as a Cisco employee was simply to convey the technical merits of our products. Yet, after experiencing the event, I realized something far more profound. For those eight hours, everyone involved, including participants, marketplace vendors, the secretariat, and advising consultants, worked together as colleagues driven by a shared mission. I believe the essence of security lies not just in tools, but in understanding the fundamental nature of mutual assistance and its purpose. It is about developing the ability to explore security methods that align closely with the needs of others.

Cisco is a company with a legacy of building networks to deliver information worldwide. Splunk, on the other hand, has focused on aggregating logs to generate value from data. Much like our combined approach, we aspire to be an entity in the cybersecurity space that reaches a wide audience, similar to a network connecting people everywhere. We aim to be an organization capable of bringing together a vast array of strengths. With this vision in mind, we strive to continually propose solutions that closely align with our customers to support the creation of social value and trust.

This year, why not consider participating in and experiencing the Hardening Project for yourself?

At the risk of stating the obvious, I would like to add one final remark. We would be delighted if you chose to embark on this journey with Cisco x Splunk products.

Thank you to all who chose to take on the challenge using Cisco products.

Cisco has published participation reports from previous Hardening Projects on our blog. If you are interested, I invite you to read them using your browser's translation tool. (Read more here)