Open XDR , Security Information & Event Management (SIEM) , Security Operations

Cisco to Bring XDR, SIEM Together With $28B Splunk Purchase

Cisco-Splunk Deal Will Fuel Move From Detection, Response to Prediction, Prevention
Cisco to Bring XDR, SIEM Together With $28B Splunk Purchase

Cisco's proposed $28 billion buy of Splunk allows businesses to move from threat detection and response to threat prediction and prevention by combining XDR and SIEM.

See Also: Moving Beyond Fragmented Cloud Security with Unified SASE

The colossal acquisition would bring together Cisco's new extended detection and response platform, which became generally available to customers Aug. 1, and Splunk's long-standing security information and event management platform, which Gartner has named a leader in the space for nine consecutive years. The acquisition is believed to be the largest in Cisco's nearly four decades of operations (see: Cisco's New XDR Tool Emphasizes Robust Telemetry Correlation).

"If you take that XDR capability and you combine it with the SIEM capability that Splunk brings, we believe that we really have the opportunity to predict and prevent threats, particularly when we layer AI on top of all that data," Cisco CEO Chuck Robbins told investors. "From the beginning of our conversation on this, Cisco's security team is incredibly excited about the opportunity to work with Splunk."

Cisco's stock is down $2.25 - or 4.05% - to $53.25 per share in premarket trading Thursday, which is the lowest the company's stock has traded since Aug. 16. Conversely, Splunk's stock is up $25.13 - or 21.01% - to $144.72 in premarket trading Thursday, which is the highest the company's stock has traded since April 1, 2022. Cisco agreed to pay $157 per share, and the deal is expected to close by September 2024.

The deal announcement comes 19 months after The Wall Street Journal reported that Cisco had offered to purchase Splunk for more than $20 billion. A few days later, Robbins told investors, "We are always disciplined and continue to focus on organic and inorganic opportunities … We are constantly evaluating potential opportunities." But chatter about a Cisco-Splunk transaction remained silent until today.

What Splunk's Security Practice Brings to the Table

Splunk generates more than half of its $3.65 billion in sales from cybersecurity, and CEO Gary Steele told Information Security Media Group in February that security is the company's most important segment. In addition to SIEM, Splunk offers security orchestration, automation and response, user behavior analytics, security monitoring, incident management, threat hunting, insider threat detection, and compliance (see: Splunk CEO on Enriching the SIEM With UEBA and Threat Intel).

"The world of old-school SIEM has fundamentally changed," Steele told ISMG in February. "It has really become a platform where you're driving broader adoption of a broad range of capabilities that make the SOC much more efficient. This includes not only detection and response but also really understanding what the heck is going on in your environment if some event happens."

Steele, 60, became Splunk's CEO in April 2022 after nearly two decades as founder and CEO of email security vendor Proofpoint. He will join Cisco's executive leadership team after the acquisition closes and report directly to Robbins.

"When you talk to our customers today and you look at their security operation centers and the dependency that they have on Splunk technology, we've heard a lot of positive comments, particularly over the last 18 months with the progress that's been made," Robbins told investors Wednesday. "Many customers have actually asked Splunk to make sure they maintain an on-prem and cloud version."

What Cisco's Security Practice Brings to the Table

Although Cisco's security business accounts for less than 9% of the company's $43.14 billion in overall revenue, it is more than double the size of Splunk's security practice in absolute terms. Cisco's security sales jumped to $3.86 billion in the fiscal year ended July 29, 2023, up 4% from $3.7 billion a year earlier due to growth in the company's unified threat management offerings and zero trust portfolio.

"We believe that we really have the opportunity to predict and prevent threats."
– Chuck Robbins, chairman and CEO, Cisco Systems

Under the leadership of Jeetu Patel - who joined Cisco from Box in the summer of 2020 - Cisco has doubled down on correlating data from different telemetry points to assess the severity of a security incident, culminating in this summer's debut of Cisco XDR. Outside of XDR, Cisco also offers cloud and application security, industrial security, network security, user and device security and SASE (see: Jeetu Patel on Having a Consistent Design at Cisco Security).

Patel has named a pair of new deputies since starting at Cisco, promoting Shailaja Shankar in September 2021 to lead Cisco's security business group and replace Gee Rittenhouse, who subsequently became CEO of Skyhigh Security. Then in January, longtime VMware networking and security leader Tom Gillis took over as Cisco's top cyber executive, and Shankar shifted to oversee the security engineering team.

"We have great new leadership in the security business unit. We've launched significant innovation this year," Robbins told investors Wednesday. "The integration [with Splunk] on the product side - we would intend to start that on day one."


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.