Cisco-Splunk Will Face Huge Challenge Vs. Palo Alto Networks: Analysis

Splunk’s SIEM technology faces stiff competition from Palo Alto Networks and its AI-powered XSIAM security operations platform.

Palo Alto Networks CEO Nikesh Arora

There’s no denying that Cisco’s largest M&A deal of all time, the planned $28 billion acquisition of Splunk, will make the tech behemoth an even more formidable player in cybersecurity.

But the big question on my mind, at least, is whether it’ll be enough to have any impact on the momentum of cybersecurity juggernaut Palo Alto Networks.

[Related: Cisco’s $28B Acquisition Of Splunk Is A ‘Perfect Marriage’: Partners]

Specifically, I’m concerned with the matchup of Cisco-Splunk vs. Palo Alto Networks’ Cortex XSIAM offering. Aside from the company’s original next-generation firewalls, XSIAM (extended security intelligence and automation management) is “shaping up to be our fastest-growing offering” to date, Palo Alto Networks CEO Nikesh Arora said in August during the company’s latest quarterly report.

For Cisco-Splunk, XSIAM is likely to pose their biggest competitive challenge, according to partners of both Splunk and Palo Alto Networks who’ve spoken with me recently.

XSIAM competes with Splunk’s widely deployed SIEM technology in the market for equipping Security Operations Center teams with the logging, analytics and search capabilities they need to effectively respond to cyberthreats. In short, for many organizations, SIEM is how the sausage gets made in cyberdefense.

Given Cisco’s huge and growing focus on cybersecurity, it’s SIEM (security information and event management), more than anything else that Splunk does, that appears to be the driving force behind Cisco’s keen interest in the company.

But while Cisco and Palo Alto Networks are longstanding competitors on network security, the planned addition of Splunk to the Cisco family sets up a much bigger security operations rivalry between the two cybersecurity giants than we’ve seen so far.

‘Autonomous SOC’

According to partners, however, Palo Alto Networks XSIAM brings some significant advantages over Splunk’s SIEM technology. In a nutshell, XSIAM aims to leverage AI to rapidly detect and respond to a greater number of threats than was previously possible — enabling what the company has described as an “autonomous SOC.”

Despite not being as mature as Splunk, the XSIAM offering stands apart thanks to the simplicity of use of the product and the automations that it brings to security operations, partners have told me.

And customers would seem to agree: While Palo Alto Networks had originally set an “aggressive goal” to generate more than $100 million in the first year of the AI-driven platform, XSIAM had already yielded more than $200 million over the first three quarters of the company’s fiscal year, Arora said in August — with one more quarter still to go.

“This is strong validation that our outcome-based value proposition [with] XSIAM is resonating well with security organizations — and also a sign that interest in applying AI to transform security operations is very high,” he said at the time during a call with Wall Street analysts.

‘Holy Grail Of Security’

The XSIAM technology enables an unprecedented capability: “Real-time security,” with its ability to thwart cyberattacks as they’re happening, Arora told CRN earlier this year. And that, he said, is truly “the Holy Grail of security.”

Without a doubt, Palo Alto Networks is challenging the status quo on traditional SIEM with its XSIAM platform, said Dustin Grimmeissen, senior director of technical specialists at Ahead, earlier this year. XSIAM is doing so by “using more real-time data feeds, more automation, more machine-learning-type analytics—to make decisions quicker and to automate some of the response,” Grimmeissen told me.

With countless customers seeking to up their game on security operations right now, there’s room for many cloud-native SIEM players — including Microsoft, CrowdStrike, Google Cloud and others — to find growth opportunities in coming years.

But at this juncture, Cisco-Splunk vs. Palo Alto Networks XSIAM is really looking like the matchup to watch. Stay tuned.