Analyst(s): Ron Westfall
Publication Date: April 30, 2025
What is Covered in this Article:
- New Cisco portfolio innovations address the complexities of security professionals embracing AI in today’s dynamic threat landscape.
- Cisco XDR and Splunk Security advancements are designed to simplify threat detection and response with new agentic AI capabilities.
- Cisco and ServiceNow deepen their partnership to ensure customers can efficiently adopt and scale AI securely.
- Launch of Foundation AI aims to democratize AI security with novel open-source tools, including the first reasoning model built to enhance security applications.
The News: Cisco made several portfolio innovation and partnership announcements at RSAC 2025, all aimed at helping security professionals secure and harness the power of AI. An increasingly sophisticated threat landscape combined with an expanding talent shortage means the need has never been greater for machine-scale security and response.
RSAC 2025: Cisco Raises the AI Security Stakes
Analyst Take: A growingly complex threat environment, alongside a widening talent gap, underscores the urgent need for automated, large-scale security solutions. Alarmingly, Cisco’s forthcoming 2025 Cybersecurity Readiness Index reveals that companies underestimate the challenges of securing AI globally, with 86% reporting AI-related security incidents in the past year. Cisco’s recent announcements reinforce its dedication to advancing these capabilities for customers via ecosystem partnerships and for the wider community through open-source security models and tools.
Cisco aims to advance its mission to secure AI and harness AI for security through open-source models, tools, new AI agents, and IoT enhancements, all integrated within the Cisco Security Cloud. These advancements aim to balance the scales and provide AI-driven innovations that enhance security for all businesses.
Cisco Bolsters AI Security Portfolio with New XDR and Splunk Security Capabilities
I see that security teams face thousands of daily threat alerts. Cisco XDR tackles this by integrating telemetry from network, endpoint, cloud, email, and more, leveraging agentic AI to prioritize critical issues. With new features, Cisco XDR delivers rapid, AI-driven responses to halt attacks. The Instant Attack Verification feature combines Splunk platform data, endpoints, networks, and threat intelligence, using agentic AI to auto-generate and execute customized investigation plans, quickly confirming threats and enabling confident, automated responses. Enhanced XDR Forensics offers deeper endpoint activity insights for more accurate investigations. The new XDR Storyboard visually simplifies complex attacks, helping teams understand and respond to threats in seconds.
To boost organizational digital resilience, Splunk Enterprise Security (ES) and Splunk SOAR 6.4 bolster defenses against both known and emerging threats, improving visibility, detection accuracy, and workflow automation for greater efficiency. Pairing Splunk ES and SOAR with Cisco XDR enhances network visibility and detection, speeding up investigations and proactive threat management. Together, these Cisco solutions enable a future-ready Security Operations Center (SOC) powered by agentic AI, accelerating threat identification and resolution and driving significant productivity improvements. Splunk SOAR 6.4 is now available, and Splunk Enterprise Security 8.1 will be available in June.
Cisco Alters XDR Competitive Landscape
The new portfolio capabilities strengthen Cisco’s competitive hand against its cybersecurity rivals, including across the XDR market segment. This includes countering CrowdStrike Falcon XDR with its sales and marketing emphasis on AI-driven detection, low false positives, and a unified platform integrating endpoint detection and response.
Palo Alto Networks Cortex XDR offers comprehensive protection by analyzing data from endpoints, networks, and cloud environments. It uses AI-driven detection, behavioral analytics, and advanced threat hunting capabilities, making it a respectable competitor, particularly for network-wide detection. SentinelOne Singularity XDR focuses on automated response and prevention, providing a unified endpoint, cloud, and network security platform. Trend Micro Vision One provides unified detection and response across email, endpoints, servers, cloud workloads, and networks. It emphasizes improved visibility and faster response times.
From my point of view, Cisco XDR and Splunk Security can use new Agentic AI capabilities to demonstrate competitive advantages by simplifying overall threat detection and response. This includes the ability to execute investigation plans automatically, deeper visibility across endpoint activity, improving the accuracy of investigations, and enhanced visualization of intricate attacks. Cisco XDR and Splunk Security stand out with agentic AI-powered automation, Splunk’s data visibility DNA, broad ecosystem integrations, and real-time network-focused capabilities, making them well-suited for large enterprises tackling complex, multi-vector threats in 2025. The refreshed ServiceNow alliance also improves Cisco’s near-term portfolio differentiation.
