Splunk & Cisco Power New Security Center

This new Security Command Center (SCC) builds upon a prior collaboration from September 2025, when Indosat and Cisco launched Indonesia's first Sovereign Security Operations Center (SOC). That initial launch featured the first-ever local deployment of Splunk Cloud Platform and Splunk Enterprise Security in the country, establishing a foundation for keeping sensitive national data under Indonesian jurisdiction. The center's architecture merges Cisco's Extended Detection and Response (XDR) platform with Splunk's industry-leading SIEM capabilities. This integration aims to move beyond simple threat detection to enable threat prediction and prevention, leveraging AI on top of the vast datasets collected by both platforms. The facility is supported by both local and global expertise from Cisco Customer Experience Services to handle the evolving threat landscape. For DoD environments, Splunk's technology directly supports the "Visibility and Analytics" and "Automation and Orchestration" cross-cutting capabilities outlined in CISA's Zero Trust Maturity Model. Splunk's cloud offering can handle sensitive information up to FedRAMP High and IL5 standards, allowing agencies to use the platform for a wide range of data analytics and AI use cases in classified environments. The architecture is crucial for implementing the User & Identity pillar of Zero Trust by enabling continuous monitoring of all users, devices, and services. Splunk's User Behavior Analytics (UBA) uses machine learning to baseline normal activity and detect anomalies indicative of insider threats or compromised credentials, helping to validate trustworthiness for every access request. This model facilitates advanced detection engineering by unifying workflows for threat detection, investigation, and response. Cisco's recent acquisition of SnapAttack will further enhance Splunk ES with capabilities for validating, testing, and assessing deployed detection content, helping to operationalize threat intelligence and accelerate SIEM migration. The scalable architecture is designed for multi-tenant environments, a key requirement for managed service providers. Data segregation is achieved by using unique, non-shared indexes for each client. Access is then controlled through specific roles that restrict search terms and permissions, ensuring tenants can only view their own data. The focus on AI-driven security is a direct response to the surge in sophisticated identity-based attacks, which are now the most prevalent initial access method. Attackers are increasingly exploiting stolen credentials, MFA fatigue, and misconfigured Identity and Access Management (IAM) policies to bypass traditional perimeter defenses.