Cisco Systems‘ rumored acquisition offer for Splunk would create one of the largest cybersecurity vendors in the world.

The Wall Street Journal reported that Cisco offered the data observability and security information and event management (SIEM) provider $20 billion. People close to the company said the talks occurred recently, according to the Journal. However, those same sources indicated that Cisco and Splunk aren’t currently talking to each other.

Neither company agreed to requests for comment.

“As a policy, we don’t comment on rumors or speculation,” a Splunk spokesperson told Channel Futures.

360 SOC’s Chris Ichelson

Chris Ichelson, CEO at managed security services provider 360 SOC, said such a deal would make Cisco “the overpowering giant” in the security industry. Ichelson, whose company is a certified Cisco partner, said the deal could help Cisco with its SIEM capabilities. In addition, he said Splunk’s Phantom and SOAR offerings will give security operations centers better availability than Cisco’s Secure X platform.

“Should Cisco decide to make this transaction or another similar transaction, [it] could easily bridge the gap in to the missing components of the Cisco security offering or fabric,” Ichelson told Channel Futures. “A purchase of Splunk would include a leading data-driven platform coupled with a leading SOAR ‘Phantom.’ My opinion is Cisco could win back many lost security customers with this.”

Other Cisco Acquisitions

Splunk would join a host of other companies Cisco has bought in recent years to bolster its software, security and cloud stack. Cisco in 2018 bought Duo Security, which provides single sign-on tools, two-factor authentication and endpoint remediation. The deal cost nearly $2.4 billion. Cisco announced the acquisition of PortShift in 2020 to bolster its security capabilities in Kubernetes environments. Moreover, the company in 2017 spent $3.7 billion to acquire AppDynamics. AppDynamics provides observability capabilities that many pundits describe as similar to Splunk. Cisco has bolstered its AppDynamics portfolio with acquisitions of network intelligence provider ThousandEyes, Kubernetes cost and governance management provider Replex, and other companies.

A $20 billion deal would dwarf all of the prior ones. However, Daniel Newman, principal analyst at Futurum Research, said the price might need to go higher.

Cisco and Splunk

Gossip about Cisco buying Splunk dates back to 2019, when RBC Capital’s Matthew Hedberg said Splunk could complement the AppDynamic portfolio. He said a deal could create a “premier data management platform.” Furthermore, he said Splunk could bring security expertise to Cisco.

“With around 50% of Splunk’s use cases being security-related deals, buying Splunk would also get Cisco deeper into security,” Hedberg said at the time.

Cisco and Splunk are no strangers to one another. Splunk won …

… Cisco’s ISV of the Year award in 2016.

TechCrunch senior editor Alex Wilhelm pointed out that Cisco remains a predominantly hardware-based company, with its recent networking revenues hitting about $6 billion last quarter, despite its ambitions of becoming a software and services company. On the other hand, Splunk reported a 75% year-over-year increase in its cloud annual recurring revenue (ARR) in its latest quarterly earnings.

“Cisco’s interests in Splunk can be described both in terms of cloud revenue addition – accelerating its revenue mix-shift to software from hardware in a single move – and acceleration; Splunk’s cloud business is growing more quickly than the fastest-growing segment of Cisco software. So, the Splunk deal is scale and speed in one,” Wilhelm wrote on Twitter.

Analyst Perspective

Eric Parizo watches Splunk as part of his job as Omdia‘s principal analyst for cybersecurity operations. He observers of Splunk view it in two different ways.

One group recommends an inorganic growth route.

“Wall Street has been somewhat frustrated because they believe the company’s performance recently has been somewhat uneven versus the predictability the company has offered in the past and what financial analysts expect. As a result, some believe that Splunk’s growth opportunity has maxed out, and perhaps now is the time to pursue an acquisition in order to maximize value,” Parizo told Channel Futures.

Omdia’s Eric Parizo

However, Parizo and Omdia don’t view a Cisco acquisition as favorable for Splunk. He credited former CEO Doug Merritt (who left the company in November) for helping to transform its revenue model.

“Merritt led a trying yet largely successful multiyear transition away from ingestion-based pricing, a model that proved lucrative but was causing Splunk to be decreasingly competitive in the marketplace, to a workload pricing program, a much more reasonable model which charges based on the compute power required to run its software,” Parizo said. “During Merritt’s eight years at the helm, Splunk grew from $302 million in revenue in fiscal 2014 to nearly $3 billion in annual recurring revenue in the third quarter of fiscal 2022, when Merritt departed, leaving Splunk financially strong. At the same time Splunk is strategically on track to continue its growth, focusing on high-growth areas like cybersecurity and observability.”

Synergistic?

A Cisco cybersecurity specialist answered objections that her company’s acquisitions have ultimate harmed the purchased companies.

Morgan Stanley analyst Meta Marshall wrote that the “mixed bag” of success Cisco has encountered in M&A should not deter it from pursuing Splunk.

” … an ability to package Splunk’s leading Security analytics and ITOM solutions with other security offerings, further optimize distribution and pricing, could present very interesting potential M&A synergies for Cisco,” Marshall said.

Partner Perspective

Despite the advantages the deal might provide for the customer, Ichelson said it might also present challenges for partners. Specifically, it could raise complexity.

“For the Cisco-driven partner, I think this also would open up a challenging-to-navigate and difficult channel partner onboarding process,” Ichelson said. “For many, they look away from both brands because of certifications and unrealistic requirements of most.”

Ichelson said he expects consolidation to continue.

“Companies will recognize that orchestration happens more efficiently in a like-branded world; therefore, more of this should and will happen,” he said.

Speaking of cybersecurity acquisition rumors, Microsoft has reportedly mulled an acquisition of Mandiant, formerly known as FireEye.