Cisco acquires Splunk: What this means for the print market
How will Cisco’s move to acquire Splunk reshape the SIEM market and what implications does this have for the print security landscape?
Cisco recently announced that it intends to spend $28 billion in a cash deal for Splunk, a leading vendor in the application performance monitoring (APM), observability, and security, information, and event management (SIEM) markets. The acquisition will undoubtedly bolster Cisco’s position in the observability and security markets, as well as give its recurring revenue model a significant tailwind, adding $4 billion in subscription-related revenue.
The announcement did not surprise many observers tracking both organisations, since rumours had started swirling about a union in early 2022. Cisco had also already intended to become a dominant player in the security and observability markets and transition to a higher-margin recurring revenue model.
The acquisition of Splunk underscores a few trends that have been developing during the last few years. Digital transformation initiatives require tighter fusion between IT departments and lines of business. Both are entering strategic discussions on how to operationalise organisational data into a competitive advantage, increase customer-centricity, and reduce silos in IT. Fundamentally, the CIO is the curator for myriad types of data and more involved than ever in helping organisations unlock their value.
Cybersecurity threats are becoming more sophisticated, successful, and omnipresent, coupled with staff shortages that add continued stress to organisations. Therefore, organisations are calling for more sophisticated AI-infused solutions to augment security operations and help them move beyond threat detection and response into threat prediction and prevention. Another major trend involves companies continuing to mix and match between on-premises, full-cloud, or hybrid cloud environments, adding complexity to network monitoring and security.
Recognising the market shifts, Cisco has made a flurry of acquisitions over the last several years, such as AppDynamics, ThousandEyes, Duo Security, Code BGP, Accedian, and Valtix, as well as a slew of others in the security and network observability market, with the intent of ramping up its Full-Stack Observability (FSO) platform to capitalise on its already-robust market share and extensive customer base in key networking markets.
In fact, the company has a commanding market share across its core markets, such as ethernet switching, enterprise and service provider routing, and enterprise wireless LAN markets. It is also a key player in the security appliance market, which Fortinet and Palo Alto Networks currently lead.
The evolving threat landscape and role of SIEM, ML, AI, and data-driven security
Over the last several years, the threat landscape has rapidly evolved and shifted the balance of power to cybercriminals as the attack surface has continued to widen in a multitude of ways. Fundamentally, more connected devices than ever before are in the hands of consumers and businesses and under attack from ransomware gangs, state-sponsored hackers, hacktivists, and others.
The following are just a few notable attack surfaces coupled with attack vectors that are plaguing organisations today:
- Smartphones: Approximately 1.2 billion smartphone shipments worldwide make their way into the hands of business professionals and consumers every year. This has propelled the growth of mobile commerce, gaming, entertainment, and more. Attackers know that users employ several digital services for entertainment, mobile commerce, online banking, and logistics services for last-mile delivery. Although these services drive greater customer-centricity and generate valuable data, insights, and opportunities to monetise revenue, they also pose significant risks. To make the user experience much richer (offering, for example, seat availability at games, bank transfers, and store inventory), organisations continue to open more application programming interfaces (APIs), which tend to be vulnerable and a key attack vector for hackers to get inside an organisation. This creates the need for greater API awareness and governance. Another attack that continues to plague smartphone users is social engineering techniques using phishing attacks.
- IoT/OTT devices: Roughly 16.7 billion connected IoT devices worldwide are used across multiple vertical markets, along with the smart home. This has and will continue to widen the attack surface because of trends such as the growth of 5G propelling smart cities and manufacturing. IoT devices represent a significant threat, especially when they are forgotten and unpatched. Thus, this also creates the debate about whether devices should be mortal or angelic, especially in environments that are rugged and hard to reach.
Print infrastructure vulnerabilities
Many consider printers as a low-priority target for attackers, yet 61% of respondents Quocirca’s Print Security Landscape 2023 reported a print related data loss in the past year. Despite efforts to go paperless, some vertical markets (such as healthcare, financial services, manufacturing, and defence) and departments (such as human resources, legal, facilities, and marketing) have continued to print despite mandates to prune operating expenses.
Although the market did exhibit some headwinds due to the pandemic, many organisations are calling employees back to the office for full in-office or hybrid work arrangements. This trend is expected to buoy print demand. According to Quocirca’s Print Security Landscape 2023 study, 70% of respondents believe print will be important to their organisations in the next 12 months.
