>> From theCUBE Studios in Palo Alto in Boston, bringing you data driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> Cybersecurity stocks have been sending mixed signals as of late, mostly negative like much of tech, but some such as Palo Alto Networks, despite a tough go of it recently have held up better than most tech names. Others like CrowdStrike, had been out performing Broader Tech in March, but then flipped in May. Okta's performance was pretty much tracking along with CrowdStrike for most of the past several months, a little bit below, but then the Okta hack changed the trajectory of that name. Zscaler has crossed the critical billion dollar ARR revenue milestone, and now sees a path to five billion dollars in revenue, but the company stock fell sharply after its last earnings report and has been on a down trend since last November. Meanwhile, CyberArk's recent beat and raise, was encouraging and the stock acted well after its last report. Security remains the number one initiative priority amongst IT organizations and the spending momentum for many high flying cyber names remain strong. So what gives in cyber security? Hello, and welcome to this week's Wikibon CUBE insights powered by ETR. In this breaking analysis, we focus on security and will update you on the latest data from ETR to try to make sense out of the market and read into what this all means in both the near and long term, for some of our favorite names in cyber. First, the news. There's always something happening in security news cycles. The big recent news is new President Rodrigo Chavez declared a national emergency in Costa Rica due to the preponderance of Russian cyber attacks on the country's critical infrastructure. Such measures are normally reserved for natural disasters like earthquakes, but this move speaks to the nature of today's cyber threats. Of no surprise is modern superpower warfare even for a depleted power like Russia almost certainly involves cyber warfare as we continue to see in Ukraine. Privately held Arctic Wolf Networks hired Dustin Williams as its new CFO. Williams has taken three companies to IPO, including Nutanix in 2016, a very successful IPO for that company. Whether AWN chooses to pull the trigger this year or will wait until markets are less choppy or obviously remains to be seen. But it's a pretty clear sign the company is headed to IPO at some point. Now, big point of discussion this week at Red Hat Summit in Boston and the prior week at Dell technologies world was security. In the case of Red Hat, securing the digital supply chain was the main theme. And from Dell building, many security features into its storage arrays and cyber resilience services into its as a service offering called Apex. And we're seeing a trend where buyers want to reduce the number of bespoke tools they use if they, in fact can. Here's IDC's Jim Mercer, sharing data from a recent survey they conducted on the topic. Play the clip. >> Interestingly, we did a survey, I think around last August or something. And one of the questions was around where do you want your security, right? Where do you want to get your DevSecOps security from? Do you want to get it from individual vendors, right? Or do you want to get it from like your platforms that you're using and deploying changes in Kubernetes? >> Great question. What did they say? >> The majority of them, they're hoping they can get it built into the platform. That's really what they want-- >> Now, whether that's actually achievable is debatable because you have so much innovation and investment going on from the likes of startups and for instance, lace work or sneak and security companies that you see even trying to build platforms, you've got CrowdStrike, Okta, Zscaler and many others, trying to build security platforms and put it all under their umbrella. Now the last point will hit here is there was a lot of buzz in the news about Okta. The reaction to what was a relatively benign hack was pretty severe and probably overblown, but Okta's stock is paying the price of what is generally considered a blown communications plan versus a technical failure. Remember, identity is not an easy thing to rip and replace and Okta remains a best-of-breed player and leader in the space. So we're going to look at some ETR data later in this segment to try and make sense of the recent action in the market and certain names. Speaking of which let's take a look at how some of the names in cybersecurity have fared relative to some of the indices and relative indicators that we like to look at. Here's a Google finance comparison for a number of stocks and names in the bottom there you can see we plot the hack ETF which tracks security stocks. This is a year to date view. And so we don't show it here but the tech heavy NASDAQ is off around 26% year to date whereas the cyber ETF that we're showing is down 18%, okay. So cyber holding up a little bit better than broader tech as we've reported earlier, was actually much better and still seems to be a gap there, but the data are mixed. You can see Okta is way off relative to its peers. That's a combination of the breach that we talked about but also the run up in the stock since COVID. CrowdStrike was actually faring better but broke this month, we'll see how it's upcoming earnings announcements are received when it announces on June 2nd after the close. Palo Alto in the light blue has done better than most and until recently was holding up quite well. And of course, Sailpoint is another identity specialist, it is kind of off the charts here because it's going private with the acquisition by Thoma Bravo at nearly seven billion dollars. So you see some mixed signals in cyber these past several months and weeks. And so we're trying to understand what that all means. So let's take a look at the survey data and see how spending momentum is holding up. As we've reported IT spending forecast, at the macro level, they've come off their 8% highs from the end of the year, the ETRS December survey, but robust tech spending is still there. It's expected at nearly seven percent and this is amongst 1200 ETR respondents. Here's a picture from the ETR survey of the cybersecurity landscape. That y-axis that's net score or a measure of spending momentum and that horizontal access is overlap. We used to talk about it as a market share which is a measure of pervasiveness in the data set. That dotted red line at 40% indicates an elevated spending momentum level on the vertical axis and we filter the names and limited to only those with a hundred or more responses in the ETR survey. Then the pictures still pretty crowded as you can see. You got lots of companies above the red dotted line, including Microsoft which is up into the right, they're so far off the chart, it's just amazing. But also Palo Alto and Okta, Auth0, which of course is now owned by Okta, Zscaler, CyberArk is making moves. Sailpoint and Cloudflare, they're all above that magic 40% line. Now, you look at Cisco, it shows a very large presence in the horizontal axis in the data set. And it's got pretty respectable momentum and you see Splunk doing okay, no before and tenable just below that 40% line and a lot of names in the very respectable 20% zone. And we've included some legacy names just for context that fall below the zero percent line with a negative net score. And that means a larger proportion, that negative net score means a larger proportion of their customers in the survey are spending less than those that are spending more. Now, typically for these legacy names you're going to have a huge proportion of customers who have flat spending that kind of fat middle and that's why they sort of don't have that highly elevated score, but they're still viable as they get the recurring revenue each year. But the bottom line is that spending remains robust for some of the top names that we've talked about earlier despite their rocky stock performance. Now, let's filter this data a bit more to make it a little bit easier to read. So to do that, we take out Microsoft because they're just so dominant and we cherry pick some names to make the data more consumable and scannable. The other data point we've added is Okta's net score breakdown, the multicolored rows there, that row in the bottom right. Net score, it measures the percent of customers that are adding the platform new, that's the lime green, at 18% for Okta. The forest green is at 42%. That's the percent of customers in the survey that are spending six percent or more. The gray is flat spending. That's 32% for Okta, this past survey. The pink is customers that are spending less, that's three percent. They're spending six percent or worse in the survey, so only three percent for Okta. And the bright red at three percent is decommissioning the platform. You subtract the reds from the greens and you get a net score, well, into the 50s for Okta and you can see. We highlight Okta here because it's a name that we've been following for quite some time and customers have given us really solid feedback on the technology and up until the hack, they're affinity to Okta, but that seems to be continuing. We'll talk more about that. This recent breach to Okta has caused us to take a closer look. And you may recall, we reported with our ETR colleague, Eric Bradley. The breach was announced right in the middle of ETR collecting data in the last survey. And while we did see a noticeable downtick right after the announcement, the exposure of the hack and Okta's net score just after the breach was disclosed, you can see the combination of Okta and Auth0 remains very strong. I asked Eric Bradley this morning what he thought about Okta, and he pointed out that you can't evaluate this company on its price to earnings ratio. But it's forward sales multiple is now below 7X. And while attractive, these high flyers at some point, Eric says, they got to start making a profit. So you going to hold that thought, we'll come back to that. Now, another cut of the ETR data to look at our four star security names here. A while back we developed a methodology to try and cut through the noise of the crowded security sector using the ETR data to evaluate two key metrics; net score and shared N. Net score again is, spending momentum, the latter is an indicator of presence in the data set which is a proxy for market presence. Okay, we assigned those companies that cracked the top 10 in both net score and shared N, we give them four stars, okay, if they make the top 10. This chart here shows the April survey data for those companies with an N that's greater than, equal to a hundred responses. So again, we're filtering on those with a hundred or more responses. The table on the left that you see there, that's sorted by net score, okay. So we're sorting by spending momentum. And then the one on the right is sorted by shared N, so their presence in the data set. Seven companies hit the top 10 for both categories; Palo Alto Network, Splunk, CrowdStrike Okta, Proofpoint, Fortinet and Zscaler. Now, remember, take a look, Okta excludes Auth0, in this little methodology that we came up with. Auth0 didn't make the cuts but it hits the top 10 for net score. So if you add in Auth0's 112 N there that you see on the right. You add that into Okta, we put Okta in the number two spot in the survey on the right most table with the shared N of 354. Only Cisco has a higher presence in the data set. And you can see