Cisco Announces $28 bn Acquisition of Splunk, Strengthening Cybersecurity and Observability Portfolio

In a significant move to bolster its cybersecurity and observability offerings, global technology giant Cisco has announced its intent to acquire Splunk, a leading player in the cybersecurity and observability domain. The acquisition is valued at $157 per share in cash, translating to an approximate equity value of $28 billion.
Cisco booth at MWC 2018Cisco, the leading enterprise networking supplier, has generated revenue of $3.9 billion from its security business during the fiscal year results for the period ended July 29, 2023. Cisco’s total revenue was $57 billion, an increase of 11 percent, during the fiscal.

The integration of Splunk’s robust security capabilities into Cisco’s existing portfolio is expected to create a powerful synergy, delivering unparalleled security analytics and coverage across a spectrum ranging from devices to applications to cloud environments.

Cisco and Splunk’s collaborative strengths promise enhanced observability solutions for hybrid and multi-cloud setups, empowering customers to optimize application performance and elevate digital business experiences. Notably, the acquisition positions the companies to responsibly harness the potential of artificial intelligence, leveraging their extensive scale, data visibility, and established trust framework.

Gary Steele, President and CEO of Splunk, is set to assume a vital role within Cisco’s Executive Leadership Team, reporting directly to Chair and CEO Chuck Robbins.

In the fourth quarter of fiscal 2023, Cisco closed the following acquisitions: Lightspin Technologies., a cloud security software company; Smartlook, a company that provides a digital experience and product analytics solution that monitors user engagement on websites and mobile applications in real time; and Armorblox, a company focused on the use of Large Language Models and natural language understanding in cybersecurity.

The acquisition plan has garnered unanimous approval from the boards of directors at both Cisco and Splunk. Pending regulatory approval and customary closing conditions, including the consent of Splunk shareholders, the acquisition is anticipated to conclude by the end of the third quarter of calendar year 2024.

Gartner Comments

Mitchell Schneider, Sr. Principal Analyst at Gartner, said that the security information and event management (SIEM) market continues to grow. Gartner still sees SIEM being very much a part of an organization’s threat, detection, investigation and response (TDIR) capability and at the center of the security operations center (SOC) ‘solar system’.

At the same time, the market continues to see innovators and disrupters enter the market, including cloud service providers, such as Microsoft and Google. My belief is that Cisco is simply following market demand by offering a comprehensive stack for detection and response – not only including SIEM, but through prior acquisitions of extended detection and response (XDR) as well.

Splunk is one of the more visible SIEM vendors in the market. I also think Cisco is looking to obtain Splunk’s IT observability capabilities. And it is not just SIEM and IT observability Splunk offers. Splunk’s security operations suite consists of SIEM, user and entity behavior analytics (UEBA), security orchestration, automation and response (SOAR), as well as threat intelligence platform (TIP) to aggregate threat intelligence data.

In Gartner’s Vendor Rating: Cisco research, it states, “Investments in a common cloud log storage mechanism (like SIEM, for example) to complement SecureX’s real-time query capabilities will be necessary if Cisco wants to remain a player in the emerging XDR market”. It is possible, this was one of the contributing factors for acquiring Splunk as Cisco needed either a SIEM or other cloud storage capability.

A couple years ago, Cisco acquired Kenna Security, which is a vulnerability prioritization technology (VPT) solution. Kenna’s exploitation prediction capability provides strong practical advanced analytics. I would not be surprised if they apply Kenna’s prediction engine to Splunk’s security operations suite to facilitate risk-based TDIR.

Many SIEM customers leverage external help via a managed SIEM service provider. Cisco also provides security services. This may create opportunities or challenges.