Main content

Splunk .conf24 - Cisco and Splunk – the only safe bet in Las Vegas?

Chris Middleton Profile picture for user cmiddleton June 13, 2024
We round up the first two days of Splunk’s user conference, on the ground in Las Vegas – the first major event since Cisco bought the company for $28 billion.

Splunk .conf24 stage © Splunk
(© Splunk)

Day One of Splunk’s annual user conference saw Chuck Robbins, CEO of new owner, Cisco, explain to a whooping audience of ‘Splunkers’ that their former CEO, Gary Steele – now Cisco’s President of Go-to-Market – was driving the integration. Not just from Splunk’s perspective, but also across the whole of Cisco.

Not your average big-ticket acquisition, then, when common causes of failure typically include poor cultural integration and a lack of strategic alignment. On both these points, the deal appears to have been well thought through, though (privately) many Splunkers told me they had been nervous for the future under Cisco.

But the good news is, .conf24 appears to have reassured them that ‘business as usual’ is the order of the day, with a promise – on the public stage, at least – of nothing but upsides. But that’s Las Vegas for you: a city built on gambling and show.

Indeed, Robbins and Steele have been taking their double-act on the road like a high-tech Martin & Lewis, with a recent TV interview with Bloomberg about artificial intelligence, and other joint engagements. Meanwhile, Robbins has promised that Cisco is well positioned to reap the benefits of AI – or the whirlwind, perhaps.

Among the products trailed at this year’s event have been some inevitable must-haves: AI Assistants for Observability Cloud (now in private preview) and Security (available for private preview in August 2024).

(Soon, enterprise users of different vendors’ systems will have so many AI Assistants to deal with that they may never have to talk to a human again. But will they all interoperate? That remains to be seen. Either way, it seems that for all the hype about the technology, AI’s most familiar public face will be a query window in a piece of enterprise software.)

Splunk AI Assistant for SPL is now generally available to Splunk Cloud Platform customers via AWS globally. IT Service Intelligence (ITSI) and its Configuration Assistant are also available, with Drift Detection for KPIs and ‘entity-level Adaptive Thresholds’ in public preview.

Hao Yang, VP, Head of AI at Splunk, told delegates:

Our AI Assistants are designed to help users do their jobs easier and faster. We are currently adding generative AI tools to our product portfolio to accelerate detection, investigation and response workflows. Looking ahead, we aim to further refine the integration of advanced AI technologies, and continue to deliver more reliable and more secure IT outcomes for our customers.

Robbins told us:

Investments are going into security, and into Splunk, and into emerging AI across all our portfolios. It's just something we recognize we have to do.

As explored in my previous report and interview, Steele – still General Manager of Splunk (or ‘Chief Splunker’, in the words of his staff) – now appears to be teaching Cisco how to be a 21st Century software company.

Or, at least, he is giving it a more convincing software story in a world where AI, cybersecurity, and observability will be critical. Just as important, Steele is giving the venerable hardware giant a convention center full of coltish – or perhaps cultish – enthusiasm. Splunkers in hoodies whose love for their work seems both genuine and deeply ingrained. Not losing that passion is where the risk lies for Cisco, and for Splunk itself.

For its part – $28 billion in cash notwithstanding – Cisco gives Splunk a clearer path into thousands of enterprise accounts, plus data from its rich heritage in networking. And the key to making it all work? Partnership, delegates were told.

Launching Day One of the event, Splunk’s Gretchen O’Hara, VP of Worldwide Channels and Alliances, said:

This year, I would say it's been an incredible whirlwind of opportunity and excitement. […] But we can't talk about the future without addressing where we have been.

Last year, I stood here and talked about how we were going to improve the partnership experience. How we were going to make it easier to interact with Splunk, to provide innovative solutions for you as partners, and we were going to increase the transparency in our product roadmap.

Together, we've achieved amazing results and really set the foundation for continued mutual success. A year ago, we had a little over 70% of our business impacted by partners. Today, together, we are at 90% in the year to date.

She added:

We can't do this without you, and when customers decide to partner, guess what? They're buying into a strategic partnership as well, to help customers modernize and improve observability, drive data optimization and AI capabilities, and achieve comprehensive visibility across their entire digital ecosystem.

When a customer spends $1 on Splunk, it drives five dollars of services revenue.

Using the same metric, Cisco’s $28 billion on Splunk would give it $140 billion in services revenue, which seems unlikely. But that’s not to say the purchase hasn’t been handled much better than expected.

With typical good humor, Robbins told the partner session of the conference:

The good news is Cisco has long been a partner-led company. We transitioned in the late 90s, early 2000s, when I was on the direct sales side. And they asked me to move into the channel organization – which, at the time, was not the career path anyone would choose. And I said, ‘What did I do wrong?’

Cue audience laughter. Then he added:

But I had the time of my life moving. […] And I had the honor of actually putting together a lot of programs that our partners use even today.

Nicely done. At this point, O’Hara brought Steele onstage to reunite the double act and set the tone for the conference as a whole. 

Steele said:

The thing I'm super excited about is that all of you have been a very important part of our growth strategy and growth story, and that needs to continue. 

As we become more integrated into Cisco, we appreciate everything that you've done in the past. But we want to embrace that into the future as well. And one of the things I'm particularly excited about is we're doing a lot of really good work to bring [sic] our product line more tightly aligned with the Cisco security product line.

But Steele went out of his way to emphasize that Splunk’s own innovation program and roadmap, set out before the Cisco deal, remains. It will simply continue with the words ‘A Cisco company’ beneath the Splunk logo. 

The only significant change, therefore, will be integration with Cisco’s hardware and software, plus all the new partnership and upselling opportunities that arise from that, and the enterprise doors that may open for Splunk when Cisco pushes them.

But Cisco benefits from the deal too, Robbins told delegates:

As we all know, the future is all about data. And the Cisco portfolio that we had before, we had visibility into lots of data, lots of insights for our customers. But we had no real way to structure that and give our customers value from that. 

So, coming together, we think about security in the network, about observability, and about data in general and what our customers are trying to achieve. And then you layer AI on top of that. I think the opportunity is great.

Referring to Splunk, he said:

I don't think there's another company on the planet who can give our customers greater insights as to what's going on in their technology infrastructure. Whether it's about why an application is not performing properly. Or, why do I have customers that are abandoning their carts? Or, what's the security threat profile that I'm seeing right now? 

The ability to pull all of these data points together and give our customers clarity, instead of this crazy world that they're all trying to navigate, it truly does lead into this whole notion of digital resilience, which is really the ultimate.

On that point, Splunk and Cisco, in collaboration with Oxford Economics, released a global report at the event, titled ‘The Hidden Costs of Downtime’. The research estimates that the total cost of system downtime for Global 2000 companies is in the region of $400 billion annually, or nine percent of respondents’ profits.

The report emphasizes that, for any organization today, the consequences of downtime go far beyond the immediate financial costs and include a lasting impact on a company’s shareholder value, brand reputation, customer trust, and, therefore, ability to innovate.

On the same digital resilience theme, Day Two of .conf24 saw further product announcements. For example, the Splunk Data Management portfolio allows users to send, share, and process their data across the Splunk Cloud Platform and Splunk Observability Cloud.

According to the company, customers can now pre-process data through a single pipeline and achieve the be-all and end-all of enterprise cloud adoption: end-to-end visibility for SecOps, ITOps and engineering teams, who will now have greater control over the shape, volume, and destination of their data, while unifying the collection of metrics and logs.

Tom Casey, SVP and GM, Products & Technology, explained:

Not all data is created equally, and its value changes over time. Organizations need solutions that simplify the data management experience while enabling them to retain control and ownership of their data. That’s why we are thrilled to launch these new Data Management capabilities so organizations can harness true control over their data pipeline.

Security, via increased observability, was also a focus on Day Two, with new product announcements to power the ‘SOC [security operations center] of the future’.

Among the new releases are Splunk Enterprise 8.0, which “empowers security teams to proactively manage and mitigate risks effectively”, plus a new Federated Analytics feature, which analyzes data where it’s stored for improved threat hunting and frequent-threat detection. 

Mark Terenzoni, GM Security Services for Amazon Web Services (AWS) said: 

With Amazon Security Lake and Splunk’s Federated Analytics, customers now have access to significant advancements in data security and accessibility, supporting SOC use cases such as monitoring and threat hunting.

We are enthusiastic about our collaboration with Splunk to enable customers to perform just-in-time indexing for large volumes of data sources without requiring data movement for investigative use cases. Federated Analytics and the Open Cybersecurity Schema Framework (OCSF) underscores our shared vision of driving innovation and efficiency in cybersecurity.

Meanwhile, Splunk Attack Analyzer is generally available, while a new Asset and Risk Intelligence tool aims to speed up the security investigation of key assets. Once they are identified and logged, it will continuously update security teams of their state and whereabouts on the network.

Also on Day Two came the first product evidence of the Cisco and Splunk deal, with full integration between Splunk’s security tools and Cisco’s Talos threat intelligence system. According to Splunk, security teams will now be able to harness Cisco Talos across Splunk Attack Analyzer, Splunk Enterprise Security, and Splunk SOAR.

For Steele, the key point of the Cisco deal is this:

Our roadmap is our roadmap. And all the commitments we made a year ago, we're delivering on them. And the funding model as we come into Cisco is we have the ability to continue to invest in critical integration points, which you’ll see aren't disrupting the roadmap either.

So, all of the things that you've loved about Splunk, you should now love more, because you're going to get more, because of all this cool integration that we'll be doing. So, I just want to reassure you. And hold us accountable.

My take

The message “hold us accountable” has been a subtext of .conf24, with Splunk urging users, staff, and partners to give constant feedback on how this merging of the Splunk and Cisco worlds is going.

As Robbins put it:

Our teams work with you. They're all here in one spot to make sure that they've solved that problem for you as you go forward. We've seen it before with other acquisitions. So, we know. And we've learned how not to do it.

A grey colored placeholder image