>> From the SiliconANGLE Media office in Boston, Massachusetts, it's the cube. Now, here's your host, Dave Vellante. >> Hello everyone and welcome to this week's Wikibon cube insights powered by ETR. In this breaking analysis ahead of the RSA conference, we want to update you on the cyber security sector. This year's event is underlined by coronavirus fears, IBM has pulled out of the event and cited the epidemic as the reason and it's also brings to the front the sale of RSA by Dell to STG partners and private equity firm. Now in our last security drill down, we cited several mega trends in the security sector. These included the ever escalating sophistication of the attacker, the increased risk from the data economy, the expanded attack surface with the huge number of IP addresses that are that are exploding out there, and the lack of skills and the number of cyber tools that are coming to the market. Now, as you know, in these segments, we'd like to share insights from the cube. And I want you to listen to two American statesman and what they said, on The Cube. Here's general Keith Alexander, who's the former director of the NSA, along with Dr. Robert Gates, who's the former director of the CIA and former Secretary of Defense, play the clip. >> When you think about threats, you think about nation states, so you can go to Iran, Russia, China, North Korea, and then you think about criminal threats, and all the things like ransomware. Some of the nation state actors are also criminals at night, so they can use nation state tools and my concern about all the evolution of cyber threats is that the attacks are getting more destructive. >> I think cyber and the risks associated with cyber, and IT need to be a regular part of every board's agenda. >> So you hear General Alexander really underscore the danger, as well, Dr. Gates is articulating what we've said many times on the cube that cyber security is a board level agenda item. Now, the comments from both of these individuals represent what I would consider tailwinds for cyber technology companies. Now we're going to drill into some of those today. But it's not all frictionless. There are headwinds to in this market space, cloud migration, the shift from north south south to East West network traffic, its pressure traditional appliance based perimeter security solutions, increase complexity and lack of skills and other macro factors, including questions on ROI. CFO saying, hey, we spend all this cash, why aren't we more secure? Now, I want you to hear from two chief information security officers officers on both the challenges that they face and how they're dealing with them. Roll the clip. >> Lack of talent, I mean, we're starving for talent. Cybersecurity is the only field in the world with negative unemployment. We just don't have the actual bodies to actually fill the gaps that we have and in that lack of talent Cecil's are starving. >> I think that the public cloud offers us a really interesting opportunity to reinvent security right. So if you think about all of the technologies and processes and many of which are manual over the years, I think we have an opportunity to leverage automation to make our work easier in some ways. >> Now I featured Brian Lozada and Katie Jenkins before and breaking analysis segments, and you can hear it from the cyber leaders, we lack the talent, and cloud computing and automation are areas we're pursuing. So this challenges security companies to respond. But at the end of the day, companies have no no choice. In other words, organizations buying security solutions, the sophistication of the attacker is very high and the answer to my CFO and ROI is fear based. If you don't do this, you might lose billions in market cap. Now, I want you to take a listen to these cubilam talking about the attacker of sophistication and the importance of communication skills in order to fund cyber initiatives, really to keep up with the bad guys, please play the clip. >> The adversary is talented and they're patient, they're well funded okay, that's that's where it starts. And so, you know why why bring an interpreter to a host when there's already one there right? Why write all this complicated software distribution when I can just use yours. And so that's that's where the play the game starts. And and the most advanced threats aren't leaving footprints because the footprints already there, you know, they'll get on a machine and behaviorally they'll check the cash to see what's hot. And what's hot in the cash means that behaviorally, it's a fast they can go they're not cutting a new trail most of the time, right? So living off the land is not only the tools that they're using the automation, your automation they're using against you, but it's also behavioral. >> That's why the most the most important talent or skill that a security professional needs is communication skills. If you can't articulate technical risk into a business risk to fund your program, it's, you know, it's very hard for you to actually be successful in security. >> Now, the really insidious thing about what TK Keanini just said is the attackers are living off the land, meaning they're using your tools and your behaviors to sneak around your