Cisco’s $28 billion acquisition of Splunk in September has generated new uncertainty for users regarding the future of threat detection and response in the cloud. The steep buyout premium of 31% over the market price reflects an expectation that customers will stick around and gain a preference for additional Cisco security products.
Organizations that have invested in Splunk infrastructure and content over the years have valid reasons to stay on. Many fear that severing ties with Splunk would wreak havoc on workflows that Security Operations Centers (SOC) rely on to assess and mitigate security threats to the business. However, recent layoffs and delays in their cloud transition have sparked interest in potential alternatives.
The cybersecurity ecosystem is in the midst of a significant shift, with security teams prioritizing flexibility and optionality. There is a growing demand for decoupled solutions, from data pipelines to threat detection platforms. The interest in decoupling threat detection from log storage is driven by the cost difference between data platform options. While tightly coupled SIEM solutions impose a steep ingest tax, cloud data lake options charge by usage and do not limit retention. This has resulted in significant cost savings and improved visibility, making new data platforms appealing to CISOs.
With the transition to a new era of freedom for Splunk + Snowflake users, enterprises are seeking ways to augment Splunk with data platforms that deliver efficiencies and support the latest machine learning. While “rip and replace” is not an option for most organizations, a bridge is needed for the transition from monolithic SIEMs to a security data lake architecture.
Enterprises can now use Snowflake alongside Splunk, providing them with more choices and freedom for their security data. Despite Splunk’s continued relevance in cybersecurity, Cisco will invest heavily in bolstering Observability and application monitoring. The “all in one” approach is being replaced by a SOC architecture that utilizes the most suitable home for each data source and use case.
Omer Singer, the VP of Strategy at Anvilogic, believes that security teams demand the liberty of choosing where their data lives and the flexibility to detect threats equally well across their SIEM and data lake of choice. With his extensive experience and background, he looks forward to helping organizations achieve this in his new role at Anvilogic.
In conclusion, Cisco’s acquisition of Splunk has triggered a wave of change in the cybersecurity landscape, with security teams seeking flexibility and optionality in their solutions. The demand for decoupled solutions and the transition to a new era of freedom for Splunk + Snowflake users marks a significant shift in the industry. The future of threat detection and response in the cloud is evolving, and security teams are looking for the best solutions to meet their evolving needs.