Cisco at its Splunk .conf conference today added a series of artificial intelligence (AI) agents to its cybersecurity portfolio in addition to now making two editions of the Splunk Enterprise platform available.

Ryan Fetterman, senior manager for AI security research at the Foundation AI arm of Cisco, said AI agents will play a significant role in eliminating many of the tedious processes that over time conspire to increase burnout and turnover rates of cybersecurity teams.

For example, a Triage Agent can now be used to evaluate, prioritize, and explain alerts, while a Malware Reversal Agent in addition to explaining how malicious scripts were constructed line-by-line, extracts indicators of compromise, flags evasion, and groups recurring behaviors.

Additionally, a Response Importer tool ensures AI agents adhere to standard operating procedures (SOPs) defined by the security operations center, including which multi-modal large language models (LLMs) to import.

There is also an AI Playbook Authoring tool that translates natural language prompts into functional, tested playbooks for the Cisco security operations, automation and response (SOAR) platform and a tool that automatically configures a Webex war room when required.

Cisco is also making available a Detection Library that has been enhanced with AI tools along with a tool that makes it possible to customize detections within the library.

Finally, Cisco is also adding support for its Isovalent Runtime Security (eBPF) to provide greater visibility in modern IT environments in addition to providing integrations between Splunk Cloud’s Federated Search capability of Amazon S3 and the Security Analytics and Logging (SAL) tool that enables analysts to surface anomalies in firewall logs

Cybersecurity teams will be able to take advantage of those capabilities via either a Splunk Enterprise Security Premier or a Splunk Enterprise Security Essentials offering. Based on version 8.2 of Splunk Enterprise Security, the Splunk Enterprise Security Essentials option combines Splunk Enterprise Security 8.2, Splunk AI and a Detection Studio into a single offering.

In contrast, Splunk Enterprise Security Premier adds Splunk SOAR, Splunk UEBA, Splunk AI Assistant, and Detection Studio into a more expanded offering.

It’s not clear to what degree cybersecurity teams are embracing AI but there is a fine line between relying on AI to help analyze, for example, PowerShell scripts that have been installed by a cybercriminal and autonomously assigning a set of tasks to an AI agent that will continue to run even if no threat exists. In the latter scenario, cybersecurity teams need to ensure that AI agents are not collecting data for no apparent purposes that then overwhelms the ability of an organization to analyze, noted Fetterman.

Fernando Montenegro, vice president and practice lead for cybersecurity and resilience at the Futurum Group, said that as agentic AI capabilities are added to the Splunk platform it will be interesting to see exactly how cybersecurity teams make use of the increased levels of visibility being provided to automate tasks and resolve issues faster.

Regardless of how AI agents are employed, it’s now only a matter of time before they are pervasively made available across a wide range of cybersecurity platforms. The issue then becomes determining to what extent existing platforms will make those AI agents available versus requiring cybersecurity teams to consider the more expensive option of adopting entirely new tools and platforms.