Datanet » NOUTĂȚI ȘI EVENIMENTE » Tendințe în industrie » Automation and AI agents in the new Splunk Enterprise Security Premier
SOITRON GROUP
Menu
Datanet » NOUTĂȚI ȘI EVENIMENTE » Tendințe în industrie » Automation and AI agents in the new Splunk Enterprise Security Premier
Automation and AI agents in the new Splunk Enterprise Security Premier

The pressure on security teams has reached a critical level. The explosive growth of data, accelerated by AI, combined with escalating costs and mounting operational complexity, is straining organizations’ ability to detect, investigate, and respond effectively. At the same time, threat actors are moving faster, leveraging automation and advanced techniques to increase both speed and impact. Traditional security models—static SIEM implementations, fragmented workflows, and disconnected point solutions—are no longer fit for purpose. Analyst fatigue and burnout are no longer HR concerns alone; they are emerging as measurable business risks.

In this context, Splunk announced in February the launch of Splunk Enterprise Security Premier, which represents a significant step forward for the industry: a unified SecOps platform built for the AI era, seamlessly converging SIEM, SOAR, and UEBA into a single, integrated architecture designed to modernize the SOC and drive higher levels of performance, resilience, and efficiency.

 

 

Automation and Agentic AI: the foundation of cybersecurity efficiency

 

The Splunk State of Security 2025 report  underscores – through concrete data – the mounting pressure on security teams and makes a compelling case for why automation and Agentic AI capabilities have become essential to driving efficiency and resilience across security organizations.
In practice, organizations are facing the following challenges:

  • 46% of security teams spend more time maintaining tools than actively defending against threats
  • 59% struggle with excessive alert volumes
  • 57% lose valuable investigation time due to gaps in data management
  • 32% report a lack of necessary skills within their teams
  • 28% spend too much time on data normalization
  • 78% operate with fragmented and siloed security tools
  • 31% cite inadequate and/or outdated security processes

 

The Agentic SOC: The Future of SecOps

 

The emerging Agentic SOC operating model directly addresses these challenges, transforming security from a reactive function into a strategic defense engine. An Agentic SOC unifies data, analytics, tooling, and AI to enable analysts to continuously adapt to an increasingly dynamic threat landscape.

Within this model, repetitive tasks are automated, complex scenarios become more transparent, and security teams are empowered to act with greater speed and confidence. Human expertise is augmented by AI agents that assist, take action, and continuously learn across the full Threat Detection, Investigation, and Response (TDIR) lifecycle – creating a more agile, intelligent, and resilient security operation.

 

The unified security engine: Splunk Enterprise Security Premier

 

Splunk Enterprise Security Premier is a unified security platform purpose-built to evolve the traditional SOC into an Agentic SOC. ES Premier is not simply a collection of tools, it brings together globally recognized and field-proven Cisco and Splunk technologies spanning SIEM, SOAR, UEBA, threat intelligence, and detection engineering.

These capabilities are consolidated into an AI-powered security engine that automates repetitive workflows, brings clarity to complex threat scenarios, and materially improves both team efficiency and overall security posture.

Built on a foundation of high-quality data, the platform delivers comprehensive visibility across cloud, on-premises, and hybrid environments, without relying on third-party solutions for integration or analytics. Through an open data fabric that includes pre-built integrations, advanced data management, sophisticated pipelines, and cost controls, Splunk ES Premier enables organizations to access and operationalize their data precisely where and how they need it. The result is a fundamental shift in how teams detect, investigate, and respond to threats.

