Login

RSAC 2025: Cisco Raises the AI Security Stakes

RSAC 2025 Cisco Raises the AI Security Stakes

Analyst(s): Ron Westfall
Publication Date: April 30, 2025

What is Covered in this Article:

  • New Cisco portfolio innovations address the complexities of security professionals embracing AI in today’s dynamic threat landscape.
  • Cisco XDR and Splunk Security advancements are designed to simplify threat detection and response with new agentic AI capabilities.
  • Cisco and ServiceNow deepen their partnership to ensure customers can efficiently adopt and scale AI securely.
  • Launch of Foundation AI aims to democratize AI security with novel open-source tools, including the first reasoning model built to enhance security applications.

The News: Cisco made several portfolio innovation and partnership announcements at RSAC 2025, all aimed at helping security professionals secure and harness the power of AI. An increasingly sophisticated threat landscape combined with an expanding talent shortage means the need has never been greater for machine-scale security and response.

RSAC 2025: Cisco Raises the AI Security Stakes

Analyst Take: A growingly complex threat environment, alongside a widening talent gap, underscores the urgent need for automated, large-scale security solutions. Alarmingly, Cisco’s forthcoming 2025 Cybersecurity Readiness Index reveals that companies underestimate the challenges of securing AI globally, with 86% reporting AI-related security incidents in the past year. Cisco’s recent announcements reinforce its dedication to advancing these capabilities for customers via ecosystem partnerships and for the wider community through open-source security models and tools.

Cisco aims to advance its mission to secure AI and harness AI for security through open-source models, tools, new AI agents, and IoT enhancements, all integrated within the Cisco Security Cloud. These advancements aim to balance the scales and provide AI-driven innovations that enhance security for all businesses.

Cisco Bolsters AI Security Portfolio with New XDR and Splunk Security Capabilities

I see that security teams face thousands of daily threat alerts. Cisco XDR tackles this by integrating telemetry from network, endpoint, cloud, email, and more, leveraging agentic AI to prioritize critical issues. With new features, Cisco XDR delivers rapid, AI-driven responses to halt attacks. The Instant Attack Verification feature combines Splunk platform data, endpoints, networks, and threat intelligence, using agentic AI to auto-generate and execute customized investigation plans, quickly confirming threats and enabling confident, automated responses. Enhanced XDR Forensics offers deeper endpoint activity insights for more accurate investigations. The new XDR Storyboard visually simplifies complex attacks, helping teams understand and respond to threats in seconds.

To boost organizational digital resilience, Splunk Enterprise Security (ES) and Splunk SOAR 6.4 bolster defenses against both known and emerging threats, improving visibility, detection accuracy, and workflow automation for greater efficiency. Pairing Splunk ES and SOAR with Cisco XDR enhances network visibility and detection, speeding up investigations and proactive threat management. Together, these Cisco solutions enable a future-ready Security Operations Center (SOC) powered by agentic AI, accelerating threat identification and resolution and driving significant productivity improvements. Splunk SOAR 6.4 is now available, and Splunk Enterprise Security 8.1 will be available in June.

Cisco Alters XDR Competitive Landscape

The new portfolio capabilities strengthen Cisco’s competitive hand against its cybersecurity rivals, including across the XDR market segment. This includes countering CrowdStrike Falcon XDR with its sales and marketing emphasis on AI-driven detection, low false positives, and a unified platform integrating endpoint detection and response.

Palo Alto Networks Cortex XDR offers comprehensive protection by analyzing data from endpoints, networks, and cloud environments. It uses AI-driven detection, behavioral analytics, and advanced threat hunting capabilities, making it a respectable competitor, particularly for network-wide detection. SentinelOne Singularity XDR focuses on automated response and prevention, providing a unified endpoint, cloud, and network security platform. Trend Micro Vision One provides unified detection and response across email, endpoints, servers, cloud workloads, and networks. It emphasizes improved visibility and faster response times.

From my point of view, Cisco XDR and Splunk Security can use new Agentic AI capabilities to demonstrate competitive advantages by simplifying overall threat detection and response. This includes the ability to execute investigation plans automatically, deeper visibility across endpoint activity, improving the accuracy of investigations, and enhanced visualization of intricate attacks. Cisco XDR and Splunk Security stand out with agentic AI-powered automation, Splunk’s data visibility DNA, broad ecosystem integrations, and real-time network-focused capabilities, making them well-suited for large enterprises tackling complex, multi-vector threats in 2025. The refreshed ServiceNow alliance also improves Cisco’s near-term portfolio differentiation.

Cisco ServiceNow Strengthen Security Collaboration

I find that the strengthened Cisco-ServiceNow partnership is critical to the cybersecurity ecosystem. It merges Cisco’s AI Defense with ServiceNow’s SecOps to provide a robust, automated framework for AI risk management and governance, tackling the growing challenges of securing enterprise AI applications. This collaboration further enhances visibility and streamlines vulnerability assessments by leveraging Cisco’s security and infrastructure expertise alongside ServiceNow’s AI-powered workflow automation. It ensures real-time protection across varied AI environments, simplifying operations and boosting compliance.

Building on a seven-year partnership, it directly addresses the 86% of organizations facing AI-related security incidents in 2024, per Cisco’s 2025 Cybersecurity Readiness Index, and supports the shift toward unified platforms. By enabling secure, scalable AI adoption, Cisco and ServiceNow help organizations innovate with confidence, countering risks such as data leaks and model poisoning, and redefining AI security standards in a dynamic threat landscape.

