Splunk Deepens its Security Portfolio by Acquiring TruSTAR
by Daniel Newman | May 25, 2021

The Six Five team explores Splunk’s acquisition of the cloud-native security company TruSTAR.

Watch the clip below:

If you are interested in watching the full episode you can check it out here.

Disclaimer: The Six Five Webcast is for information and entertainment purposes only. Over the course of this podcast, we may talk about companies that are publicly traded and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors and we do not ask that you treat us as such.


Daniel Newman: All right, so let’s get onto the fifth topic and this should be a quickie, Splunk. One of the companies that I’ve enjoyed talking about and we’re starting to get more involved in the show, made another acquisition this week. Now Splunk kind of long and short likes to, to brand itself as the provider of the data, to everything platform. So unlike some other companies we’ve talked about today, Splunk is not necessarily a household name, but essentially what it’s done is built this place form that has removed barriers between data and action, their focal points are IT, DevOps and security. Made an acquisition this week, smallerish acquisition. But if you don’t know, Splunk was a prem based observability platform or sorry, prem based Ops, SecOps platform that’s moved to an observability in the cloud platform to essentially allow an organization to use as kind of a wrapper, I call it, around all the organization’s data to be able to more rapidly, everything application to infrastructure, to security.

As we mentioned earlier in this pod, Pat, security is a massive issue. Companies are running up against it. Threats are coming from everywhere and the ability to not only have all the data available to identify, detect intrusion early on and deal with it, but you’re seeing more of a need for orchestration and automation. And so this TruSTAR acquisition that was made by Splunk really is set out to address that. This company, by the way, TruSTAR, while not a household name, like I said, has been busy in this space. Has been busy in this partnership. Most recently I believe they partnered up with ServiceNow. TruSTAR had been working with ServiceNow to build workflow orchestration automation, to reduce security threats and intrusion. And it’s like I said, it’s big thing is all about automation. It’s about you being able to take all the data sources, being able to in real time, automate the resolution of threats using AI, ML, automation and basically full visibility to data through the cloud.

No details, Pat, on the size of the deal. We don’t know if it was a million dollars or a billion dollars, but we do know that this company has been partnering with some of the world’s largest automation and technology and companies like Splunk, like ServiceNow. They’re in the right space. What’s interesting about Splunk is, like I said, is it’s not necessarily this known entity just yet. Their CEO, Doug Merritt, I’ve done a few interviews with him. He’ll be involved in something we’ll tell you more about in a moment, but what this company has done very well is acquiring smart pieces to the puzzle that has enabled it to move from this prem based IT Ops, SecOps tool to a full cloud tool set.

And Pat, by the way, in their recent comp event last year, Doug Merritt showed numbers about their annual recurring revenue growth. And he was able to show that and that Splunk’s growth actually outpaces some of the world’s fastest growing SaaS companies. Splunk is growing faster than Salesforce, faster than ServiceNow in terms of its recurring revenue and in cloud business growth. While it’s not known yet by everybody out there, if you are in IT Ops or SecOps, you probably know who they are. But Pat, December they acquired Flowmill, November acquired Rigor, October Plumbr. You’re talking about three acquisitions in three months. Last year, Streamlio, SignalFX, Omnition, KryptonCloud. Every one of these is a piece of the tool box that enabled Splunk to move to this full observability cloud.

Who else is in observability? IBM’s in observability. Who else? Cisco’s in observability. All the major cloud players are in observability. While every company is putting more effort, more time, making more investments in acquisitions, Splunk was ahead of the curve. It was early on this and now it’s making some really smart little add ons to its business, like TruSTAR that are enabling it to differentiate and be a best of breed solution in this particular space. I’m pretty bullish on the company. I know the leadership. I’ve found what they’re doing to be on the right track and you can’t argue with their growth.

Patrick Moorhead: Listen, Daniel, there’s no doubt that their customers and the enterprise know who they are and they’re in at least 90 out of a 100 Fortune 100 out there. And if you’re anywhere in the vicinity of cybersecurity, IT Ops and observability, you know this company. Splunk’s challenge is they need to have more horizontal uses to leverage big data. And this is what this is all about. This acquisition adds to their cybersecurity solution suite. And I think growing through small acquisitions to make the usability of big data is a smart thing. And it’s a natural thing for them. And like we’ve seen with Hadoop to Spark, to different big data tools, you’re always being eaten by that next startup and observability startups are coming out literally all over the place. I get pitched weekly on them. This latest one is using Snowflake. That’s their claim to fame. And they’re probably going to go right up against Splunk in the exact same area. Splunk needs to grow and it needs to grow fast. I like their multiple acquisitions.

Daniel Newman: Yeah, they’re on the right track. And Pat, I know we kind of debate whether or not to do this. I realize I may have been a little muddy so just to be very clear, I want to give you guys one sentence on what this means. This is a layer to their Splunk security platform, in particular support its automation, detection, response workflows and basically the ability to take first and third-party intelligence sources to leverage both internal and historic intelligence. That’s it. That’s what just happened. That came straight out of my blog. I read it because it was better thought out than anything that came to my mind when I was explaining it.

About the Author

Daniel Newman is the Principal Analyst of Futurum Research and the CEO of Broadsuite Media Group. Living his life at the intersection of people and technology, Daniel works with the world’s largest technology brands exploring Digital Transformation and how it is influencing the enterprise. Read Full Bio