Cisco’s $28B Acquisition of Splunk: Security and Observability Are King
Splunk describes itself as a “Unified Security and Observability Platform”. As security and observability are the two hottest topics in enterprise IT today, it does not seem to be far fetched for Cisco to spend $28B on this acquisition. The purchase price represents 7X revenue, was approximately 13% of Cisco’s market cap and constitutes a 31% premium over Splunk’s last closing price. This seems like a reasonable price to pay for Cisco to acquire one of the leaders in this fast growing market (appr. 40% annual growth).
Strategy: Ruling Security, Observability, and Network Operations
Bringing Splunk’s SIEM (security infromation and event management) capabilities to Cisco’s 300,000 current security customers and to an even larger number of network customers (estimated 45% market share in networking) is an exciting prospect. Additionally, Cisco can now offer true full-stack observability through a combination of AppDynamics (APM), ThousandEyes (monitoring of digital experiences), and Splunk (operational intelligence).
Complementary Solutions Already Exist
Feeding Cisco’s network operations data into the Splunk Observability Cloud is already possible today, but the acquisition will allow Cisco and its partner network to offer specific Splunk-based solutions to its existing network and security customers. The turnaround on this effort should be quick, as much of the integration already exists. For example, Splunk already offers 22 Splunk apps for integration with numerous Cisco products, including ACI, UCS, and CWS.
Additionally, there is an AppDynamics App for Splunk that correlates application performance data, business transactions, infrastructure performance, and health with log analytics, wire data, server and infrastructure data from Splunk.
Autonomy Is Key for Innovation
From previous acquisitions, Cisco learned the importance of preserving much of the autonomy of the acquired software company. Splunk is situated in a fast moving market with permanent changes and innovation that successful competitors need to respond to and, ideally, anticipate.
Open Source: Splunk is a Founding Member of OpenTelemetry
Splunk was one of the founding partners of OpenTelemetry, today’s hottest observability project on GitHub. The key benefit of OpenTelemetry is its ability to standardize and partially automate the instrumentation, collection and use of telemetry data to make it easy for any observability platform (that supports OpenTelemetry) to ingest. Today, Splunk supports upstream OpenTelemetry and its own distribution for simplified integration with Splunk products and configuration management products such as Ansible and Puppet. I believe that it is important for Cisco and Splunk to keep supporting upstream OpenTelemetry.
Tackling the Elephant in the Room: The Cost Factor
Cost is the elephant in the room when it comes to the adoption of observability platforms. The iconic $65M DataDog bill illustrates the problem customers can run into when growing their cloud native footprint without keeping a very close eye on the cost of observability. Despite multiple changes to Splunk’s pricing model over the last years, customers are seeking to lower or at least better control their Splunk bills. This has led to the rise of Cribl, a company that grew to $4.3B in revenue by fully specializing on providing customers with control over corporate data flows in order to optimize observability cost.
Market Metrics: SIEM and Observability
The metrics show Splunk near the top of the list of publicly listed SIEM and observability platform vendors (not included are IBM QRadar/ Instana, AWS, Azure, and Google Cloud, as we cannot break out metrics specifically for SIEM and observability).
Company Metrics
Splunk achieved a revenue growth of 26% in the 12-month period ending July 31, 2023. The company now has 834 customers with an annual recurring revenue of more than $1M (+14%) and cash flow of $827M. At the same time, Splunk cut 4% of its staff in February, 2023.
The revenue share of the Splunk Observability Cloud is approximately 40%, with an impressive year-over-year growth of 54% in the fiscal year 2023, ending on January 31, 2023. It is crucial for Cisco to focus on rapidly growing this number, as most competitors are at or close to 100% of cloud revenue.
Last Words
The price of the acquisition is absolutely justified if Cisco can truly connect the dots between its existing networking and security solutions and Splunk’s full-stack observability and SIEM capabilities. The synergy between these two giants has the potential to create a one-stop-shop for enterprise IT needs, covering everything from network operations to security and observability.