data unnoticed. And so as Brian Lozada said, as a security Pro, you need to be a great communicator in order to get the funding that you need to compete with the bad guys. Which brings me to the RSA conference. This is why you as a security practitioner attend, you want to learn more, you want to obtain new skills, you want to bring back ideas to the organization. Now one of the things I did to prepare for this segment is to read the RSA conference content agenda, which was co authored by Britta Glade and I read numerous blogs and articles about what to expect at the event and from all that I put together this word cloud, which conveys some of the key themes that I would expect you're going to hear at the shows. Look at skills jump right out, just like Brian was saying, the human element is going to be a big deal this year. IoT and the IT OT schism, everyone's talking about the Olympics, and seeing that as a watershed event for cyber, how to apply machine learning and AI is a big theme, as is cloud with containers and server less. phishing, zero trust and frameworks, framework for privacy, frameworks for governance and compliance, the 2020 election and weaponizing social media with deep fakes, and expect to hear a lot about the challenges of securing 5G networks, open source risks, supply chain risks, and of course, the need for automation. And it's no surprise there's going to be a lot of talk about cyber technology, the products and of course, the companies that sell them. So let's get into the market and unpack some of the ETR spending data and drill into some of these companies. The first chart I want to show you is spending on cyber relative to other initiatives. What this chart shows is the spending on cyber security highlighted in the green in relation to other sectors in the ETR taxonomy. Notice the blue dot. It shows the change in spending expected in 2020 versus 2019. Now, two points here. First, is that despite the top of my narrative that we always hear, the reality is that other initiatives compete for budget and you just can't keep throwing cash at the security problem. As I've said before, we spend like .014% percent of our global GDP on cyber, so we barely scratched the surface. The second point is there's there's there's a solid year on year growth quite high at 12% for a sector that's estimated at 100 to 150 billion dollars worldwide, according to many sources. Now let's take a look at some of the players in this space, who are going to be presenting at the RSA conference. You might remember to my 2020 predictions in that breaking analysis I focused on two ETR metrics, Net Score, which is a measure of spending velocity and Market Share, which measures pervasiveness in the data set. And I anointed nine security players as four star players. These were Microsoft, Cisco, Palo Alto Networks, Splunk, Proofpoint, Fortinet, Oka, Cyber Ark and CrowdStrike. What we're showing here is an update of that data with the January survey data. My four star companies were defined as those in the cyber security sector that demonstrate in both net scores or spending momentum, that's the left hand chart and market share or pervasiveness on the right hand chart. Within the top 22 companies, why did I pick 22? Well, seemed like a solid number and it fit nicely in the screen and allowed more folks. So a few takeaways here. One is that there are a lot of cyber security companies in the green from the standpoint of net score. Number two is that Fortinet and Cisco fell off the four star list because of their net scores. While still holding reasonably well, they dropped somewhat. Also, some other companies like Verona's and Vera code and Carbon Black jumped up on the net score rankings, but Cisco and Fortinet are still showing some strength in the market overall, I'ma talk about that. Cisco security businesses up 9% in the quarter, and Fortinet is breaking away from Palo Alto Networks from a valuation perspective, which I'm going to drill into a bit. So we're going to give Cisco and Fortinet two stars this survey period. But look at Zscaler. They made the cut this time their net score or spending momentum jumped from 38% last quarter to nearly 45% in the January survey, with a sizable shared in at 123. So we've added Zscaler to the four star list, they have momentum, and we're going to continue to watch that quarterly horse race. Now, I'd be remiss if I didn't point out that Microsoft continues to get stronger and stronger in many sectors including cyber. So that's something to really pay attention to. Okay, I want to talk about the valuations a bit. Valuations of cyber security space are really interesting and for reasons we've discussed before the market's hot right now, some people think it's overvalued, but I think the space is going to continue to perform quite well, relative to other areas and tech. Why do I say that? Because cyber continues to be a big priority for organizations, the software and annual recurring revenue contribution ARR continues to grow, M&A is going to continue to be robust in my view, which is going to fuel valuations. So Let's look at some of the public companies within cyber. What I've compiled in this chart is eight public companies that were cited as