Cisco is disrupting the observability and cybersecurity markets with its acquisition of Splunk

Cisco is disrupting the observability and cybersecurity markets with its acquisition of Splunk

Cisco announced last week its intention to acquire Splunk for $157 in cash per share, representing about $28 billion in stock value. Upon completion of the acquisition, Splunk President and CEO Gary Steele will join Cisco’s executive leadership team, reporting to President and CEO Chuck Robbins.

While the deal is directly beneficial to Cisco’s ongoing business transformation and shift toward more subscription-based software and services, it will undoubtedly cause short-term market disruption, which is beneficial to Splunk and Cisco’s competitors in observability and cybersecurity.

Let’s take a look at the implications of the deal.


Cisco is set to acquire data analytics software company Splunk for $28 billion in cash, marking Cisco’s largest deal ever and reflecting a trend of technology giants seeking growth through acquisitions, particularly in sectors like artificial intelligence.

Under the terms of the deal, Cisco will offer a significant bonus to Splunk shareholders, paying $157 per share. Considering that Splunk’s 52-week low was $65 per share and it has hovered well below $100 this year, this is a big bump for Splunk shareholders and suggests there may have been some competition for the logging giant.

Who is Splunk?

Splunk offers software and solutions to help organizations search, monitor, analyze, and visualize data from various sources in real-time. Splunk is widely used for log management, security information and event management (SIEM), and device data analytics.

The core of Splunk’s offering is its ability to collect, index and correlate data from different sources, making it a valuable tool for gaining insights into operational, security and business data. It is often used to monitor and troubleshoot IT infrastructure, security events, and business performance metrics.

A variety of industries and organizations use Splunk to get actionable information from their data. The company has a strong presence in cybersecurity, IT operations, application monitoring and business analytics.

Over the years, Splunk has expanded its product and service offerings to address various data-related challenges and has become a significant player in observability, security, and data analysis. At its most recent annual conference in July, the company doubled its efforts in delivering AI-powered solutions across its portfolio.

Competitive impact

Cisco’s acquisition of Splunk strongly speaks to the health of the cybersecurity markets around observability and observability – Splunk plays a role in both areas. Each of these markets is also highly competitive, making a deal difficult for Cisco to navigate.


Observability is a healthy market filled with aggressive competitors, including Dynatrace, Datadog, and ScienceLogic, all poised to capitalize on the uncertainty that the Cisco acquisition will bring to the space. I’ve spoken with executives at several Splunk competitors since the announcement last week, and it’s clear that everyone in the AIOps and observability sectors is monitoring this situation closely for any signs of delays or struggles.

Cisco and Splunk are bound to be distracted as they rationalize their overlapping product portfolios and sales channels. The long-term viability of Cisco and Splunk’s observability offerings will be questioned by IT buyers, leaving their log management and AppDynamics businesses vulnerable.

While Cisco hopes this will be a short-term distraction, the realities and complexities involved in integrating an enterprise the size of Splunk could cause customer uncertainty to persist for a long time. This has the potential to disrupt or redirect multi-million dollar purchasing decisions as organizations work out how to collaborate effectively, impacting portfolios, leadership teams and customer bases.

Dynatrace, of all its competitors, may emerge as a big winner from the deal, as the company is better positioned to seamlessly deliver the enterprise-grade monitoring solutions that Splunk (and Cisco) customers demand. Continuing an amazing streak of innovations, this year Dynatrace has placed a strong focus on implementing AI-powered capabilities that make it unrivaled in the industry. This was recognized by analytics firm Gartner Group in its recent Magic Quadrant for Observability report.

Security Information and Event Management (SIEM) Market Scope

Although the acquisition represents a big win for Cisco’s security business, many security practitioners I spoke to expressed some concerns. Many of these concerns stem from past experiences with Cisco acquisitions that suffered from a lack of investment and a lack of focus, which could impact the quality of SIEM (Security Information and Event Management) services that security leaders rely on.

This acquisition paves the way for Cisco to shape a distinct identity threat detection and response (ITDR) narrative, especially given its previous purchase of ITDR startup Oort. The combination of Splunk, Oort, and Duo enables Cisco to deliver a unique ITDR story and emphasize identity security, a previously less visible dimension of Cisco’s offerings.

The acquisition of Splunk represents an important turning point in the SIEM market. It raises concerns among Splunk users who may need more clarification about Cisco’s security role and its potential impacts on innovation within Splunk. These uncertainties will likely lead Splunk customers to explore alternatives, with a unique potential boon for Microsoft Sentinel, Splunk’s biggest competitor in the SIEM market.

This shift also creates opportunities for XDR vendors like CrowdStrike and Palo Alto Networks, which have SIEM replacement strategies and can lure customers away from traditional SIEM deployments.

Take the analyzer

Despite the inevitable market turmoil as Cisco absorbs Splunk and rationalizes its combined portfolios, the acquisition is a solid one for the tech giant. The Splunk acquisition enables Cisco to raise its profile in the competitive landscape overnight.

The most immediate impact will be in cybersecurity, where Cisco will gain a pivotal advantage through the acquisition of its existing market-leading security analytics platform, along with its loyal customer base.

The acquisition will add Splunk’s powerful data platform to Cisco’s security portfolio, enabling organizations to move from threat detection and response to threat prediction and prevention. The combination will address data and security challenges and leverage generative AI to provide data visibility and exploit AI opportunities.

Cisco is also gaining a monitoring platform that could fit well into its portfolio. The future could be clearer here, as Cisco has a powerful set of full observability that rivals Splunk’s offerings across many dimensions. Cisco’s acquisition messaging relies heavily on the security aspects of the deal, which only fuels uncertainty.

Rationalizing each company’s offerings into a cohesive portfolio will be among the formidable challenges facing Cisco, one that will open the door to competitive losses while it continues. I hope Cisco gets over this issue quickly, but the risk is real.

The bottom line is that the Splunk acquisition is a great long-term play for Cisco. This transaction directly supports Cisco’s ongoing business transformation, refocusing the company on software and subscriptions. The Splunk acquisition will only accelerate Cisco’s efforts here. It’s a good acquisition for Cisco, but its ability to navigate customer uncertainty will be paramount.

Disclosure: Steve McDowell is an industry analyst, and NAND Research is an industry analyst firm that engages or has engaged in research, analysis, and consulting services with various technology companies, which may include those mentioned in this article. Mr. McDowell holds no ownership positions with any company mentioned in this article.

Follow me Twitter Or LinkedIn.

#Cisco #disrupting #observability #cybersecurity #markets #acquisition #Splunk