Architecture Shift
Important
High
85% Confidence
Cisco Demonstrates Unified S/NOC with Agentic AI for Autonomous Security Operations at MWC 2026
Summary
At MWC 2026, Cisco operated a unified Security and Network Operations Center (S/NOC), demonstrating seamless integration across its Security Cloud, XDR, and Splunk platforms. The core innovation was the use of a beta Agentic AI to generate "Instant Attack Storyboards" for triage and investigation, with automated workflows bridging incidents to Splunk Enterprise Security for deeper threat hunting.
Key Takeaways
Cisco built and operated a unified Security and Network Operations Center (S/NOC) on-site at MWC 2026 as a showcase of its "One Cisco" strategy. The technical architecture used Splunk Cloud as the unified platform, aggregating logs from firewalls, DNS, etc., with XDR for event correlation and incident generation.
The key demonstration involved a beta Agentic AI feature ("Instant Attack Storyboard") to assist Tier 1/2 analysts in rapidly triaging massive alerts and investigating suspicious events (e.g., an Excel file with an embedded PDF). The workflow allowed analysts to complete investigations within XDR or escalate with one click to Splunk Enterprise Security for deep-dive analysis by Tier 3 experts, demonstrating bi-directional integration and context transfer.
On-site statistics highlighted the scale (580M logs, 4.3TB data), and the deployment included the Secure Firewall 6160, designed for AI-ready data centers.
The key demonstration involved a beta Agentic AI feature ("Instant Attack Storyboard") to assist Tier 1/2 analysts in rapidly triaging massive alerts and investigating suspicious events (e.g., an Excel file with an embedded PDF). The workflow allowed analysts to complete investigations within XDR or escalate with one click to Splunk Enterprise Security for deep-dive analysis by Tier 3 experts, demonstrating bi-directional integration and context transfer.
On-site statistics highlighted the scale (580M logs, 4.3TB data), and the deployment included the Secure Firewall 6160, designed for AI-ready data centers.
Why It Matters
This signals an evolution towards highly automated, AI-agent-assisted collaborative security operations. The control plane is shifting from point tools to an integrated "security operations platform" combining XDR, SIEM, and AI agents, aiming to compress threat detection and response times and enhance analyst efficiency....