Cisco announced in 2023 it would acquire Splunk for US $28 billion (AU $42.4 billion). Described as “the Moby Dick” of deals, it aimed to combine Cisco’s extended detection and response systems with Splunk’s security information and event management tech.
Because of both Splunk and Cisco’s existing customer bases in Australia and New Zealand, this is big news for these local markets. Since the deal closed in March 2024, customers have been wondering what the combination could mean for their security technology future.
Craig Bates, Splunk vice president of Australia and New Zealand, said the deal will help customers defend against modern threats by tooling security operations centres up with end-to-end security and observability. He added security data unification will be key to organisations in the future as they battle threats increasingly launched with the aid of AI.
What does the Cisco and Splunk combination mean for cyber security software customers?
Cisco touted the Splunk deal as driving the next generation of AI-enabled security and observability. Primarily, it meant adding Splunk’s SIEM threat prediction and prevention capabilities to its existing XDR stable, creating a powerful XDR and SIEM proposition.
Bates said unifying the network and endpoint strengths of Cisco with Splunk’s security and observability solution, underpinned by an AI-powered platform, would support customer resilience. He added the combination would accelerate Splunk’s existing roadmap.
SEE: Our guide to the best SIEM tools and software available on the market
“One thing that is clear in Australia and New Zealand is that, today, every business is a digital business. The impact of outages and the like are now a board-level concern, and having that end-to-end capability will allow organisations to take the next step on their resilience journey.”
Creating the ‘SOC of the future’
One of Splunk’s goals has been to help cyber security teams create the ‘SOC of the future.’ Part of this has been taking a federated approach to data so clients could achieve fuller visibility and attack surface coverage. It has also been about unifying security operations to break down silos that have existed within organisations across the detection, investigation and response chain.
Bates said the Cisco and Splunk combination will support Splunk’s commitment to SOC evolution and threat defence, including those likely to blossom in an AI era. He said the combination of Cisco capabilities like user protection and cloud protection with Splunk’s security platform supported end-to-end visibility for organisations in a modern threat environment.
Increasing security observability
One of the hallmarks of the digital business reality is that organisations need to be online, available and proactive around the clock. Bates argued this is boosting the market demand for full-stack observability capabilities and that Cisco and Splunk’s offering was the most comprehensive across all types of environments for technology customers.
He pointed to coverage and synergies between the two combined organisations across on-premise, hybrid and multicloud, which would support organisations’ desires to get a more proactive understanding of their digital systems to support better customer experiences. “Observability is top of mind, and it is becoming a topline priority,” Bates said.
DOWNLOAD: Brush up on XDR systems with this beginners guide from Sophos
Unification of security-related data
Data unification will be another advantage of the Cisco and Splunk deal. Bates said the combination of Cisco and Splunk could allow customers to bring together data across security, IT and engineering teams. He said this would move security operations towards more complete visibility, something that he expects will be “table stakes” in the era of artificial intelligence.
Readiness for cyber security in an AI era
Splunk believes customers will utilise AI to automate and improve activities they undertake across security investigation and response. Bates said this would help customers become more proactive, supporting the identification and mitigation of threats faster than previously.
The addition of AI to the team could also help close the cyber skills gap, he said. With Australia and New Zealand in the midst of a tech skills crisis, cyber security professionals are among the hardest to come by, a pressure that AI capacities could help ease over time.
Splunk’s State of Security 2024: The Race to Harness AI report found that, of 1,600 global security leaders, 93% were using public generative AI themselves, 46% thought it would be ‘game-changing’ for security and 50% were developing a formal plan for AI deployment. The top foreseen use cases of generative AI included identifying risks and threat intelligence analysis.
The top four cyber security use cases for generative AI. Image: Splunk
Bates said coming together with Cisco would support organisations with the AI challenge. Splunk hopes the unification of data will help organisations deploy AI to enhance detection, response and remediation, as well as combat an expected rise in AI-related threats from bad actors.
Leveraging channel partners for value
Splunk has promised channel partners will have a long-term opportunity in Australia and New Zealand as the company comes together with Cisco. “Our partner programs are remaining as is and will continue to go to market in the same way across both organisations,” Bates said.
The combined capabilities of Cisco and Splunk will help partners build practices with end-to-end offerings, Bates said. He added the key to this will be the channel’s ability to provide business value for customers, including supporting them during a tech skills shortage.
“Skills continue to be a real challenge for customers — they don’t have the people or time to step out of the day-to-day business to think about some of the innovations they could drive. Partners able to clearly articulate business value across our offering will make a big impact,” he said.