Cisco's Strategic Gamble: Acquiring Splunk for $28 Billion

In a bold move to strengthen its foothold in the SIEM and threat intelligence sector, Cisco has announced the acquisition of Splunk, a deal valued at a staggering $28 billion in cash. This acquisition provides fascinating insights into the shifting industry landscape as companies strive to establish themselves in an increasingly AI-centric ecosystem, competing with major players and research investors such as Microsoft and Google.

Cisco’s recent ventures in the security monitoring domain have sparked interest. While the acquisitions of AppDynamics and ThousandEyes appeared strategic, the integration of Splunk presents a more complex scenario. Despite networking remaining a cornerstone of Cisco’s expertise and a significant revenue source, the company has notably broadened its scope over the years. Venturing into security, Cisco has strategically acquired companies like Sourcefire, Thread Grid, Cloudlock, and OpenDNS.Initially, Cisco’s foray into the security space was largely centered around the then-prevailing IT/Security philosophy: secure the network’s perimeter, and everything within it will remain secure. However, this concept is now outdated but still holds relevance in the IT ecosystem when paired with EDR, a SOC, and other security measures. The cybersecurity landscape now experiences breaches from within the perimeter, facilitated by tactics like phishing, identity/password theft, bypassing Multi-Factor Authentication (MFA), and a range of advanced social engineering techniques.

Cisco has recently been expanding its security portfolio to compete with other log analytic security solutions and EDR products outside of the network wire, such as Cisco Secure Endpoint (previously named AMP). However, a former Cisco security engineer, who wishes to remain anonymous, stated, “The data between the edge and the source is very much there now and is pretty good but not well gathered and organized into one place for a SOC. Most of us didn’t have that so data was hard to analyze.”

In 2020, Cisco released Secure X, which, while serving as a dashboard, does focus on some non-Cisco network functions. However, third-party plugins or other Cisco products have to be purchased to replace the native built-in solutions in the Microsoft ecosystem such as Defender, Cloud Monitoring, Window Event logs, and Active Directory. This necessitates an extra step for Cisco users who have to purchase these solutions and now Splunk, which Cisco traditionally used to tie the other data together.

When we delve deeper into the tech fray, specifically the AI domain, the situation becomes more complex. Neither Splunk nor Cisco are frontrunners in the AI race. An industry insider commented, “There’s a discernible alignment between security and observability, but when we talk AI, the plot doesn’t quite hold.” Splunk may have a slight edge in the AI realm, but both are far from matching Microsoft’s investment into AI alone and implementation of AI into its own Security Stack, which includes Azure Sentinel and the upcoming Microsoft Security Co-Pilot.

Post-acquisition, Cisco also faces some challenges with Splunk. For those looking to implement hybrid deployments with Splunk, engineers will have to lean towards an on-premises solution, given Splunk’s current alignment with just AWS and Google Cloud’s marketplaces. Such a configuration can result in additional expenses.

Additionally, due to the egress costs associated with transferring large volumes of log data from cloud setups back to on-site systems, engineers opting for an on-premises solution could face even more increased expenses. Splunk’s well-known high prices for data storage and ingestion present another challenge. A significant number of customers have reportedly left Splunk due to these costs.

In conclusion, if your company heavily relies on Cisco products and solutions but is wary of Splunk’s pricing, you might find yourself in a favorable position. For companies with a majority of Windows endpoints, replacing native software with third-party solutions is an option, though this comes with additional costs. This raises the question: is the price worth it?

If your priority lies in endpoint and identity protection, timely patches, and rapid responses within the Microsoft ecosystem, then Microsoft Azure Sentinel and the Microsoft Security Platform may be your ideal choice.

In the dynamic environment of Silicon Valley, where innovation is paramount, this latest development prompts us to question: Is Cisco’s strategy a masterstroke or a miscalculation? Only time will truly tell.