four star or two star firms, as I defined earlier, now ranked this by market value. In the columns, we show the market cap and trailing 12 month revenue in billions, the revenue multiple and the annual revenue growth. And I've highlighted Palo Alto Networks and Fortinet because I want to drill into those two firms, as there's a valuation divergence going on between those two names, and I'll come back to that in just a minute. But first, I want to make a few points about this data. Number one is there's definitely a proportional relationship between the growth rate and the revenue multiple or premium being paid for these companies. Generally growth ranges between one and a half to three times the revenue multiple being paid. CrowdStrike for example has a 39 x revenue multiple and is growing at 110%, so they're at the high end of that range with a growth at 2.8 times their revenue multiple today. Second, and related, as you can see a wide range of revenue multiples based on these growth rates with CrowdStrike, Okta and now Zscaler as the standouts in this regard. And I have to call at Splunk as well. They're both large, and they have high growth, although they are moving beyond, you know, security, they're going into adjacencies and big data analytics, but you you have to love the performance of Splunk. The third point is this is a lucrative market. You have several companies with valuations in the double digit billions, and many with multi billion dollar market values. Cyber chaos means cash for many of these companies, and, of course for their investors. Now, Palo Alto throw some of these ratios out of whack, ie, why the lower revenue multiple with that type of growth, and it's because they've had some execution issues lately. And this annual growth rate is really not the best reflection of the stock price today. That's really being driven by quarterly growth rates and less robust management guidance. So why don't we look into that a bit. What this chart shows is the one year relative stock prices of Palo Alto Networks in the blue and compared to Fortinet in the red. Look at the divergence in the two stocks, look at they traded in a range and then you saw the split when Palo Alto missed its quarter last year. So let me share what I think is happening. First, Palo Alto has been a very solid performance since an IPO in 2012. It's delivered more than four Rex returns to shareholders over that period. Now, what they're trying to do is cloud proof their business. They're trying to transition more to an AR model, and rely less on appliance centric firewalls, and firewalls are core part of the business and that has underperformed expectations lately. And you just take Legacy Tech and Cloud Wash and Cloud native competitors like Zscaler are taking advantage of this and setting the narrative there. Now Palo Alto Network has also had some very tough compares in 2019 relative to 2018, that should somewhat abate this year. Also, Palo Alto has said some execution issues during this transition, especially related to sales and sales incentives and aligning that with this new world of cloud. And finally, Palo Alto was in the process of digesting some acquisitions like Twistlock, PureSec and some others over the past year, and that could be a distraction. Fortinet on the other hand, is benefiting from a large portfolio refresh is capitalizing on the momentum that that's bringing, in fact, all the companies I listed you know, they may be undervalued despite, of all the company sorry that I listed Fortinet may be undervalued despite the drop off from the four star list that I mentioned earlier. Fortinet is one of those companies with a large solution set that can cover a lot of market space. And where Fortinet faces similar headwinds as Palo Alto, it seems to be executing better on the cloud transition. Now the last thing I want to share on this topic is some data from the ETR regression testing. What ETR does is their data scientists run regression models and fit a linear equation to determine whether Wall Street earnings consensus estimates are consistent with the ETR spending data, they started trying to line those up and see what the divergence is. What this chart shows is the results of that regression analysis for both Fortinet and Palo Alto. And you can see the ETR spending data suggests that both companies could outperform somewhat expectations. Now, I wouldn't run and buy the stock based on this data as there's a lot more to the story, but let's watch the earnings and see how this plays out. All right, I want to make a few comments about the sale of the RSA asset. EMC bought RSA for around the same number, roughly $2 billion that SDG is paying Dell. So I'm obviously not impressed with the return that RSA has delivered since 2006. The interesting takeaway is that Dell is choosing liquidity over the RSA cyber security asset. So it says to me that their ability to pay down debt is much more important to Dell and their go forward plan. Remember, for every $5 billion that Dell pays down in gross debt, it dropped 25 cents to EPS. This is important for Dell to get back to investment grade debt, which will further lower its cost. It's a lever that Dell can turn. Now and also in thinking about