Splunk .conf25 Updates —
Unifying Enterprise Resilience in the AI Era
Author: Rosie Whitfield
Release Date: 17/09/2025
It has been over a year since Cisco's strategic acquisition of Splunk, a move that was immediately recognised for its financial acumen. However, at Somerford Associates, our focus has always been on the deeper technical and strategic implications for our clients. The true value of this union lies not in balance sheets, but in the creation of a cohesive, unified platform capable of delivering unprecedented operational resilience in the age of artificial intelligence.
Historically, both companies were leaders in their respective domains, but their portfolios often operated as separate product silos. This fragmentation has been a persistent challenge for enterprises striving for a single, actionable view of their security, observability, and network infrastructure. The .conf25 event served as a critical milestone, showcasing substantial progress in the co-development and integration of the two portfolios, which directly addresses these client challenges.
The New Architecture: Cisco Data Fabric
Perhaps the most significant announcement was the launch of the Cisco Data Fabric, an architecture built on the Splunk Enterprise and Cloud Platform. This is a foundational step toward addressing the massive influx of machine data, which, in its raw state, is often too fragmented and messy to be useful. The Data Fabric is purpose-built to provide a comprehensive solution for operational resilience use cases, a core discipline for our clients.
The architecture is designed around four key areas, ensuring an end-to-end data strategy:
• Data at the Edge: Capturing and processing information where it is created, reducing latency and bandwidth overhead.
• Data in the Cloud: Connecting workloads and analytics across public cloud environments.
• Data in Hybrid Environments: Bridging on-premises and multi-cloud systems for centralised management.
• Machine Data Management: Unifying logs, telemetry, and other operational data to provide a clean, organised data stream for AI applications.
Features like intelligent edge management and federated search are particularly valuable, as they enable our clients to filter data effectively and query across disparate systems such as Snowflake and Amazon S3. The future integration of a time-series foundation model, planned for release in November 2025, promises to further enhance anomaly detection and root-cause analysis, moving the industry toward a proactive posture.
Cisco AI Canvas: The Collaborative Workspace for Resilience
Another key highlight from .conf25 was the upcoming Cisco AI Canvas, an AI-driven workspace designed for security and IT operations teams. Scheduled for integration with Splunk Cloud Platform in 2026 as part of the new Cisco Data Fabric, this solution will enable users to orchestrate analytical workflows using AI agents and a unified interface.
Acting as a "virtual war room," the canvas will allow teams to co-investigate issues in real-time by aggregating and correlating data from Splunk with other sources. What's particularly powerful about AI Canvas is its non-disruptive approach; it's designed to allow engineers to continue working in the tools they like, such as Splunk and Meraki, and shift to the canvas when multidomain workflows and deeper collaboration are required. Eventually, all Cisco management roads will lead to AI Canvas, providing a single, cohesive environment for enterprise resilience.
Advancements in AI for Security Operations
Security has always been a central pillar for both Splunk and Cisco. At .conf25, the focus was on how agentic AI can streamline and accelerate security operations. We see this as a critical evolution for our clients' Security Operations Centres (SOCs), where analysts are often overwhelmed by alert volume and manual investigation tasks.
New offerings like the Splunk Enterprise Security Essentials and Premier Editions put agentic AI at the core of the security workflow. These solutions automate routine investigation procedures, allowing teams to focus on high-priority, complex threats. The Premier edition, in particular, combines Enterprise Security with Security Orchestration, Automation, and Response (SOAR) and User and Entity Behaviour Analytics (UEBA), providing a powerful, integrated solution for threat detection and response.
Additionally, the integration of new security features, such as the malware reversal agent and AI playbook authoring, demonstrates a clear commitment to delivering an agentic SOC that can handle repetitive tasks with minimal human intervention. We believe this will significantly boost efficiency and reduce investigation times from hours to minutes, as confirmed by Cisco leadership.
Unified Observability
The fragmented nature of observability has long been a pain point for enterprises. The announcements at .conf25 show that the Splunk-Cisco integration is the connective tissue that was missing. The unification of Splunk Observability Cloud, AppDynamics, and ThousandEyes creates a cohesive platform for end-to-end application and network visibility.
These updates are designed to help organisations navigate the complexities of modern applications, including hybrid monitoring, user journey analytics, and performance insights for AI systems themselves. It was excellent to hear from our customer Specsavers, who shared their experiences in revolutionising their monitoring and consolidation from a multitude of disparate, siloed tools into a single, comprehensive platform.
With Somerford's guidance, Specsavers were able to gain a holistic view of event and log data, enabling them to identify IT issues promptly and mitigate severe incidents. For our clients, this means a more complete view of their business processes, richer digital experience analytics, and unified visibility across both hybrid and cloud-native applications. This unified approach eliminates the tool fragmentation that previously hindered effective troubleshooting and performance management.
Conclusion
The rapid and effective integration demonstrated at .conf25 confirms that the Cisco-Splunk acquisition is delivering tangible value. From a solutions perspective, the focus on a unified data fabric, agentic AI for security, and a cohesive observability platform directly addresses the most pressing challenges facing modern enterprises.
Crucially, Cisco has maintained the innovative culture and community that defines Splunk. This approach is vital to preserving the open ecosystem that drives innovation and ensures that the combined entity remains a leader in enterprise resilience. The solutions and architectural shifts presented at this event are not just product updates; they represent the successful fusion of two industry giants into a single, cohesive force poised to empower organisations in the AI era.
To delve deeper into these topics and learn how your organisation can achieve rapid and secure cloud adoption and digital business resilience, we invite you to join us at our upcoming event on October 9th in London! For more details and to register for this event, visit Unlocking Digital Business Resilience Forum!
