Architecture Shift
Important
Medium
85% Confidence
Cisco Deploys Unified SOC/NOC Platform at MWC, Highlighting Data Layer Convergence and Edge Engineering
Summary
At MWC 2026, Cisco leveraged Splunk Cloud as the central platform to integrate telemetry from multiple sources including Secure Access, XDR, Firewall 6160, and Meraki, rapidly building a unified SOC and NOC operational view. This case demonstrates the ability to ensure reliable data ingestion in complex, high-traffic environments through a well-designed edge data pipeline (RSYSLOG + Splunk Heavy Forwarder), enabling fast correlation analysis between network and security events.
Key Takeaways
The Cisco team unified SOC and NOC data streams into the Splunk Cloud platform at MWC. Key actions included integrating telemetry from Secure Access (user policy), XDR (threat detection), Firewall 6160 (AI-ready data center firewall), Meraki/Catalyst (network health), and Spaces (location analytics).
To handle high-throughput logs from the Firewall 6160, an edge data pipeline consisting of an RSYSLOG server (for buffering and normalization) and a Splunk Heavy Forwarder (for parsing, filtering, and secure transmission) was deployed to ensure reliable cloud ingestion. Based on this unified data layer, the team built a fully functional NOC dashboard within hours and enabled correlation analysis between network performance events and security threat signals.
To handle high-throughput logs from the Firewall 6160, an edge data pipeline consisting of an RSYSLOG server (for buffering and normalization) and a Splunk Heavy Forwarder (for parsing, filtering, and secure transmission) was deployed to ensure reliable cloud ingestion. Based on this unified data layer, the team built a fully functional NOC dashboard within hours and enabled correlation analysis between network performance events and security threat signals.
Why It Matters
This demonstrates the practical evolution of enterprise operations architecture towards a 'unified data plane.' The control layer is shifting from disparate, specialized tools to a centralized, scalable analytics platform, with value moving from isolated alerts to contextual, correlated insights. By validating this architecture with its own product portfolio, Cisco aims to strengthen its position as an integrated platform provider....