this, it's interesting that VMware, which the member is acquiring security assets like crazy and most recently purchased carbon black, and they're building out a Security Division, they obviously didn't paw on the table fighting to roll RSA into that division. You know maybe they did in the financial value of the cash to Dell was greater than the value of the RSA customers, the RSA product portfolio and of course, the RSA conference. But my guess is Gelsinger and VMware didn't want the legacy tech. Gelsinger said many times that security is broken, it's his mission to fix it or die trying. So I would bet that he and VMware didn't see RSA as a path to fixing security, it's more likely that they saw it as a non strategic shrinking asset that they didn't want any part of. Now for the record, and I'm even won't bother showing you the the data but RSA and the ETR data set is an unimpressive player in cyber security, their market share or pervasiveness is middle of the pack, so it's okay but their net score spending velocities in the red, and it's in the bottom 20th percentile of the data set. But it is a known brand, certainly within cyber. It's got a great conference and it's been it's probably better that a PE company owns them than being a misfit toy inside of Dell. All right, it's time to summarize, as we've been stressing in our breaking analysis segments and on the cube, the adversaries are very capable. And we should expect continued escalation. Venture capital is going to keep pouring into startups and that's going to lead to more fragmentation. But the market is going to remain right for M&A With valuations on the rise. The battle continues for best of breed tools from upstarts like CrowdStrike and Okta and Zscaler versus sweets from big players like Cisco, Palo Alto Networks and Fortinet. Growth is going to continue to drive valuations. And so let's keep our eyes on the cloud, remains disruptive and for some provides momentum for others provides friction. Security practitioners will continue to be well paid because there's a skill shortage and that's not going away despite the push toward automation. Got in talk about machine intelligence but AI and ML those tools, there are two edged sword as bad actors are leveraging installed infrastructure, both tools and behaviors to so called live off the land, upping the stakes in the arms race. Okay, this is Dave Vellante for Wikibon's CUBE Insights powered by ETR. Thanks for watching this breaking analysis. Remember, these episodes are all available as podcasted Spotfire or wherever you listen. Connect with me at david.vellante at siliconangle.com, or comment on my LinkedIn. I'm @dvellante on Twitter. Thanks for watching everybody. We'll see you next time. (upbeat music).

>>Live from Las Vegas. It's the cube covering UI path forward Americas 2019. Brought to you by UI path. >>We're back. You're watching the cube, the leader in live tech coverage. We go out to the events. This has been a great event. UI path forward three, the third North American event, and this is day two. We're just wrapping up. Brandon nod is here as a senior vice president with UI path and Kadar. Danny, who's the vice president of global accounts at UI path. So you guys got a store? >>Yeah, yeah, yeah, we do. Britta, what's the story you guys, one was a customer and customer that is to first customer. Um, so three years ago, something like that when you iPod, we just started out with a global expansion. We'd got our seed funding round in 2015 we started expanding and building our global sales team when he's 16. I joined in the UK, responsible globally for the banking financial services industry. And one, one fine day, I get a communication, an email from a prospective customer that, Hey, I want to talk to you about your platform. And it was a Brandon over here. Brandon, do you want to tell it? Tell them what a, how you found out about your iPad. >>Yeah, you bet. I was interviewing a couple of partners and looking at the different platforms and found that yeah, you, I've had really had what I was looking for, which is the openness of the platform, the ability to do training online and start my journey kind of on my terms. And so when I reached out to it was very much how can you help me get started? I've already made the business case internally, I'm ready to go. What year was this? 2016 and it's interesting, >>Daniel Donnez last night and his keynote said, you know, we really appreciate you guys who joined us in 2016 cause you know, the product didn't have all the features that we wanted. You know, it wasn't fully baked. This was my interpretation. That's right. But, but I, but I was saying earlier in the cube, the right move, that UI path made as you bet on simplicity. And he said, okay, let's get to market fast. Yeah. Simple. And that. And you said on your terms, what do you mean by that? >>So one of the things that I love about UI path is early on there was a principle of openness. Let people download the software. Don't be afraid, don't tease people, and then say, come to our site and we'll give you a call. Right? They said, come to our site, download, try it yourself. Here's what there's free training. And as UI path has grown, that principle is, is