(soft upbeat music) (crowd chattering) >> Over the past 18 to 24 months, chief information security officers have dramatically changed their priorities. They had to, to support the remote work trend. So things like endpoint security, cloud security, and in particular identity and access management became top of mind. And a whole shift occurred. And we're going to talk about that today. Hi everybody, this is Dave Vellante and you're watching theCUBE. We're here at AWS re:Invent 2021. Katie Curtin-Mestre is here. She's the vice president of marketing at CyberArk and Bar Lavie senior product manager at Cloud Identity and Security. Bar, sorry for botching your name, but folks welcome to theCUBE, great to see you. >> Glad to be here. >> Great to hear. >> So Katie, upfront I talked about some of those trends. It's been a hugely dramatic shift away from this kind of traditional approaches to cyber. What are some of the trends that CyberArk has seen? >> Well, Bar is going to take the first part of this. >> Great, just go on. (Bar laughing) >> Yeah, so one trait that we are seeing is that cloud migration projects accelerate as organization turbocharged digital transformation. Is they're a looking to take advantage off the agility and operational efficiency of the cloud providers. Some of the concerns that I can think about one of those is the reducing the potential loss of data that is caused due to the excessive access to resources. And the other one is provision secure and scalable access to resources. And the third one would be implementing least privilege for all type of identity whether if it's a human identity or non-human identity. >> And on that end Dave, we recently commissioned a survey with the Cloud Security Alliance. We co-sponsored a survey and found that 94% of respondents said that securing human permissions was a top security challenge and machine identities weren't far behind at 77%. Another challenge that we're hearing from our customers is the need to secure the secrets used by applications. So we're really excited by today's news from AWS. They announced some new capabilities with a code guru called Secret Detector that helps to find unsecured secrets in applications. And the other concern that we're hearing from our customers is the need to monitor and audit the activity of all of their cloud identities. This is really important to help their security operation teams with their investigations and also to meet audit and compliance requirements. >> So the definition of identity is now more encompassing and includes like you say machines, right? It's not just people anymore. Of course we've seen, you know, phishing has always been problematic. It's escalated daily, right? We get phished. I mean, are we going to see the day where we finally get rid of passwords? Is that even possible? But maybe we could talk a little bit about sort of identity, how identity is evolving, this notion of zero trust. Zero trust used to be a Password. So, maybe Bar you could talk a little bit about what you're seeing in terms of identity access management. Maybe privileged access management are those things coming together? How does CyberArk think about those things? >> You going to take this one Katie >> Well, what CyberArk sees is we definitely see a trend where access management and privileged access management are coming together. Security teams are struggling too many security tools and they're really looking to standardize on a small handful of vendors and get more bank for their buck from their security investment. So we're definitely seeing that trends of unified platforms across access and privileged access management to secure any identity, whether human or machine from kind of like your standard workforce identity, to those who have highly privileged access. >> I don't know if you've ever, ever seen that chart. I think Optiv puts it out. It's consultancy. And it's this eye chart. It's a taxonomy of all the different security I have published at a number of times. it's mind boggling. So CSOs, SecOps teams they have to manage all this complexity, all these different tools and you ask CSOs what's your biggest challenge? They'll tell you lack of skills. We just can't find people. We can't train them fast enough. So what's CyberArk working on? What are some of the key initiatives that you guys are focused on that people should know about? >> Well, one of the things that we're working on is actually, and we see a greater adoption of it is something that was actually started as an initiative within our innovation lab. It's a CyberArk Clouding Titles Manager, which help to detect and remediate excessive permissions to cloud resources for any type of identity. I mentioned before the both human and non-human. Which are the something that you were looking to to secure. Another solution that we see a great adoption is our circuit ranger which helps organization to re remove the necessity of having a hard-coded credentials within application. It can be either traditional applications for their own premise or even cloud native applications. And peg this also into your CI CD pipeline. And we are actually innovating in these type of area with AWS as well. So this is one of the great things that we were doing. Also we're investing on a new solution for just-in-time access for cloud VMs and cloud consoles. And all of these solutions that I've mentioned and more to that are part of our identity security platform which came to provide you with the suite of solution to apply least privilege and secure access to any type of resource from any device for any type of identity. >> So is that best practice? I mean, if you had to, you know, advise a customer on best practice in identity, how should they think about that? Where should they start? >> Well, on the best practices front we recently published an ebook with AWS. And it's focused on the shared responsibility model and foundational best practices for securing cloud access. And it's all part of an initiative that CyberArk has, which is our identity security blueprint. Which guides customers on how best to move forward with their identity security initiatives. >> So where do they start? First of all how do they get that is it a security website or? >> It's available on our website and we detailed some of the steps that that customers can take. For example, one of the steps that we recommend to our customers is to limit the use of the root account and also to very much lock down the root account to use federated identities whenever possible. And Bar already alluded to some of the other best practices that we recommend. Such as removing hard-coded credentials from secrets. Another best practice that we really recommend to our customers is to have a consistent set of controls across their entire estate. Both from on-premises to the cloud. And this really helps to reduce complexity by having a unified and consistent set of security controls. And in fact one of our customers who is one of the world's largest convenience chains. They're using CyberArk to secure the credentials both for their on-premise servers and their AWS EC2 instances. And they're also using us as well to secure the credentials used by applications in the CI CD pipeline. So getting to those consistent controls is another best practice we highly recommend. >> So, consistent identity across your state, whether it's on-prem or in the cloud. And then also you've referenced CI CD a couple of times. So it's it's developer friendly? Are you're designing security in as opposed to a bolt on after the fact? And then you mentioned root accounts access. Is that where privilege access management comes in? Are we going to treat everybody as privileged access? Or how do you deal with machines? You mentioned hard-coded? Like some machines are hard-coded. Like I would imagine a lot of these internet cameras are exposures. How do you deal with all that? I mean, do you just have to cycle through and modernize your fleet of machines? Are there ways in which CyberArk can help sort of anticipate that or defend against that? >> Well, CyberArk can help on, on multiple fronts. Of course you need to secure the root account but that's just only one example of needing to secure a privilege access. And one thing that customers need to understand is that now going forward, any identity can have privilege access at any point in time, because at any point and time, you yourself could have access to a highly sensitive system or have access to highly sensitive data. So with CyberArk we help our customers understand which of their applications and infrastructure have the most sensitive data and then work with them to secure the access to that data whether that access be a human access or machine or programmatic access. >> So what are the customer implications of all this? I mean pre pandemic, you know, this whole zero trust thing with password. Now it's like fundamental premise. You don't trust to verify. What are the customer implications as we enter this new era ransomware through the roof, the adversaries are well funded highly capable. They're living off the land, they're island hopping. They're, doing self forming malware. It's a new world, right? So what are the customer implications? What should they be thinking about? You know, they don't have unlimited budget. So what's the advice? >> Well, eventually at the end of the day, there are all kinds of best practices of how to applies security. I think that both AWS have their own best practices and CyberArk has also our own best practices calling the blueprint which help organization to focus on to crown jewel on the most important stuff. And then going deeper and lower within each and every initiative. And on each and every level, try to investigate what you're trying to protect and what kind of security mechanisms can be applied in order to protect both access and maintaining that no one whether if it's internal or external attacker can gain access to it. >> Yup, I think the other implication for customers and you already alluded to it is really to continue to move forward with their zero trust initiatives. I think that that is a foundational going forward. Now that remote work is kind of the defacto norm and we can no longer rely on the traditional network perimeter. And so in this new environment securing your identities is the new perimeter. So that's an important implication for customers. And then another one that I would mention is that