Cisco in the left lands just below that red dotted line. That's the top 10 in security. So if we were to combine Okta and Auth0 as one, Cisco would make the cut and earn four stars. Now, some other notables are CyberArk, which is just below the red line on the right most chart with an impressive 177 shared N. Again, if you combine Auth0 and Okta, CyberArk makes the four star grade because it's in the top 10 for net score on the left. And Sailpoint is another notable with a net score above 50% and it's got a shared N of 122, which is respectable. So despite the market's choppy waters, we're seeing some positive signs in the survey data for some of the more prominent names that we've been following for the last couple of years. So what does this mean for the markets going forward? As always, when we see these confusing signs we like to reach out to the network and one of the sharpest traders out there is Chip Simonton. We've quoted him before and we like to share some of his insights. And so we're going to highlight some of that here. So technically, almost every good tech stock is oversold. And as such, he suggested we might see a bounce here. We certainly are seeing that on this Friday, the 13th. But the right call tactically has been to sell into the rally these past several months, so we'll see what happens on Monday. The key issue with the name like Okta and some other momentum names like CrowdStrike and Zscaler is that when money comes back into tech, it's likely going to go to the FAANG stocks, the Facebook, Apple, Amazon, Netflix, Google, and of course, you put Microsoft in there as well. And we'll see about Amazon, by the way, it's kind of out of favor right now, as everyone's focused on the retail side of the business meanwhile it's cloud business is booming and that's where all the profit is. We think that should be the real focus for Amazon. But the point is, for these momentum names in cybersecurity that don't make money, they face real headwinds, as growth is slowing overall and interest rates rise, that makes the net present value of these investments much less attractive. We've talked about that before. But longer term, we agree with Chip Simonton that these are excellent companies and they will weather the storm and we think they're going to lead their respective markets. And in cyber, we would expect continued M&A activity, which could act as a booster shot in the arms of these names. Now in 2019, we saw the ETR data, it pointed to CrowdStrike, Zscaler, Okta and others in the security space. Some of those names that really looked to us like they were moving forward and the pandemic just created a surge in these names and admittedly they got out over their skis. But the data suggests that these leading companies have continued momentum and the potential for stay in power. Unlike the SolarWinds hack, it seems at this point anyway that Okta will recover in the market. For the reasons that we cited, investors, they might stay away for some time but longer term, there's a shift in CSO security strategies that appear to be permanent. They're really valuing cloud-based modern platforms, these platforms will likely continue to gain share and carry their momentum forward. Okay, that's it for now, thanks to Stephanie Chan, who helps with the background research and with social, Kristen Martin and Cheryl Knight help get the word out and do some great work as well. Alex Morrison is on production and handles all of our podcast. Alex, thank you. And Rob Hof is our Editor in Chief at SiliconANGLE. Remember, all these episodes, they're available as podcast, you can pop in the headphones and listen, just search "Breaking Analysis Podcast." I publish each week on wikibon.com and SiliconANGLE.com. Don't forget to check out etr.ai, best in the business for real customer data. It's an awesome platform. You can reach me at dave.vellante@siliconangle.com or @dvellante. You can comment on our LinkedIn posts. This is Dave Vellante for the CUBEinsights powered by ETR. Thanks for watching. And we'll see you next time. (bright upbeat music)

>> Viewers of our breaking analysis series know that we've been following the developments in cybersecurity for a number of years and of course, throughout the pandemic. Focusing on the permanent shifts that we see in cyber from remote work, distributed computing and technology advancements. We've reported how the adversaries are highly capable they're well-funded and they're motivated. And how they're constantly upping their game on defenders, island hopping, stealthily living off the land, planting self forming malware at various points in the digital supply chain, offering advanced ransomware as a service of the dark web to any disreputable individual with or without a high school diploma that may have access to a server and is brazen enough to steal from their company. We've also shared this chart from Optiv many, many times, it's a taxonomy of the cybersecurity landscape, and it is meant to make your eyes bleed, ask any CSO and they'll tell you they're drowning in fragmented tooling, technical debt, and their number one challenge is lack of talent. Not that their people aren't capable, they are, but CSOs just don't have enough of them. They can't hire fast enough or they can't retain qualified people with the talent war that's going on. Or they can't train people fast enough, or they just don't have the budget. Hello everyone, this is Dave Vellante and welcome to this video exclusive with Nick Schneider, president and CEO of Arctic Wolf Networks, Nick, so good to see you. Thanks for coming on the cube. >> Thanks for having me, Dave. >> That's our pleasure. So Arctic Wolf networks, let's talk about the company, the problem, you