still very much precedent. You can go online right now and download, take free courses online. So what I wanted as a customer at that time was the ability to see it for myself. I wanted to make it real before I've made the investment. That was our experience. When Bobby Patrick first started, I said, you iPad today? He goes, go to the download a >>copy of our software, start building automations. I'm like, huh, yeah to it. And then go to automation anywhere, which by the way is the sponsor of ours. We love, we're an arms dealer. We love everybody. You know, go to blue prism, get their software too. So we tried, but we couldn't, you know, it was called the reseller will do pro what's your need? We just want to play with it, you know, so, so that's what you mean by bad on your terms and so yeah, that, that's worked pretty well for you guys, hasn't it? has and uh, you know, when we started off, right, community has always been a pillar within, within UI paths, you know, kind of strategy to to make sure that RPA is available to everyone. We call it democratization of, of automation and hence, you know, availability of the community edition. >>Uh, we go to the universities, students are able to download and use it for free and now we've tied up with certain universities to expand the education system with uh, getting, um, you know, when graduates pass out they come out ready knowing you want found RPA. Yeah, we had a, the college of William and Mary on and Tom Clancy, they were talking about that. Now I did my little review of the predictions in the morning. Guys predictions. He said that the students that come out of college, you're gonna force RPA on their companies. Most college kids don't know what RPA is. I got hit, I said it's gonna take a couple of cycles here, but, but so, okay, so run. Why did you join UI path? How did that all, you know, what drove you to say, okay, this is it. I'm going to have instead of applying the technology to make my existing company better, I'm gonna. >>So I ran operations for a mortgage company and we had already automated everything that we could using the classic tools and we are winning awards. And it was, you know, people were looking at the work that we are doing and they were impressed, but I still couldn't get past a certain point in my automations. So bringing in UI path allowed me to continue that journey to keep automating. And after a while, the more that I was working with you, I path weird, uh, I was a guest of, of them at conferences, speaking with guy Kirkwood and any number of folks. I looked at the culture of the company and thought this is a place that I want to be. And I looked at the roadmap and where the product was going and what I was able to do with it as a customer. And I thought, I want to help other people do this. I want to help them on their journey, get to this next level of automation that they're currently there. They're being kept at. >>Yeah, well a lot of people hop on the bandwagon. I saw folks from AWS, you know, have joined a gentlemen I know from Google, let's join them in these early leading companies and correct. So how are you guys spending your time these days? Special >> as I, my, my title suggests, you know, I'm responsible for the global account portfolio and I'm spending most of my time with our customers trying to help them on their automation journey. So these are some of the largest >>global customers, uh, big insurance companies, uh, automobile industry, uh, you know, Titans in that industry and they've all been our customers now for the last two years, in three years with a plan to kind of change the way they, uh, they run their business right. And RPA and you wipe out basically the automation platform that we have now with our new release come out as well, is giving these customers and end Duan a transformation engine. So it is our responsibility now to make them, uh, you know, more knowledgeable on how to apply that technology and get them successful with their plans for a, you know, transformation and automation of their business processes. Right. >>How are you spending your time, bro? I'm in product and in my focus is attended automation. So classically people are implementing unintended automation. This, this was the first big wave of RPA was really robots just working on a server somewhere. You don't, you don't interact with them. They just do their thing 24 hours a day. Now there's a huge push into attended automation, which is having a, a robot on your computer and the two of you working together, collaborating in real time throughout your day. So we're looking to save time to take out the the wasteful and small processes that nobody wants to do as well as creating an entirely new opportunities for value based on what the two of you can do together. How are you guys thinking about the way in which a user or worker interacts with that? That bot? Yeah, I think it's, it's more like a dance and and less like a task manager, right? >>So you might think in classic automation, you know, click a button, go do this thing, click a button, go do that thing that the automation is happening when you want it to. The way that our platform has written, the robot can listen to what you're doing. It