security teams need to work more closely with their dev and dev ops counterparts to bacon security earlier. It really can't be that security is brought in after the fact. Security very much needs to shift left and be included in the very early stages of application development before an application comes to production. >> I mean, I think it's that last point but all good points. The last point was a huge theme at CubeCon this year. That notion of shift left developers, you've mentioned the CI CD pipeline several times. I mean I think that is, you know, especially when you think about machines and the edge and IoT. I used to say all the time, you know that you used to put a moat around the castle, build a wall, protect the queen. Well, the queen has left the castle. But now with the pandemic, we've seen the effects of that. And as I say, the adversaries are seeing huge opportunities. Well-funded super sophisticated. It's like it makes Stuxnet look like a kindergarten. I know that was still >> That's scary. still pretty sophisticated. But I mean, look at what we saw with the government hack and solar winds, you know huge huge. But if we can talk to CSOs about that, they're like, you know, that's, we have to move fast. But they don't have unlimited budget, right? Cybersecurity is their number one initiative in terms of priorities. But then they have all these other things to fund. They have to fund a forced march to digital transformation, machine learning and AI, they're migrating to the cloud. They're driving automation. They're modernizing their application portfolio. So, security is still number one, isn't it? So it's a good business that you're in. >> Yes, and we really want to work with our CSOs so they can get the most investment out of what they're putting into CyberArk and the rest of their strategic security vendors. Because as you mentioned there's a talent shortage. So anything that we can do as vendors to make it easier for them to use our products and get more value from our solutions, is something that's really important. >> And automation is part of the answer but it's not the only answer, right? You got to follow the NIST framework and follow these best practices and keep fighting the fight. Guys. Thanks so much for coming on theCUBE. It was great to have you. I'd love to have you back. >> Thanks for having us. >> Thank you for having us. >> All right. Our pleasure. All right, this is Dave Vellante for theCUBE. You're watching our coverage of AWS re:Invent 2021. (gentle upbeat music)

>> From the ARIA Resort in Las Vegas, it's theCUBE. Covering AWS Marketplace. Brought to you by Amazon Web Services. >> Hey, welcome back here everybody Jeff Frick here with theCUBE. We are at AWS re:Invent 2018 wrapping up day one. We're going to do four days of coverage. We have four sets, three locations. But we're kicking things off here at the AWS Marketplace and Service Catalog event here at the ARIA. We're excited to be joined by our next guest, first time on theCUBE, but he's been working on the security stuff for a long time. He's Brandon Traffanstedt, he's the Global Director of System Engineering for CyberArk. Brandon, great to see you. >> Thank you very much. Glad to be here. >> Absolutely. So we started the conversation first off let's just give us the quick overview of CyberArk for people who are unfamiliar with the company. >> Definitely. So CyberArk does privilege access security, and that is the vaulting rotation in management of incredibly powerful accounts. Both traditional ones, the domain admin, to ones that exist in a more femoral, or cloud state. Access key, secret key pairs, route access into your console. So our goal is to take those out of the minds of users, out of those spreadsheets, out of hard coded code stacks. Place them in a secure location, rotate them, and then provide secure access to people as well as non people too. >> So you really segregate the privilege access as a very different category than just any regular user of kind of admin type of person. >> Absolutely. Though the focus is key. When we look the general spectrum of accounts in an organization, yes you've got the lower ones that are identity driven. Attackers might use those to get in, but really the creamy, nuggety center are those high value credentials. It's what brings down organizations. It's what we see involved in breaches every single day. So the focus there on those powerful ones is what gets us the most security posture increase with the least amount of effort. >> You know, it's interesting. 'Cause I always think of security as kind of like insurance. You can't absolutely be 100% positively. You can't spend every nickel you have on security, but you want to have a good ROI. So what you're saying, really, is this is a really good ROI investment from your security investment because these are really the crown jewels that you need to protect first. >> Absolutely. And like insurance, we often want to plan for the absolute worst to occur. There have been breaches in the past where yes, there were dollars that were spent on things like remediation, but if you have a huge customer base, even the postage alone to notify folks that you've had a compelling event tends to up into the seven figures. >> I never even thought of that. It's not a trivial expense. >> Absolutely. >> So, you said you've been doing this for 20 years, so a lot of change. There was no AWS re:Invent 20 years ago. There was not cloud computing as we know it today. So, you know we'll talk about kind of the current state but I'd love to get more kind of your historical perspective, you know being a security export, how your challenges have changed as this kind of continual escalation of war, accounting of strike counters strike. I'm thinking of MAD Magazine's Spy vs Spy, right, has continued to escalate over these 20 years. >> Definitely. So, years and years ago organizations were very monolithic from both the application side as well as their more kind of human focused infrastructure. Right, we had one or two domain controllers. Typically physical systems. But what happened is, the architecture broke down. So what, 10 years ago virtualization was the big thing, right. Same types of accounts, but more systems. More automation flows. So as we replaced humans with non humans, what happened was, more human users got over privileged, right? They were empowered to get their jobs done. But we had more and more robots that began doing their work. So one of the things that we saw, was the breaking down of the applications stacks to the point that we are now, you can spin up thousands of instances in a matter of clicks over a matter of seconds. Move that into a more micro services model, and you now have tens of thousands of nodes that can exist in the blink of an eye. All having the same type of access restrictions but just being far more distributed. >> Right. And so many more tax services with IOT, and all these things all over the place. And so, much more complex environment. >> Definitely. One of the things about all this beautiful automation and centralization that's occurring, is that now attackers don't have to go through that same type of flow they used to, right. Compromise an in user, escalate privilege on a laptop for instance, move laterally and continue to perform that dance. Now, all it takes is one compromise into your cloud management console for instance. And a lot of times that's game over. Our attacker is also changing a little bit. So I'm proud to say, but I'm a millennial and the thing about millennials is we tend to be very, some would say lazy, but I would say efficient in how we perform tasks. So for me, performing that lateral movement verses a one stop shop for a public effacing entity, I'm going to choose the one stop shop. >> Very true. So one of the hot topics in today's world is RPA, robotic process automation. We are at Automation Anywhere, we are at the UiPath Show this year, it's getting a lot of buzz. Both those companies have raised a ton of money. Hot, hot, hot space. It adds a whole new level of complexity and opportunity on the security side. So how should people be thinking about RPA and security? >> So when it comes to RPA, one of the things that is simply parr for the course, is that in order for robots to do their jobs, to build this automation that folks are looking for, they've got to authenticate this stuff. A lot of times we'll see that authentication happen as kind of an isolated secret that's stored, say inside of Automation Anywhere for instance. The goal there is, well we can rotate it, maybe, but now we have to update it here and there and a number of other spots. So one thing that we see as being a very prevalent theme is well let's find a centralized and secure source to manage them, and allow the robotic process automation to authenticate securely to that entity, pull the secrets as they need. Now, we can rotate that as many as what, ten, twelve times a day if we wanted to without our RPA missing a beat. At CyberArk we have what's called a C cubed alliance where we brought together a number of RPA vendors. All the ones that you mentioned. As well as other automation platforms, security vendors too. To where you don't have to do the work of integrating. It's already there and it's been built. And we're taking a huge direction from our customer base there to tell us what's hot, what's new for them. To let us proper those conversations. >> Because the robots are actually treated inside the system I believe, as like a person right? It's kind of like your own personal assistant. So in terms of the identity and the access, it's managed very much as if it was just a new hire. >> For sure. And if you look at it for instance using something like another automation platform like Jenkins. Jenkins is personified by a butler. Jenkins' task is to go out and perform all these tasks for you. But I'll submit to you if I were to offer you, hey Brandon, you can come to my house, vacuum my floor every Friday, that sounds like a pretty good deal. Especially if it's an open source. If I do it for you for free. But you encounter risk by giving me the keys to your house. The same is true for those automation platforms. A lot of times we divorce that robot from a human so we don't do the same level of due diligence to give the robot an identity to instantiate lease privilege. It's one of the things we've seen be a very huge theme in successful customer deployments. As well