Cisco is always a barometer of the network status quo, and they turned in a solid quarter last week, but one that may offer a view of how the future of networking could impact the future of network vendors. Cisco’s way of dividing its product segments makes it hard to decode their details, but we’ll give it a shot, at least with respect to what those details mean for the market overall.
Generally speaking, Cisco’s numbers were good; slightly above Street estimates but in-line with previewed comments the company made. Cisco’s visibility into future sales was good, and their guidance was modest, below some expectations and slightly above others. The Street generally didn’t raise forecasts for Cisco and some analysts said they preferred others in the space. Of the six specific product spaces Cisco reports on, two were clearly above, two clearly below, and two mixed with some analysts expecting more than the Street consensus, and Cisco fell between. Services were below Street estimates, which Cisco attributed to being unable to ship as much product as they hoped because of supply chain issues.
The modest guidance for the rest of the year has some analysts concerned that a short-term modernization boom may not sustain itself for the entire year. A few other analysts expressed concern about Cisco’s long-term direction, saying that they needed “transformative” acquisitions and to “reinvigorate” some of their growth segments. The Splunk rumor might be what the later group has in mind, and that’s a good place to start, because even if the deal isn’t done (which looks increasingly likely), the fact that Cisco apparently wanted/wants to do it is the key point.
Splunk is a data-stack company that supports security and observability, meaning application and infrastructure monitoring and analysis. This is certainly something that could be positive for Cisco’s security business, but it doesn’t seem to me to fit the “transformative” label others want Cisco to stamp on M&A. If there’s something out there that could advance Cisco’s future opportunity base, the company either doesn’t see it or doesn’t want to risk overhanging current opportunity by pushing into it.
The latter fits the “fast follower” label that Cisco often applies (largely internally) to itself. You can’t fault them for taking that position either; the current rising tide is lifting boats of market leaders most because they are market leaders. Evolutionary investments, in which modernization investments fall, tend to reinforce current vendor commitments.
Another problem with transformative M&A is that it may not transform the company doing the acquiring. Cisco, like most network companies, has a spotty record with M&A and the issue has been that the company never successfully integrated its acquisition at the strategic level. Juniper, up to the last three years or so, had exactly the same problem. Splunk or another company in their space, whether you see it as transformative or not, is different from Cisco. Security to Splunk is a subset of observability, meaning that security issues can be treated as data points and analyzed like a network problem or server problem. Cisco knows security, but it’s not exactly an observability giant. Could they push Splunk broadly with a narrow view of what it can do? If not, could Cisco really milk all the revenue from it that the deal should be able to bring?
Rival Juniper also did a recent security-linked acquisition, WiteSand, which brings Juniper network access control and identity services capabilities. The quote Juniper gave SDxCentral on the deal suggests that Juniper had been contending with an absence of NAC, which means that the deal has a tactical goal. However, Juniper plans to integrate WiteSand with Mist, and since 128 Technology (an earlier Juniper acquisition that includes strong zero-trust SD-WAN connection management) it’s possible that elements of the WiteSand identity services and 128T’s explicit connection features (Juniper calls them “Session-Smart Routing” or SSR) might combine. In any event, the WiteSand deal seems at least potentially symbiotic at a strategic level, more so certainly than Splunk would likely be for Cisco.
One reason that’s true is that SSR is about more than just security, it’s about network behavior on a broad scale. It’s not that security is a bad thing, but it’s a horse that network vendors have been riding for decades, and some users are already complaining that they spend more on securing their network than on their network. At some point, all these security things are going to have to consolidate. Is Cisco seeing that being facilitated and managed with Splunk? How about Juniper and WiteSand? I can see how Juniper might use WiteSand that way, but it’s not clear to me how Cisco would do the equivalent with Splunk or anyone like it.
One thing seems certain, though, and that is that Cisco isn’t saying anything about metro and the “new network” concept I’ve been blogging about recently. If we are indeed looking at a looming change in basic network architecture, one centered on metro-edge hosting and optical meshing of metros, then Cisco doesn’t seem to be setting up for it. Again, that’s not a surprise given Cisco’s incumbency and market-leading position in the current hierarchical-router model. But it would leave Cisco potentially vulnerable.
To whom? Juniper, obviously, but also DriveNets, both companies I talked about in a blog last week in connection with new-network competition. If DriveNets is indeed winning most of the deals where operators are looking for a shift away from at least the traditional router vendors, then it might well be able to do even better and with a broader swathe of operators, if it had aggressive new-network positioning. If Juniper saw that risk and responded by taking advantage of the fact that its “Cloud Metro” story was at least a positioning on-ramp to the new-network model, two vendors would now be doing the right thing and Cisco would still be waiting to fast-follow.
I think that’s the strategic risk that some Street analysts see, and why they’d like some transformational M&A from Cisco. I’m not saying that the Street knows about or believes in my new-network model, but they surely see that the current model is under pressure and that there will be, at the very least, commoditization risk to vendors who can’t differentiate themselves beyond that current model. Thus, the Street may not see the specific thing that Cisco should be preparing for, but they want them to prepare for something because they believe that commoditization (via vendors like DriveNets, perhaps?) is going to bite Cisco down the line.
What this all means is that Cisco is fairly secure in riding the old-network wave through the next quarter or two. Going beyond that to the end of the year, without some credible strategy to boost revenues and sustain margins, may cause the Street to get worried and punish the stock. Going well into 2023 with the same gaps, and Cisco may be vulnerable to new-network positioning by competitors. Don’t worry yet, Cisco, in other words, but don’t get too comfortable either.