heard my little narrative upfront. What are you guys all about? >> Yeah, so at its core, we're a cybersecurity technology company. You know, it's our belief that we've really pioneered the first full scale cloud native security operations platform and at its core, what we're trying to do as a business is make security operations something that's fast, easy and economical for really a company of any size and scale to implement with really two key components, one we're agnostic to the technology and the landscape of the technology that they have already implemented within their environment, and two, we can feather into really any organization, regardless of the skill set they have from a cybersecurity standpoint in house. And really the problem that we're setting out to solve, I think you illustrated well at the beginning of the show here is that it's our belief that the cybersecurity industry in a sense has failed the end user or failed the customer by throwing, you know, a myriad of different tools at them. And it's really, you know, our mission here as a company to end cyber risk. And it's our belief that through the cloud native platform that we've bought in the cybersecurity security operations cloud that we've built, that we can deliver the outcomes that have been promised over time to these customers, which at the end of the day, is really just to be safe and have their customer and have their business protected. >> So you guys are the experts. You can kind of provide a white glove service that essentially plugs in to my business. Is that right? And how easy is that to do, what do I have to do to, to set it up? How complicated is that for me, the customer? >> Yeah, so it's, it's very straightforward. We can implement our security operations platform, you know, in as short as a week and generally speaking, you know, about a month and we plug in really to the infrastructure that the customer has in place. And for some of our customers, that's very little and for some of our customers, most of our customers, that's quite a bit of technology. And the beauty of the way that we've built the platform is that we're really agnostic to that tech. So, we can take feeds from kind of any technology that are in place, that helps to augment the platform that we've built. And then we feather in kind of the technologies that we've built within the platform, into their existing infrastructure. And at the end of the day, what we're trying to do is give the customer visibility, you know, into the tools that they have, the gaps that they might have as a result of the tools, you know, in some cases, the duplication of efforts that they have, you know, between these tools and then deliver a security outcome or a protection that maybe they haven't otherwise felt as a business. And then outside of kind of the technology platform, we add what we call our concierge security team as a layer to the deliverable that we give to the customer. And why that's important is that not all customers are created equal and with regard to the skillset that they have in house, in that that concierge security platform allows us to kind of work with a customer at any kind of, you know, point along their security journey, regardless of the in-house technology talent that they have. >> Now, so I got to ask you, our largest footprint for the cube is in the heart of Silicon Valley. We love the valley, but I also love stories of high growth companies that are outside of Silicon Valley. You guys are in the Midwest in Minnesota, it's got some Compellent DNA in there. And I remember my, so my business friends, Phil Soren, and Larry Yasmin, you know them, Phil used to tell me, Dave, this is actually an advantage for us to be in the middle of the part of the country. There's a talent war going on, which back then was a lot less than it is today, even. So how do you see that? Are there advantages to you and being in that part of the country, or does it not matter because you're so distributed around the world? >> Yeah, I mean, I would follow a similar tune to Phil, right. I, you know, obviously worked at Compellent early and, you know, historically I've worked at other Minneapolis based technology companies and the reality is there's a really strong technology ecosystem in Minneapolis. And a lot of the, of the talent, you know, is not just in sales and marketing or just on the technical side, but it's in building high growth technology companies kind of from the ground up into, you know, large scale. And now we've seen not only the fortune 500 kind of base that we have here in Minneapolis, but also a growing contingency of larger technology companies using Minneapolis as at least, you know, one of the spokes against their hub, if not the hub themselves. And clearly my pedigree in history was out of Minneapolis based tech, you know, and I've moved to other locations throughout the country, but as we started to build out, you know, Arctic Wolf and what we wanted Artic Wolf's culture to look like, and as we started to lay out the foundation for what we wanted our growth to look like, it became very clear to myself, you know, our chairman and co-founder Brian Nesmith, that Minneapolis would be a great home for us as Arctic Wolf. And then we would continue to invest in some of the locations that we have, you know, both across the country and now across the globe. >> So there are a lot of companies that are doing managed security services, but if I got it right, you guys specifically target smaller and midsize companies, is that correct? And why is that? >> Yeah, so I would say that that would be correct as of a few years ago, the dynamic has changed quite a bit. And I think it's a result of the dynamic of the market. First