At Splunk .conf 2025, held in Boston MA, Cisco’s SVP of Infrastructure and Security, Tom Gillis, joined me to discuss how the integration of Splunk within Cisco’s broader platform strategy is reshaping the future of security, observability, and AI operations. The energy at the event reflected a growing confidence that Cisco’s acquisition of Splunk is yielding tangible innovation, particularly in how enterprises detect, investigate, and respond to threats in an era defined by data sprawl and AI-driven complexity.
Building the Cisco Data Fabric: Distributed Intelligence for a Data-Saturated World
Gillis described the Cisco Data Fabric as a foundational architectural shift designed to address what he called the “ludicrous data problem.” In today’s environments, security and observability solutions must analyze petabytes of logs and telemetry across networks, endpoints, and clouds, far more data than traditional SIEM or monitoring tools can handle.
The Cisco Data Fabric aims to solve that by moving intelligence closer to where the data originates, creating a distributed, federated architecture rather than pushing everything into a single data lake. By processing data locally and only forwarding what’s relevant, the system becomes dramatically more efficient, potentially orders of magnitude faster and cheaper, according to Tom.
As Gillis noted, “Instead of trying to shove all that data into one big lake, we’re putting the processing near the source. It’s an architecture for the next decade.”
This approach is not limited to Cisco-generated telemetry. The company has already integrated with Amazon S3 and Snowflake, enabling customers to query and analyze data without ingesting it, a shift that simultaneously improves performance, context, and cost efficiency.
Embedding Security into the Network Fabric
A key theme in Cisco’s evolving security strategy is embedding enforcement and intelligence directly into the network itself. Gillis highlighted Cisco’s Hypershield initiative and the use of Isovalent technology, derived from the company’s acquisition of the eBPF-based networking innovator, to deliver distributed, fine-grained security controls.
In this model, each service or workload, whether a Kubernetes pod, web server, or database, gets its own micro-perimeter with policies tailored to its specific role. This not only makes enforcement more precise but also generates rich telemetry that can be fed into Splunk for deep analytics.
By capturing process-level data rather than generic logs, Cisco’s approach reduces overhead by “two or even three orders of magnitude,” Gillis explained, while providing more actionable insights. This represents a major leap forward from legacy logging methods that often drowned analysts in redundant or irrelevant information.
From Tool Sprawl to Platform Effect
A recurring pain point for enterprises today is tool sprawl, the proliferation of overlapping, disconnected point solutions across security and observability domains. Gillis emphasized that Cisco’s integration with Splunk is about creating a platform effect, not simply a bundling exercise.
“The movement towards platforms is well understood,” he said. “But the fuel for that shift isn’t just repackaging tools. It’s about reimagining what those tools can be.”
By combining Splunk’s powerful data analytics capabilities with Cisco’s network-native enforcement and visibility, organizations can achieve centralized policy creation with distributed enforcement. This platform approach enables unified visibility, reduced operational friction, and enhanced security outcomes, providing critical advantages as enterprises adopt hybrid cloud and AI-driven architectures.
AI and Agentic Operations: Trust, Transparency, and Efficiency
No conversation about modern infrastructure would be complete without addressing AI and its growing role in operations. Cisco and Splunk are combining forces to deliver AI-driven, agentic operations, autonomous workflows that simplify complex administrative tasks.
One striking example Gillis shared involves the automation of firewall rule management, a notoriously cumbersome and error-prone process. Using AI, Cisco analyzes firewall configurations to identify redundant or obsolete rules, streamlining management and reducing risk. “Taking a rule out of your firewall is like playing Jenga,” he joked. “AI can show you which blocks you can safely remove.”
Gillis also noted that human oversight will remain critical for the foreseeable future. Cisco’s design philosophy is to earn operator trust by showing the reasoning behind AI recommendations. “When we make an AI-based recommendation, we tell you why,” he said. “You see the data supporting it so you can build confidence in the system over time.”
This “human-in-the-loop” approach reflects the broader industry trend toward progressive automation, moving from reactive troubleshooting to proactive, trusted, and ultimately autonomous operations as comfort levels increase.
Changing the Economics of Observability and Security
Perhaps the most transformative aspect of Cisco’s integration with Splunk lies in its potential to radically change the economics of observability and cybersecurity.
As Gillis put it, “Splunk is the most powerful platform in the world, but it’s also kind of pricey. The combination of Cisco plus Splunk, and what we’re doing with this distributed federated model, will fundamentally change the economics, not just make it 20% cheaper, but orders of magnitude cheaper.”
By analyzing data in place rather than ingesting it, organizations can reduce both storage and compute costs. Or, as Gillis succinctly put it: “What’s better than free ingestion? No ingestion.”
This distributed, federated data fabric enables enterprises to scale observability and threat detection in lockstep with the exponential growth of AI workloads and connected devices—without being constrained by traditional ingestion-based pricing or infrastructure limitations.
From Data Lakes to Data Ponds and Puddles
In the long term, Cisco envisions extending its data fabric into every layer of the network, from data center switches to ruggedized edge controllers in industrial environments. Each of these components will become a node in a global, federated observability fabric, capable of processing and sharing insights locally while contributing to a larger, unified security and performance picture.
As Gillis described, “We’ll be putting more data ponds and data puddles into different classes of Cisco equipment. That will unlock visibility into entirely new classes of traffic that today go unobserved.”
This vision represents a significant evolution toward AI-ready, self-defending, and self-observing networks, a foundational capability for the coming decade of agentic AI and distributed enterprise applications.
OurANGLE
Cisco’s integration of Splunk marks more than an acquisition, it’s a strategic redefinition of how enterprises secure, observe, and automate their digital infrastructure.
By embedding intelligence directly into the network fabric and extending observability through a distributed data architecture, Cisco is aligning its platform for the realities of the AI era: data gravity, decentralized architectures, and the need for trusted, explainable automation.
Enterprises stand to benefit from:
- Faster threat detection and response through near-real-time, process-level telemetry.
- Lower operational and storage costs via federated, no-ingest data analysis.
- Improved resilience and scalability by distributing intelligence throughout the infrastructure.
- A clear path toward trusted AI operations, where human expertise and machine intelligence co-evolve.
As organizations race to modernize for AI-driven workloads, Cisco’s combination of Splunk analytics, Hypershield security, and the Cisco Data Fabric could serve as a blueprint for the next generation of secure, autonomous, and observant digital infrastructure.
