Splunk Enterprise Security: Built to Empower Every SOC Analyst

Security analysts work on the front lines, responsible for protecting organizations every hour of the day from all threats. Our mission has always been to empower the SOC with end-to-end visibility to focus on what matters most and act with clarity, context and speed to resolve any attack.

We’re proud of our industry recognition as the solution leader for security operations: Splunk is routinely recognized as the SIEM leader, including being ranked #1 SIEM in all three Use Cases in the 2024 Gartner® Critical Capabilities for SIEM report. However, as AI significantly increases the velocity and sophistication of attacks, we must evolve to meet these challenges. More than ever, defenders need every possible advantage to overcome today and tomorrow’s threats. Our customers already have the strongest possible foundation for the future and now it’s time to deliver.

That’s why I’m incredibly excited to share with you a major announcement that I made at Splunk .conf25 just this morning. On the stage, I debuted our transformative update to Splunk Enterprise Security (ES) with 8.2: An AI-powered SecOps platform designed to unify and accelerate threat detection, investigation, and response (TDIR) in one seamless experience.

With ES 8.2, TDIR workflows come together in one unified, intuitive workspace to match how security teams actually work — eliminating tool sprawl, context switching and analyst fatigue. Our advanced AI and Agents are built into the security team experience at every stage, significantly reducing noise, prioritizing what matters most, and accelerating investigations from hours to minutes.

From the big energy in the room today to the results our early adopters are already seeing, it’s clear we’re onto something big — and I’m excited for more security teams to see it in action.

The Power of a Single Platform With Market‑Leading Capabilities

With this release, Splunk Enterprise Security (ES) brings together the full-spectrum of capabilities for security operations — SIEM, SOAR (Security Orchestration and Automated Response), Threat Intelligence, User and Entity Behavior Analytics (UEBA), and an AI-powered assistant and Agents — into a seamless, unified interface and workflow optimized for how work gets done. Analysts no longer need to swivel between multiple consoles or lose time hunting for context. Everything happens in one place across the security lifecycle: threat detection, incident investigation, threat hunting, response automation, and case management, all within ES.

Paving the Way for the Next Era of AI in the SOC

One of the most exciting parts of this release is what it makes possible next. By unifying the full spectrum of SOC capabilities into a single ES workspace, we’ve laid the groundwork for a wave of AI‑driven agents and assistants that will transform how analysts work.

On stage, my team gave a first look at several new capabilities currently in development — from agents that prioritize alerts and execute pre‑approved response actions, to AI that generates tailored SPL, builds SOAR playbooks in minutes, and creates plain‑language detection summaries. These innovations are designed to remove repetitive toil, surface what matters most, and let analysts focus on higher‑value decisions — while always keeping humans in control.

By unifying workflows in ES 8.2, we’re laying the groundwork for these AI‑driven assistants and agents to operate seamlessly across every SOC role within our unified TDIR platform — building on the proven results our customers are achieving today and opening the door to even greater outcomes ahead.

Proven Results Today

Our unified, AI-driven approach is already delivering critical real-world outcomes for customers, who shared their experience with IDC in a new independent report, "The Business Value of Splunk Security: A Unified TDIR Platform." Compared to the past, CISOs and their teams found significant gains:

• Identifying threats 64% faster
• Resolving incidents 55% faster
• Reducing false positive rates by 46%
• Driving down costs by 38% compared to equivalent security solutions

These results show what’s possible with flexible, unified TDIR workflows, efficient automation and robust AI embedded everywhere, high-fidelity visibility and rich context, ensuring analysts can act with speed and precision. With the latest advancements in Splunk Enterprise Security, security teams are ensuring a faster, more resilient, AI‑powered SOC.

Where You Are Today, But Ready for Tomorrow

To align capabilities and workflows to your SOC’s specific requirements and priorities, this new release of Splunk Enterprise Security is now available in two editions — Essentials and Premier. We are committed to meeting customers where they’re at and supporting their specific security journey. Both editions share the same trusted ES foundation, unified interface, and seamless workflows, ensuring every analyst benefits from a consistent and intuitive experience. Essentials delivers the industry’s leading SIEM experience with embedded AI assistance and unified TDIR workflows — a powerful solution on its own and a strong foundation for future SOC modernization.

Premier goes further — converging leading capabilities like native UEBA and robust automation for the entire SOC to automatically detect advanced threats and anomalous behavior and drive faster and more efficient detection and response for security teams.

Whatever the current structure of your SOC, there’s an ES edition designed to deliver measurable impact from day one — with the flexibility and end-to-end toolset to keep pace as your needs evolve. And we are committed to continuous innovation and deep investments, ensuring our solutions advance in step with customer priorities and the ever-changing threat landscape.

What’s New in Splunk Enterprise Security 8.2

We’ve expanded on the ES foundation you already trust with powerful new capabilities that help analysts cut through distraction and focus on results:

• AI Assistant for Security (included in both ES Essentials and ES Premier) — Embedded directly into ES workflows, the AI Assistant lets analysts generate SPL searches in plain language, summarize findings, generate investigation reports and recommend next steps — speeding daily tasks while keeping analysts in control.
• Full-spectrum SOAR (available today in ES Premier) — Embedded automation and the ability to create and edit runbooks are now available to every analyst in the SOC, with no per‑seat constraints. Standardize playbooks, accelerate triage, and improve consistency across the team.
• Native UEBA (available today in ES Premier) — Detect insider threats, compromised accounts, and lateral movement through behavior-based analytics integrated directly into detection, investigation, and response workflows.
• Detection Studio (Alpha where available) — Enables detection engineers to discover and and deploy high-fidelity rules faster, with coverage mapped to MITRE ATT&CK and tools for closing detection gaps. Support for robust testing and additional capabilities is coming soon.

If you’re running ES 7.x or earlier, upgrading unlocks major enhancements in performance, visibility, and workflow efficiency — plus positions you to immediately take advantage of these newest capabilities.

Learn More — Join Our Demo Day

To see the new capabilities in action and learn more about Enterprise Security, make sure you sign up for our Demo Day, where we’ll be showing a live demo of the new unified workflows, AI in action, and give you the opportunity to ask questions live!

👉 Reserve your spot here.

Follow all the conversations coming out of #splunkconf25!

Follow @splunk