Cisco’s Foundation AI Open-Source Cybersecurity Breakthrough

From my perspective, Cisco’s launch of Foundation AI is a significant step in democratizing AI security within the cybersecurity ecosystem by introducing novel open-source tools, including the first reasoning model specifically designed for security applications, Foundation-sec-8b. This 8-billion parameter model, built on Llama 3.1 and pre-trained on curated cybersecurity data, outperforms larger closed-source models like Llama 3.1 70B on security benchmarks while being more efficient and customizable, enabling security teams to integrate AI-native workflows tailored to real-world threats such as alert triage and threat intelligence analysis.

By releasing this model and accompanying benchmarks on platforms like Hugging Face, Cisco cultivates collaboration among security experts, developers, and vendors, addressing the limitations of general-purpose LLMs that struggle with cybersecurity’s unique language and context. Foundation AI’s open-source model promotes transparency and innovation, aligning with global initiatives such as the EU’s push for secure AI frameworks. It supports organizations’ strategic objective to safely secure and scale AI deployments without sacrificing safety.

Looking Ahead

Overall, I believe Cisco’s new XDR and Splunk security portfolio enhancements can transform organizational security service delivery by leveraging its network-centric, open XDR framework, prioritizing clarity, decisiveness, and speed through features such as Instant Attack Verification, driven by agentic AI, and automated XDR Forensics, which streamline operations and enhance outcomes for customers.

What to Watch:

  • Integrating agentic AI and advanced automation to unify telemetry across endpoints, networks, and cloud environments to enable swifter, more autonomous threat detection and response while reducing SOC workload will gain ecosystem-wide momentum throughout 2025.
  • The refreshed Cisco ServiceNow alliance is set to significantly impact the cybersecurity market by delivering integrated, AI-driven solutions that simplify and secure enterprise AI adoption at scale, addressing critical challenges in risk management and governance.
  • The cybersecurity ecosystem can expect Cisco’s Foundation AI initiative to drive broader collaboration through open-source, security-focused AI models such as Foundation-sec-8b, focused on enhancing threat detection and response automation.

You can read the full press release at Cisco’s website.

Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.

Other insights from The Futurum Group:

Cisco Q2 FY 2025 Earnings Benefit from AI Infrastructure & Security Growth

Cisco Ups the AI Ante Launching New Plug-and-Play Solutions with NVIDIA

Cisco AI Defense: Checking the Reckless Charge Toward AI

Author Information

Ron is an experienced, customer-focused research expert and analyst, with over 20 years of experience in the digital and IT transformation markets, working with businesses to drive consistent revenue and sales growth.

He is a recognized authority at tracking the evolution of and identifying the key disruptive trends within the service enablement ecosystem, including a wide range of topics across software and services, infrastructure, 5G communications, Internet of Things (IoT), Artificial Intelligence (AI), analytics, security, cloud computing, revenue management, and regulatory issues.

Prior to his work with The Futurum Group, Ron worked with GlobalData Technology creating syndicated and custom research across a wide variety of technical fields. His work with Current Analysis focused on the broadband and service provider infrastructure markets.

Ron holds a Master of Arts in Public Policy from University of Nevada — Las Vegas and a Bachelor of Arts in political science/government from William and Mary.

SHARE:

Latest Insights:

Unlocking AI - What’s Needed to Build a Modern Data Center Infrastructure - Six Five On The Road at Dell Tech World 2025
Daniel Newman

Unlocking AI – What’s Needed to Build a Modern Data Center Infrastructure – Six Five On The Road at Dell Tech World 2025

Arthur Lewis, President at Dell Technologies, joins Patrick Moorhead and Daniel Newman to share insights on revolutionizing data centers with AI and the importance of disaggregated infrastructure for agility and efficiency.
Dell Tech and Dauntless XR: AI PCs Driving Visualization Innovation - Six Five On The Road
Daniel Newman

Dell Tech and Dauntless XR: AI PCs Driving Visualization Innovation – Six Five On The Road

Lori-Lee Elliott, CEO at Dauntless XR, and Jon Siegal, SVP, CSG & Online Marketing, at Dell, share insights on leveraging AI PCs for revolutionizing data visualization in high-stakes industries. Their collaboration exemplifies the potential of technology in enhancing productivity and creativity across sectors.
Can AMD’s EPYC 4005 Series Disrupt the Entry-Level Enterprise Server Market?
Olivier Blanchard
Olivier Blanchard

Can AMD’s EPYC 4005 Series Disrupt the Entry-Level Enterprise Server Market?

AMD Launches Zen 5-Based EPYC 4005 CPUs Targeting Cost-Sensitive Enterprise, SMB, and Hosted IT Deployments Across Single-Socket AM5 Systems
Olivier Blanchard, Research Director at Futurum, shares his insights on AMD’s new EPYC 4005 CPUs. Built for SMBs and hosters, the Zen 5-based chips challenge Intel Xeon on price, performance, and deployment simplicity.
The Role of Services in Enabling AI & Driving Customer Value - Six Five On The Road
Daniel Newman

The Role of Services in Enabling AI & Driving Customer Value – Six Five On The Road

Doug Schmitt, CIO and President at Dell, explores Dell Tech's AI-driven transformation and the evolving Services portfolio on this Six Five episode.
Become a Client

The Futurum Group

(833) 722-5337

501 West Ave., Suite 2102
Austin TX 78701

Linkedin Youtube Facebook

Welcome to The Futurum Group

Login to The Futurum Group
Login to Futurum Intelligence Platform
Login to Futurum Labs Research Library

Book a Demo

Thank you, we received your request, a member of our team will be in contact with you.