Cisco Acquires Splunk for $28 billion
Cisco perhaps missed the rise in cybersecurity, but they are now a strong contender. But, it was Splunk who saw the greatest opportunity. Now, Cisco is to acquire Splunk for $28 billion, and is the end of a journey for Splunk, and where they completely disrupted the world of cybersecurity. If you want an outline of Splunk, try here:
Missing a market
So where can we currently see this? Well, Cisco Systems provide a good example of how they innovated with the router and changed the world, but perhaps lost their innovative spirit. The company generally used their significant income to purchase innovative companies, rather than investing in future products. Or perhaps they invested in the wrong areas of R&D, and had to go out and purchase companies who were truly innovating. The growth of video conferencing, for example, took most people by surprise.
For Cisco, they had a gold product in their IP telephony system and had a virtual monopoly within a corporate market. Most people can remember the Cisco IP phone on their desk. To Cisco, why would anyone want to video conference, when they were happier to use their phone? The pandemic happened, and, Cisco pushed forward with WebEx, which just seemed like a corporated focused video conferencing program that was not really set up for desktop applications. It was clunky and had poor usability. As Microsoft moved fast with Teams, WebEx just didn’t move much, and the opportunity of Cisco to become a leader in the market was lost. And, so it was Zoom who moved fastest and morphed itself as quickly as it could. It was useable straight out of the box, and its performance matched user requirements. But, it was an ex-Cisco employee who had created Zoom, after having his idea of a video conference system rejected by the company.
But, the market that Cisco perhaps didn’t see was the growth in data analytics, especially with the capturing of event logs across corporate networks. It was these event items that could pin-point an attack at an early stage, or which could be used to trace attacks. Cisco perhaps didn’t react to the move from setting up and running networks, to the usage of network data to drive security analytics. What customers wanted was an easy way to plumb in their data capture to any network log source they wanted. The Cisco was, was to create a homogeneous network, and where you only had one vendor, and where a Cisco product would integrate them all together to give a viewpoint on the network infrastructure.
Along comes the innovator
So, along came Splunk. They saw a cumbersome integration from the market leaders, focused on the endpoints, and create adapters that could capture log data. For them, it didn’t matter the log or the device. Every bit of information could be useful from a security point of view. The temperature of the servers, the humidity level of the data centre, the access control log of a room, … for them it was all about capturing data wherever it came from, and just leaving it as it was. The trick was then to translate that into a more structured format and mine in whichever way the customer wanted. And so the industry has generally followed the Splunk approach. The licencing model was based on a data-gathering approach, but it all worked for them. Cisco, in the past, had never been big on licencing their products and had relied on sales of hardware. And, so Splunk captured vast areas of the market. The move to the Cloud also saw hardware increasingly becoming virtualised.
A core part of many companies has become its data analytics — and which provides the heartbeat of the company. And, so the data gathered by the Splunk infrastructure increasingly becomes interesting to network engineers who can see throughputs and downtimes, and to marketing and sales for Web activity, and to executives for general business analytics. The security logs gathered now became the crown jewels for business analytics, and where different parts of the organisation could have different dashboards. The previous software had only focused on providing security logs for security professionals. The Splunk approach was to take any part of the business and use the gathered log data to customize whatever that part of the business needed to see. For many, it’s often a traffic light: good, average or poor; or a KPI … X security alerts per day or Y system crashes. And, so, many companies who had been using a range of data gathering products, cancelled their licences with these vendors and focused on Splunk as an integrator.
And, so, Cisco missed a core market and allowed Splunk to thrive. But, how does a big company get its market back? Well, it buys its competitor while it can, and acquires and integrates. It’s the old storybook of the past. The large company misses the market and purchases the newcomer while they have enough money, otherwise, the newcomer will eventually be bigger than the existing leader.
The Big Fish Eats the Small Fish?
It was to the surprise to few people, that Cisco started to look to purchase Splunk, and the acquisition would certainly make a great deal of sense for Cisco, and would move them into the data analytics field:
Splunk is not a small business anymore, and have shown that future markets are ones that are data-driven. The future of cybersecurity is the power of data.
If you are interested in this field, have a look at our Cyber and Data online material:
