Cisco's Splunk Acquisition 'True Bombshell Move,' Will Have Massive Impact on Cybersecurity
The combination should present immediate upsell opportunities.
![Cisco's Splunk acquisition a bombshell Cisco's Splunk acquisition a bombshell](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt5726ef35af3842a7/6537c77be2dda60392a8d376/Surprised-Businessman.jpg?width=700&auto=webp&quality=80&disable=upscale)
Dean Drobot/Shutterstock
Matthew Ball, chief analyst at Canalys, said Cisco has already been working with Splunk to integrate telemetry data. (Canalys was recently acquired by Informa, Channel Futures’ parent company.)
“The acquisition should drive tighter integration and more cross-sell opportunities for partners, though many will still want a multivendor, best-of-breed solution, rather than relying on one single vendor,” he said. “MSSPs and GSI are key partners for cybersecurity vendors to penetrate. This deal gives Cisco new relationships to broaden its reach. We expect Cisco will highlight this as an important outcome from the deal.”
Microsoft has seen dramatic growth in SIEM in the past two years, and would undoubtedly be Splunk’s top SIEM competitor, said Omdia’s Eric Parizo.
“Others include IBM, Exabeam, Devo, Securonix and Sumo Logic,” he said. “To remain competitive, Splunk must continue its transition to the cloud, work to ease the challenges of deploying and managing its solution, and foster innovation in areas like artificial intelligence (AI) where competitors like Exabeam and Google have made more progress.”
Virtually all of the remaining independent SIEM vendors could be acquisition targets, Parizo said.
“The challenge is that many of the major players in enterprise cybersecurity, including Microsoft and Google, already have SIEM solutions,” he said. “Companies to watch that may be spurred to act based on Cisco’s move would include Palo Alto Networks, which has a limited, proprietary SIEM solution, Trend Micro, CrowdStrike, Ivanti and AWS.”
This is Cisco’s largest-ever acquisition by purchase price, and the challenge of merging Splunk into Cisco can’t be overstated, Parizo said.
“While the Cisco Secure business, into which Splunk will be added, operates somewhat separately from the rest of Cisco, there’s no question that it will take years to fully integrate Splunk’s technology, as well as rationalize sales, marketing, operations and product development resources,” he said. “This is why Omdia anticipates few notable follow-on activities from the deal until early 2025.”
Forrester’s Allie Mellen said this acquisition is a boon to Microsoft‘s SIEM business with Sentinel. Microsoft is the biggest SIEM competitor to Splunk right now, and users will flock to or expand their Sentinel deployments as they hedge their bets between where Cisco takes Splunk and where Microsoft takes Sentinel.
“Security leaders are concerned that this pairing will degrade the quality of the SIEM they’ve come to rely on more than any other tool in security,” she said. “The SIEM market is undergoing a series of disruptions, from the XDR market rising up as a competitor to acquisitions like this one. This acquisition signals an inflection point for the SIEM market. Other smaller players will emerge to feed off this uncertainty for security teams.”
Ball said the acquisition is a massive bet for Cisco in terms of the price tag and complexity of the integration once the deal is completed.
“The addition of Splunk will make Cisco one of the largest cybersecurity vendors by giving it a leading SecOps platform — SIEM and security orchestration, automation and response (SOAR) — to add to its network security, endpoint, cloud, secure services edge (SSE), email and identity security lines,” he said. “As a result, Cisco will have one of the broadest cybersecurity portfolios in the industry, which can tap into different budgets and stakeholders in customers.
The acquisition will also scale up Cisco’s observability business and help shift its overall revenue more to software and subscriptions, which is its strategic focus, Ball said.
“There will be integration challenges, including channel programs, but the deal is not expected to close until later next year, which gives it time to plan,” he said. “Cisco has had more success with integrating smaller technology tuck-in deals than large transformative acquisitions (e.g. Scientific Atlanta, NDS).”
Ball said the acquisition is a massive bet for Cisco in terms of the price tag and complexity of the integration once the deal is completed.
“The addition of Splunk will make Cisco one of the largest cybersecurity vendors by giving it a leading SecOps platform — SIEM and security orchestration, automation and response (SOAR) — to add to its network security, endpoint, cloud, secure services edge (SSE), email and identity security lines,” he said. “As a result, Cisco will have one of the broadest cybersecurity portfolios in the industry, which can tap into different budgets and stakeholders in customers.
The acquisition will also scale up Cisco’s observability business and help shift its overall revenue more to software and subscriptions, which is its strategic focus, Ball said.
“There will be integration challenges, including channel programs, but the deal is not expected to close until later next year, which gives it time to plan,” he said. “Cisco has had more success with integrating smaller technology tuck-in deals than large transformative acquisitions (e.g. Scientific Atlanta, NDS).”
Cisco’s $28 billion Splunk acquisition is a “true bombshell move” that will have a “seismic” impact on the entire enterprise cybersecurity landscape, and may foreshadow more consolidation.
That’s according to Eric Parizo, managing principal analyst at Omdia, which shares a parent company with Channel Futures (Informa). Splunk is a security information and event management (SIEM) market leader.
Omdia’s Eric Parizo
“First rumored more than 18 months ago, the deal will immediately make Cisco one of the dominant players in next-gen SIEM, a market segment that Omdia forecasts will grow to nearly $4 billion in global annual revenue by 2027,” he said. “Splunk’s established position as a premium offering with the deep resources of Cisco’s global salesforce should present immediate upsell opportunities.”
Cisco tells us Splunk’s security capabilities complement its existing portfolio, and together will provide “leading security coverage from devices to applications, to clouds.” The integration of Cisco’s extended detection and response (XDR) and Splunk’s SIEM offering will give customers a “comprehensive security platform for threat detection and response.”
The Splunk management team, under both current CEO Gary Steele and former leaders Doug Meritt and Graham Smith, deserve “tremendous credit” for dramatically accelerating the company’s transition to a cloud-based platform, and revamping its pricing model to encourage more usage and provide better value for customers, Parizo said.
Splunk Acquisition Far From Final
“Omdia anticipates little strategic change in the next nine to 12 months until the purchase is finalized following regulatory approval,” Parizo said. “In 2025, Omdia expects to see the first efforts to integrate with the Cisco Secure product portfolio, most notably Cisco’s XDR solution and the Cisco Kenna Risk-Based Vulnerability Management offering.”
There are some redundancies with Cisco and Splunk in the area of observability, but the overlap is minimal, Parizo said.
Allie Mellen, security and risk analyst at Forrester, said Cisco’s Splunk acquisition is a “massive win” for Cisco’s security business.
Forrester’s Allie Mellen
“What they do with it will determine if it’s a win for practitioners,” she said. “Cisco has long been a case study for acquisitions that don’t live up to their initial promise and suffer from underinvestment and a lack of focus. That said, in recent years they have maintained the Duo acquisition. To keep Splunk’s massive, loyal user base, Cisco needs to let Splunk deliver what Splunk does best: a flexible, powerful SIEM and observability offering.”
Most XDR vendors have shifted to having a SIEM or SIEM-alternative offering in their portfolios, Mellen said.
“This acquisition positions Cisco to have both sides of the coin — XDR with Cisco XDR, and a SIEM with Splunk,” she said. “This solidifies Cisco as a key player in two massive markets: XDR and SIEM.”
See our slideshow above for more on Cisco’s Splunk acquisition, including how Microsoft might benefit.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like