Cisco to buy threat detection startup SnapAttack to help win over more security customers

Once the deal is complete, the startup’s platform will become part of Cisco’s Splunk business to accelerate its threat detection strategy and help enhance enterprises’ security operations, the companies said this week.

Cisco Systems this week announced its intent to acquire SnapAttack, a threat detection and engineering platform provider that the company said will help Cisco’s Splunk power the Security Operations Center (SOC) of the future for enterprises.

Founded in 2021, SnapAttack’s platform will become part of Cisco’s Splunk business to further accelerate its organic threat detection road map and help enhance enterprises’ security operations in favor of a more threat-informed defense, according to the two companies.

San Jose, Calif.-based Cisco, which has been hard at work raising its security profile in recent years, said the acquisition of SnapAttack, once closed, could help win over new security customers “on the fence” about the value of Splunk Enterprise Security.

The pending deal would mark the fourth acquisition of the year for Cisco, all of which were security-related deals.

The Arlington, Va.-based startup’s technology arms security analysts with the information they need to continuously assess, organize and optimize their security content, streamlining the research, writing, validation and deployment of threat detections across their technology estate, according to SnapAttack.

The company is already helping enterprises that have migrated away from competing security offerings in favor of Cisco Splunk by easily adapting, deploying and validating their existing security content onto Splunk and is helping these businesses modernize their security information and event management (SIEM) strategies, the companies said.

“Splunk’s threat detection, investigation and response (TDIR) solution is anchored by its market-leading SIEM platform, Splunk Enterprise Security, which includes Enterprise Security Content Updates (ESCU) that provide customers prepackaged, regularly updated detection content. SnapAttack provides a solution that supports the complete detection content life cycle, starting with curated detection content discovery that is prioritized by current threat activity, potential impact and other factors, all the way through to the continuous validation, testing and assessment of deployed content,” said Mike Horn, senior vice president and general manager for Splunk’s security business, in a blog post on the proposed deal.

SnapAttack counts some of the world’s largest organizations in industries with the most stringent cybersecurity regulations as customers, the company said.

In Cisco’s first quarter of fiscal 2025 which began in August, the company closed two software acquisitions, including DeepFactor, a privately held cloud-native application security company, and Robust Intelligence, a privately held AI security solutions company.

Cisco also announced its intent to acquire Deeper Insights AI, a privately held AI services company based in the U.K., in October.

The companies did not say when they expect the deal to close.