Looking to significantly reinforce its security software portfolio, Cisco has struck a $28 billion cash deal to acquire enterprise and cloud protection company Splunk.\nFounded in 2003, Splunk\u2019s software platform is known for its wide-reaching ability to search, monitor and analyze data from a variety of systems. Network security teams can use this information to gain better visibility into and gather insights about network traffic, firewalls, intrusion detection systems (IDSes), intrusion prevention systems (IPSes), and security information and event management (SIEM) systems, from on premise and or its cloud-based package, according to Splunk.\nWith Splunk software in place, network operations teams can monitor network traffic for signs of malware, login activity, and meld data from multiple sources to identify the root cause of a security problem or more quickly spot abnormal traffic patterns, according to the company.\nCisco expects to bring all of those capabilities and more to its security portfolio.\n\u201cTogether, we will become one of the largest software companies globally,\u201d Chuck Robbins, chair and CEO of Cisco told analysts during a call about the acquisition. \u201cOur combined capabilities will create an end-to-end data platform to enhance digital resiliency.\u201d\nRobbins said, for example, that Splunk security capabilities complement Cisco\u2019s existing security portfolio particularly through integration of Cisco's new Extended Detection and Response (XDR) and Security Cloud platforms.\nCisco\u2019s XDR service brings together a myriad of Cisco and third-party security products to control network access, analyze incidents, remediate threats, and automate response all from a single cloud-based interface.\n\u201cOur best security insights and Splunk security information and event management offering will be able to help our customers move from threat detection and response to threat prediction and prevention,\u201d Robbins said.\u00a0 \u201cIn terms of observability our complementary capabilities will offer observability for the full IT stack from the application to the network across hybrid and multi cloud environments. Together Cisco and Splunk will deliver an end-to-end enterprise grade Full Stack Observability (FSO) platform.\u201d\nThe FSO integration could be interesting in that Cisco just launched its FSO platform in June and has only recently begun adding new features to the system. Cisco\u2019s FSO is designed to correlate data from application, networking, infrastructure, security, and cloud domains to make it easier for customers to spot anomalies, preempt and address performance problems, and improve threat mitigation.\nWhen asked about potential product overlap particularly in the observability area, Robbins said: \u201cI don't think we have significant overlap. But I think we have if you think about the data platform and the observability progress that [Splunk] has made, and you couple that with our application visibility with ThousandEyes we think we can actually extend well.\u201d\nAnalysts said the companies will likely figure out software integration and overlap concerns.\n\u201cCisco\u2019s ThousandEyes and AppDynamics are fantastic platforms and \u00a0Splunk has some technology that could impact them but I would expect a software integration roadmap over the next 12 to 18 months post-acquisition close so I think they\u2019ll figure that out,\u201d said Steven Dickens, vice president and infrastructure practice leader of The Futurum Group.\u00a0 \u201cCisco\u2019s product management team does a great job of determining direction \u2014 but it\u2019s something to watch.\u201d\nRobbins also said Splunk integration will only bolster Cisco\u2019s ongoing investment in all things AI.\n\u201cAs we mentioned in our most recent results we've already taken half a billion dollars of orders for AI infrastructure,\u201d Robbins said.\n\u201cThere's also a huge opportunity with enterprises to help them responsibly unlock the opportunities that come with AI,\u201d Robbins said.\u00a0 Factoring in the acceleration and adoption of generative AI, expanding threat surfaces, and multiple cloud environments, it creates a level of complexity that is unlike anything organizations have faced, Robbins said.\u00a0 With hyper-connectivity growing and increasing cyber threats, the value of data only increases, and that\u2019s why this deal makes sense.\u201d\nOnce the deal closes, which Cisco expects by the end of the third quarter of 2024, Splunk\u2019s CEO, Gary Steele, will join Cisco\u2019s Executive Leadership Team and the company's employees will be blended into Cisco\u2019s security team.\n\u201cCisco and Splunk have had a long and successful partnership, underpinned by products and capabilities that fundamentally complement each other and enhance the value we deliver to customers,\u201d Steele wrote in a blog about the acquisition.\nAnalysts said the acquisition could have a number of impacts on the enterprise security arena.\u00a0\n\u201cI think $28 billion seems a fair valuation because \u00a0Splunk has a compelling position in observability and security in the market with a lot of community adoption, a lot of clients \u2014 a big fan base, if you will, with security practitioners,\u201d Dickens said. \u201cFrom a Cisco perspective, this positions them to double down on their transition to being a software company, rather than a hardware company.\u201d\nOthers said Cisco is looking to obtain Splunk\u2019s IT observability capabilities. And it is not just SIEM and IT observability Splunk offers, according to Mitchell Schneider, senior principal analyst, Gartner.\n\u201cSplunk\u2019s security operations suite consists of SIEM, user and entity behavior analytics (UEBA), security orchestration, automation and response (SOAR), as well as threat intelligence platform (TIP) to aggregate threat intelligence data,\u201d Schneider said\n\u201cComing from the security operations side, the SIEM market continues to grow. Gartner still sees SIEM being very much a part of an organization\u2019s threat, detection, investigation and response (TDIR) capability and at the center of the security operations center (SOC) \u2018solar system\u2019,\u201d Schneider said.\u00a0 \u201cAt the same time, the market continues to see innovators and disrupters enter the market, including cloud service providers, such as Microsoft and Google. My belief is that Cisco is simply following market demand by offering a comprehensive stack for detection and response \u2014 not only including SIEM, but through prior acquisitions of XDR as well.\u201d\nThe Splunk buy is Cisco\u2019s sixth since June, its 10th this year and one of the largest it has ever undertaken.\u00a0 For example it spent $6.9 billion on Scientific Atlanta in 2006, $2.6 billion on Acacia Communications in 2019 and $1.2 billion on Meraki in 2012.\nMost recently, Cisco said it intended to acquire cloud native mobile core developer Working Group Two (WG2) for an undisclosed amount.\u00a0 WG2 is known for its mobile technology that helps public and private service providers and enterprise customers build secure and scalable mobile backbones.\nEarlier this year Cisco grabbed up startup Border Gateway Protocol monitoring firm Code BGP.\u00a0 Privately held Code BGP will ultimately become part of Cisco\u2019s ThousandEyes network intelligence product portfolio and bring a cloud-based platform that among other features, maintains an inventory of IP address prefixes, peering and outbound policies of an organization via configured sources, like BGP feeds. BGP tells internet traffic what route to take, and the BGP best-path selection algorithm determines the optimal routes to use for traffic forwarding.\nIn July Cisco announced its intention to acquire security startup Oort for an undisclosed amount. Oort offers an identity threat detection and response platform for enterprise security.\u00a0\nCisco also recently announced plans to acquire privately held broadband-network monitoring company SamKnows for an undisclosed amount.\nSamKnows uses a global network of software agents dispersed among home systems, mobile devices and service provider networks, for example, to get a real-time measurement of internet performance and customer experience. Through a central dashboard, the company can analyze the results, spot faults, and identify the root cause of problems to help with remediation.\nAnother fresh deal is Cisco's planned acquisition of Accedian Networks for an undisclosed price. Accedian's performance analysis and monitoring platform \u2014 aimed at mobile backhaul, data center services, service providers and cloud connectivity customers \u2014 provides network visibility, diagnoses problems and recommends remediation.\nCisco\u2019s other acquisitions this year include Armorblox for large language models, Smartlook for mobile application monitoring, Lightspin for cloud security, and Valtix for cloud network security.\nJon Gold, senior writer with Network World, contributed to this article.