Cisco SD-WAN advancements continue after landmark $28B Splunk deal

Cisco is having a busy month, announcing its $28 billion acquisition of Splunk last week and today, a new set of networking enhancements that will see its SD-WAN become the first to integrate with Microsoft’s Sentinel platform.

The deal with Splunk, a cybersecurity and data analytics company, is the third-largest software acquisition to date, and industry experts have speculated it could unlock more mergers and acquisition (M&A) activity across the tech industry.

Analysts have flagged potential challenges integrating Splunk, which already has a dedicated userbase, into Cisco's product strategy. But Cisco said it will stay mum on what that strategy might look like until the acquisition officially closes.

Cisco CEO Chuck Robbins said combining the two companies’ capabilities will drive Cisco’s push into AI-enabled security and observability forward, including “threat detection and response to threat prediction and prevention.”

Today Cisco unveiled a set of enhancements to its SD-WAN portfolio that will also open up more security options for network teams. Notably, it is the first SD-WAN vendor that has integrated with Sentinel, Microsoft’s security information and event management (SIEM) platform.

Cisco had already integrated its SD-WAN with Splunk’s SIEM capabilities, but the addition of Microsoft Sentinel will provide Cisco customers “with another option based on their current environment,” said Cisco’s JP Shuka, director of product management. Some customers will want Splunk capabilities, but others will have already invested in Microsoft Sentinel.

According to Shuka, Microsoft Sentinel goes beyond SIEM to provide threat intelligence for “actual customer traffic.”

New integration capabilities will also be enabled for Cisco Catalyst SD-WAN with Skyhigh Security, a third-party security service edge (SSE) provider.​ SD-WAN makes up the networking part of a secure access service edge (SASE) framework, while SSE is the security portfolio required for a SASE.

“Many of our customers are on their journey to a SASE implementation,” Shuka said. Cisco allows SD-WAN integrations with its own SSE offering, as well third-party products from other SSE vendors, so network teams deploying multi-vendor solutions have multiple options when choosing products and can tap into one or all of Cisco’s SD-WAN, SSE and SIEM integrations.

Currently, Cisco has SD-WAN integrations with SSE vendors Zscaler, Palo Alto, Cloudflare and Netskope.

Other updates to Cisco’s SD-WAN portfolio include new support for its virtual routing platform, Catalyst 8000V, with Equinix integrations. The company also introduced SD-routing management capabilities for traditional routing devices through its Catalyst SD-WAN Manager.  

Shuka told Fierce these enhancements align with Cisco’s vision of “enabling organizations to eliminate complexity, secure network connections and facilitate convergence between security and networking.”

Dell’Oro Group Research Director Mauricio Sanchez earlier this year told Fierce he thinks Cisco is hoping to establish itself as a leader in the SD-WAN market, after the company unveiled a different set of enhancements for its SD-WAN portfolio in February.