Cisco's Splunk Acquisition 'True Bombshell Move,' Will Have Massive Impact on Cybersecurity

Cisco’s $28 billion Splunk acquisition is a “true bombshell move” that will have a “seismic” impact on the entire enterprise cybersecurity landscape, and may foreshadow more consolidation.

That’s according to Eric Parizo, managing principal analyst at Omdia, which shares a parent company with Channel Futures (Informa). Splunk is a security information and event management (SIEM) market leader.

Omdia’s Eric Parizo

“First rumored more than 18 months ago, the deal will immediately make Cisco one of the dominant players in next-gen SIEM, a market segment that Omdia forecasts will grow to nearly $4 billion in global annual revenue by 2027,” he said. “Splunk’s established position as a premium offering with the deep resources of Cisco’s global salesforce should present immediate upsell opportunities.”

Cisco tells us Splunk’s security capabilities complement its existing portfolio, and together will provide “leading security coverage from devices to applications, to clouds.” The integration of Cisco’s extended detection and response (XDR) and Splunk’s SIEM offering will give customers a “comprehensive security platform for threat detection and response.”

The Splunk management team, under both current CEO Gary Steele and former leaders Doug Meritt and Graham Smith, deserve “tremendous credit” for dramatically accelerating the company’s transition to a cloud-based platform, and revamping its pricing model to encourage more usage and provide better value for customers, Parizo said.

Splunk Acquisition Far From Final

“Omdia anticipates little strategic change in the next nine to 12 months until the purchase is finalized following regulatory approval,” Parizo said. “In 2025, Omdia expects to see the first efforts to integrate with the Cisco Secure product portfolio, most notably Cisco’s XDR solution and the Cisco Kenna Risk-Based Vulnerability Management offering.”

There are some redundancies with Cisco and Splunk in the area of observability, but the overlap is minimal, Parizo said.

Allie Mellen, security and risk analyst at Forrester, said Cisco’s Splunk acquisition is a “massive win” for Cisco’s security business.

Forrester’s Allie Mellen

“What they do with it will determine if it’s a win for practitioners,” she said. “Cisco has long been a case study for acquisitions that don’t live up to their initial promise and suffer from underinvestment and a lack of focus. That said, in recent years they have maintained the Duo acquisition. To keep Splunk’s massive, loyal user base, Cisco needs to let Splunk deliver what Splunk does best: a flexible, powerful SIEM and observability offering.”

Most XDR vendors have shifted to having a SIEM or SIEM-alternative offering in their portfolios, Mellen said.

“This acquisition positions Cisco to have both sides of the coin — XDR with Cisco XDR, and a SIEM with Splunk,” she said. “This solidifies Cisco as a key player in two massive markets: XDR and SIEM.”

See our slideshow above for more on Cisco’s Splunk acquisition, including how Microsoft might benefit.