Cisco Splurges $28Bn for Splunk

Over the years, Cisco has believed in inorganic ways to grow its reach and business, using acquisitions as a means towards this end. However, the company has seldom splurged big dollars to get its hands on a business that synergises with its own. That is not until this weekend when Cisco splurged $28 billion to acquire Splunk in an all-cash deal. 

For those who may have missed Splunk’s journey, the company used to be a market leader in the security information and event management (SIEM) business with shares skyrocketing to all-time highs. And then in 2022, the company was struggling with cloud transition, losing money all around and share prices getting pared by over fifty percent. But, more of that later.

From Cisco’s point of view, Splunk lends it the observation capabilities that it lacked in the security business. It can now offer a platform to customers that helps them better understand security threats while also understanding system failures and troubleshooting them across a wide spectrum of enterprise systems. 

An all-cash deal for a low on cloud entity

The company is paying a massive $157 per share premium when Splunk’s 52-week share value stood at $65 a share though it was hovering around the high 80s and low 90s for much of 2023.  We’re sure Splunk shareholders aren’t complaining as the company’s recent market cap stood at just over $20 billion. 

Of course, how Cisco shareholders react to this splurge will only be known in some time to come, but CEO and board chair Chuck Robbins bringing up the AI angle of the deal, which as we keep saying, happens to be the flavor of the season. “Our combined capabilities will drive the next generation of AI-enabled security and observability. From threat detection and response to threat prediction and prevention, we will help make organizations of all sizes more secure and resilient,” Robbins said in a statement.

Splunk CEO Gary Steele might feel like a Cheshire cat now, having gone from high to low in the recent past and now coming up with a deal that’s likely to put everyone in the company back in good spirits. “Uniting with Cisco represents the next phase of Splunk’s growth journey, accelerating our mission to help organizations worldwide become more resilient, while delivering immediate and compelling value to our shareholders,” he says.  

However, mild murmurs have already begun with analysts claiming that the natural synergies aside, would the deal really provide customers with better network security? While Splunk gets a fresh bout of oxygen and Cisco has a bigger AI-powered story to tell, does it really solve the challenges around the SIEM?  

What’s Splunk been up to in these years?

Before crystal-ball gazing, let’s take a brief look at Splunk’s past. Back in 2020, the company was a leader in the SIEM space, before the proverbial muck hit the ceiling in 2022 which is when we first heard rumors around a Cisco acquisition. In 2020, Splunk rode the pandemic as Fortune 500 companies invested heavily in cybersecurity technology to assist remote work. 

In spite of not being a big cloud player, Splunk grew revenues through on-premises installations of its Observability Cloud product. By late 2020 and early in 2021, the company hit hurdles in the form of transition, missing earnings forecasts and estimates. The challenge of shifting its business to a cloud-based SaaS model that generates annual recurring revenues (ARR) didn’t happen – at least not at the pace investors expected. 

All of this led to customers questioning high costs of SIEM and returns on investments. A year later in 2022, Splunk responded by shaking up the management team and bringing in industry veterans such as Gary Steele, who is now joining Cisco’s executive team, having steadied the ship and made it ripe for an acquisition. 

This was when the reports of Cisco’s interest came though it was quashed soon enough as analysts believed that the market cap of $20 billion was too high for the company. It waited and the wait seems to have now paid off as Splunk’s growth hit a plateau this year and so did the share prices. 

For now, the deal does seem to make sense for Cisco as it would accelerate the company on the ARR model with $4 billion of it.  Looks like Robbins got what he wanted for a much lesser price, though even what he’s forked out for acquiring Splunk’s shares appear high to some of the analysts, who believe that Splunk would’ve stagnated some more. 

What are the challenges post merger?

Apart from the price considerations, there is also the view that the acquisition may generate some challenges on the integration front for Cisco, whose customers have been crying foul by the company’s penchant for added licensing costs on its products. Splunk’s SIEM is considered expensive, which means Cisco customers may not be exactly pleased to pay more. 

In fact, there are those who also question how Splunk would fit into Cisco’s existing platforms such as AppDynamics and ThousandEyes. Which is where the integration issues could raise an ugly head. However, most analysts believe that while operational issues could be something Cisco could figure out and resolve, the question of SIEM may not be answered. 

For starters, Splunk was always seen as a master of on-premises SIEM but not one in cloud data services. A slew of startups are already in the fray to capture a share of this market with better cloud-native solutions, says an analyst who picked Exabeam and DataDog, which seems to offer better and more economic open-source solutions. 

While customers are looking for solutions that can manage and analyze massive amounts of data with a cloud-based platform, Splunk is considered a bespoke option that could be expensive even for the most diehard cybersecurity buff in the boardroom. “The need is for more efficient and automated means to log and manage data using open source cloud tools,” says an analyst who has tracked the industry. 

In fact a recent survey by RSA suggested that security teams were getting overwhelmed by the SIEM systems and sought better automation of the processes. It said more than 30% of the respondents said they had no clue on how to add a new data source to their SIEM while 20% said they relied on the data source provider to do it. 

Given this background, Cisco may have just won a battle but the war is far from won. While the ARR boost would do its share value some good, for real progress it needs to fix Splunk’s cloud capabilities and SIEM positioning that would put it on par or even marginally below those like Datadog and others who’re giving better sleep to cybersecurity teams at enterprises through a mix of automation and process controls.