Cisco ServiceNow Strengthen Security Collaboration
I find that the strengthened Cisco-ServiceNow partnership is critical to the cybersecurity ecosystem. It merges Cisco’s AI Defense with ServiceNow’s SecOps to provide a robust, automated framework for AI risk management and governance, tackling the growing challenges of securing enterprise AI applications. This collaboration further enhances visibility and streamlines vulnerability assessments by leveraging Cisco’s security and infrastructure expertise alongside ServiceNow’s AI-powered workflow automation. It ensures real-time protection across varied AI environments, simplifying operations and boosting compliance.
Building on a seven-year partnership, it directly addresses the 86% of organizations facing AI-related security incidents in 2024, per Cisco’s 2025 Cybersecurity Readiness Index, and supports the shift toward unified platforms. By enabling secure, scalable AI adoption, Cisco and ServiceNow help organizations innovate with confidence, countering risks such as data leaks and model poisoning, and redefining AI security standards in a dynamic threat landscape.
Cisco’s Foundation AI Open-Source Cybersecurity Breakthrough
From my perspective, Cisco’s launch of Foundation AI is a significant step in democratizing AI security within the cybersecurity ecosystem by introducing novel open-source tools, including the first reasoning model specifically designed for security applications, Foundation-sec-8b. This 8-billion parameter model, built on Llama 3.1 and pre-trained on curated cybersecurity data, outperforms larger closed-source models like Llama 3.1 70B on security benchmarks while being more efficient and customizable, enabling security teams to integrate AI-native workflows tailored to real-world threats such as alert triage and threat intelligence analysis.
By releasing this model and accompanying benchmarks on platforms like Hugging Face, Cisco cultivates collaboration among security experts, developers, and vendors, addressing the limitations of general-purpose LLMs that struggle with cybersecurity’s unique language and context. Foundation AI’s open-source model promotes transparency and innovation, aligning with global initiatives such as the EU’s push for secure AI frameworks. It supports organizations’ strategic objective to safely secure and scale AI deployments without sacrificing safety.
Looking Ahead
Overall, I believe Cisco’s new XDR and Splunk security portfolio enhancements can transform organizational security service delivery by leveraging its network-centric, open XDR framework, prioritizing clarity, decisiveness, and speed through features such as Instant Attack Verification, driven by agentic AI, and automated XDR Forensics, which streamline operations and enhance outcomes for customers.
What to Watch:
- Integrating agentic AI and advanced automation to unify telemetry across endpoints, networks, and cloud environments to enable swifter, more autonomous threat detection and response while reducing SOC workload will gain ecosystem-wide momentum throughout 2025.
- The refreshed Cisco ServiceNow alliance is set to significantly impact the cybersecurity market by delivering integrated, AI-driven solutions that simplify and secure enterprise AI adoption at scale, addressing critical challenges in risk management and governance.
- The cybersecurity ecosystem can expect Cisco’s Foundation AI initiative to drive broader collaboration through open-source, security-focused AI models such as Foundation-sec-8b, focused on enhancing threat detection and response automation.
You can read the full press release at Cisco’s website.
Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.
Other insights from The Futurum Group:
Cisco Q2 FY 2025 Earnings Benefit from AI Infrastructure & Security Growth
Cisco Ups the AI Ante Launching New Plug-and-Play Solutions with NVIDIA
Cisco AI Defense: Checking the Reckless Charge Toward AI
Author Information
Ron is an experienced, customer-focused research expert and analyst, with over 20 years of experience in the digital and IT transformation markets, working with businesses to drive consistent revenue and sales growth.
He is a recognized authority at tracking the evolution of and identifying the key disruptive trends within the service enablement ecosystem, including a wide range of topics across software and services, infrastructure, 5G communications, Internet of Things (IoT), Artificial Intelligence (AI), analytics, security, cloud computing, revenue management, and regulatory issues.
Prior to his work with The Futurum Group, Ron worked with GlobalData Technology creating syndicated and custom research across a wide variety of technical fields. His work with Current Analysis focused on the broadband and service provider infrastructure markets.
Ron holds a Master of Arts in Public Policy from University of Nevada — Las Vegas and a Bachelor of Arts in political science/government from William and Mary.