Fortify Digital Resilience with Splunk + Cisco Talos Incident Response

On the day that Splunk officially became part of Cisco, our leadership outlined key ways we’d come together to support customers to achieve business-critical outcomes, noting:

In the short time since then, we’ve already made significant strides, demonstrated by our announcements of:

• The integration of Cisco XDR with Splunk Enterprise Security to accelerate investigation and remediation
• The availability of the Cisco Security Cloud Technology Add-on for Splunk to help get Cisco telemetry and analytics outcomes into Splunk
• The integration of Cisco Talos threat intelligence across Splunk Attack Analyzer (available now), Splunk Enterprise Security (coming soon) and Splunk SOAR (coming soon)

As we continue to build on this momentum, we’re excited to announce the availability of Cisco Talos Incident Response services to Splunk customers. By combining Splunk’s industry-leading security operations solutions with Cisco Talos Incident Response expertise, we’re providing Splunk customers with a truly holistic approach to fortifying digital resilience in the enterprise — no matter where they are on their cybersecurity journey.

Challenges Standing in the Way of Effective Incident Response

As the cybersecurity landscape rapidly evolves, the pressure is on organizations to respond as fast as possible to incidents that threaten the business. But this is easier said than done, as organizations continue to struggle with a lack of capabilities and resources.

For example, nearly one-third (27%) of security teams “struggle to address emergencies and dedicate adequate time to improve cybersecurity¹,” and as one CISO put it: “Resources are my only real weakness — actually having enough hours in the day and having enough people to handle all the responsibilities².”

Organizations are already likely to experience a major attack at some point, with 90% of CISOs reporting “suffering from at least one disruptive attack in their organization over the last year³.” This means it’s imperative for organizations to have the support in place to quickly respond to incidents — regardless of when or where they happen.

So how can organizations boost incident response effectiveness? That’s where Cisco Talos Incident Response services come in.

Cisco Talos Incident Response Services

Cisco Talos is Cisco’s threat intelligence research team, composed of over 400 dedicated responders and incident researchers. Talos fuels the Cisco platform with actionable threat intelligence, defensive technologies, and techniques based on its unmatched visibility across the threat landscape, which includes:

• 800 billion security events observed daily
• ~2,000 new samples analyzed every minute
• 200 vulnerabilities discovered each year

Talos also extends its expertise to customers through Cisco Talos Incident Response services: a combination of proactive and emergency services. Now, Splunk customers can use these vendor-agnostic services directly through Splunk to help them expand their preparedness for threats, swiftly respond to cyber incidents, and maximize their security investments.

Expand Threat Preparedness

Talos IR’s proactive services help customers assess, strengthen, and evolve their cybersecurity incident response readiness program so they’re better equipped to respond to an incident when the time comes. Examples of these proactive services include:

• Incident response readiness assessments
• Tabletop exercises
• Cyber Range workshops
• And more!

Check out this case study to learn how Cisco Talos’ proactive work with a customer helped them resolve an incident in hours — instead of days or weeks.

Swiftly Respond to Cyber Incidents 24/7/365

Emergency response services allow customers to leverage Talos’ global intelligence, research and response teams for support through active incidents, so they can respond faster and minimize damage to the business. Emergency response services include:

• Triage and coordination
• Investigation and containment
• Remediation and post-incident reporting
• And more!

Read this case study to learn how Cisco Talos supported a customer against an active adversary to prevent a ransomware attack.

Maximize Security Investments

Now, customers can combine the best of Splunk Security and Cisco Talos for a comprehensive security solution to derive greater value out of their security investments. Splunk’s breadth of technologies, built on an extensive open ecosystem, allows customers to select the best tools and integrate existing infrastructure to power the SOC of the future, while Cisco Talos Incident Response services are vendor-agnostic, making it even easier to fortify the SOC’s defenses to reduce business risk.

Learn more about how Splunk and Cisco come together to build resilience across the entire digital footprint.

Fortify the SOC of the Future with Splunk + Cisco Talos

To learn more about Cisco Talos Incident Response services, visit the Cisco Talos website. Ready to get started? Reach out to us.

¹State of Security 2024: The Race to Harness AI
² The CISO Report (2023)
³ Ibid.