Cisco significantly bolsters security portfolio with $28B Splunk buy

Cisco significantly bolsters security portfolio with $28B Splunk buy

Cisco expects to integrate Splunk technology across security systems.

Credit: Dreamstime

Looking to significantly reinforce its security software portfolio, Cisco has struck a $28 billion cash deal to acquire enterprise and cloud protection company Splunk.

Founded in 2003, Splunk’s software platform is known for its wide-reaching ability to search, monitor and analyse data from a variety of systems. Network security teams can use this information to gain better visibility into and gather insights about network traffic, firewalls, intrusion detection systems (IDSes), intrusion prevention systems (IPSes), and security information and event management (SIEM) systems, from on premise and or its cloud-based package, according to Splunk.

With Splunk software in place, network operations teams can monitor network traffic for signs of malware, login activity, and meld data from multiple sources to identify the root cause of a security problem or more quickly spot abnormal traffic patterns, according to the company.

Cisco expects to bring all of those capabilities and more to its security portfolio.

“Together, we will become one of the largest software companies globally,” Chuck Robbins, chair and CEO of Cisco told analysts during a call about the acquisition. “Our combined capabilities will create an end-to-end data platform to enhance digital resiliency.”

Robbins said, for example, that Splunk security capabilities complement Cisco’s existing security portfolio particularly through integration of Cisco's new Extended Detection and Response (XDR) and Security Cloud platforms.

Cisco’s XDR service brings together a myriad of Cisco and third-party security products to control network access, analyse incidents, remediate threats, and automate response all from a single cloud-based interface.

“Our best security insights and Splunk security information and event management offering will be able to help our customers move from threat detection and response to threat prediction and prevention,” Robbins said.  “In terms of observability our complementary capabilities will offer observability for the full IT stack from the application to the network across hybrid and multi cloud environments. Together Cisco and Splunk will deliver an end-to-end enterprise grade Full Stack Observability (FSO) platform.”

The FSO integration could be interesting in that Cisco just launched its FSO platform in June and has only recently begun adding new features to the system. Cisco’s FSO is designed to correlate data from application, networking, infrastructure, security, and cloud domains to make it easier for customers to spot anomalies, preempt and address performance problems, and improve threat mitigation.

When asked about potential product overlap particularly in the observability area, Robbins said: “I don't think we have significant overlap. But I think we have if you think about the data platform and the observability progress that [Splunk] has made, and you couple that with our application visibility with ThousandEyes we think we can actually extend well.”

Robbins also said Splunk integration will only bolster Cisco’s ongoing investment in all things AI.

“As we mentioned in our most recent results we've already taken half a billion dollars of orders for AI infrastructure,” Robbins said.

“There's also a huge opportunity with enterprises to help them responsibly unlock the opportunities that come with AI,” Robbins said.  Factoring in the acceleration and adoption of generative AI, expanding threat surfaces, and multiple cloud environments, it creates a level of complexity that is unlike anything organisations have faced, Robbins said.  With hyper-connectivity growing and increasing cyber threats, the value of data only increases, and that’s why this deal makes sense.”

Once the deal closes, which Cisco expects by the end of the third quarter of 2024, Splunk’s CEO, Gary Steele, will join Cisco’s Executive Leadership Team and the company's employees will be blended into Cisco’s security team.

“Cisco and Splunk have had a long and successful partnership, underpinned by products and capabilities that fundamentally complement each other and enhance the value we deliver to customers,” Steele wrote in a blog about the acquisition.

The Splunk buy is Cisco’s sixth since June, its 10th this year and one of the largest it has ever undertaken.  For example it spent $6.9 billion on Scientific Atlanta in 2006, $2.6 billion on Acacia Communications in 2019 and $1.2 billion on Meraki in 2012.

Most recently, Cisco said it intended to acquire cloud native mobile core developer Working Group Two (WG2) for an undisclosed amount.  WG2 is known for its mobile technology that helps public and private service providers and enterprise customers build secure and scalable mobile backbones.

Earlier this year Cisco grabbed up startup Border Gateway Protocol monitoring firm Code BGP.  Privately held Code BGP will ultimately become part of Cisco’s ThousandEyes network intelligence product portfolio and bring a cloud-based platform that among other features, maintains an inventory of IP address prefixes, peering and outbound policies of an organisation via configured sources, like BGP feeds. BGP tells internet traffic what route to take, and the BGP best-path selection algorithm determines the optimal routes to use for traffic forwarding.

In July Cisco announced its intention to acquire security startup Oort for an undisclosed amount. Oort offers an identity threat detection and response platform for enterprise security. 

Cisco also recently announced plans to acquire privately held broadband-network monitoring company SamKnows for an undisclosed amount.

SamKnows uses a global network of software agents dispersed among home systems, mobile devices and service provider networks, for example, to get a real-time measurement of internet performance and customer experience. Through a central dashboard, the company can analyse the results, spot faults, and identify the root cause of problems to help with remediation.

Another fresh deal is Cisco's planned acquisition of Accedian Networks for an undisclosed price. Accedian's performance analysis and monitoring platform — aimed at mobile backhaul, data center services, service providers and cloud connectivity customers — provides network visibility, diagnoses problems and recommends remediation.

Cisco’s other acquisitions this year include Armorblox for large language models, Smartlook for mobile application monitoring, Lightspin for cloud security, and Valtix for cloud network security.

Show Comments