The News: SAN FRANCISCO – May 18, 2021 – Splunk Inc. (NASDAQ: SPLK), provider of the Data-to-Everything Platform, today announced it has signed a definitive agreement to acquire TruSTAR, a San Francisco-based cloud-native security company providing a data-centric intelligence platform. Read the full release in Splunk’s Newsroom.
Analyst Take: Splunk continues to invest in complementary acquisitions that make its security portfolio more extensible and enable customers to scale their cybersecurity efforts.
TruSTAR isn’t a household name by any means. Still, Splunk’s mission continues to zero in on scaling its security business from SecOps tools to a full-scale cloud-based observability platform that enables enterprises to access all data sources and simplify intrusion detection at scale while also responding to threats using increased automation capabilities.
TruSTAR has recently been actively accelerating its ecosystem. In late March, the company announced a key partnership with ServiceNow to implement its Security Incidence Response (SIR) solution to prepare and normalize security intelligence data from multiple sources to distribute information between teams, industry peers, and other data systems. This partnership sought to accelerate automation to remediate threats more quickly. While this joint effort was only recently announced, TruSTAR has been partnering with ServiceNow for nearly 3 years.
The Challenge is in Network Complexity – Splunk Seeks to Simplify
A modern network provides the enterprises with what is required to keep it secure, but it isn’t always intuitive as these insights are locked in the data. Furthermore, as networks continue to proliferate, including on-prem, hybrid cloud, and containerized nodes, it adds volume and complexity to the data. In its continued evolution, Splunk is looking to build and scale its solutions to make real-time information more accessible and create an end-to-end workflow that incorporates the latest in automation to quickly identify and remediate issues prior to any business disruption.
I see the acquisition as a layer in Splunk’s security platform, in particular, to support its automation, detection, and response workflows coupling broad data sets of first and third-party intelligence sources to leverage internal and historical intelligence sources.
This acquisition will also provide additional resources for TruSTAR customers, which will also be able to take advantage of community and freemium feeds from several of Splunk’s commercial threat intelligence integration partners, including Intel471, Recorded Future, and Mandiant.
Deal Details in Limited Supply
The Splunk press release didn’t provide much detail on the deal size or terms. I believe this is a strategic puzzle piece for Splunk to enrich the offering, and TruSTAR clearly had capabilities that could quickly and seamlessly incorporate into Splunk’s ecosystem. This type of deal fits the historical pattern at Splunk that has included several smaller acquisitions that add key features and match Splunk’s ambitions to scale its offerings and migrate to meet the complexities of shifting IT requirements and a growing focus on enterprise security.
Futurum Research provides industry research and analysis. These columns are for educational purposes only and should not be considered in any way investment advice.
Other insights from Futurum Research:
Image Credit: Splunk