The rumor of Cisco buying Splunk has turned out to be true, and the deal between the two companies is making waves in the technology industry. While there are financial motivations behind the acquisition, such as Cisco’s desire to increase its annual recurring revenue and expand into higher-margin software sales, there are also important strategic reasons why this deal is beneficial for Cisco.
One of the key reasons for this acquisition is the importance of data in today’s security landscape. Traditionally, security technologies relied on preset configurations, rules, and threat intelligence feeds to enforce policies and make decisions. This approach often led to a fragmented security infrastructure. However, with the consolidation of tools and the increasing role of analytics engines, data analysis has become crucial in identifying new risks, monitoring IT changes, and directing security technologies. In this context, technologies like Splunk act as the central brains of the operation, while individual security controls function as sensors and actuators. By acquiring Splunk, Cisco can further enhance its data capabilities and centralize analytics and telemetry to create a more efficient and effective security infrastructure.
Another advantage of this deal is the opportunity to modernize the Security Operations Center (SOC). SOC modernization is a growing trend as organizations require scalability, advanced analytics, and automation to address the complexities of multi-cloud IT infrastructure. Splunk has been at the forefront of SOC modernization, and with Cisco’s contributions such as threat intelligence and extended detection and response (XDR) offerings, the two companies can create a comprehensive SOC workbench. This integration allows Cisco to extend Splunk environments with its own security technologies or replace legacy Security Information and Event Management (SIEM) solutions, providing a win-win situation for both companies.
In addition to SOC modernization, the acquisition of Splunk opens up new opportunities for managed services deals. Research from Enterprise Strategy Group (ESG) shows that a significant number of enterprises use managed services for security operations, and this trend is expected to continue. Splunk already has a strong presence in the managed Splunk market, and by aligning it with Cisco’s managed detection and response offerings, the potential for managed services deals greatly expands. Moreover, Cisco’s extensive network of channel partners can help identify additional revenue opportunities around Splunk, XDR, SOC modernization, and cyber-risk management.
The acquisition of Splunk also complements Cisco’s zero-trust approach to security. Zero trust requires a system to act as the policy decision point (PDP) while various technologies serve as policy enforcement points (PEPs). While Cisco has many PEPs, it lacks a dedicated PDP. By integrating Splunk’s capabilities with Cisco’s existing technologies, the two companies can fill this gap and create a comprehensive zero-trust architecture.
Furthermore, the deal with Splunk positions Cisco to move towards a self-service network with improved observability and security. Splunk’s monitoring capabilities can help automate the provisioning, security, updating, tuning, and continuous monitoring of network devices. This combination of observability, security, analytics, and policy enforcement creates a more efficient and autonomous network infrastructure.
Lastly, the acquisition of Splunk enables Cisco to compete with Microsoft in the security tools market. Microsoft’s E5 license offers a range of security tools, including its SIEM solution, Azure Sentinel. While Splunk may find it challenging to compete with Microsoft solely based on price, Cisco’s broad security portfolio and similar pricing model provide a viable alternative. This removes one of the major obstacles for Splunk and enhances its competitiveness in the market.
While the strategic benefits of the Cisco/Splunk merger are clear, there are challenges that need to be addressed. Splunk has faced criticism in the past for its high prices and sales tactics. To overcome these concerns, Cisco should prioritize customer success and engage with key Splunk customers to build relationships and understand their needs. Additionally, Cisco should leverage its customer success methodologies to ensure a smooth transition for Splunk customers and address any historical bitterness.
Overall, the acquisition of Splunk by Cisco represents a strategic success for the company. By leveraging Splunk’s data capabilities, modernizing the SOC, expanding managed services offerings, complementing zero trust, enhancing observability and security, and competing with Microsoft, Cisco is positioned to strengthen its presence in the security market and provide customers with a comprehensive and sophisticated security solution.