Cisco plans to acquire WideField Security to strengthen Splunk’s Agentic SOC with identity and session intelligence. WideField Security is focused on identity and session-level evidence. Its technology helps security teams see whether an action is tied to a real, active session or whether it may point to misuse, compromise, or risky behavior. Cisco says those signals can give Splunk’s Agentic SOC more context when it analyzes activity and supports response. And before a security workflow blocks access, escalates an incident, or starts remediation, teams need confidence that the system is acting on the right context.WideField’s technology is designed to connect identity, session, and activity data so security decisions are not based on isolated alerts alone.A Cisco spokesperson told MSSP Alert, "WideField's technology will be integrated into Splunk to boost the Agentic SOC capabilities by helping normalize and correlate identity, session, and activity telemetry from a variety of sources. This will enable Splunk to assemble context across human, non-human, and AI-agent activity, including signals from Cisco Identity Intelligence."The deal also fits into Cisco’s broader work around agentic AI security. Cisco recently added Astrix Security and Galileo. WideField would add another piece by bringing more visibility into identity, runtime behavior, and session activity.“Cisco is continuing to invest in developing and delivering differentiated, enterprise-grade agent and agentic security solutions that address the real-world challenges of today's organizations,” the spokesperson said.“Building on the recent additions of Astrix Security and Galileo, WideField reinforces Cisco's commitment to delivering an integrated trust layer for the agentic AI era, one that spans identity, runtime behavior, visibility, and enforcement. This distinguishes Cisco as a trusted partner for enterprises seeking to operationalize AI with both confidence and control.”AI agents and non-human identities are becoming part of daily enterprise operations, but many security teams still lack a clear way to track what those agents do after they are approved. By bringing WideField into Splunk’s Agentic SOC, Cisco is trying to give teams better visibility into agent activity and more confidence in when automated response should be used. The acquisition also points to where SOC security is heading. As AI agents take on more work, security teams will need identity data, session context, and behavior signals in the same investigation workflow.
You can skip this ad in 5 seconds