as automating their security too. >> Well at least they're not going to give away the security when someone calls up and says can you please give me the URL for the company picnic. I can't get in, you got to help me out. Hopefully they didn't train the robots to answer that question and let that social engineering enter. Is there social engineering for RPA? >> There is. When you look at RPA or even code that exists in public repositories, one of the quickest attacks you can do is to GitHub, search for your secret of choice. Maybe it's Postgres, maybe it's a vendor name underscore secret. If you sort that code by recent commits, you'll find people's hardcoded secrets that exist inside of public repositories. It's not because our developers are malicious. It's because it wasn't top of mind for them. They didn't have a more compelling solution. So that's one of the quickest attacks and I think that's social engineering. It could be as easy as compromising as say, one of your AWS administrators who happens to have a privileged key in a text file on his desktop. Same is also true there. >> Right Brandon, so we're here at the AWS Marketplace experience. Share with us a little bit about how you work with AWS Marketplace and what's that meant for your company. You've been around for 20 years. So you didn't need them to get started, but how are they helping you change your business? >> So one of the things that has been very top of mind for us over the past couple of years is supporting the community. In many cases folks will come to us with a project. Whether it be post breach mediation, audit compliance; whatever it may be, they have some indicator of moving forward. A lot of times when developers are building out processes, they may not be the driver from the business so the goal was we need to be able to support the community to provide open source secrets managements and do so very quickly. So there doesn't need to be a project or a red tape. AWS Marketplace has helped us provide our open source solution in a beautifully deployed package to as many folks as possible, so that at least they have some secure place to store those secrets without altering the way they do things. If they have to go outside of the Marketplace flows that they're used to, it's extra work. And we never want security to be a constraint to building good, quality automation development practices. >> Right. And how's Amazon been as a partner? There's a lot out there, be careful, they're going to see what you do and copy it and knock you out of business. How have they been working with as a partner? >> They've been fantastic. Highly supportive from both the programmatic secrets management perspective but also in providing best practices for how to deploy our core stack into AWS. How to handle things like auto scaling. As well as providing some APIs to extend our secrets management capability based on customer ASPs on both sides. >> Alright Brandon, well thank you for taking a few minutes. I'm sure we're both going to be dog tired in a couple of days. >> We can hope so, yeah. >> So we started while we were fresh. So I appreciate you taking a few minutes and stopping by. >> Always a pleasure. Thank you again for the invite. >> All right, he's Brandon, I'm Jeff. You're watching theCUBE. We're at AWS Marketplace and Service Catalog Experience here at the ARIA. Thanks for watching. See ya next time. (upbeat music)

(upbeat music) >> From theCube Studios in Palo Alto in Boston, bringing you data driven insights from theCube and ETR. This is Breaking Analysis with Dave Vellante. >> While by no means a safe haven, the cybersecurity sector has outpaced the broader tech market by a meaningful margin, that is up until very recently. Cybersecurity remains the number one technology priority for the C-suite, but as we've previously reported the CISO's budget has constraints just like other technology investments. Recent trends show that economic headwinds have elongated sales cycles, pushed deals into future quarters, and just like other tech initiatives, are pacing cybersecurity investments and breaking them into smaller chunks. Hello and welcome to this week's Wikibon Cube Insights powered by ETR. In this Breaking Analysis we explain how cybersecurity trends are reverting to the mean and tracking more closely with other technology investments. We'll make a couple of valuation comparisons to show the magnitude of the challenge and which cyber firms are feeling the heat, which aren't. There are some exceptions. We'll then show the latest survey data from ETR to quantify the contraction in spending momentum and close with a glimpse of the landscape of emerging cybersecurity companies, the private companies that could be ripe for acquisition, consolidation, or disruptive to the broader market. First, let's take a look at the recent patterns for cyber stocks relative to the broader tech market as a benchmark, as an indicator. Here's a year to date comparison of the bug ETF, which comprises a basket of cyber security names, and we compare that with the tech heavy NASDAQ composite. Notice that on April 13th of this year the cyber ETF was actually in positive territory while the NAS was down nearly 14%. Now by August 16th, the green turned red for cyber stocks but they still meaningfully outpaced the broader tech market by more than 950 basis points as of December 2nd that Delta had contracted. As you can see, the cyber ETF is now down nearly 25%, year to date, while the NASDAQ is down 27% and change. Now take a look at just how far a few of the high profile cybersecurity names have fallen. Here are six security firms that we've been tracking closely since before the pandemic. We've been, you know, tracking dozens but let's just take a look at this data and the subset. We show for comparison the S&P 500 and the NASDAQ, again, just for reference, they're both up since right before the pandemic. They're up relative to right before the pandemic, and then during the pandemic the S&P shot up more than 40%, relative to its pre pandemic level, around February is what we're using for the pre pandemic level, and the NASDAQ peaked at around 65% higher than that February level. They're now down 85% and 71% of their previous. So they're at 85% and 71% respectively from their pandemic highs. You compare that to these six companies, Splunk, which was and still is working through a transition is well below its pre pandemic market value and 44, it's 44% of its pre pandemic high as of last Friday. Palo Alto Networks is the most interesting here, in that it had been facing challenges prior to the pandemic related to a pivot to the Cloud which we reported on at the time. But as we said at that time we believe the company would sort out its Cloud transition, and its go to market challenges, and sales compensation issues, which it did as you can see. And its valuation jumped from 24 billion prior to Covid to 56 billion, and it's holding 93% of its peak value. Its revenue run rate is now over 6 billion with a healthy growth rate of 24% expected for the next quarter. Similarly, Fortinet has done relatively well holding 71% of its peak Covid value, with a healthy 34% revenue guide for the coming quarter. Now, Okta has been the biggest disappointment, a darling of the pandemic Okta's communication snafu, with what was actually a pretty benign hack combined with difficulty absorbing its 7 billion off zero acquisition, knocked the company off track. Its valuation has dropped by 35 billion since its peak during the pandemic, and that's after a nice beat and bounce back quarter just announced by Okta. Now, in our view Okta remains a viable long-term leader in identity. However, its recent fiscal 24 revenue guide was exceedingly conservative at around 16% growth. So either the company is sandbagging, or has such poor visibility that it wants to be like super cautious or maybe it's actually seeing a dramatic slowdown in its business momentum. After all, this is a company that not long ago was putting up 50% plus revenue growth rates. So it's one that bears close watching. CrowdStrike is another big name that we've been talking about on Breaking Analysis for quite some time. It like Okta has led the industry in a key ETR performance indicator that measures customer spending momentum. Just last week, CrowdStrike announced revenue increased more than 50% but new ARR was soft and the company guided conservatively. Not surprisingly, the stock got absolutely crushed as CrowdStrike blamed tepid demand from smaller and midsize firms. Many analysts believe that competition from Microsoft was one factor along with cautious spending amongst those midsize and smaller customers. Notably, large customers remain active. So we'll see if this is a longer term trend or an anomaly. Zscaler is another company in the space that we've reported having great customer spending momentum from the ETR data. But even though the company beat expectations for its recent quarter, like other companies its Outlook was conservative. So other than Palo Alto, and to a lesser extent Fortinet, these companies and others that we're not showing here are feeling the economic pinch and it shows in the compression of value. CrowdStrike, for example, had a 70 billion valuation at one point during the pandemic Zscaler top 50 billion, Okta 45 billion. Now, having said that Palo Alto Networks, Fortinet, CrowdStrike, and Zscaler are all still trading well above their pre pandemic levels that we tracked back in February of 2020. All right, let's go now back to ETR'S January survey and take a look at how much things have changed since the beginning of the year. Remember, this is obviously pre Ukraine, and pre all the concerns about the economic headwinds but here's an X Y graph that shows a net score, or spending momentum on the y-axis, and market presence on the x-axis. The red dotted line at 40% on the vertical indicates a highly elevated net score. Anything above that we think is, you know, super elevated. Now, we filtered the data here to show only those companies with more than 50 responses in the ETR survey. Still really crowded. Note that there were around 20 companies above that red 40% mark, which is a very, you know, high number. It's a, it's a crowded market, but lots of companies with, you know, positive momentum. Now let's jump ahead to the most recent October survey and take a look at what, what's happening. Same graphic plotting, spending momentum, and market presence, and