Managed Security Services

Cisco to Acquire Splunk: The MSSP Impact

Cisco intends to purchase Splunk, following a number of other cybersecurity acquisitions over the past year. (Image Source: Cisco)

Cisco plans to acquire AI-driven cybersecurity and observability giant Splunk for $157 per share in cash, representing a price of $28 billion. The companies said together they will help their customer organizations move from threat detection and response to threat detection and prevention.

But what about the channel? From our MSSP 250 research, we know that Splunk is a major player when it comes to tools and platforms used by the very largest MSSPs in the market. But the company doesn’t have much of a penetration with MSSPs below the top 10%. Cisco, on the other hand, has a long history with the channel.

Splunk’s Go-To-Market Gets Boost with Cisco Deal

In a conference call with analysts this morning, Splunk President and CEO Gary Steele said he’s excited about leveraging Cisco’s go-to-market strengths both internationally and in the channel as a result of the deal.

“If you look at our business today, we are two-thirds domestic and one-third international. The power of Cisco’s broad footprint around the world gives us the capability to get to markets around the world that we just aren’t touching today,” he said.

“Our channel program -- while we’ve made tremendous progress -- we are still relatively immature. By connecting to the Cisco channel, we can deliver just a tremendous opportunity to go drive business in many regions and with a broader customer set. So I couldn’t be more excited about the go-to-market opportunities.”

Cisco’s Cybersecurity Play

Cisco has been upping its game in the cybersecurity market over the last few years with a strengthened portfolio and changes to its internal team.  On July 31 the company announced general availability of its extended detection and response (EDR), which it had unveiled earlier in the year.

In the conference call with analysts this morning, Cisco CEO Chuck Robbins said that cybersecurity is a major driver for the deal and a big aspect of that is the go-to-market strategy.

Specifically on the product side Robbins said that Cisco customers have had access to technologies such as AppDynamics and ThousandEyes.

“When we combine that with the data and the platform that Splunk has, we believe we can deliver the greatest number of insights to our customers about what is going on in their technology infrastructure than any other company," he said. "On the go to market side, we think there’s an opportunity to leverage the global channel ecosystem that Cisco has built over the last 20 years.”

What Channel Pundits Are Saying About the Cisco, Splunk Deal

Matthew Ball, Chief Analyst at Canalys, said that rumors have been circulating about this potential deal for more than a year, and that it represents a massive bet for Cisco in terms of the price tag and the complexity of the integration once the deal is completed.

“The addition of Splunk will make Cisco one of the largest cybersecurity vendors by giving it a leading SecOps platform (SIEM and SOAR) to add to its network security, endpoint, cloud, secure services edge, email, and identity security lines,” Ball told MSSP Alert. “As a result, Cisco will have one of the broadest cybersecurity portfolios in the industry, which can tap into different budgets and stakeholders in customers.”

Ball noted that Cisco has already been working with Splunk to integrate telemetry data.

“The acquisition should drive tighter integration and more cross sell opportunities for partners, though many will still want a multi-vendor, best of breed solution, rather than relying on one single vendor,” Ball said.  “MSSPs and GSI (global systems integrators) are key partners for cybersecurity vendors to penetrate. This deal gives Cisco new relationships to broaden its reach.”

CEO and Chief Analyst at Channelnomics Larry Walsh said that the deal makes perfect sense given that Cisco is already a security market leader and looking to increase the percentage of revenue from software and services. Cisco has made four other security acquisitions earlier this year, Walsh noted. He also said that the deal will significantly disrupt the SIEM and observability categories which are crowded already.

When it comes to the channel impact, Walsh shared the following perspective:

“The deal will open the door for smaller SIEM and Observability vendors to forge relationships with disgruntled partners and customers that don’t want to get on the Cisco bandwagon,” Walsh said. “It will take 18 to 24 months from the time of the deal closing for Cisco to reconcile the channel programs; the interim period will come with a lot of questions and confusion among partners and customers – as it always does in situations like this.”

Cisco Buys Splunk: Looking Ahead

While the acquisition has been unanimously approved by the boards of directors of both Cisco and Splunk, it’s not expected to close until the end of Q3, 2024, subject to regulatory approval and other closing conditions including approval by Splunk shareholders, the companies said.

Cisco said the transaction is expected to be cash flow positive and gross margin accretive in the first fiscal year post close, and non-GAAP EPS accretive in year two. Additionally, it will accelerate Cisco's revenue growth and gross margin expansion.

MSSP Alert will continue to track this deal and its ramifications in the months and year ahead.

Jessica C. Davis

Jessica C. Davis is editorial director of CyberRisk Alliance’s channel brands, MSSP Alert, MSSP Alert Live, and ChannelE2E. She has spent a career as a journalist and editor covering the intersection of business and technology including chips, software, the cloud, AI, and cybersecurity. She previously served as editor in chief of Channel Insider and later of MSP Mentor where she was one of the original editors running the MSP 501.