On Thursday Cisco agreed to buy Splunk in a $28 billion deal intended to address AI-enabled security and observability issues.
Cisco announced yesterday its intention to acquire Splunk, a renowned name in data observability and security, in a deal valued at approximately $28 billion. Cisco intends to pay $157 in cash for each share of Splunk.
This acquisition, which is Cisco’s biggest deal ever, is aimed at furthering the company’s move to develop the next generation of AI-enabled security and observability solutions that aren’t capable of only threat detection and response but also threat prediction and prevention.
Also, Splunk’s technology helps businesses monitor and analyze their systems for cybersecurity risks and other threats. Cisco has focused mainly on manufacturing computer networking equipment, which is a line of business that has recently come under an increasing rate of supply chain attacks. With this acquisition, Cisco hopes to cut down its decades-long reliance on networking equipment manufacturing and solidify its cybersecurity and AI commitments to meet client demand and fuel growth.
When will the Cisco/Splunk deal close?
This deal is set to close by the end of the third quarter of 2024. Although a unanimous agreement has been reached by the boards of directors at both Cisco and Splunk, the deal is still subject to regulatory approval and the consent of Splunk shareholders. Assuming the deal is finalized, Splunk CEO and President Gary Steele will join Cisco’s executive leadership.
Why this acquisition is a good move for Cisco and Splunk
New revenue streams and security innovations
Cisco asserts that the merger will accelerate its revenue growth without impacting its previously announced share buyback program or dividend program. In addition, this acquisition is fueled by the changing landscape in which Cisco operates.
The rising influence of the public cloud has significantly impacted Cisco’s traditional legacy technologies, necessitating the exploration of new and substantial revenue streams. In response, Cisco has identified cybersecurity as a key area for growth and investment as it seeks to adapt and thrive amidst evolving industry dynamics. This is also good for Splunk, as the company has struggled in recent years with cloud innovations for its security information and event management platform.
Prior to this Splunk news, Cisco’s largest deal was the $7 billion purchase of Scientific-Atlanta, a leading provider of cable set-top boxes, end-to-end video distribution networks and video systems integration back in 2006, which only accounted for a 7% of Cisco’s market cap at the time.
What the CEOs are saying
“We’re excited to bring Cisco and Splunk together. Our combined capabilities will drive the next generation of AI-enabled security and observability. From threat detection and response to threat prediction and prevention, we will help make organizations of all sizes more secure and resilient,” said Chuck Robbins, chair and chief executive officer of Cisco, in the company’s press release about the deal.
Splunk’s Steele is quoted in the press release as stating that the decision was necessary to bring about another phase of growth in the company’s journey. “Uniting with Cisco represents the next phase of Splunk’s growth journey, accelerating our mission to help organizations worldwide become more resilient while delivering immediate and compelling value to our shareholders. Together, we will form a global security and observability leader that harnesses the power of data and AI to deliver excellent customer outcomes and transform the industry.”
SEE: Checklist: Network and systems security (TechRepublic Premium)
Industry experts’ reactions to the Cisco/Splunk news
Some industry experts have expressed concerns about how technologies from each firm will fuse into the other, especially in the areas of AI and SIEM cloud adoption. Neither Cisco nor Splunk are considered key players in the AI space, and Splunk hasn’t perfected SIEM cloud automation.
In a statement made available to TechRepublic, Adam Geller, chief executive officer of cloud-native SIEM platform Exabeam, reacted by stating, “We believe this is a good outcome for Splunk. They’ve struggled to get to cloud-native and their innovation velocity has slowed. This acquisition might be the best exit for them. Today’s cybersecurity customer demands innovation in cloud-native solutions, particularly in this AI-driven era where over 90% of today’s enterprises are using the cloud over on-premises solutions.”
Reacting to the news in a LinkedIn post, Rob Strechay, lead enterprise tech analyst at SiliconANGLE Media’s theCUBE, argued that while the deal offers to bring SIEM and extended detection and response together for a more comprehensive platform, it still faces a challenge in AI integrations and advancements. “Splunk and Cisco are behind on their use of AI, and the current architectures of the products do not lend themselves to immediate competitive advantage, in particular with some of the independent and hyperscale security competitors,” Strechay wrote.
What this means for the future of SIEM and SOC teams
The global SIEM market is projected to reach $5.5 billion by 2025, according to MarketsandMarkets. While there is a potential that Cisco and Splunk have complementary capabilities that span the security analytics spectrum, there are challenges that may stand in their way.
A recent survey of more than 230 security professionals by Gurucul at the 2023 RSA Conference shows that SIEM users still face many challenges, thus affecting SIEM adoption.
More than 42% of the respondents struggle with adding new data to SIEM tools, and that this process sometimes takes days, weeks or even months. This indicates that SIEM providers are still struggling to efficiently implement a reliable automated data ingestion feature in their SIEM solutions. Nearly 23.6% of survey respondents revealed they use third-party automated data source mapping tools to ingest data into their SIEM solutions. Also, about 17% responded aren’t confident that SIEM solutions can help them detect unknown threats.
These survey results reveal the SIEM market still has a long way to go. So, regardless of who acquires whom, the SIEM market is very much open to the vendor(s) capable of addressing most or some of these challenges.