look at the number of companies above that red line and how it's been squashed. It's really compressing, it's still a crowded market, it's still, you know, plenty of green, but the number of companies above 40% that, that key mark has gone from around 20 firms down to about five or six. And it speaks to that compression and IT spending, and of course the elongated sales cycles pushing deals out, taking them in smaller chunks. I can't tell you how many conversations with customers I had, at last week at Reinvent underscoring this exact same trend. The buyers are getting pressure from their CFOs to slow things down, do more with less and, and, and prioritize projects to those that absolutely are critical to driving revenue or cutting costs. And that's rippling through all sectors, including cyber. Now, let's do a bit more playing around with the ETR data and take a look at those companies with more than a hundred citations in the survey this quarter. So N, greater than or equal to a hundred. Now remember the followers of Breaking Analysis know that each quarter we take a look at those, what we call four star security firms. That is, those are the, that are in, that hit the top 10 for both spending momentum, net score, and the N, the mentions in the survey, the presence, the pervasiveness in the survey, and that's what we show here. The left most chart is sorted by spending momentum or net score, and the right hand chart by shared N, or the number of mentions in the survey, that pervasiveness metric. that solid red line denotes the cutoff point at the top 10. And you'll note we've actually cut it off at 11 to account for Auth 0, which is now part of Okta, and is going through a go to market transition, you know, with the company, they're kind of restructuring sales so they can take advantage of that. So starting on the left with spending momentum, again, net score, Microsoft leads all vendors, typical Microsoft, very prominent, although it hadn't always done so, it, for a while, CrowdStrike and Okta were, were taking the top spot, now it's Microsoft. CrowdStrike, still always near the top, but note that CyberArk and Cloudflare have cracked the top five in Okta, which as I just said was consistently at the top, has dropped well off its previous highs. You'll notice that Palo Alto Network Palo Alto Networks with a 38% net score, just below that magic 40% number, is healthy, especially as you look over to the right hand chart. Take a look at Palo Alto with an N of 395. It is the largest of the independent pure play security firms, and has a very healthy net score, although one caution is that net score has dropped considerably since the beginning of the year, which is the case for most of the top 10 names. The only exception is Fortinet, they're the only ones that saw an increase since January in spending momentum as ETR measures it. Now this brings us to the four star security firms, that is those that hit the top 10 in both net score on the left hand side and market presence on the right hand side. So it's Microsoft, Palo Alto, CrowdStrike, Okta, still there even not accounting for a Auth 0, just Okta on its own. If you put in Auth 0, it's, it's even stronger. Adding then in Fortinet and Zscaler. So Microsoft, Palo Alto, CrowdStrike, Okta, Fortinet, and Zscaler. And as we've mentioned since January, only Fortinet has shown an increase in net score since, since that time, again, since the January survey. Now again, this talks to the compression in spending. Now one of the big themes we hear constantly in cybersecurity is the market is overcrowded. Everybody talks about that, me included. The implication there, is there's a lot of room for consolidation and that consolidation can come in the form of M&A, or it can come in the form of people consolidating onto a single platform, and retiring some other vendors, and getting rid of duplicate vendors. We're hearing that as a big theme as well. Now, as we saw in the previous, previous chart, this is a very crowded market and we've seen lots of consolidation in 2022, in the form of M&A. Literally hundreds of M&A deals, with some of the largest companies going private. SailPoint, KnowBe4, Barracuda, Mandiant, Fedora, these are multi billion dollar acquisitions, or at least billion dollars and up, and many of them multi-billion, for these companies, and hundreds more acquisitions in the cyberspace, now less you think the pond is overfished, here's a chart from ETR of emerging tech companies in the cyber security industry. This data comes from ETR's Emerging Technologies Survey, ETS, which is this diamond in a rough that I found a couple quarters ago, and it's ripe with companies that are candidates for M&A. Many would've liked, many of these companies would've liked to, gotten to the public markets during the pandemic, but they, you know, couldn't get there. They weren't ready. So the graph, you know, similar to the previous one, but different, it shows net sentiment on the vertical axis and that's a measurement of, of, of intent to adopt against a mind share on the X axis, which measures, measures the awareness of the vendor in the community. So this is specifically a survey that ETR goes out and, and, and fields only to track those emerging tech companies that are private companies. Now, some of the standouts in Mindshare, are OneTrust, BeyondTrust, Tanium and Endpoint, Net Scope, which we've talked about in previous Breaking Analysis. 1Password, which has been acquisitive on its own. In identity, the managed security service provider, Arctic Wolf Network, a company we've also covered, we've had their CEO on. We've talked about MSSPs as a real trend, particularly in small and medium sized business, we'll come back to that, Sneek, you know, kind of high flyer in both app security and containers, and you can just see the number of companies in the space this huge and it just keeps growing. Now, just to make it a bit easier on the eyes we filtered the data on these companies with with those, and isolated on those with more than a hundred responses only within the survey. And that's what we show here. Some of the names that we just mentioned are a bit easier to see, but these are the ones that really stand out in ERT, ETS, survey of private companies, OneTrust, BeyondTrust, Taniam, Netscope, which is in Cloud, 1Password, Arctic Wolf, Sneek, BitSight, SecurityScorecard, HackerOne, Code42, and Exabeam, and Sim. All of these hit the ETS survey with more than a hundred responses by, by the IT practitioners. Okay, so these firms, you know, maybe they do some M&A on their own. We've seen that with Sneek, as I said, with 1Password has been inquisitive, as have others. Now these companies with the larger footprint, these private companies, will likely be candidate for both buying companies and eventually going public when the markets settle down a bit. So again, no shortage of players to affect consolidation, both buyers and sellers. Okay, so let's finish with some key questions that we're watching. CrowdStrike in particular on its earnings calls cited softness from smaller buyers. Is that because these smaller buyers have stopped adopting? If so, are they more at risk, or are they tactically moving toward the easy button, aka, Microsoft's good enough approach. What does that mean for the market if smaller company cohorts continue to soften? How about MSSPs? Will companies continue to outsource, or pause on on that, as well as try to free up, to try to free up some budget? Adam Celiski at Reinvent last week said, "If you want to save money the Cloud's the best place to do it." Is the cloud the best place to save money in cyber? Well, it would seem that way from the standpoint of controlling budgets with lots of, lots of optionality. You could dial up and dial down services, you know, or does the Cloud add another layer of complexity that has to be understood and managed by Devs, for example? Now, consolidation should favor the likes of Palo Alto and CrowdStrike, cause they're platform players, and some of the larger players as well, like Cisco, how about IBM and of course Microsoft. Will that happen? And how will economic uncertainty impact the risk equation, a particular concern is increase of tax on vulnerable sectors of the population, like the elderly. How will companies and governments protect them from scams? And finally, how many cybersecurity companies can actually remain independent in the slingshot economy? In so many ways the market is still strong, it's just that expectations got ahead of themselves, and now as earnings forecast come, come, come down and come down to earth, it's going to basically come down to who can execute, generate cash, and keep enough runway to get through the knothole. And the one certainty is nobody really knows how tight that knothole really is. All right, let's call it a wrap. Next week we dive deeper into Palo Alto Networks, and take a look at how and why that company has held up so well and what to expect at Ignite, Palo Alto's big user conference coming up later this month in Las Vegas. We'll be there with theCube. Okay, many thanks to Alex Myerson on production and manages the podcast, Ken Schiffman as well, as our newest edition to our Boston studio. Great to have you Ken. Kristin Martin and Cheryl Knight help get the word out on social media and in our newsletters. And Rob Hof is our EIC over at Silicon Angle. He does some great editing for us. Thank you to all. Remember these episodes are all available as podcasts. Wherever you listen, just search Breaking Analysis podcast. I publish each week on wikibond.com and siliconangle.com, or you can email me directly David.vellante@siliconangle.com or DM me @DVellante, or comment on our LinkedIn posts. Please do checkout etr.ai, they got the best survey data in the enterprise tech business. This is Dave Vellante for theCube Insights powered by ETR. Thanks for watching, and we'll see you next time on Breaking Analysis. (upbeat music)