Splunk Enterprise Security Premier simplifies the work of security engineers and analysts as follows:

  • SOAR democratization. Every analyst has access to embedded automation, with no user-based limitations, enabling teams to standardize playbooks, accelerate triage, and manage repetitive tasks, regardless of coding expertise.
    • All stages – detection, investigation, response, and case management, now operate within a single, unified workflow, preserving context from the initial alert through to the final report.
  • Integrated Detection Engineering enables engineers to quickly discover, test, and deploy high-quality security rules, map coverage against the MITRE ATT&CK framework, and eliminate exposure gaps before attackers can exploit them.
  • Native UEBA capabilities. The platform embeds behavioral analytics to detect insider threats, compromised accounts, and advanced attack techniques—fully correlated alongside other detections and investigations.
  • Integrated Threat Intelligence. Brings the power of Cisco Talos directly into the TDIR workflow, delivering richer context and faster decision-making without requiring analysts to switch between external applications, windows, or websites.

 

Two editions tailored to the needs of every organization

 

The Splunk solution is available in two flexible editions – Splunk Enterprise Security Premier, which includes Splunk Enterprise Security 8.2, Splunk SOAR, Splunk UEBA, and Splunk AI Assistant—delivering a fully unified SecOps experience;  and Splunk Enterprise Security Essentials, which combines Splunk Enterprise Security 8.2 and Splunk AI Assistant in an easy-to-use solution designed to accelerate time to value while simplifying operations.

 

AI Agents Embedded in Splunk Enterprise Security Premier

 

Splunk integrates AI Agents directly into the security workflow, purpose-built to deliver measurable outcomes and aligned with the real-world needs of analysts:

  • AI Assistant in Security enables teams to query data using natural language, generate SPL queries, summarize complex results, and rapidly draft investigation reports—significantly accelerating repetitive tasks.
  • Malware Threat Reversing Agent rapidly analyzes malicious code, identifies evasive behaviors, and extracts indicators of compromise (IOCs), eliminating the need for manual deobfuscation.

 

AI capabilities and agents planned for release throughout 2026:

  • Triage Agent leverages AI to assess, prioritize, and explain alerts—reducing analyst workload and improving decision speed.
  • AI Playbook Authoring Agent converts natural language requirements into fully functional, tested SOAR playbooks, providing AI-driven guidance throughout the authoring process.
  • Response Importer / Autonomous Response Agent adheres to SOC-defined standard operating procedures (SOPs) and uses multimodal LLM models to translate those SOPs into enterprise security response plans.
  • AI-Enhanced Detection Library accelerates the path from detection hypothesis to production deployment in minutes.
  • Personalized Detection SPL Generator / Detection Personalizer Agent tailors detection content from the library to align with the SOC’s unique environment—making it immediately operational.

 

Real-World benefits: full control and accelerated incident response

 

ES Premier delivers enhanced visibility and control through the seamless integration of telemetry from cloud, on-premises, and hybrid data sources—reducing noise and optimizing data storage costs. Out-of-the-box detections enable teams to respond immediately to adversary behaviors, while integrated detection engineering workflows streamline the rapid creation and deployment of custom detection content.

Native UEBA capabilities identify abnormal lateral movement and hidden threats, providing critical context from the earliest stages of an attack. In addition, the AI Triage Agent accelerates response by automatically correlating risks, recommending actions, orchestrating SOAR playbooks, and collecting forensic evidence—significantly reducing overall response times and strengthening operational resilience.

 

Datanet Systems, a local leader in delivering Splunk-Cisco solutions

 

Since 2021, Datanet Systems has served as an official partner and Associate Reseller for Splunk in Romania, providing comprehensive expertise in the design, deployment, and integration of Splunk solutions within enterprise IT environments.

Following Splunk’s acquisition by Cisco in March 2024, Datanet has now solidified its position as a trusted partner for the combined Cisco-Splunk portfolio. Leveraging Splunk’s powerful data collection and analytics capabilities alongside Cisco’s networking expertise, Datanet delivers strategic, high-impact projects that provide end-to-end visibility, automation, and AI-driven intelligence across an organization’s entire digital landscape.

For more information on Splunk Enterprise Security Premier or other Splunk-Cisco solutions, please contact sales@datanets.ro.