Cisco announced in 2023 that it would acquire Splunk for $28 billion (A$42.4 billion). Described as “the Moby Dick” of deals, its goal was to combine Cisco's extended detection and response systems with Splunk's security information and event management technology.
Due to Splunk and Cisco's existing customer bases in Australia and New Zealand, this is great news for these local markets. Since the deal closed in March 2024, customers have wondered what the combination could mean for the future of their security technology.
Craig Bates, Splunk's vice president for Australia and New Zealand, said the deal will help customers defend against modern threats by equipping security operations centers with end-to-end security and observability. He added that unifying security data will be key for organizations in the future as they fight increasingly launched threats with the help of AI.
What does the combination of Cisco and Splunk mean for cybersecurity software customers?
Cisco touted the deal with Splunk as driving the next generation of AI-enabled security and observability. Primarily, it meant adding Splunk's SIEM threat prevention and prediction capabilities to its existing XDR stable, creating a powerful XDR and SIEM proposition.
Bates said unifying Cisco's network and endpoint strengths with Splunk's security and observability solution, backed by an AI-powered platform, would support customer resilience. He added that the combination would accelerate Splunk's existing roadmap.
SEE: Our guide to the best SIEM tools and software available on the market
“One thing that is clear in Australia and New Zealand is that, today, every business is a digital business. “The impact of disruptions and the like is now a board-level concern, and having that end-to-end capability will allow organizations to take the next step on their path to resilience.”
Creating the 'SOC of the future'
One of Splunk's goals has been to help cybersecurity teams create the “SOC of the future.” Part of this has been taking a federated approach to data so customers can achieve greater visibility and coverage of the attack surface. It was also about unifying security operations to break down the silos that have existed within organizations along the detection, investigation and response chain.
Bates said the combination of Cisco and Splunk will support Splunk's commitment to the evolution of SOC and defending against threats, including those that are likely to flourish in an era of AI. She said the combination of Cisco capabilities such as user protection and cloud protection with Splunk's security platform supported end-to-end visibility for organizations in a modern threat environment.
Increased security observability
One of the distinctive characteristics of the digital business reality is that organizations must be online, available and proactive 24 hours a day. Bates argued that this is driving market demand for full-stack observability capabilities and that Cisco and Splunk's offering was the most comprehensive across all types of environments for technology customers.
He noted the coverage and synergies between the two combined on-premises organizations, hybrid and multi-cloud, which would support organizations' desires to gain a more proactive understanding of their digital systems to support better customer experiences. “Observability is the most important thing and is becoming a top priority,” Bates said.
DOWNLOAD: Review XDR systems with this beginner's guide from Sophos
Unification of security-related data
Data unification will be another advantage of the agreement between Cisco and Splunk. Bates said the combination of Cisco and Splunk could allow customers to bring together data from security, IT and engineering teams. He said this would give security operations more complete visibility, something he expects to be “an issue at play” in the age of artificial intelligence.
Preparing for cybersecurity in the age of AI
Splunk believes customers will use AI to automate and improve the activities they perform in security investigation and response. Bates said this would help customers be more proactive, supporting the identification and mitigation of threats faster than before.
Adding AI to the team could also help close the cyber skills gap, he said. With Australia and New Zealand in the midst of a technology skills crisis, cybersecurity professionals are among the hardest to find, a pressure that AI capabilities could help alleviate over time.
Splunk's State of Security 2024: The Race to Leverage AI report found that of 1,600 global security leaders, 93% were using public generative AI, 46% thought it would be a “game changer” for security, and 50% were developing a formal strategy. Plan for AI deployment. The primary intended use cases for generative AI included risk identification and threat intelligence analysis.
Top four cybersecurity use cases for generative AI. Image: Splunk
Bates said joining with Cisco would help organizations meet the AI challenge. Splunk hopes that data unification will help organizations deploy AI to improve detection, response and remediation, as well as combat the expected rise in AI-related threats from bad actors.
Leverage channel partners for value
Splunk has promised that channel partners will have a long-term opportunity in Australia and New Zealand as the company joins forces with Cisco. “Our partner programs remain as they are and will continue to go to market in the same way across both organizations,” Bates said.
The combined capabilities of Cisco and Splunk will help partners build practices with end-to-end offerings, Bates said. He added that key to this will be the channel's ability to deliver business value to customers, including support during a technology skills shortage.
“Skills remain a real challenge for clients – they don't have the people or the time to get out of the day-to-day business and think about some of the innovations they could drive. Partners able to clearly articulate business value across our offering will have a big impact,” he stated.