(upbeat music) >> Good morning everybody. Welcome back to Las Vegas. This is day four of theCUBE's wall-to-wall coverage of our Super Bowl, aka AWS re:Invent 2022. I'm here with my co-host, Paul Gillin. My name is Dave Vellante. Sanjay Poonen is in the house, CEO and president of Cohesity. He's sitting in as our guest market watcher, market analyst, you know, deep expertise, new to the job at Cohesity. He was kind enough to sit in, and help us break down what's happening at re:Invent. But Paul, first thing, this morning we heard from Werner Vogels. He was basically given a masterclass on system design. It reminded me of mainframes years ago. When we used to, you know, bury through those IBM blue books and red books. You remember those Sanjay? That's how we- learned back then. >> Oh God, I remember those, Yeah. >> But it made me think, wow, now you know IBM's more of a systems design, nobody talks about IBM anymore. Everybody talks about Amazon. So you wonder, 20 years from now, you know what it's going to be. But >> Well- >> Werner's amazing. >> He pulled out a 24 year old document. >> Yup. >> That he had written early in Amazon's evolution about synchronous design or about essentially distributed architectures that turned out to be prophetic. >> His big thing was nature is asynchronous. So systems are asynchronous. Synchronous is an illusion. It's an abstraction. It's kind of interesting. But, you know- >> Yeah, I mean I've had synonyms for things. Timeless architecture. Werner's an absolute legend. I mean, when you think about folks who've had, you know, impact on technology, you think of people like Jony Ive in design. >> Dave: Yeah. >> You got to think about people like Werner in architecture and just the fact that Andy and the team have been able to keep him engaged that long... I pay attention to his keynote. Peter DeSantis has obviously been very, very influential. And then of course, you know, Adam did a good job, you know, watching from, you know, having watched since I was at the first AWS re:Invent conference, at time was President SAP and there was only a thousand people at this event, okay? Andy had me on stage. I think I was one of the first guest of any tech company in 2011. And to see now this become like, it's a mecca. It's a mother of all IT events, and watch sort of even the transition from Andy to Adam is very special. I got to catch some of Ruba's keynote. So while there's some new people in the mix here, this has become a force of nature. And the last time I was here was 2019, before Covid, watched the last two ones online. But it feels like, I don't know 'about what you guys think, it feels like it's back to 2019 levels. >> I was here in 2019. I feel like this was bigger than 2019 but some people have said that it's about the same. >> I think it was 60,000 versus 50,000. >> Yes. So close. >> It was a little bigger in 2019. But it feels like it's more active. >> And then last year, Sanjay, you weren't here but it was 25,000, which was amazing 'cause it was right in that little space between Omicron, before Omicron hit. But you know, let me ask you a question and this is really more of a question about Amazon's maturity and I know you've been following them since early days. But the way I get the question, number one question I get from people is how is Amazon AWS going to be different under Adam than it was under Andy? What do you think? >> I mean, Adam's not new because he was here before. In some senses he knows the Amazon culture from prior, when he was running sales and marketing prior. But then he took the time off and came back. I mean, this will always be, I think, somewhat Andy's baby, right? Because he was the... I, you know, sent him a text, "You should be really proud of what you accomplished", but you know, I think he also, I asked him when I saw him a few weeks ago "Are you going to come to re:Invent?" And he says, "No, I want to leave this to be Adam's show." And Adam's going to have a slightly different view. His keynotes are probably half the time. It's a little bit more vision. There was a lot more customer stories at the beginning of it. Taking you back to the inspirational pieces of it. I think you're going to see them probably pulling up the stack and not just focused in infrastructure. Many of their platform services are evolved. Many of their, even application services. I'm surprised when I talk to customers. Like Amazon Connect, their sort of call center type technologies, an app layer. It's getting a lot. I mean, I've talked to a couple of Fortune 500 companies that are moving off Ayer to Connect. I mean, it's happening and I did not know that. So it's, you know, I think as they move up the stack, the platform's gotten more... The data centric stack has gotten, and you know, in the area we're working with Cohesity, security, data protection, they're an investor in our company. So this is an important, you know, both... I think tech player and a partner for many companies like us. >> I wonder the, you know, the marketplace... there's been a big push on the marketplace by all the cloud companies last couple of years. Do you see that disrupting the way softwares, enterprise software is sold? >> Oh, for sure. I mean, you have to be a ostrich with your head in the sand to not see this wave happening. I mean, what's it? $150 billion worth of revenue. Even though the growth rates dipped a little bit the last quarter or so, it's still aggregatively between Amazon and Azure and Google, you know, 30% growth. And I think we're still in the second or third inning off a grand 1 trillion or 2 trillion of IT, shifting not all of it to the cloud, but significantly faster. So if you add up all of the big things of the on-premise world, they're, you know, they got to a certain size, their growth is stable, but stalling. These guys are growing significantly faster. And then if you add on top of them, platform companies the data companies, Snowflake, MongoDB, Databricks, you know, Datadog, and then apps companies on top of that. I think the move to the Cloud is inevitable. In SaaS companies, I don't know why you would ever implement a CRM solution on-prem. It's all gone to the Cloud. >> Oh, it is. >> That happened 15 years ago. I mean, begin within three, five years of the advent of Salesforce. And the same thing in HR. Why would you deploy a HR solution now? You've got Workday, you've got, you know, others that are so some of those apps markets are are just never coming back to an on-prem capability. >> Sanjay, I want to ask you, you built a reputation for being able to, you know, forecast accurately, hit your plan, you know, you hit your numbers, you're awesome operator. Even though you have a, you know, technology degree, which you know, that's a two-tool star, multi-tool star. But I call it the slingshot economy. This is like, I mean I've seen probably more downturns than anybody in here, you know, given... Well maybe, maybe- >> Maybe me. >> You and I both. I've never seen anything like this, where where visibility is so unpredictable. The economy is sling-shotting. It's like, oh, hurry up, go Covid, go, go go build, build, build supply, then pull back. And now going forward, now pulling back. Slootman said, you know, on the call, "Hey the guide, is the guide." He said, "we put it out there, We do our best to hit it." But you had CrowdStrike had issues you know, mid-market, ServiceNow. I saw McDermott on the other day on the, on the TV. I just want to pay, you know, buy from the guy. He's so (indistinct) >> But mixed, mixed results, Salesforce, you know, Octa now pre-announcing, hey, they're going to be, or announcing, you know, better visibility, forward guide. Elastic kind of got hit really hard. HPE and Dell actually doing really well in the enterprise. >> Yep. >> 'Course Dell getting killed in the client. But so what are you seeing out there? How, as an executive, do you deal with such poor visibility? >> I think, listen, what the last two or three years have taught us is, you know, with the supply chain crisis, with the surge that people thought you may need of, you know, spending potentially in the pandemic, you have to start off with your tech platform being 10 x better than everybody else. And differentiate, differentiate. 'Cause in a crowded market, but even in a market that's getting tougher, if you're not differentiating constantly through technology innovation, you're going to get left behind. So you named a few places, they're all technology innovators, but even if some of them are having challenges, and then I think you're constantly asking yourselves, how do you move from being a point product to a platform with more and more services where you're getting, you know, many of them moving really fast. In the case of Roe, I like him a lot. He's probably one of the most savvy operators, also that I respect. He calls these speedboats, and you know, his core platform started off with the firewall network security. But he's built now a very credible cloud security, cloud AI security business. And I think that's how you need to be thinking as a tech executive. I mean, if you got core, your core beachhead 10 x better than everybody else. And as you move to adjacencies in these new platforms, have you got now speedboats that are getting to a point where they are competitive advantage? Then as you think of the go-to-market perspective, it really depends on where you are as a company. For a company like our size, we need partners a lot more. Because if we're going to, you know, stand on the shoulders of giants like Isaac Newton said, "I see clearly because I stand on the shoulders giants." I need to really go and cultivate Amazon so they become our lead partner in cloud. And then appropriately Microsoft and Google where I need to. And security. Part of what we announced last week was, last month, yeah, last couple of weeks ago, was the data security alliance with the biggest security players. What was I trying to do with that? First time ever done in my industry was get Palo Alto, CrowdStrike, Wallace, Tenable, CyberArk, Splunk, all to build an alliance with me so I could stand on their shoulders with them helping me. If you're a bigger company, you're constantly asking yourself "how do you make sure you're getting your, like Amazon, their top hundred customers spending more with that?" So I think the the playbook evolves, and I'm watching some of these best companies through this time navigate through this. And I think leadership is going to be tested in enormously interesting ways. >> I'll say. I mean, Snowflake is really interesting because they... 67% growth, which is, I mean, that's best in class for a company that's $2 billion. And, but their guide was still, you know, pretty aggressive. You know, so it's like, do you, you know, when it when it's good times you go, "hey, we can we can guide conservatively and know we can beat it." But when you're not certain, you can't dial down too far 'cause your investors start to bail on