Cisco’s largest-ever acquisition in its nearly 40-year history signifies a massive inflection point for the security information and event management (SIEM) and observability market. The $28 billion deal to buy Splunk is necessary for Cisco’s transformation in the cybersecurity space, according to industry experts.

Organizations are demanding security tools with AI-based analytics woven into their processes to help augment efforts to understand and mitigate threats, according to independent analyst Michael Diamond.

This deal signifies that call for advancements amid growing pressure on corporate boards and C-suites to make security a top priority.

With Splunk under its wing, Cisco propels itself into AI-enabled security and marks a significant step in advancing its full-stack observability capabilities, according to Rajesh Muru, lead enterprise security analyst at GlobalData.

The deal for Splunk, which is expected to close before May 2024, presents Cisco with an immediate opportunity to grow its end-to-end security business unit.

Splunk stands to inject $4 billion into Cisco’s annualized recurring revenue, Muru said in a research note.

Multibillion-dollar opportunity up for grabs

The AI-equipped SIEM and observability market isn’t Cisco’s for the taking, as opportunities abound for other vendors to claim share.

“This shift in the market opens up an opportunity for [extended detection and response] vendors with a SIEM replacement strategy like CrowdStrike and Palo Alto Networks to swoop in and push customers away from a traditional SIEM deployment,” Allie Mellen, principal analyst at Forrester, said via email.

“It is raising concerns from Splunk users who have a sour view of Cisco’s role in the security space alongside how this will affect what has already been several years of stifled innovation from Splunk,” Mellen said.

The deal will be a boon for Microsoft Sentinel, the biggest SIEM competitor to Splunk today, Mellen said.

The SIEM market grew from $3.4 billion in 2020 to $4.1 billion in 2021, according to Gartner’s Magic Quadrant report for the sector in late 2022.

Skittishness among customers is common when large vendors acquire a company they do business with, as it drums up concerns about vendor lock-in and higher costs, Diamond said.

“On the deal and support front, I feel sanguine about the future of support and resources right now,” Diamond said. “The acquisition is large and necessary for [Cisco] to continue to transform itself.”

Integration efforts will also be a challenge, whether Cisco ultimately folds Splunk into its massive business or leaves it as a standalone entity.

“Since Splunk will span two product groups in Cisco — security and observability — it runs the risk of being torn apart by internal forces,” Mellen said via email. “Operating it as a standalone will allow Splunk to serve both constituencies equally and continue growing and innovating.”

Analysts at GlobalData view Cisco’s XDR and Splunk’s AI observability and SIEM product lines as complementary, but anticipate hurdles.

“The challenge for Cisco will entail deciding which product it puts at the forefront in its product strategy, or if Splunk should be left as a standalone company,” Muru said.