Splunk, a data analytics software specialist, has acquired Phantom Cyber, a four-year old security automation developer, for some $350 million in cash and equity. The deal will potentially inject new automation capabilities into MSSP, corporate and private sector Security Operations Centers (SOCs).
The merger, whose price could be adjusted somewhat, is slated to close before June, 2018. Terms of the deal call for Oliver Friedrichs, Phantom’s founder and CEO, to report to Haiyan Song, Splunk’s security markets SVP and GM. Neither company offered details of how the other eight members of Phantom's leadership team, including co-founder Sourabh Satish, will fit in.
With the deal Splunk gains a formidable position in the emerging security analytics segment, combining its machine learning capabilities with Phantom’s tools to orchestrate and automate security teams’ threat defenses. The technology is referred to as security, orchestration, automation and response (SOAR), covering each of its elements, and is expecting an imminent spike in popularity. By researcher Gartner’s estimation, in two years 15 percent of companies with security teams of more than five people will rely on SOAR tools, rising from a mere one percent now.
Security Automation: A Closer Look
Automated, analytics-based network security is seen in some security circles as the modern armament to anticipate, detect and respond to threats by using analysis and probability data -- meshing an offensive and defensive posture. But there’s more to it than technology: Part of what’s also driving interest in security automation is the excessive demands put on internal teams to compensate for the well-documented shortage of cyber security pros. Splunk contends that the deal will provide a lift to security operations teams not only by speeding up incident response but also addressing the nagging skills deficit. The bet is that automating tasks, orchestrating workflows and improving collaboration will enable organizations to respond to incidents at machine speed and work smarter.
There is also an artificial intelligence spillover from the deal. Splunk said that once Phantom’s tools are integrated into its platform, IT teams will be able to use automation to solve problems in a wide range of use cases, including Artificial Intelligence for IT Operations (AIOps). Gartner also expects that market to grow rapidly, forecasting that by 2022, 40 percent of all large enterprises will replace monitoring, service desk and automation processes with data analytics and machine learning, an eight-fold climb from the five percent that do so now.
Both Friedrichs and Doug Merritt, Splunk CEO and president, touted the high points their combined technology delivers, with the former calling it a “revolutionary advance for security and IT teams,” and the latter saying it fits with the analytics firm’s posture to stretch the “limits of technology to help our customers get the answers they need from their data.”
Venture capital took an early shine to Phantom, as the company raised nearly $23 million in three funding rounds beginning in 2015, according to Crunchbase’s data. Splunk said it will pay for the majority of the purchase price with cash on hand. Total equity consideration, including incentives to retain an unspecified number of Phantom employees, will result in less than one percent total dilution from the transaction, Splunk said.
Phantom adds to Splunk’s growing security profile, lining up with its $200 million Caspida acquisition in July, 2015 and last October’s buyout of SignalSense for an undisclosed sum. It now commands expertise in real-time threat detection, breach detection and security automation.