you. It's a really tricky- >> But Dave, I think listen, at the end of the day, I mean every CEO should not be worried about the short term up and down in the stock price. You're building a long-term multi-billion dollar company. In the case of Frank, he has, I think I shot to a $10 billion, you know, analytics data warehousing data management company on the back of that platform, because he's eyeing the market that, not just Teradata occupies today, but now Oracle occupies or other databases, right? So his tam as it grows bigger, you're going to have some of these things, but that market's big. I think same with Palo Alto. I mean Datadog's another company, 75% growth. >> Yeah. >> At 20% margins, like almost rule of 95. >> Amazing. >> When they're going after, not just the observability market, they're eating up the sim market, security analytics, the APM market. So I think, you know, that's, you look at these case studies of companies who are going from point product to platforms and are steadily able to grow into new tams. You know, to me that's very inspiring. >> I get it. >> Sanjay: That's what I seek to do at our com. >> I get that it's a marathon, but you know, when you're at VMware, weren't you looking at the stock price every day just out of curiosity? I mean listen, you weren't micromanaging it. >> You do, but at the end of the day, and you certainly look at the days of earnings and so on so forth. >> Yeah. >> Because you want to create shareholder value. >> Yeah. >> I'm not saying that you should not but I think in obsession with that, you know, in a short term, >> Going to kill ya. >> Makes you, you know, sort of myopically focused on what may not be the right thing in the long term. Now in the long arc of time, if you're not creating shareholder value... Look at what happened to Steve Bomber. You needed Satya to come in to change things and he's created a lot of value. >> Dave: Yeah, big time. >> But I think in the short term, my comments were really on the quarter to quarter, but over a four a 12 quarter, if companies are growing and creating profitable growth, they're going to get the valuation they deserve. >> Dave: Yeah. >> Do you the... I want to ask you about something Arvind Krishna said in the previous IBM earnings call, that IT is deflationary and therefore it is resistant to the macroeconomic headwinds. So IT spending should actually thrive in a deflation, in a adverse economic climate. Do you think that's true? >> Not all forms of IT. I pay very close attention to surveys from, whether it's the industry analysts or the Morgan Stanleys, or Goldman Sachs. The financial analysts. And I think there's a gluc in certain sectors that will get pulled back. Traditional view is when the economies are growing people spend on the top line, front office stuff, sales, marketing. If you go and look at just the cloud 100 companies, which are the hottest private companies, and maybe with the public market companies, there's way too many companies focused on sales and marketing. Way too many. I think during a downsizing and recession, that's going to probably shrink some, because they were all built for the 2009 to 2021 era, where it was all about the top line. Okay, maybe there's now a proposition for companies who are focused on cost optimization, supply chain visibility. Security's been intangible, that I think is going to continue to an investment. So I tell, listen, if you are a tech investor or if you're an operator, pay attention to CIO priorities. And right now, in our business at Cohesity, part of the reason we've embraced things like ransomware protection, there is a big focus on security. And you know, by intelligently being a management and a security company around data, I do believe we'll continue to be extremely relevant to CIO budgets. There's a ransomware, 20 ransomware attempts every second. So things of that kind make you relevant in a bank. You have to stay relevant to a buying pattern or else you lose momentum. >> But I think what's happening now is actually IT spending's pretty good. I mean, I track this stuff pretty closely. It's just that expectations were so high and now you're seeing earnings estimates come down and so, okay, and then you, yeah, you've got the, you know the inflationary factors and your discounted cash flows but the market's actually pretty good. >> Yeah. >> You know, relative to other downturns that if this is not a... We're not actually not in a downturn. >> Yeah. >> Not yet anyway. It may be. >> There's a valuation there. >> You have to prepare. >> Not sales. >> Yeah, that's right. >> When I was on CNBC, I said "listen, it's a little bit like that story of Joseph. Seven years of feast, seven years of famine." You have to prepare for potentially your worst. And if it's not the worst, you're in good shape. So will it be a recession 2023? Maybe. You know, high interest rates, inflation, war in Russia, Ukraine, maybe things do get bad. But if you belt tightening, if you're focused in operational excellence, if it's not a recession, you're pleasantly surprised. If it is one, you're prepared for it. >> All right. I'm going to put you in the spot and ask you for predictions. Expert analysis on the World Cup. What do you think? Give us the breakdown. (group laughs) >> As my... I wish India was in the World Cup, but you can't get enough Indians at all to play soccer well enough, but we're not, >> You play cricket, though. >> I'm a US man first. I would love to see one of Brazil, or Argentina. And as a Messi person, I don't know if you'll get that, but it would be really special for Messi to lead, to end his career like Maradonna winning a World Cup. I don't know if that'll happen. I'm probably going to go one of the Latin American countries, if the US doesn't make it far enough. But first loyalty to the US team, and then after one of the Latin American countries. >> And you think one of the Latin American countries is best bet to win or? >> I don't know. It's hard to tell. They're all... What happens now at this stage >> So close, right? >> is anybody could win. >> Yeah. You just have lots of shots of gold. I'm a big soccer fan. It could, I mean, I don't know if the US is favored to win, but if they get far enough, you get to the finals, anybody could win. >> I think they get Netherlands next, right? >> That's tough. >> Really tough. >> But... The European teams are good too, but I would like to see US go far enough, and then I'd like to see Latin America with team one of Argentina, or Brazil. That's my prediction. >> I know you're a big Cricket fan. Are you able to follow Cricket the way you like? >> At god unearthly times the night because they're in Australia, right? >> Oh yeah. >> Yeah. >> I watched the T-20 World Cup, select games of it. Yeah, you know, I'm not rapidly following every single game but the World Cup games, I catch you. >> Yeah, it's good. >> It's good. I mean, I love every sport. American football, soccer. >> That's great. >> You get into basketball now, I mean, I hope the Warriors come back strong. Hey, how about the Warriors Celtics? What do we think? We do it again? >> Well- >> This year. >> I'll tell you what- >> As a Boston Celtics- >> I would love that. I actually still, I have to pay off some folks from Palo Alto office with some bets still. We are seeing unprecedented NBA performance this year. >> Yeah. >> It's amazing. You look at the stats, it's like nothing. I know it's early. Like nothing we've ever seen before. So it's exciting. >> Well, always a pleasure talking to you guys. >> Great to have you on. >> Thanks for having me. >> Thank you. Love the expert analysis. >> Sanjay Poonen. Dave Vellante. Keep it right there. re:Invent 2022, day four. We're winding up in Las Vegas. We'll be right back. You're watching theCUBE, the leader in enterprise and emerging tech coverage. (lighthearted soft music)

(bright music) >> Hello, everyone. Welcome back to live coverage day two or day one, day two for theCUBE, day one for the event. I'm John Furrier, host of theCUBE. It's the keynote analysis segment. Adam just finished coming off stage. I'm here with Dave Vellante and Zeus Kerravala, with principal analyst at ZK Research, Zeus, it's great to see you. Dave. Guys, the analysis is clear. AWS is going NextGen. You guys had a multi-day analyst sessions in on the pre-briefs. We heard the keynote, it's out there. Adam's getting his sea legs, so to speak, a lot of metaphors around ocean. >> Yeah. >> Space. He's got these thematic exploration as he chunked his keynote out into sections. Zeus, a lot of networking in there in terms of some of the price performance, specialized instances around compute, this end-to-end data services. Dave, you were all over this data aspect going into the keynote and obviously, we had visibility into this business transformation theme. What's your analysis? Zeus, we'll start with you. What's your take on what Amazon web service is doing this year and the keynote? What's your analysis? >> Well, I think, there was a few key themes here. The first one is I do think we're seeing better integration across the AWS portfolio. Historically, AWS makes a lot of stuff and it's not always been easy to use say, Aurora and Redshift together, although most customers buy them together. So, they announce the integration of that. It's a lot tighter now. It's almost like it could be one product, but I know they like to keep the product development separately. Also, I think, we're seeing a real legitimization of AWS in a bunch of areas where people said it wasn't possible before. Last year, Nasdaq said they're running in the cloud. The Options Exchange today announced that they're going to be moving to the cloud. Contact centers running the cloud for a lot of real time voice. And so, things that we looked at before and said those will never move to the cloud have now moved to the cloud. And I think, my third takeaway is just AWS is changing and they're now getting into areas to allow customers to do things they couldn't do before. So, if you look at what they're doing in the area of AI, a lot of their AI and ML services before were prediction. And I'm not saying you need an AI, ML to do prediction, was certainly a lot more accurate, but now they're getting into generative data. So, being able to create data where data didn't exist before and that's a whole new use case for 'em. So, AWS, I think, is actually for all the might and power they've had, it's actually stepping up and becoming a