and foremost, we are a technology company. We have this concierge layer on top, which is really what the customers are looking for, but it's all powered by the platform. So the platform kind of allows us to do what we've done as a business, into both small organizations, which is, you know, where we probably got our start, but over the last few years, we've seen tremendous growth up market, you know, so for example, we as a business have grown, you know, over a hundred percent now for eight years in a row and now on a much larger denominator, but our upmarket business is growing at four to 500%. And I think that's a result of really two things. I think, A, customers of that size and scale have realized that cyber security and cybersecurity operations as a problem is something that's really hard to accomplish in-house regardless of your size and complexity. And then two, I think what happened over the past year, year and a half is that we saw a lot of organizations move from a centralized I.T or a centralized, you know, security function where they could all operate within an office and all operate in a centralized environment, all of a sudden becoming very disparate in their geography. And that led to a lot more interest in what we did with larger customers, because we could deploy a security operation effectively, remotely in a really short amount of time. And we could do it more effectively and economically than, than they could do on their own. And then we also solve for a component of the human aspect of what a security operation means, right. And what I mean by that is these larger organizations can take their highly skilled cybersecurity talent and focus them on the strategic initiatives within the company. Whereas a lot of the security work or risk is in kind of the day to day, right? The dieting that takes place within an organization. And that's where a lot of the breaches take place is in making sure that you're actually paying attention to, you know, the alerts that you're getting and paying attention to the telemetry and the tools that you've made investments in. And we augment that portion of a cybersecurity operation really, really well for larger organizations and for smaller organizations, we are that security operation. So it's kind of dependent on the way in which they're set up. >> Okay. So it's a mix of both well augmenting, and basically you take the whole thing and so, so your ideal customer profile, your ICP is anybody with a security problem. I mean, that's everybody, well, maybe you could describe paint a picture of your perfect customer, if you would. >> Yeah, so, and you, I know you said that somewhat jokingly, but it, but it is true. We have customers of all sizes, you know, so I, I bet our smallest customer is under 10 employees. Our largest customer is over 50,000 employees. We have customers in every vertical of the market, you know, mostly centralized in healthcare, financial organizations, manufacturing, but, you know, the largest swath of customers by industry would probably not top 10%. So, we service really any account that's looking to develop and invest in a security operation and has the support of their organization and the support of their board and their leadership teams to make that investment. And then where we, where we fall within the account is really dependent on the way in which their current operation is set up. And certainly, you know, the massive organizations that have, you know, 50 people within their cybersecurity team, and they have a hundred different tools. They're probably not the best target for us, but if they have security awareness, if they have a security as a top need or a top priority within their business, and they're looking for a way to build out a true security operation within their account, whether that be wholesale through a third-party or in part through a third-party, we're a perfect fit for all those accounts, which makes our addressable market massive. >> Yeah, so what's unique about you guys, I mean, this may be not the right analogy, but you're kind of like the easy button for cyber. I mean, there's nothing easy about cyber., I get that, but you, you do make it easy, especially for companies that don't have any cyber expertise to engage and get up to speed fast, and certainly be more protected. That's one aspect of your uniqueness. The other is, I think, is your tech stack. I'm hearing, you've got a platform. I know you're focused on network detection and fast response. Maybe you could talk a little bit about what's unique about Arctic Wolf. >> Yeah, so the platform itself is really what we founded the company on. So we spent the first few years of our organization in really building out this cloud scale, multitenant cloud, native platform, understanding that the volume of data and the amount of sophistication that we would need to deliver the security operation in the long run was going to be massive. So the platforms really kind of, you know, set on a few different founding principles. One, the platform needs to work for any organization regardless of their size, regardless of their underlying tech and regardless of the skill set within their account. And that's really important. A lot of the tools in the market today require certain things of the, of the customer. And it's our premise, regardless of the customer that we won't require anything from the customers themselves. It's up to them to tell us which portions of the experience they want to own, verse Artic Wolf owning. The second would be that we need to be able to ingest a vast amount of data, and we need to be able to make intelligent decisions with that data, in a short amount of time. And as we've built out our machine