Cisco + Splunk – Perspective from Deepwatch’s CEO

By Charlie Thomas, Deepwatch CEO

Estimated Reading Time: 5 minutes

September 25, 2023

As the leading managed security platform for the cyber resilient enterprise, and a key partner of Splunk (Splunk invested in Deepwatch’s $180 million funding announced in February 2023), we have a unique perspective on this deal and what it will mean for customers and the overall cybersecurity industry.

Cisco’s Acquisition of Splunk – What Does it Mean for You?

The big news last week of Cisco’s acquisition of Splunk for $28 billion is certainly significant for all of us in cybersecurity and the broader tech industry. This is surely a sign of more impending consolidation in the $200+ billion cybersecurity industry. After all, there are over 3,000 cybersecurity vendors.

But what does this mean for Splunk customers?

Well, for the foreseeable future, they won’t see changes. The transaction is expected to close late in 2024. And after that, any major integrations by Cisco will take time. So, realistically, any real changes for Splunk customers likely won’t happen until sometime in 2026.

How Will This Cisco Acquisition be Different?

At $28 billion, this deal is too big for Cisco not to execute extremely well on the integration. The $4 billion in annual recurring revenue (ARR) coming over from Splunk is too important for Cisco’s strategic migration to cloud and subscription. Expect Cisco to invest considerably to retain Splunk leaders and management and expect Splunk to play a pivotal role in Cisco’s go forward security strategy once the transaction closes. This means the strength of Splunk’s technology and IP will remain, and innovation should continue. We can expect security to become an increasingly meaningful part of Cisco’s business.

Will Splunk’s Customers Churn?

We’ve all heard the sound bites. Splunk is too expensive. Microsoft’s E5 licenses make Sentinel very attractive. CrowdStrike’s XDR satisfies an enterprise’s security needs. And we’ve seen the increasing desire to consolidate vendors and move to platforms like Palo Alto, Microsoft or CrowdStrike. And over the last several years, we’ve also heard of many promising technologies purportedly poised to knock Splunk from its leadership position in the SIEM market.

 However, the reality on the ground is . . .

  1. Very few Fortune 2000 CISOs, CIOs, Boards, or Executives are willing to bet the reputation and operational continuity of their business on anything other than the market leader when it comes to cybersecurity and the criticality it has to their enterprise. In spite of many emerging and promising technologies and all the XDR hype over the last several years, no vendor has come remotely close to challenging Splunk’s dominance as the best SIEM platform in the market. The CISO community knows this, and don’t expect to see many who lead security for midsize to large enterprises willing to bet their careers on technology other than the best.
  2. As for conventional thinking that Microsoft E5 licenses offer significant savings versus Splunk, we encourage those enterprises to look carefully at the full cost of Microsoft – particularly the Azure costs. Many will be very surprised to learn that Microsoft and Splunk are very close in terms of TCO (total cost of ownership).
  3. Deepwatch Labs has continuously evaluated many of the promising SIEM or log ingest technologies. We have yet to see any vendor, including the ones mentioned above, come close to Splunk in terms of overall capabilities for analytics, security content and use cases, or detections and correlations. We will continue to evaluate promising technologies, and even announce support for additional SIEM vendors, but in terms of industry leading, best-in-class technology, we don’t anticipate anyone surpassing Splunk in the next several years.

Will the Ecosystem Play Erode Splunk’s Market Share?

The acquisition of Splunk by Cisco is a big move that will better position Cisco as it looks to have a stronger presence in cybersecurity and positions the company as a leading security ecosystem provider. We’ve seen this consolidation happening across the market, and have seen some movement from buyers as they are looking for more all-in-one provider based solutions to manage their cybersecurity programs. 

We’ve heard a lot recently from leaders at Palo Alto Networks, Microsoft, Google, and CrowdStrike about the move to consolidate capabilities and the desire for IT and Security teams to work with fewer vendors. Over the last decade, we have seen the evolution to a best-of-breed approach to technology adoption (a change from the previous decade of consolidated vendors like McAfee and Symantec). Today our average customer has over 80 security tools. So there’s definitely good rationale for vendor consolidation.

While these all-in-one ecosystems can simplify how CISOs and their teams manage cybersecurity, they can still leave blindspots that make it harder to react quickly when facing a cyber attack. There is no one-size fits all for protecting against cyber threats, and even when taking a platform-centric approach, companies will look to incorporate best-of-breed solutions that allow them to react quickly and increase their cyber resiliency in the face of a breach or attack. We believe platform adoption will increase, but a hybrid approach (platform + strong point solutions + managed security tying it all together) will be the result – with an increasingly strong emphasis on security outcomes and achieving the best cyber resilience based on a company’s unique risk profile.

We expect to see enterprise security leaders work to seamlessly integrate cutting-edge technologies, skilled personnel, and efficient processes, ensuring optimal consumption of the technology advances we anticipate in the coming years. This progress will be driven by hyperautomation, machine learning and AI, and the maturation of security and response protocols. The emphasis will increasingly focus on successful cybersecurity outcomes, risk mitigation and overall cyber resilience.


We expect Cisco’s research and threat awareness capabilities to advance and filter through Splunk’s platform. We also expect Splunk’s technology to extend the reach and capabilities of Cisco. As a strategic partner, Deepwatch will work closely with both Cisco and Splunk, and is well positioned to provide the best overall cyber resilience for current and future customers of both companies.


LinkedIn Twitter YouTube

Subscribe to the Deepwatch Insights Blog