Splunk Enterprise Security Premier is Now Generally Available: Delivering the Industry’s Best Analyst Experience

Security teams are doing heroic work under unprecedented challenges. Explosive data growth—fueled in part by AI generation, rising costs and operational complexity are driving critical gaps in coverage. Fragmented workflows and incomplete tooling are wearing down defender effectiveness. And attacks, increasingly AI-driven, are escalating in velocity, volume and sophistication, forcing teams to adopt unproven AI tools to keep pace.

Outmoded security approaches like rigid SIEMs, scattered workflows, and niche point solutions are simply not built for this new era. Security operations must evolve quickly. The impact is clear: more than 50% of security leaders say they are likely to leave their role in the next 12 months¹—burnout that directly translates into slower detection and increased business risk.

Splunk has been pioneering a new security platform built for the AI era and today, we are proud to announce the general availability of Splunk Enterprise Security (ES) Premier for cloud customers, with availability for customer managed environments following on February 18. This is a pivotal milestone in our journey to power the Agentic SOC and redefine what is possible in security operations.

Early adopters of ES Premier are already seeing the impact of this unified, AI-powered SecOps platform approach. As Patty Voight, CISO at Webster Bank, told us at our .conf25 user conference:

A New Operating Model: The Agentic SOC

The role of security has shifted from reactive response to strategic enablement. Meeting this expectation requires a new operating model: the Agentic SOC.

The Agentic SOC is an integrated system that brings together data, analytics, tooling, and AI to help analysts continuously adapt to an evolving threat landscape. It pairs human expertise with AI‑driven agents that assist, act, and learn across the full threat detection, investigation, and response (TDIR) lifecycle. In this model, the mundane is automated, the complex is clarified, and defenders can act with speed and confidence.

Splunk ES Premier is purpose-built to deliver on this vision. Building on our decade-long legacy as a Gartner, IDC, and Forrester SIEM and Security Analytics leader, it elevates analysts from reactive alert handlers to proactive defenders by automating routine tasks and clarifying complex scenarios.

What Makes Splunk ES Premier Edition Different

ES Premier is not a collection of tools—it is a unified security engine. We have brought together our market-leading technologies like SIEM, SOAR, User Entity and Behavior Analytics (UEBA), threat intelligence, and detection engineering into a seamless AI-powered security platform that fundamentally changes how you detect, investigate, and respond to threats.

Built on a Foundation of High-Fidelity Data

Security outcomes start with data. ES Premier delivers unparalleled visibility across cloud, on-premises, and hybrid environments through our advanced data management and federation. These are capabilities that set us apart from competitors who must rely on third-party partners to attempt similar results. Our open data fabric provides pre-built integrations, cost controls, robust data management, advanced pipelines, and flexible federation. You get to work with your data wherever it lives, however you need it.

Expanding Detection and Visibility

Raw signals mean nothing without the right analytics. ES Premier transforms data into decisive action through powerful, purpose-built capabilities:

• Integrated Detection Engineering: We have reimagined the detection engineering lifecycle so engineers can discover, test, and deploy high-fidelity rules with speed. You can map your coverage against MITRE ATT&CK and close gaps before adversaries exploit them.
• Native UEBA: Behavioral analytics are no longer a sidecar. We have built UEBA directly into the platform to detect insider threats, compromised accounts, and even advanced nation-state attacks. These insights now appear right alongside your other detections and investigations.
• Integrated Threat Intelligence: You get the full power of Cisco Talos embedded directly into your TDIR workflow. This means richer context and faster decisions without ever leaving your console.
• Cisco and Splunk Collaboration: The Splunk Threat Research Team (STRT) and Cisco Talos work together to develop and promote world-class detections and insights straight to your team, ensuring you stay ahead of emerging threats.

Every analyst using ES Premier now has immediate access to advanced automation and behavioral analytics as part of their core workflow. This eliminates the barriers that once separated detection from response.

