Cisco Talos Expands Threat Hunting at Cisco Live Las Vegas

At Cisco Live U.S. in Las Vegas, Cisco Talos announced an expansion of its Threat Hunting program that pairs automated telemetry analysis with human expert validation. The team cited a recent KongTuke command-and-control discovery as an example of the approach in action.

Talos representatives outlined the program on the final day of the conference, May 31–June 4. The expanded service aims to identify intrusions that can evade signature-based detection by correlating subtle signals across endpoints, networks and identity systems. Talos described the method as hypothesis-driven hunting that uses automated processing to assemble potential leads and human analysts to validate and investigate those leads.

In a statement, Talos wrote, “By combining AI-driven telemetry analysis with human expert validation, we continuously hunt for hidden threats across endpoint, network, and identity data.” The team noted that many detection tools trigger alerts only when a known-bad pattern appears, which can leave gaps against adversaries that deliberately stay below detection thresholds.

Talos presented the KongTuke example to illustrate the process. Investigators combined weak, ambiguous signals from multiple data sources to identify a command-and-control infrastructure before a formal detection signature existed. The group did not publish full technical details in the announcement.

Speakers at the event also discussed data and infrastructure challenges tied to AI adoption. Talos representatives said organizations are moving and storing far larger volumes of data to feed AI systems and that defending those data pipelines requires new telemetry sources and analytic methods. At the conference they described the scale of modern data movement as a challenge for traditional security tooling and said enterprises will need improved visibility to detect fast-moving adversaries.

Talos plans to offer the expanded threat-hunting service through Cisco account teams and through a dedicated portal in Cisco Security Cloud Control. The service is presented as an option for security teams that lack the staff or capacity to run continuous hunting operations internally; Talos will run ongoing hypothesis-driven investigations on behalf of customers.

The group listed operational priorities for the coming months, including rapid patching cycles and monitoring for new advisory disclosures. Talos also noted its presence at upcoming industry events where researchers and defenders commonly share findings and coordinate defensive work.