Managing identity risk with Enterprise Security and Cisco Identity Intelligence
Security Operations Centers (SOCs) rely heavily on Splunk software to collect, index, and analyze vast security data from diverse sources. While the Splunk platform excels at processing logs and security events, correlating identity data across fragmented enterprise environments can be challenging.
Solution
Integrating Cisco Identity Intelligence with Splunk Enterprise Security delivers comprehensive, real-time identity insights directly within Splunk Enterprise Security. Cisco Identity Intelligence is a vendor-agnostic, multi-source solution that seamlessly integrates with your existing identity infrastructure to provide unified authentication and access visibility. This solution is available to Duo customers on both the Duo Advantage and Duo Premier tiers.
The integration, facilitated through the Cisco Security Cloud App, enables organizations to effectively mitigate posture and threat-based risks within complex, multi-vendor identity environments.
Check out the Splunk and Cisco Identity Intelligence self-paced demo to see how the integration works.
Benefits of the integration include:
- Risk-based prioritization: The integration surfaces the most critical identity risks and anomalies, enabling security teams to focus on high-priority threats that pose the greatest risk to their organization. It also highlights risks arising from weak identity security posture.
- Unified identity timeline: Data from Cisco Identity Intelligence provides a unified view in Splunk Enterprise Security, showing event volume, user activity, and failures by check ID across multi-vendor identity environments. Correlating this data with other sources such as firewall logs and endpoint data delivers deeper insights and enriched context, empowering detection, investigation, and response to sophisticated threats like lateral movement, privilege escalation, and insider misuse.
- Seamless workflow integration: To enhance SOC efficiency, analysts benefit from a streamlined workflow experience. Security analysts can leverage Splunk Enterprise Security and Splunk Mission Control to create unified workflows based on insights from Cisco Identity Intelligence, forming a foundation to unify detection, investigation, and response to identity-based security risks.
This powerful combination transforms security operations from a reactive, fragmented approach into a proactive, context-rich defense. It empowers security teams to work smarter by providing deep identity insights that enhance detection, investigation, and response - protecting organizations more effectively against today’s evolving threat landscape.
Next steps
These resources might help you understand and implement this guidance:
- Self-paced demo: Splunk and Cisco Identity Intelligence self-paced demo
- Cisco Identity Intelligence and Splunk: Documentation
- If you're interested in learning more about how the Splunk platform integrates with Duo, explore the Cisco Duo Suspicious Activity analytic story introduced in Splunk Enterprise Security Content Update (ESCU) 5.10 which includes 14 Duo-based detections for identifying risky admin behavior and insecure Duo policy settings.