Ventana Research Analyst Perspectives

The acquisition of Splunk by Cisco marks a significant milestone in the digital security industry. This strategic move combines the strengths of two industry leaders, offering a suite of products and services underpinned by artificial intelligence technologies. However, like any major business decision, it comes with challenges and potential risks. Ventana Research presents an analysis of the strengths, weaknesses, opportunities and threats associated with this acquisition, offering valuable insights to help chief information officers and chief information security officers understand the implications of this transaction and make informed decisions for their organizations.

Strengths: The deal brings together two organizations with a wealth of complementary expertise. The combined business touts products in observability and digital security supported by machine learning technologies. This enhances the joint product capabilities and provides organizations with a more comprehensive approach tailored to specific needs.

Cisco announced its Extended Detection and Response security platform at the RSA Conference earlier this year. The platform increases an organization’s visibility across the network and endpoints to improve risk management and remediation time for security operations centers (SOCs).

Splunk is an established provider of security information and event management technology. The Splunk Enterprise Security product uses SIEM to provide a single, streamlined view of an organization’s data. This allows the organization to detect, investigate and respond to security threats identified by real-time visibility across on-premises, hybrid or cloud environments. It also delivers historical analysis. Combining Cisco XDR with Splunk SIEM observability and enhancing it with AI technologies could enable organizations to accelerate data reviews, improving threat prediction and prevention.

The acquisition’s strengths lie in its ability to deliver superior value to enterprise organizations, helping navigate the complexities of the digital landscape with greater ease and efficiency. This positions the combined entity as a trusted partner for organizations seeking to incorporate technology for business growth and digital security. Splunk also offers a simplified approach to structuring contracts, according to IT leaders familiar with both vendors, which is an efficiency they hope will be retained by the new entity. Objections to a vendor over its licensing complexity could be a deal-breaker for organizations that have yet to decide.

Weaknesses: Integrating two large organizations, such as Cisco and Splunk, is a complex process that presents several challenges. One of the primary concerns is aligning the strategic objectives of both companies, which may have evolved independently over time. This alignment is crucial to warrant that the combined entity can operate effectively and deliver on its promises. Another concern is the resulting technology strategy of the new entity and any leverage between the two organizations, which is unclear at the onset of the acquisition. Splunk’s evolution of its product and technology cloud architecture has evolved such that its adoption varies across a wide range of use cases.

Another significant challenge is managing the distinct cultures of both organizations. With its contrarian business culture that shares similarities with the hacker community, Splunk operates quite differently from Cisco, a traditional enterprise network equipment vendor. This cultural difference could lead to friction during the integration process and potentially impact the efficiency and effectiveness of the combined entity in how it communicates to respective customers and audiences.

Organizations considering the products and services resulting from this acquisition could find these weaknesses pose certain risks. The integration challenges might lead to delays in product development or service delivery. Furthermore, cultural differences could impact the quality of customer service and support provided by the new entity. Therefore, enterprise organizations need to carefully evaluate these potential risks when deciding to engage with the combined business.

Opportunities: The acquisition presents a unique opportunity to incorporate AI technologies to enhance digital security and observability. Initial services offered by the combined entity are expected to feature AI-enhanced search capabilities, providing users with a more efficient and effective experience. Looking ahead, the introduction of generative AI into future products could further customize and personalize the user experience. Ventana Research asserts that through 2026, more than one-half of organizations will increase their investment in observability technology to accelerate the value being generated from telemetry data including logs, traces and metrics.

These advancements present an opportunity for organizations to maximize the value of digital security investments. Focusing on proactive activities such as threat protection and prevention and reducing the mean time to identify (MTTI) and mean time to resolve (MTTR), can significantly enhance security posture.

Moreover, the acquisition could potentially catapult Cisco’s digital security product credibility into the ranks of the world’s largest software companies. This not only increases its market presence but also broadens its customer base. Cisco has a channel-centric business; Splunk has tried to expand its focus from machine data to being a general-purpose data and analytics provider. As part of a larger organization, Splunk has greater freedom to expand its global standing and be part of a well-established brand.

However, these opportunities come with certain risks for global enterprise organizations. Reliance on AI technologies, while beneficial, could lead to over-dependence and potential vulnerabilities if not managed properly. Furthermore, as Cisco grows in size and influence, there could be concerns about vendor lock-in and reduced flexibility. Organizations need to carefully consider these factors when deciding to engage with the new entity.

Threats: The digital security market is highly competitive, teeming with established vendors. This intense competition could pose a significant threat to the newly formed entity post-acquisition. Competitors may offer similar or superior products and services, potentially impacting the market share and profitability of the combined business.

For enterprise organizations, this competitive landscape could present both risks and opportunities. It could lead to more choices and better pricing due to competition. On the other hand, it could result in potential uncertainties regarding continuity and support for products and services, especially if competitors gain a significant advantage and if Splunk product release cycles slow to be comparable with Cisco’s schedule.

Moreover, the rapidly evolving nature of digital security technologies could also pose a threat. The combined entity will need to continually innovate and adapt to keep pace with technological advancements and changing customer needs.

Regulatory changes and compliance requirements in different regions could also pose challenges. Changes in data privacy laws and responsible AI uses, for instance, could impact how digital security services are delivered and used. While the acquisition brings numerous opportunities, enterprise organizations must remain cognizant of these external threats when considering engagement with the new entity.

For CIO and technology leaders, Ventana Research suggests focusing on three key points:

1. Integration challenges: Understand the potential impact of integration on Splunk’s operation timelines and service delivery once the acquisition is complete.
2. Cultural differences: Consider how the distinct cultures of Cisco and Splunk could affect the innovation and delivery of customer service and support.
3. Competitive landscape: Evaluate the implications for continuity, resilience and support for digital monitoring and security products and services.

In addition, we suggest three action items for organizations considering products and services from the new entity:

• Keep a close eye on the progress of the integration process to anticipate any potential delays or disruptions.
• Maintain open lines of communication with the vendor to understand how it is managing cultural differences.
• Continually evaluate alternative products and services to ensure the organization has the most appropriate technology.

The acquisition of Splunk by Cisco presents a unique blend of strengths, weaknesses, opportunities and risks. The merger combines the capabilities of two AI, digital security and observability industry leaders, offering a suite of products and services for enterprise organizations. However, integration challenges and cultural differences could pose potential risks. The competitive digital security market and the rapidly evolving nature of security technologies are external threats that need careful consideration.

Regards,

Jeff Orr