much different company now. >> Yeah, I had wrote that post. I had a one-on-one day, got used of the transcript with Adam Selipsky. He went down that route of hey, we going to change NextGen. Oh, that's my word. AWS Classic my word. The AWS Classic, the old school cloud, which a bunch of Lego blocks, and you got this new NextGen cloud with the ecosystems emerging. So, clearly, it's Amazon shifting. >> Yeah. >> But Dave, your breaking analysis teed out the keynote. You went into the whole cost recovery. We heard Adam talk about macro at the beginning of his keynote. He talked about economic impact, sustainability, big macro issues. >> Yeah. >> And then, he went into data and spent most of the time on the keynote on data. Tools, integration, governance, insights. You're all over that. You had that, almost your breaking analysis almost matched the keynote, >> Yeah. >> thematically, macro, cost savings right-sizing with the cloud. And last night, I was talking to some of the marketplace people, we think that the marketplace might be the center where people start managing their cost better. This could have an impact on the ecosystem if they're not in in the marketplace. So, again, so much is going on. >> What's your analogy? >> Yeah, there's so much to unpack, a couple things. One is we get so much insight from theCUBE community plus your sit down 101 with Adam Selipsky allowed us to gather some nuggets, and really, I think, predict pretty accurately. But the number one question I get, if I could hit the escape key a bit, is what's going to be different in the Adam Selipsky era that was different from the Jassy era. Jassy was all about the primitives. The best cloud. And Selipsky's got to double down on that. So, he's got to keep that going. Plus, he's got to do that end-to-end integration and he's got to do the deeper business integration, up the stack, if you will. And so, when you're thinking about the keynote and the spirit of keynote analysis, we definitely heard, hey, more primitives, more database features, more Graviton, the network stuff, the HPC, Graviton for HPC. So, okay, check on that. We heard some better end-to-end integration between the elimination of ETL between Aurora and Redshift. Zeus and I were sitting next to each other. Okay, it's about time. >> Yeah. >> Okay, finally we got that. So, that's good. Check. And then, they called it this thing, the Amazon data zones, which was basically extending Redshift data sharing within your organization. So, you can now do that. Now, I don't know if it works across regions. >> Well, they mentioned APIs and they have the data zone. >> Yep. And so, I don't know if it works across regions, but the interesting thing there is he specifically mentioned integration with Snowflake and Tableau. And so, that gets me to your point, at the end of the day, in order for Amazon, and this is why they win, to succeed, they've got to have this ecosystem really cranking. And that's something that is just the secret sauce of the business model. >> Yeah. And it's their integration into that ecosystem. I think, it's an interesting trend that I've seen for customers where everybody wanted best of breed, everybody wanted disaggregated, and their customers are having trouble now putting those building blocks together. And then, nobody created more building blocks than AWS. And so, I think, under Adam, what we're seeing is much more concerted effort to make it easier for customers to consume those building blocks in an easy way. And the AWS execs >> Yeah. >> I talked to yesterday all committed to that. It's easy, easy, easy. And I think that's why. (Dave laughing) Yeah, there's no question they've had a lead in cloud for a long time. But if they're going to keep that, that needs to be upfront. >> Well, you're close to this, how easy is it? >> Yeah. >> But we're going to have Adrian Cockcroft (Dave laughing) on at the end of the day today, go into one analysis. Now, that- >> Well, less difficult. >> How's that? (indistinct) (group laughing) >> There you go. >> Adrian retired from Amazon. He's a CUBE analyst retiree, but he had a good point. You can buy the bag of Lego blocks if you want primitives >> Yeah. >> or you can buy the toy that's glued together. And it works, but it breaks. And you can't really manage it, and you buy a new one. So, his metaphor was, okay, if the primitives allow you to construct a durable solutions, a lot harder relative to rolling your own, not like that, but also the simplest out-of-the box capability is what people want. They want solutions. We call Adam the solutions CEO. So, I think, you're going to start to see this purpose built specialized services allow the ecosystem to build those toys, so that the customers can have an out-of-the box experience while having the option for the AWS Classic, which is if you want durability, you want to tune it, you want to manage it, that's the way to go for the hardcore. Now, can be foundational, but I just see the solutions things being very much like an out-of-the-box. Okay, throw away, >> Yeah. >> buy a new toy. >> More and more, I'm saying less customers want to be that hardcore assembler of building blocks. And obviously, the really big companies do, but that line is moving >> Yeah. >> and more companies, I think, just want to run their business and they want those prebuilt solutions. >> We had to cut out of the keynote early. But I didn't hear a lot about... The example that they often use is Amazon Connect, the call center solution. >> Yeah. >> I didn't hear a lot to that in the keynote. Maybe it's happening right now, but look, at the end of the day, suites always win. The best of breed does well, (John laughing) takes off, generate a couple billion, Snowflake will grow, they'll get to 10 billion. But you look at Oracle, suites work. (laughs) >> Yeah. >> What I found interesting about the keynote is that he had this thematic exploration themes. First one was space that was like connect the dot, the nebula, different (mumbles) lens, >> Ocean. >> ask the right questions. (Dave laughing) >> Ocean was security which bears more, >> Yeah. >> a lot more needed to manage that oxygen going deep. Are you snorkeling? Are you scuba diving? Barely interesting amount of work. >> In Antarctica. >> Antarctica was the performance around how you handle tough conditions and you've got to get that performance. >> Dave: We're laughing, but it was good. >> But the day, the Ocean Day- >> Those are very poetic. >> I tweeted you, Dave, (Dave laughing) because I sit on theCUBE in 2011. I hate hail. (Dave laughing) It's the worst term ever. It's the day the ocean's more dynamic. It's a lot more flowing. Maybe 10 years too soon, Dave. But he announces the ocean theme and then says we have a Security Lake. So, like lake, ocean, little fun on words- >> I actually think the Security Lake is pretty meaningful, because we were listening to talk, coming over here talking about it, where I think, if you look at a lot of the existing solutions, security solutions there, I describe 'em as a collection of data ponds that you can view through one map, but they're not really connected. And the amount of data that AWS holds now, arguably more than any other company, if they're not going to provide the Security Lake, who is? >> Well, but staying >> Yeah. >> on security for a second. To me, the big difference between Azure and Amazon is the ecosystem. So, CrowdStrike, Okta, Zscaler, name it, CyberArk, Rapid7, they're all part of this ecosystem. Whereas Microsoft competes with all of those guys. >> Yes. Yeah. >> So it's a lot more white space than the Amazon ecosystem. >> Well, I want to get you guys to take on, so in your reaction, because I think, my vision of what what's happening here is that I think that whole data portion's going to be data as code. And I think, the ecosystem harvests the data play. If you look at AWS' key announcements here, Security Lake, price performance, they're going to optimize for those kinds of services. Look at security, okay, Security Lake, GuardDuty, EKS, that's a Docker. Docker has security problems. They're going inside the container and looking at threat detection inside containers with Kubernetes as the runtime. That's a little nuance point, but that's pretty significant, Dave. And they're now getting into, we're talking in the weeds on the security piece, adding that to their large scale security footprint. Security is going to be one of those things where if you're not on the inside of their security play, you're probably going to be on the outside. And of course, the price performance is going to be the killer. The networking piece surprise me. Their continuing to innovate on the network. What does that mean for Cisco? So many questions. >> We had Ajay Patel on yesterday for VMware. He's an awesome middleware guy. And I was asking about serverless and architectures. And he said, "Look, basically, serverless' great for stateless, but if you want to run state, you got to have control over the run time." But the point he made was that people used to think of running containers with straight VMs versus Fargate or Knative, if you choose, or serverless. They used to think of those as different architectures. And his point was they're all coming together. And it's now you're architecting and calling, which service you need. And that's how people are thinking about future architectures, which I think, makes a lot of sense. >> If you are running managed Kubernetes, which everyone's doing, 'cause no one's really building it in-house themselves. >> No. >> They're running it as managed service, skills gaps and a variety of other reasons. This EKS protection is very interesting. They're managing inside and outside the container, which means that gives 'em visibility on both sides, under the hood and inside the application layer. So, very nuanced point, Zeus. What's your reaction to this? And obviously, the networking piece, I'd love to get your thought. >> Well, security, obviously, it's becoming a... It's less about signatures and more of an analytics. And so, things happen inside the container and outside the container. And so, their ability to look on both sides of that allows you to happen threats in time, but then also predict threats that could happen when you spin the container up. And the difficulty with the containers is they are ephemeral. It's not like a VM where it's a persistent workload that you can do analysis on. You need to know what's going on with the container almost before it spins up. >> Yeah. >> And that's a much different task. So, I do think the amount of work they're doing with the containers gives them that entry into that and I think, it's a good offering for them. On the network side, they provide a lot of basic connectivity. I do think there's a role still for the Ciscos and the Aristas and companies like that to provide a layer of enhanced network services that connects multicloud. 