Cisco completes $28 billion Splunk acquisition

Cisco said today it has closed its $28 billion acquisition of Splunk, promising product innovations across its security, observability and artificial intelligence portfolios with the integration of Splunk.

Splunk’s technology includes wide-reaching software for searching, monitoring and analyzing system data. Network security teams can use this information to gain better visibility into and gather insights about network traffic, firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), and security information and event management (SIEM) systems, from on-premises or its cloud-based package, according to Splunk.

With Splunk software in place, network operations teams can monitor network traffic for signs of malware, log activity, and meld data from multiple sources to identify the root cause of security problems or more quickly spot abnormal traffic patterns, according to the company.

Cisco is expected to fairly quickly integrate Splunk technologies across its products, including its Full Stack Observability, Extended Detection and Response (XDR), Security Cloud, ThousandEyes and AppDynamics platforms.

“The combination of Cisco and Splunk will provide unparalleled visibility and insights across an organization’s entire digital footprint, fueled by comprehensive security, observability, and networking solutions,” Cisco CEO Chuck Robbins wrote in a blog about closing the deal. “Our customers will be empowered to deliver seamless, secure customer and employee experiences across the physical, digital, and AI-powered worlds.”

Robbins outlined some plans for the integration of Cisco’s and Splunk’s technologies. First, Cisco intends to incorporate Cisco’s Talos threat intelligence into Splunk to give customers access to comprehensive threat intelligence to improve threat detection, speed incident response, and enable a more proactive security strategy, Robbins stated. 

“We also intend to unify our AI assistants for security, so security professionals have one common experience when utilizing AI to analyze issues and perform tasks across the combined portfolio,” Robbins stated. “We intend to enable Splunk’s market leading SIEM and SOAR platform to utilize cloud, network, and endpoint analytics available from Cisco’s security portfolio, enabling new ways for customers to detect, investigate, and respond to threats that can only be identified via lateral movement in the network.”

For its observability platform, Cisco said Splunk will enhance the package’s overall analytics and management capabilities.

“With the most powerful analytics and insights across the entire digital footprint, we will equip our customers with the observability tools to keep their digital systems up and running and avoid costly downtime,” Robbins stated. “We will also begin to deliver a common experience and workflow optimizations across the Cisco and Splunk Observability portfolios. In time, IT and engineering teams can expect AI-driven root cause analysis enhancements and assistants, inclusive of Splunk IT Service Intelligence (ITSI).”

According to Cisco, some of the specific Cisco/Splunk integrations will:

• Increase the effectiveness and efficiency of security analytics with greater visibility of endpoint and network traffic, improving analysts’ ability to detect and remediate issues before they have material impact.
• Integrate threat detection, investigation, and response to power the SOC of the Future, combining Splunk Enterprise Security, SOAR, and Attack Analyzer with Cisco telemetry and threat intelligence.
• Correlate telemetry data—used both to protect applications and their underlying infrastructure from security threats and to ensure their performance—with business context to help detect and stop issues wherever they occur before they can impact our customers’ businesses.
• Deploy AI-powered full stack observability capabilities that support trustworthy, performant, and reliable deployment of generative AI LLMs, AI APIs, and AI-powered applications.
• Bring data for security, IT, and engineering teams together on a unified platform to enable greater effectiveness and efficiency, while enabling tool consolidation.
• Provide access and analytics across a massive breadth of data in varied domains—such as security, networking, applications, users, identities—at massive scale, enabling customers to harness the power of AI.

Provided the large-scale Cisco/Splunk integration goes well, the implications for customers and competitors could be significant, experts say.

“Cisco’s resources and proficiency in networking, security, and cloud technologies will equip Splunk with a solid platform to enhance its security and observability offerings. This tactical move will allow Splunk to take advantage of Cisco’s cutting-edge technologies and global presence to create innovative solutions that cater to changing demands of organizations worldwide,” said Futurum Group analysts Steven Dickens and Sam Holschuh in a blog they recently wrote about the then-pending acquisition.

Splunk and Cisco will have the capability to build holistic solutions that deliver end-to-end visibility and security in diverse, multi-cloud environments, the analysts wrote. “This capability will provide organizations with deeper insights of their systems and applications, identify and address threats more efficiently, and reinforce the resilience of their digital infrastructures.”

“Moreover, the acquisition will empower Splunk to fast track its AI and ML capabilities, utilizing Cisco’s expertise in these fields to create advanced analytics and automation solutions. These solutions will allow organizations to automate the process of detecting anomalies, conducting predictive analytics, and performing root cause analysis, enabling them to proactively identify and resolve issues before they negatively affect operations,” the Futurum analysts wrote.

IDC analysts Christopher Kissel, Michelle Abraham, and Frank Dickson said of the then-pending acquisition that it was a “go big or go home” deal for Cisco, and they noted that in 2022, the combined revenue of Splunk and Cisco in cybersecurity and identity access management was $2.54 billion.

“Splunk offers a combination of both on-premises and SaaS/cloud solutions and revenue streams, with the latter being a Cisco financial focus for the past several years. Cisco has made massive transformations across its product, engineering, go-to-market, and customer success functions and its channel relationships to drive software sales, subscription pricing, and SaaS-delivered products,” the IDC analysts wrote.

“Splunk offers Cisco a large enterprise direct sales footprint, which contrasts with Cisco’s indirect channel go-to- market strategy. Cisco’s channel prowess offers Splunk a broader distribution for certain security and observability use cases, expertise, and Splunk application development opportunities,” the IDC report stated.  “This is notable as technology executives consider the opportunities for data, analytics, and collaboration between these separate teams to increase both service performance and security postures using Splunk’s data and analytics. In addition, over 3,000 applications have been developed for the Splunk Platform. Cisco’s channels can continue to populate this model with new use cases and access to larger data sets and analytic models.”