Big Data

As Sumo Logic readies for IPO, can it threaten Splunk?


tldr: No. At least not yet ….

Sumo Logic is filing for its IPO this week. Yes, the world may be plagued by a pandemic, forest fires, chaotic weather patterns with 100-degree temperatures and snowfalls (on the same day, yes), but let us take a pause to consider the upcoming market battle between Sumo Logic and Splunk. Mount Vesuvius may be exploding and spewing fire in our face, but on our way to our extinction, we sorely need to check our log data, our stocks, and IRR growth.

So here we go.

By now, we have accepted that we are all data hogs, collecting and saving every bit and byte, logs, trickles, and streams. (Here is my recent post on Snowflake and its meteoric growth). We are addicts and hoarders all in one. Both Sumo Logic and Splunk do a similar thing — gather all your data and let you analyze it, more or less.

But Sumo Logic is all SaaS, while Splunk is still shifting to SaaS. So can the new IPO kid in town, Sumo Logic, be a strong competitor to Splunk? Considering that both are playing in a $50 billion total addressable market, according to Sumo Logic’s S1 filings, I am pretty sure there is room for more than one player.

Splunk got off to an early head start but was an “on-prem” product. “It was almost eight years ago when I first saw Splunk’s product – I was blown away” says a VP of Engineering at a $4 billion company. “It was a well designed product and we loved it.”

Those of you who are old enough may recall that Splunk started as a data ingesting dinosaur, which then turned into a nimble bird, flying in these hybrid clouds. I got a laugh when I dug out its S1 offering from January 2012, where Splunk identified SaaS as a risk, saying if customers demand software that provides operational intelligence via a “Software-as-a-Service” business model, the company’s business could be adversely affected. I’m sure the founders of Sumo saw that opportunity and jumped on it at a good time. But Splunk has turned into a cloud-first company, without compromising its growth rate. It is now pulling in $1.93 billion ARR (Q2 2021). In its most recent earnings call in Sep 2020, CEO Doug Merritt shared that the annual recurring revenue (ARR) from SaaS subscriptions is growing at a healthy ~50%, and 53% of its total bookings are now via subscriptions. This increase is a non-trivial feat. To make this shift while maintaining growth is like swapping out an airplane engine while flying at 30,000 feet.

Splunk now pulls in $1 billion ARR from cybersecurity

Almost 50% of Splunk’s revenue comes from its cybersecurity offerings. (The rest comes from its other business areas of IT Ops and application observability). Sumo Logic’s security business has potential, but it’s too early to tell how it will play its cards. For one, the company acquired JASK (in which I was an investor), and with it, it acquired a modern-day autonomous SOC platform and some established security leaders who came from Arcsight, Anomali, and Netflix.

Meanwhile, Splunk is gearing up, and its newest offering is Mission Control — a unified SaaS platform that was released in Q2 2020. Mission Control can help perform advanced detections and investigations and streamline security operations processes in the cloud. Yet a lot remains to be done, thanks to the ever-growing complexity of security data sources. Dhiraj Sharan, Founder of Query.ai (in which I am an investor), said “Splunk has clearly demonstrated its chops in the security marketplace, but security data continues to remain fragmented across products and platforms.”

Above: Sixteen data feeds and counting – the messy world of a security analyst. Source: Query.ai

A survey of more than 200 security leaders by Panaseer shows that enterprise security teams spend an average of 36% of their time manually producing reports, yet 89% of these organizations have concerns about the lack of visibility and insight into trusted data. Grunt work includes extracting, moving, cleaning, and merging data, as well as making, formatting, and presenting calculations. Security leaders are concerned that their team productivity is adversely impacted because of time spent on reporting, according to the survey.

COVID tailwinds and price wars

COVID has accelerated most cloud and technology companies’ growth, and I’m no genius in saying that Splunk and Sumo will benefit over the midterm. As a SaaS offering, Sumo has a built-in advantage, and Splunk is rapidly catching up. Splunk’s Merritt remarked on the recent earnings call that the company will reach its cloud mix revenue target of 60% two years ahead of schedule.

Anticipating price wars, Splunk has shifted into a new pricing model. It’s data volume pricing caused much heartburn for its customers, and it’s now shifting to instance-based pricing. As a strategy, the company played its hand very well by skimming the cream as a first move. Now, with others stepping into the arena, and customers fatigued with cost runoffs, Splunk is moving towards instance-based pricing. This will help it retain customers in the short run. Splunk also has a significant advantage over Sumo with integrations and well over a thousand apps, entrenching it in the ecosystem in a solid way. Rapid production innovation (it can offer machine learning across its entire platform) and embracing open source offerings give it an edge in the long run.

But in the meantime, the growth of data volumes, the complexity of data types and sources, and disparate security tools will generate plenty of opportunities in the market. That is good for all the players in this sector.

Mahendra Ramsinghani is founder of Secure Octane, with investments in cybersecurity and cloud infrastructure companies like Query.aiCyberGRX, and Accurics He is the author of two books The Business of Venture Capital and Startup Boards (co-authored with Brad Feld).



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.