learning and our AR algorithms, what we've been able to do is leverage a tool set that allows us to ingest. I think we're up to now 1.5 approaching 2 trillion observations a week, right. Which might equate to a few hundred alerts within our SOC on a per customer basis. But we're only bringing one or two things to a customer on a weekly basis that really need attention. And that's all about the platform kind of curating, cultivating the vast amount of data that we've brought into it. And then, how do we explain and how do we sell that platform with this concierge later into the customer base is also important. And we've done that through what we call modules. So we kind of founded the company on MDR managed detection and response, but we are not a managed detection and response company. It's one of our modules. We've then added manage risk, which competes kind of in the vulnerability management space. We've added a SAS and IAS monitoring, which is really cloud security. We've added what we call log search, which is really our first foray into collaboration. And then we just recently launched a quarter ago, what we call managed security awareness training, which is, you know, training the human aspect of the company on the threats of cybersecurity. And we actually just announced another acquisition in the managed security space today with habituate, which is going to give us, you know, kind of a Hollywood style approach to content within managed awareness training. But tying all those together is very unique in the market. So generally speaking, you'll see a company focused on a specific attack surface, or a specific threat. And what we're trying to say is, look, you're not a hundred percent protected as a business, or you don't have a robust security operation unless you're bringing together all aspects of cybersecurity under one umbrella. And that's really our goal as a company. >> Okay. So you got all these different modules and you may not want to go here cause you're in the cyber business and you're, you're prudently secretive, but, but I'm interested in kind of what's underneath. I presume you're using best of breed tooling underneath, but unlike, you know, the hosting company of the past or those, you know, a big, you know, integrator who could do this, but they've got one of everything and it's sort of, kind of a mess. You're building a scalable business, but you're not, you're not developing, you know, best of breed, identity access products for the marketplace. You're I presume you're buying those in integrating them and working through whatever APIs and making it all work across your stack. Can you talk a little bit about your tech stack? >> Yeah, so the technology stack has been built from the ground up by Arctic Wolf. So certainly we're using, you know, various technologies or open source technologies from within the ecosystem, but the technology and the platform itself is Arctic Wolf. So we're not beholden to any third parties for what we deliver to the customer. And that makes us very nimble in a few areas. One, it makes us very nimble in the way that we price the solution to the customer, which for us is a very predictable model. And then two, it allows us to be nimble with customer needs as to what they want from us, both of the existing modules that we have, but also additional modules or, you know, additional solutions that we might bring to the market. So a lot of vendors that have historically kind of lived within the MDR space and certainly vendors that have lived in the managed, you know, the MSSP or MSP space, which we are certainly not, they're generally leveraging third-party technologies. They're generally buying and implementing or white labeling third-party technologies. And then they're layering kind of a services component on top. And we are not doing that. We've built the technology ourselves and don't get me wrong. That was a massive investment in both time and resources. But I think in the end, what it'll allow us to do is be very nimble with the market and most importantly, be very nimble with the customer's requirements and requests. >> Right. Okay. So let's talk about your market opportunity. I mean, the cyberspace, I mean, I got it well over a hundred billion, I don't know, maybe it's 110, 120 billion. That's kind of your tan, you may be not serving that entire market today. Although you said you started in small and mid-size, you're targeting now your enterprise, your higher end businesses growing, you talked about, I think you said a hundred percent growth, like eight quarters in a row. And so there's no shortage of opportunity for you. How do you think about your total available market? Maybe you could add some color to that. >> Yeah. Yeah. So it's been eight years of a hundred percent growth. >> Eight years, not eight quarter, I apologize. >> It's been going really well for us. And it's a reflection on the market itself and the approach we're taking. So in our view, security operations is really the opportunity to unify all these disparate markets in cybersecurity. And, when I walk into a customer account, if I had to use two words to describe how they're feeling, one would be confused, the other would be frustrated. Sometimes they're both. Sometimes they're only one, but generally speaking, one of those two words comes out of their mouth. And the reason for it is at the end of the day, they just want to be protected. They want the outcome. And all of these disparate markets are promising the same outcome, but they're just promising it on the endpoint or just on the network or just in cloud or just an IOT or just an OT, or just in fill in the blank. And it's our view that it's our opportunity as a company to really fill