Cisco Talos Expands Threat Hunting to Endpoint, Firewall, Identity

Tony Giandomenico, senior director of product management at Cisco Talos, announced on June 4, 2026 that Talos has deployed threat-hunting services across Secure Endpoint, Secure Firewall and identity products including Duo and Cisco Identity Intelligence. He linked the roll-out to rapid capability gains in frontier AI over the previous six months.

Giandomenico described threat hunting as searching for attackers who bypass automated alerts and standard detection. He explained the challenge defenders face with detection sensitivity: “If they set it to be too high, the team might get inundated with false positives,” and too low a setting lets stealthy actors go unnoticed. The new service combines human analysts with AI-assisted hypothesis building to examine telemetry from endpoints, firewalls and identity systems.

Talos engineers will review Secure Firewall logs and identity telemetry to look for lateral movement, evasion techniques and other indicators that automated controls missed. The effort builds on existing endpoint hunting and extends coverage to network and authentication signals. Initial activity will focus on systems where Talos already collects detailed endpoint data while integrations with firewall and identity products expand the range of signals available to hunters.

On the impact of AI, Giandomenico noted that attackers will adopt advanced models and defenders must use similar tools to respond. He said product development timelines are shortening because AI enables faster iteration, and features that once took years to develop can appear sooner.

Giandomenico also discussed leadership lessons for launching large security products inside a major company. Drawing on a decade running a small cybersecurity consulting firm in Hawaii before joining Cisco, he described the need to influence colleagues across departments with competing priorities and to communicate a clear purpose. He cited endurance training and Ironman triathlons as personal practices that reinforce discipline, communication and sustained focus during high-pressure launches.

The expanded threat-hunting service will rely on telemetry from customers’ deployed Cisco security products. Talos aims to link activity across endpoint, network and identity layers to identify complex attack paths that automated detection may miss.