Smarter security operations with Cisco Identity Intelligence and Splunk
Security Operations Centers (SOCs) rely heavily on Splunk for its powerful capabilities in collecting, indexing, and analyzing vast amounts of security data from diverse sources. Splunk excels in processing logs and security events but achieving comprehensive correlation across today’s diverse and sometimes fragmented enterprise identity landscape has always been a difficult task. That’s why several new integrations bringing relevant and timely identity information into Splunk are true game changers for security teams.
A quick example of this type of identity enrichment is the new Cisco Duo Suspicious Activity analytic story in Splunk ESCU 5.10, with 14 Duo based detections for identifying risky admin behavior and insecure Duo policy settings.
However, the core theme of this blog is the power of a new integration between Cisco Identity Intelligence and Splunk. For the unfamiliar, Cisco Identity Intelligence is a multi-sourced, vendor-agnostic solution that works across your existing identity stack and brings together authentication and access insights. This integration is facilitated through the Cisco Security Cloud, enabling you to effectively mitigate posture and threat-based risks within diverse, multi-vendor identity environments. For Splunk customers, this means enhanced operational integrity, prioritized efforts based on severity, and granular user-specific insights that drive faster, more accurate security decisions.
Check out the full Splunk and Cisco Identity Intelligence self-paced demo
Here’s how this integration accelerates your security operations:
Risk-Based Prioritization: This integration surfaces the most critical identity risks and anomalies, enabling security teams to focus on high-priority threats that pose the greatest risk to the organization, and highlighting the risks that may arise due to weak identity security posture.
Unified Identity Timeline: The data from Identity Intelligence provides you with a unified view in Splunk, highlighting event volume, user activity, and failures by check ID across multi-vendor identity environments. By correlating this data with other sources such as firewall logs and endpoint data, you can gain deeper insights and enriched context—enabling more effective detection, investigation, and response to sophisticated threats like lateral movement, privilege escalation, and insider misuse.
Seamless Workflow Integration: To enhance SOC efficiency, analysts are equipped with a streamlined workflow experience that boosts productivity. Security analysts can use Splunk Enterprise Security, Mission Control to create unified workflows based on insights from the Cisco Identity Intelligence that provide the foundation to unify detection, investigation, and response to identity-based security risks.
This powerful combination transforms security operations from a reactive, fragmented approach into a proactive, context-rich defense. It empowers security teams to work smarter, not harder, by providing deep identity insights that enhance detection, investigation, and response—ultimately protecting your organization more effectively against today’s evolving threat landscape.
Cisco Identity Intelligence is available for Duo customers at both the Duo Advantage and Duo Premier tiers.
Want to learn more? Head to Splunkbase or check out the integration documentation.