that void for the customer, which is to unify all of these different technologies and spaces into one security operation. And sometimes that means that we're delivering our own end point. And sometimes that means that we're leveraging an end point or an end point solution that the customer has in house. And we're ingesting that data into our platform and we're making sense of it to the end user. But when you put that market together, you know, it's a hundred, I think Gartner's recent numbers there are 150 plus billion dollar market. And in 2021, I think it's growing at, you know, 12 to 15%. And it's our view that we can service the majority of that market, you know, I think on a conservative measure, you know, 90 to a hundred billion is the, is the Tam that we're addressing. And we're now starting to go, not only scaling out from the number of products for the markets that we service, and you can see that through managed security awareness training, but also the geographies we service, the segments of the market we service, specialization within verticals. And, for us, that is the opportunity at the end here. >> I wonder if you could help us squint through some of the data you hear in the industry, some of the trends you see in the press, certainly this came up in the, in the solar winds hack. We were seeing, I mentioned upfront, the adversaries are very capable. They're able to get in, live off the land, live stealthily, they're island hopping into the supply chain. You know, oftentimes you don't know, more than often, you don't know they're there, I've heard stats like, and we look at the solar winds hack, we saw that it was, you know, 300 days or over a year that they were inside the company. And you've heard, you know, average statistics from, you know, whatever that it's hundreds of days are those, are you able to compress those? Can you talk about that a little bit in terms of where you see your customers and how you're helping them, you know, respond? >> Yeah, so at the end of the day, you know, cybersecurity, the industry is really about limiting the volume of incidents within a customer account and then limiting the impact. And what you're talking about is the impact. And the impact as these threat actors have become, you know, more sophisticated is larger as they're in the environment for a longer period of time. So the faster you can get to an attack or the faster you can detect an attack, the better off you'll be as a business. And that is the core of what we do as a company. And, and certainly, you know, managed detection response or MDR, our first offering was all about that. It's all about detecting early and responding early to a threat so that you can get anything that has gotten through your perimeter defenses out of your systems, as fast as humanly possible. And then we feathered in, you know, manage risk, which is more about the front end. So how do we make sure that we have everything configured properly? How do we make sure that we, you know, fill any holes that are in the current environment so that we don't even get to a point where we have to manage the time with which an attack has had to live within your environment? So, it's all about kind of those two things, reduce the frequency and reduce the impact. And we're, we're focused on both, both the, kind of the proactive measures, which would be more on the front end and then the reactive measures, which is what do you do and how can you act as quickly as possible within your environment to ensure that, you know, they're not getting into the crown jewels of the business. >> We've seen lately where the, the attackers have. I mean, it's really insidious, right Nick, they, they will exfiltrate, they'll get in they'll exfiltrate stealthily and they'll be ready to attack from a ransomware standpoint. And then they, you know, maybe they're hitting the bank and they're scouring to see what the Chief Information Officer is going to invest in. And they're actually making trades ahead of that. They're making more money, you know, snooping than from the ransomware. And then when the company realizes and they respond, then they get them in a headlock and say, okay, now, now that you're going to stop us from making all this money through exfiltration, we're going to hit you with ransomware. So it's just, it's a really awful situation. So my point being that, or we've said, organizations have to be stealthy in their response. Have you seen that as a trend? Am I overstating that? >> No, no. I mean, customers are, you know, good news, bad news customers are very aware of the threats in particular ransomware, data exfiltration and all the other trends in the market. And I think they become more sophisticated in the way in which they respond. And I think as a result, we've seen both changes in the way customers kind of set up their environment technologically, but we've also seen a pretty dramatic shift recently with the way in which they view insurance and the way in which, you know, carriers, view insurance, and how that plays a role in, you know, cybersecurity in their cybersecurity operation. And for a lot of customers, I think recent trends are that the carriers are struggling to, you know, make money on their cyber books. And the reason for that is because they need to make sure that the customer's environment is truly secure, or they're kind of flying blind on what their book looks like. And we've started to see that both on the end-user side, we've seen that through the carriers themselves, and that also has played an integral role in the way in which the customer views risk. And I think that dynamics changing. And I think what the result of that will be is that customers are going to be looking