Cisco Triples Down On Observability With Splunk Acquisition

By Will Townsend, Patrick Moorhead - November 13, 2023

I heard the news about Cisco’s intent to acquire Splunk last week as I sat in a pub in central London. My immediate reaction was that Cisco is not doubling down but tripling down on network observability, given its recent acquisitions of AppDynamics and ThousandEyes, among others. On the surface, the Splunk purchase is a massive deal valued at $28 billion and would be the company’s largest acquisition to date, among many others it has made over the past few years. Indeed, Cisco’s acquisition strategy has been vital in augmenting its product and solution roadmap.

Cisco evaluates acquisition targets through three lenses: market acceleration, market expansion and new market entry. Lately, it has been on a tear, snapping up companies to complement its Full-Stack Observability (FSO) platform—which Splunk does across all three of those acquisition lenses.

In this article, I will define the value of network observability and assurance, provide depth on Cisco’s FSO platform and share my insights on how Cisco might leverage Splunk, assuming the deal is approved by regulators. I have also asked fellow Moor Insights & Strategy principal analyst Robert Kramer to weigh in on the data side, given that many consider data to be the new “crude oil” of technology and an essential element within the realm of observability.

The value of network observability

Network and security operators face many challenges in today’s modern, highly disaggregated IT environments that blend a mix of multi-cloud and on-premises infrastructure. Network observability aims to simplify management, bolster resiliency and ensure the highest levels of security. At a high level, understanding the state of a network in real time can facilitate a proactive stance that delivers the best end-user application experience and remediates issues, often before problems occur.

Ironically, I recently evaluated three leaders in the observability category and pointed to Cisco and Splunk as two of the three companies to watch. That’s why this combination of the companies is so compelling. Splunk brings depth in data analytics and security that complements Cisco’s security cloud strategy. Recent press related to the acquisition announcement label it as a security play for Cisco, but it goes much deeper than that.

Splunk brings everything including the kitchen sink for observability, considering its significant capabilities with not only security information and event management (SIEM), ransomware tools, industrial IoT vulnerability alerting and user behavior analytics (UBA), but also orchestration and digital experience monitoring that includes visibility into the performance of the underlying infrastructure. As networking and security continue to converge from a software-defined standpoint, a tie-up between Cisco and Splunk can accelerate Cisco’s market share and enhance what it already delivers through its FSO platform.

Cisco full-stack observability

Cisco is methodically building an observability platform through acquisition, with some organic roadmap development sprinkled in for good measure. In addition to Splunk, the company can point to a spate of purchases including AppDynamics, ThousandEyes, SamKnows and Accedian, which all apply potent intellectual property to help de-risk operations and improve network visibility. This effort will require significant integration, but Cisco has proven its mettle with prior acquisitions and, in the process, is bringing net-new capabilities to market that bolster its FSO offering.

Beyond the functional capabilities that Splunk brings to Cisco, there are other intangibles, such as broader market reach and a strong DNA for software service delivery, that could accelerate Cisco’s transition to annual recurring revenue that brings higher margins.

Don’t forget about the data

Today, data serves as an invaluable asset for businesses of all sizes. The challenge lies in harnessing this data to address security needs proactively. This acquisition merges Cisco and Splunk technologies, unlocking the full potential of data to enhance digital resilience and security for organizations. This effort paves the way for an evolution from mere threat detection to prediction and prevention.

Splunk and Cisco stand out as industry leaders in data and security solutions. Splunk’s datacentric platform focuses on monitoring and observability, while Cisco offers a comprehensive range of networking, security, collaboration, data center and IoT products and services. Splunk’s security analytics deliver real-time insights, address security threats and oversee IT performance, greatly enhancing Cisco’s security capabilities. Through this combination, Splunk can offer organizations a comprehensive view of their data, incorporating information from Cisco’s network devices and additional security tools. Cisco and Splunk together can proactively identify security threats, monitor network performance and address whatever challenges arise.

More specifically, Splunk and Cisco combine Splunk’s SIEM product, which leverages machine-generated data to discern threats, vulnerabilities and security details, with Cisco’s Extended Detection and Response (XDR) system. XDR gathers information from various sources, such as emails, servers and cloud networks, offering a comprehensive perspective on potential threats. This merger facilitates in-depth analysis, rapid prioritization and efficient mitigation of threats, ensuring better data security. The short version is that Splunk’s proficiency in the SIEM market, particularly in tracking data and log files, strengthens Cisco’s defenses against looming threats.

Wrapping up

On the surface, the combination of Cisco and Splunk could raise the bar for the observability category. Cisco’s FSO platform was already promising, and Splunk brings a complementary depth that can accelerate things even further. Once this deal is finalized, the combined platform will surpass the individual offerings of each entity.

This collaboration undoubtedly positions the company as a forerunner in the AI-driven era of data, monitoring, assurance and observability. It also strengthens Cisco’s potential to take a larger share in the broader security market, one that is headed towards consolidation as tool sprawl is forcing organizations of all sizes to reevaluate their earlier security strategies built on best-of-breed point solutions. Time will tell, but if Cisco executes a successful integration, it stands to justify the hefty price tag for this Splunk purchase.

Note: Moor Insights & Strategy enterprise data principal analyst Robert Kramer contributed to this article.

Will Townsend
+ posts

Will Townsend manages the networking and security practices for Moor Insights & Strategy focused on carrier infrastructure providers, carrier services, enterprise networking and security. He brings over 30 years of technology industry experience in a variety of product, marketing, channel, business development and sales roles to his advisory position.

Patrick Moorhead
+ posts

Patrick founded the firm based on his real-world world technology experiences with the understanding of what he wasn’t getting from analysts and consultants. Ten years later, Patrick is ranked #1 among technology industry analysts in terms of “power” (ARInsights)  in “press citations” (Apollo Research). Moorhead is a contributor at Forbes and frequently appears on CNBC. He is a broad-based analyst covering a wide variety of topics including the cloud, enterprise SaaS, collaboration, client computing, and semiconductors. He has 30 years of experience including 15 years of executive experience at high tech companies (NCR, AT&T, Compaq, now HP, and AMD) leading strategy, product management, product marketing, and corporate marketing, including three industry board appointments.