Simplifying the Analyst Experience with Unified Workflows

Alert fatigue is not just about volume. It is about fragmentation. Analysts lose time and context switching between tools and manually stitching together investigations. ES Premier eliminates this friction:

• One Cohesive Workflow: Detection, investigation, response, and case management now happen in one place. Analysts stay in the flow, maintaining context from the first alert to the final report.
• Full Spectrum SOAR for Everyone: We have democratized automation. With no per-seat constraints, every analyst can now access embedded automation. Your team can standardize playbooks, accelerate triage, and create runbooks to handle repetitive tasks, regardless of their coding expertise.
• Two Flexible Editions: Whether you choose Enterprise Security Essentials or Premier, you get the same unified SecOps platform. We meet you where you are in your security journey.

Accelerating the SOC with AI and Agentic Capabilities

Splunk delivers AI that works the way your SOC works. Our AI is purpose-built and embedded across the entire analyst workflow, rooted in operational reality, and focused on measurable outcomes. Highlights include:

• AI Assistant for Security: Talk to your data in plain language. Embedded directly into your workflow, this assistant lets you generate SPL searches, summarize complex findings, and draft investigation reports instantly. It speeds up the mundane so you can focus on the critical.
• Malware Threat Reversing Agent: Stop spending hours deobfuscating code. This agent analyzes malicious scripts line by line, identifying evasive behaviors, and extracting IOCs in seconds.
• Growing agentic capabilities, including the Triage Agent, AI Playbook Authoring Agent, Autonomous Response Agent, and Detection Personalizer, are launching throughout 2026.

Every action is transparent, auditable, and under analyst control. This is human-led AI designed to empower your team, not replace it.

Real-World Defense: Stopping Scattered Spider. ES Premier in action.

Consider a defense against Scattered Spider, a group known for rapid credential abuse across hybrid environments. In a traditional setup, early signals are buried in silos. With ES Premier, the defense is cohesive and the response is decisive:

• Unified Visibility and Control: Telemetry from EDR, firewalls, and cloud sources is unified instantly. Federated Search queries high-volume logs where they reside to manage costs, while data pipelines filter noise at the edge. Analysts get a complete operational picture without the "data tax."
• Rapid Detection: Teams gain immediate value from out-of-the-box detections mapped to attacker behaviors. Simultaneously, engineers can use integrated detection engineering workflows to rapidly author, test, and deploy custom detections, all within the same workflow.
• Anomaly Detection with UEBA: As attackers abuse valid credentials to blend in, native UEBA surfaces the anomalous lateral movement and "unknown unknowns" that static rules miss, providing critical early context.
• Agentic Triage & Automated Response: The upcoming AI Triage Agent (Alpha in 1H 2026) reduces mean time to respond (MTTR) by correlating risk automatically, enriching incidents with relative context, and executing response plans at machine speed. It recommends a disposition, orchestrates SOAR playbooks to contain affected assets, block malicious infrastructure, and collet forensic evidence, all while keeping analysts in control.

The result? Faster detection of complex, evolving threats, fewer manual pivots between tools. And confident, coordinated response at machine speed. This is the Agentic SOC in action, available today with Splunk ES Premier Edition.

Watch a demo of ES Premier

Looking Forward: The Next Chapter

The Agentic SOC helps teams move from firefighting to fire prevention. Splunk's ongoing investments in AI help organizations anticipate attacks by leveraging risk analysis from environment-specific data, intelligence, and asset context. As the Splunk community builds and shares new AI agents, innovation will only accelerate.

Accelerating Your Success

To accelerate time to value, customers can leverage Splunk Education courses to build critical expertise and mastery of ES Premier. Additionally, Splunk Professional Services provides expert guidance and proven security best practices to fast-track implementation, ensuring your team captures value from day one. If you are modernizing your SOC now is the moment to act.

Ready to power your Agentic SOC? Sign up for our Demo Day where we’ll be showing a live demo of ES Premier in action! Reserve your spot here.

^{Footnotes:
1.           2025 IANS Cybersecurity Staff Compensation Benchmark Report}