more and more towards how they solve this problem by alleviating risk in-house, as opposed to transferring some of that risk to an insurance carrier or a third party. And what I hope that means for customers is that they'll have the proper investment. They'll have the proper tooling, they'll have the proper operations around how to react and how to respond in the quickest possible manner, which at the end of the day, the faster you can react to an incident, the smaller the impact will be and the smaller of a financial burden it will be. And they'll do that through vendors like Arctic Wolf, you know, tools that are best of breed within their infrastructure. And then a really well thought out plan about how to respond to anything that, that you know, happens within their environment. >> Yeah. I mean, if I'm an insurance company, I give a discount to somebody who's got an alarm in their house and they use it. Maybe I'll give a discount if they're working with a company like Arctic Wolf. >> Exactly. >> What percent, do you have a census to what percent of enterprises actually have a SOC? >> Yeah, we actually did a, some homework here and there's kind of two stats that jump out. And these are through a few different surveys through very well-known organizations in the cybersecurity market. But one is that last year, which would have been, you know, 2020, about 60% of organizations said that they suffered some semblance of a breach, 60%, you know, think about how many tools and how much money these organizations are investing in protecting their businesses. And over half are suffering some semblance of a breach. When those same customers are asked whether or not they felt like they have a security operation, over 99% answered no. >> Wow. >> Right. So they have a bunch of tools they're investing a ton of money, but at the end of the day, when asked, hey, do you feel like you have an operation that can protect your business? Their answer is no. And that's really the void we're trying to. >> And you and I both know that 60%, okay. But then the other 40%, they've been hacked. They just don't know it. So, all right. Let's wrap with the sub stats on the company. I think you've raised nearly half a million, half a billion dollars to date $500 million to date. So that's, I can infer from that some pretty lofty numbers, but where are you in funding with that kind of growth? I got to believe IPO is and you and your future. What can you tell, what metrics can you share? What can you tell us about where you want to take this thing? >> Yeah, so I'll give you a few metrics on the platform and a few metrics on the company. So the platform itself, you know, we're observing over 1.5 trillion observations a week, we have 10,000 plus sensors in the field. You know, we're ingesting coming from a, you know, Compellent infrastructure guy. You know, we're in ingesting over a petabyte and a half a data week. I would have loved to have been that sales guy in the glory days, you know, but the platforms, you know, operating at massive scale, we've grown the business eight years in a row, over a hundred percent. We've talked about that. Our subscription gross margins are very software-like. We have over 2000 customers. You know, our customers are really happy with an NPS score, you know, approaching 70, you know, over a million licensed users. So we're, we're doing very, very well as a business. And as a result, we've raised money to invest in that growth, which is to the tune of about a half a billion dollars and our path here, and we've stated this publicly now is that, you know, next summer give or take a quarter is really the timeframe that we're marching towards for an IPO. If I'm being honest, given the metrics that we have as a business, we could be a publicly traded company today, especially with the way the market's operating in the valuations of some of the businesses that have gone out. There might be some, even some pressure to do so, but we want to make sure that we are ready to go from a systems and an operation standpoint to not just be, you know, a flashing the pan awesome IPO, but a company that's really kind of the backbone of cybersecurity for years to come. >> Well, obviously a hot space. What we've been covering for a couple of years now, Okta, CrowdStrike, Zscaler, we've seen what's happened in the action in the market there. I mean, what are your comps? I mean, I know, I think dark trace is getting ready to go. I don't think they've gone yet. I know Sentinel One went out. How should we think about you? You're not an Okta or I don't think well, CrowdStrike, but you know, those are pure play product companies. How should we think about you guys? >> Yeah, I mean, companies that were on a similar trajectory as us at our size, Sentinel One's a very good example. And you can kind of look across all the core business metrics on that. And clearly those will all be public here in under a year. CrowdStrike's a great example. If you go, you know, reel back the tape to when they were, you know, our size we're right in line with them Zscaler, Okta, you know, I joke with our board and investors and our CFO, that the number of companies that we benchmark ourselves against is starting to become a very small number, given you know, our growth at the scale that we're at. >> Well, that's an awesome story, Nick. We're really excited that you could make some time to come on the Cube and we want to follow your progress. Welcome you back anytime. Really appreciate your time. >> Yeah. Great. Thanks for having me, Dave, and looking forward to continuing the conversation at some point. >> Excellent and thank you for watching everybody. This is Dave Vellante for the Cube and we'll see you next time.