CIOs and CISOs consider the top challenges around print security to be maintaining security levels of print management software, protecting printing of highly sensitive information, and securing printing in distributed environments of home offices. Key methods hackers have used over the years to attack network printers have exploited printer languages, such as the printer’s job language (PJL, invented by HP) and Postscript (invented by Adobe) interpreters. These tactics involve infecting an unattended print device with a USB stick that contains Postscript interpreter malware, or setting up an ‘evil-twin’ access point since most printers are Wi-Fi enabled.
Print vendors have a history of investing in areas that enhance the network security of printers and protect them from physical device tampering. A few vendor examples are Xerox and HP. To strengthen threat detection and response, Xerox has key partnerships with Cisco and Trellix. This offers greater visibility into end-point activity through Trellix’s ePolicy Orchestrator and Cisco’s Identity Services Engine (ISE) working in unison, sharing threat events, enforcing policy, and performing micro-segmentation.
In 2019, to bolster the security of its PC and print businesses, HP acquired end-point security vendor Bromium, which uses micro-virtualisation that isolates threats from untrusted sources. HP’s security also includes the HP SureStart secure boot process, which validates the integrity of the BIOS and defaults back to a good state if the BIOS is infected. Fundamentally, the device will self-heal and replace the infected BIOS with a pristine copy.
How is SIEM being used by MFP vendors?
Organisations have realised just how vulnerable the printer is as a key attack surface. According to Quocirca’s research, 79% of respondents expect their security spending to rise. Leading security measures include conducting formal risk assessments (58% of respondents), implementing data-loss prevention solutions (53%), and having a formal process in place to respond to print security incidents (46%).
Also, 32% of respondents are implementing SIEM-based solutions, as more print vendors have allowed their devices to be configured to supply print data to SIEM solutions (such as Splunk, SIEMonster, ArcSight, and QRadar).
At a rudimentary level, a SIEM tool collects log files from hosts (such as enterprise servers and storage) and network devices (such as routers, switches, firewalls, DLP, and access points) across the network, along with incorporating threat intelligence, vulnerability feeds, and network detection and response data. It aggregates and normalises (not all log files have the same data structure and need to be normalised for analysis), sorts, prioritises, and alerts staff. A key component of the solution is leveraging artificial intelligence, machine learning, and analytics to help correlate events in real time, augmenting the SoC analyst.
Although SIEMs are used in myriad scenarios, a typical one might involve a rogue employee creating a structured query language (SQL) query to download all customer data from the company data warehouse and trying to print it out. In addition, before the employee ran the query, they may have gone to the career section of rival websites, where the IP address may have been picked up.
Thus, in real time, those events have been correlated and the system shut down, automatically thwarting the print job. In a nutshell, now that vendors are sharing log data with the SIEM, events such as these might be correlated and thwarted in real time.
What opportunities might this create for print OEMs?
Cisco’s acquisition of Splunk is a clear indicator that organisations want AIOps fused into operations to mitigate risks, drive operational efficiency, and push customer-centricity. For print vendors, the acquisition will undoubtedly provide additional opportunities. As an example, supplying log data with the SIEM will offer greater insights into security risks, forensic investigations, and reduction of downtime.
This also allows vendors to offer greater up-and-cross-sell opportunities, as more partners, such as global system integrators, strategic VARs, and national solution providers, have created practices around cybersecurity, collaboration, the cloud, and information management.
In conclusion, the acquisition ticks needed boxes for Cisco. It adds a leading vendor in the APM, observability, and SIEM markets; significantly boosts its higher-margin subscription revenue; and adds greater capabilities to its FSO platform, which will allow it to capitalise on its existing partner base. For print OEMs, this provides greater opportunities in the future, such as up- and cross-selling opportunities and ecosystem expansion.
Our view is that the acquisition will be positive for the company, since it has tremendous market share across switching, routing, and access points, coupled with being one of the market leaders in the security appliance market. Thus, the company has excellent odds of weaving in SIEM capabilities across its devices to create a greater level of stickiness and customised solutions.
Find out more about Quocirca’s Print Security Landscape 2023 report.
Image credit: CryptoFX/Shutterstock.com
