Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward

Here’s Why Big Data-Cruncher Splunk Is Buying Cyber Startup Phantom for $350 Million

February 27, 2018, 7:47 PM UTC
Signage for operational intelligence company Splunk, in the Silicon Valley town of San Jose, California, April 7, 2017. (Photo via Smith Collection/Gado/Getty Images).
Smith Collection—Gado Getty Images

Splunk, a San Francisco-based firm that provides data analytics, said Monday it plans to buy the 4-year-old startup Phantom Cyber for $350 million in cash and stock. If the deal clears regulatory review, it will be the company’s biggest ever (SPLK).

For Splunk, the acquisition is a no-brainer. Phantom’s products help automate the work of IT security staff, many of whom use Splunk’s software to triage incidents within their security operations centers.

Haiyan Song, who heads Splunk’s security markets group, tells Fortune that “automation is becoming more and more important because of the shortage in professional capabilities,” referring to a talent deficit that continues to plague the cybersecurity industry. “You need to adapt defense at machine speed,” she says.

Splunk and Phantom first partnered in 2016 as part of an initiative to more tightly integrate their products. That same year Phantom made a big splash at the annual RSA Conference, the cybersecurity industry’s biggest event, when it placed first in a notable startup competition.

Song said the acquisition was “the natural next step for us to join forces.”

For Splunk, security remains big—and growing—part of its business. The company brought in $950 million in revenue last year, roughly 40% to 50% of which derived from its security offerings, as CEO Douglas Merritt noted on a third quarter earnings call in November.

Overall, Splunk’s revenues grew 42% last year compared to its prior fiscal year, when it brought in $668.4 million.

Splunk’s security-related sales have been a major growth factor in recent years. On a 2015 earnings call, David Conte, Splunk’s chief financial officer, said that security accounted for about 40% of Splunk’s business, doubling its contribution to the firm’s total revenue in just two years.

“We have seen security go from, again what was a couple years ago 20%, 25% to consistently 40% of the business,” Conte said at the time, as recorded in a transcript of the call on the finance site Seeking Alpha.

Earlier that year, in July 2015, Splunk completed a $190 million acquisition of Caspida, a cybersecurity firm that sold user behavior analytics tools, which parse large data sets for patterns and anomalies. The purchase—formerly Splunk’s biggest—helped to expand Splunk’s security product line.

With the purchase of Phantom, Splunk is clearly seeking to keep up the momentum by planting its flag in the security orchestration and automation segment, a hot category of the cybersecurity market.

The deal works out well for Phantom, too. After Phantom’s most recent fundraising round in January 2017, the company was privately valued at just under $100 million, including a total of about $23 million in venture capital raised, per data provided by Pitchbook, a VC industry tracker.

Phantom’s investors include Blackstone Group, the private equity giant, and In-Q-Tel, the venture capital arm of the U.S. Central Intelligence Agency.

Song said the deal, which is expected to close by the first half of the year, represents a “shift in our industry, in how security needs to be done”; it signals, in other words, businesses’ dawning realization that humans are increasingly going to have to rely on machines to augment their responses to digital break-ins and data breaches.