Cisco has announced its plan to acquire Splunk, a move that signals its intention to reshape secure information and event management (SIEM). The deal, valued at $28 billion, is set to be Cisco’s largest acquisition to date. Cisco will purchase Splunk shares at $157 each, representing a 31% premium over the closing price of Splunk’s stock on Wednesday.
The acquisition of Splunk will enhance Cisco’s cybersecurity protection portfolio significantly. Cisco chairman and CEO Chuck Robbins stated that the combined capabilities of the two companies will create an end-to-end data platform to enhance digital resiliency. The deal is expected to close in the third quarter of 2024, pending shareholder and regulatory approvals.
Although regulatory scrutiny of large deals has increased, Robbins is confident that this deal will be approved. He noted that there is little overlap between the offerings of Cisco and Splunk, which may work in their favor when seeking approval.
The announcement of the deal came as a surprise to many industry watchers, as there was little recent indication of Cisco’s plans to acquire Splunk. Analysts believe that this move may have a seismic impact on the enterprise cybersecurity landscape and could foreshadow further consolidation in the industry.
Eric Parizo, a managing principal analyst at Omdia, believes that the deal will position Cisco as one of the dominant players in the next-generation SIEM (NG-SIEM) market. Omdia forecasts that the NG-SIEM market will generate nearly $4 billion in global annual revenue by 2027. Parizo also expects that the deep resources of Cisco’s global salesforce will present upsell opportunities for Splunk’s premium offering.
However, some analysts caution that Cisco has a checkered past with large acquisitions and must ensure that Splunk’s offerings remain intact to retain its user base. Allie Mellen, an analyst at Forrester, advises Cisco to let Splunk deliver its flexible and powerful SIEM and observability offering.
The deal comes at a time when there is growing focus on next-generation SIEM, as organizations need to transition from legacy platforms to those that support multicloud and cloud-native applications and infrastructure. Platform providers are also expanding their extended detection and response (XDR) capabilities.
CrowdStrike, another major player in the cybersecurity space, recently released an enhanced iteration of its NG-SIEM offering called LogScale. The company’s CEO, George Kurtz, believes that XDR will eventually replace SIEM. Analysts note that most XDR vendors have shifted to including a SIEM or a SIEM-alternative in their portfolio, which gives them an advantage in the market.
With the acquisition of Splunk, Cisco will have both XDR capabilities with Cisco XDR and a SIEM with Splunk, positioning the company as a comprehensive security solution provider.
Industry experts anticipate that customers who are wary of vendor acquisitions may become more open to alternative SIEM offerings. The deal between Cisco and Splunk may create opportunities for other vendors like Google Chronicle SIEM and Microsoft to engage with Splunk’s installed base.
In summary, Cisco’s acquisition of Splunk for $28 billion is set to reshape the SIEM market and strengthen Cisco’s cybersecurity protection portfolio. While the deal comes as a surprise, industry analysts believe it positions Cisco as a dominant player in the NG-SIEM market. However, Cisco must ensure that Splunk’s offerings remain intact to retain its loyal user base. The acquisition comes at a time when next-generation SIEM and XDR capabilities are in high demand, indicating the growing importance of comprehensive security solutions.