In a headline-grabbing announcement that’s got the cybersecurity industry talking, Cisco has revealed its intention to acquire Splunk for an astonishing $28 billion. That’s right, the tech giant is making moves to become an even bigger player in the AI, security, and observability space. But what does this mean for the SOAR (Security Orchestration, Automation, and Response) landscape? As a leading independent SOAR vendor with tech integrations with Cisco and Splunk, here’s our two cents on its implications.
Cisco and Splunk have entered into a definitive agreement where Cisco will acquire Splunk for $157 per share in cash. The deal is expected to close by the end of the third quarter of calendar year 2024, subject to regulatory approval and other conditions. This is Cisco’s fifth acquisition of the year and Cisco’s 223rd acquisition for those keeping count.
Before we go any further, let’s take a moment to understand what Splunk is all about. Splunk is a titan in the cybersecurity and big-data analytics world, offering solutions that search, monitor, and analyze machine-generated big data. Splunk’s SOAR capabilities were significantly bolstered by its acquisition of Phantom back in 2018. Phantom was an emerging vendor in the SOAR space, and its technology became the backbone of Splunk’s SOAR offering.
This isn’t the first time we’ve seen a major acquisition in the SOAR space. Remember IBM’s acquisition of Resilient Systems? Or how about FireEye’s acquisition of Invotas? Or Google’s acquisition of Siemplify? These acquisitions often lead to a period of adjustment, integration, and, let’s be honest, a bit of chaos. The result? Buyers are left navigating a landscape of shifting sands, wondering if their SOAR solution will continue to meet their needs.
Independent, or vendor-agnostic SOAR vendors do one thing: make the best SOAR technology possible. We’ve said it before – suite-based SOAR is where innovation goes to die. Within a larger corporate ecosystem, SOAR gets relegated to a checklist item, and its potential is diffused by multiple forces, incentives, objectives, and parties. When SOAR is not the core product or company focus, it’s not likely to get the most amount of attention in terms of developer resources or R&D budgets. Following this acquisition, it seems even more unlikely that Splunk SOAR, an acquisition within an acquisition will see a big infusion of budgets and R&D anytime soon. That’s likely an ‘L’ for SOC teams invested in it because SOAR is a foundational element of modern enterprise security architecture with plenty of scope for innovation – not something that should be relegated to a feature or allowed to stagnate.
When cybersecurity threats are fast-moving and multi-faceted, organizations need a stable, reliable SOAR platform. An independent, vendor-agnostic SOAR platform offers the flexibility to integrate with a multitude of security tools, ensuring that you’re not locked into a single vendor’s ecosystem. You need a dedicated team that’s committed to make sure that the integrations are well-designed, up-to-date, and work well with any vendor.
70% of our new customers are replacing their existing SOAR platform with Smart SOAR. Why? Because they are tired of “Dumb SOAR”. They don’t want basic connectors – they want fully featured integrations. They want to be able to focus on real threats and prioritize events and incidents based on identity context. They want SOAR that contextualizes every alert with identities and accounts.
Our integrations are maintained by a team of experts focused on scalability, performance, and unlocking new use cases. We’re always listening, and constantly adding new features and integrations that make Smart SOAR more effective. In a world where acquisitions are becoming the norm, having a vendor-agnostic SOAR solution is more critical than ever. Book a demo to help discuss and unblock your security automation challenges.