can monitor for when you click on a specific button or for when you move files to a folder. So think about it less like a conscious effort to, to guide the robot and more as a collaborative effort where, where the robot is seeing what you're doing and taking action to help you and do things on your behalf and then letting you know when they're done. So it's the paradigm is changing for work and when you have a robot on your computer, it's going to open up a new way of doing your, your daily content. And the enabler there is what machine learning machine intelligence. >>It's a combination of things. So think about machine learning and AI as just one tool that that robot has to use both CR as well. You know, we did a demo earlier this week where we took receipts, moved him to a folder, the robot sees that you've moved receipts into a folder, can bounce it off and end point that and break apart those receipts using OCR, load that all into Excel and help you with your expense report. So think about things like this, you, things you need to do. You do what you would normally do, put receipts in a folder and the robot takes care of the rest. What, what things can, um, humans do that machines can't? Yeah, the ability to make on the fly judgment for complex cognitive tasks is very, very hard to replicate in, in AI right now because typically models are built on a set of specific information. >>We build our, our receipt and our invoice model off a ton of receipts and invoices. Therefore the robot can make quick work of those receipts way, way faster than we can, but present an unstructured problem or an open ended problem in an AI model might really struggle. Whereas a human can instantly make a judgment on that. So we want computers to do that. Those, those compiled activities and with the AI models that make sense for what they're doing and want humans to be thinking at higher levels, at creative levels, higher cognitive, cognitive and decision making levels. So this is as Daniel and others had mentioned, elevating the humanity when you think about it, >>but you definitely see some of your customers are certainly talking about this. This is robots taking action systems of agencies. Some people call it on behalf of the human and having to essentially make certain decisions. But you're saying those decisions are well understood and safe essentially. >>Absolutely. When you deploy a robot you don't, you don't just kind of hope for the best. Right? You have a very specific use case and you've coated the robot for that use case. I love it when when people say, you know, our compliance team is worried about the robots going wild or you know, we can have it gone the system, but he can't do anything that you haven't consciously told it to do, haven't written it to do. So it turns out it's actually even more compliant because it can throw off logs and a paper trail is as complex as you want it. So if I were a compliance officer, I would say get robots in immediately because I want more visibility into what's being done. >>So where do you see your customers going? So our customers say few. As Brandon was saying earlier, you know, customers started with this unattended robots first because everyone was trying to get an efficiency in their back office. We got a Y and that that is actually the core foundation for what comes next, which is the attended automation, the robot for every person vision that we have, we have fought for the, for the entire global customer community of ours. I mean the number of use cases where a human agent would with a robot. Now with having a robot on every desktop, I mean simple things like expense reports, time sheets or even simple things like downloading emails and reports on a daily basis. You don't need to engage with multiple systems. As a, as a human agent, you can get the robot to go ahead and do that for you. And as Brandon was saying, you know, you have much better control with the robot doing it. Then a human being who has a mind who could potentially, you know, cause certain security or compliance related issues because a human agent could go easily off track, do something different. Where as the robot has a certain set of parameters within which they work. >>Well guys, we've got to wrap, but so I'm going to ask each of you, give us the bumper sticker on UI path forward three a. When the trucks are pulling away from the Bellagio, what's the bumper sticker? Safe running. Try and keep up. >>Yeah, go, go big. Go big and go big now. >>Yeah, go bigger or go home. It's kind of seems to be the theme here. Well guys, thanks very much for. Congratulations on all the success you guys got a lot of work to do still for sure and best of luck. Thank you very much. Very welcome and thank you for watching everybody. It's a wrap from a UI path forward. You watching the cube, go to siliconangle.com check out all the news. We've got a bunch of in depth coverage of this show, RPA in general. We have five shows this week, so check that out and of course go to the cube.net to see what will be next week. Another big week. October has become the new may. So thank you for watching everyone. This is Dave Volante for the cube. Thanks guys. Great job today. We'll see you next time.