Agentic AI is coming to a popular security platform, and the program’s developers hope it will allow for a more streamlined, “one-screen” style workflow.
Splunk Enterprise Security, the Cisco subsidiary’s suite of security tools, is introducing agents into its processes in hopes of unifying “detection, investigation, and response into a single, intuitive workspace, eliminating tool fragmentation and significantly boosting efficiency,” Splunk Security SVP and GM Mike Horn said at September’s .conf25 in Boston.
Defender assistance was part of the motivation to introduce more agentic AI capabilities to the platform, Kamal Hathi, SVP and GM of the Splunk Business Unit, told IT Brew. In order to deliver on it, the company had to balance what the agents would do with the need for continued human involvement.
“You need to provide a high degree of autonomy—a high degree of agentic is another way of saying it—autonomous solutions that can go on your behalf and do things fast, rapidly respond and all that,” Hathi said. “But human control is super important; you need to have oversight of what’s going on.”
The platform AI integration was driven by customers, Hathi added, which adds to its capabilities. As an enterprise company, Splunk’s user base is usually at the top end of said enterprises.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
“AI implementations, regardless of security, are different than smaller companies or consumer solutions, and that requires a degree of thoughtfulness in how we deliver,” Hathi said.
Smooth moves. Part of the reason for the need to streamline is to avoid tooling sprawl, Splunk CISO Michael Fanning told IT Brew. For SOC analysts, having to constantly shift attention from one screen or workflow to another is tiring, time-consuming, and introduces the opportunity for error.
“Unifying all of those capabilities into that single pane of glass is a good opportunity to accelerate the workflow of a SOC analyst,” Fanning said.
Acceleration leads to quick response times, which helps the overall effort to detect and track down threat actors—who often stay at endpoints very briefly before moving on. Catching them in the act, or soon after, makes it easier to defend against their attacks.
“Depending on which data you’re looking at, on average they’re going to remain on an endpoint for under five minutes, achieve their goals and move laterally,” Fanning said. “So, for us to track those metrics and have some confidence that we’re able to do the investigation that we need quickly to prevent that lateral movement, this is a great advantage for us.”