'Cause AWS is never going to do that. But they've certainly, they're as legitimate network vendor as there is today. >> We had NetApp on yesterday. They were talking about latency in their- >> I'll tell you this, the analyst session, Steven Armstrong said, "You are going to hear us talk about multicloud." Yes. We're not going to necessarily lead with it. >> Without a mention. >> Yeah. >> But you said it before, never say never with Amazon. >> Yeah. >> We talk about supercloud and you're like, Dave, ultimately, the cloud guys are going to get into supercloud. They have to. >> Look, they will do multicloud. I predict that they will do multicloud. I'll tell you why. Just like in networking- >> Well, customers are asking for it. >> Well, one, they have the, not by design, but by defaulter and multiple clouds are in their environment. They got to deal with that. I think, the supercloud and sky cloud visions, there will be common services. Remember networking back in the old days when Cisco broke in as a startup. There was no real shortest path, first thinking. Policy came in after you connected all the routers together. So, right now, it's going to be best of breed, low latency, high performance. But I think, there's going to be a need in the future saying, hey, I want to run my compute on the slower lower cost compute. They already got segmentation by their announcements today. So, I think, you're going to see policy-based AI coming in where developers can look at common services across clouds and saying, I want to lock in an SLA on latency and compute services. It won't be super fast compared to say, on AWS, with the next Graviton 10 or whatever comes out. >> Yeah. >> So, I think, you're going to start to see that come in. >> Actually, I'm glad you brought Graviton up too, because the work they're doing in Silicon, actually I think, is... 'Cause I think, the one thing AWS now understands is some things are best optimized in Silicon, some at software layers, some in cloud. And they're doing work on all those layers. And Graviton to me is- >> John: Is a home run. >> Yeah. >> Well- >> Dave, they've got more instances, it's going to be... They already have Gravitons that's slower than the other versions. So, what they going to do, sunset them? >> They don't deprecate anything ever. So, (John laughing) Amazon paid $350 million. People believe that it's a number for Annapurna, which is like one of the best acquisitions in history. (group laughing) And it's given them, it's put them on an arm curve for Silicon that is blowing away Intel. Intel's finally going to get Sapphire Rapids out in January. Meanwhile, Amazon just keeps spinning out new Gravitons and Trainiums. >> Yeah. >> And so, they are on a price performance curve. And like you say, no developer ever wants to run on slower hardware, ever. >> Today, if there's a common need for multicloud, they might say, hey, I got the trade off latency and performance on common services if that's what gets me there. >> Sure. >> If there's maybe a business case to do that. >> Well, that's what they're- >> Which by the way, I want to.... Selipsky had strong quote I thought was, "If you're looking to tighten your belt, the cloud is the place >> Yeah. >> to do it." I thought >> I tweeted that. >> that was very strong. >> Yeah. >> Yeah. >> And I think, he's right. And then, the other point I want to make on that is, I think, I don't have any data on this, but I believe believe just based on some of the discussions I've had that most of Amazon's revenue is on demand. Paid by the drink. Those on demand customers are at risk, 'cause they can go somewhere else. So, they're trying to get you into optimized pricing, whether it's reserved instances or one year or three-year subscriptions. And so, they're working really hard at doing that. >> My prediction on that is that's a great point you brought up. My prediction is that the cost belt tightening is going to come in the marketplace, is going to be a major factor as companies want to get their belts tighten. How they going to do that, Dave? They're going to go in the marketplace saying, hey, I already overpaid a three-year commitment. Can I get some cohesively in there? Can I get some of this or that and the other thing? >> Yep. >> You're going to start to see the vendors and the ecosystem. If they're not in the marketplace, that's where I think, the customers will go. There are other choices to either cut their supplier base or renegotiate. I think, it's going to happen in the marketplace. Let's watch. I think, we're going to watch that grow. >> I actually think the optimization services that AWS has to help customers lower spend is a secret sauce for them that they... Customers tell me all the time, AWS comes in, they'll bring their costs down and they wind up spending more with them. >> Dave: Yeah. >> And the other cloud providers don't do that. And that has been almost a silver bullet for them to get customers to stay with them. >> Okay. And this is always the way. You drop the price of storage, you drop the price of memory, you drop the price of compute, people buy more. And in the question, long term is okay. And does AWS get commoditized? Is that where they're going? Or do they continue to thrive up the stack? John, you're always asking people about the bumper sticker. >> Hold on. (John drowns out Dave) Before we get the bumper sticker, I want to get into what we missed, what they missed on the keynote. >> Yeah, there are some blind spots. >> I think- >> That's good call. >> Let's go around the horn and think what did they miss? I'll start, I think, they missed the developer productivity angle. Supply chain software was not talked about at all. We see that at all the other conferences. I thought that could have been weaved in. >> Dave: You mean security in the supply chain? >> Just overall developer productivity has been one of the most constant themes I've seen at events. Who are building the apps? Who are the builders? What are they actually doing? Maybe Werner will bring that up on his last day, but I didn't hear Adam talk about it all, developer productivity. What's your take in this? >> Yeah, I think, on the security side, they announced security data lake. I think, the other cloud providers do a better job of providing insights on how they do security. With AWS, it's almost a black hole. And I know there's a careful line they walk between what they do, what their partners do. But I do think they could be a little clearer on how they operate, much like Azure and GCP. They announce a lot of stuff on how their operations works and things like that. >> I think, platform across cloud is definitely a blind spot for these guys. >> Yeah. >> I think, look at- >> But none of the cloud providers have embraced that, right? >> It's true. >> Yeah. >> Maybe Google a little bit >> Yeah. >> and Microsoft a little bit. Certainly, AWS hasn't at this point in time, but I think, they perceive the likes of Mongo and Snowflake and Databricks, and others as ISVs and they're not. They're platform players that are building across clouds. They're leveraging, they're building superclouds. So, I think that's an opportunity for the ecosystem. And very curious to see how Amazon plays there down the stream. So, John, what do you think is the bumper sticker? We're only in day one and a half here. What do you think so far the bumper sticker is for re:Invent 2022? >> Well, to me, the day one is about infrastructure performance with the whole what's in the data center? What's at the chip level? Today was about data, specialized services, and security. I think that was the key theme here. And then, that's going to sequence into how they're going to reorganize their ecosystem. They have a new leader, Ruba Borno, who's going to be leading the charge. They've integrated all their bespoke fragmented partner network pieces into one leadership. That's going to be really important to hear that. And then, finally, Werner for developers and event-based services, micro services. What that world's going on, because that's where the developers are. And ultimately, they build the app. So, you got infrastructure, data, specialized services, and security. Machine learning with Swami is going to be huge. And again, how do developers code it all up is going to be key. And is it the bag of Legos or the glued toy? (Dave chuckles) So, what do you want? Out-of-the-box or you want to build your own? >> And that's the bottom line is connecting those dots. All they got to be is good enough. I think, Zeus, to your point, >> Yep. >> if they're just good enough, less complicated, the will keep people on the base. >> Yeah. I think, the bumper stickers, the more you buy, the more you're saving. (John laughing) Because from an operational perspective, they are trying to bring down the complexity level. And with their optimization services and the way their credit model works, I do think they're trending down that path. >> And my bumper sticker's ecosystem, ecosystem, ecosystem. This company has 100,000 partners and that is a business model secret weapon. >> All right, there it is. The keynote announced. More analysis coming up. We're going to have the leader of (indistinct) coming up next, here on to break down their perspective, you got theCUBE's analyst perspective here. Thanks for watching. Day two, more live coverage for the next two more days, so stay with us. I'm John Furrier with Dave Vellante and Zeus Kerravala here on theCUBE. Be right back. (bright music)

>> From theCUBE Studios in Palo Alto and Boston, bringing you data driven insights from theCUBE and ETR. This is breaking analysis with Dave Vellante. >> The technology spending outlook is not pretty and very much unpredictable right now. The negative sentiment is of course being driven by the macroeconomic factors in earnings forecasts that have been coming down all year in an environment of rising interest rates. And what's worse, is many people think earnings estimates are still too high. But it's understandable why there's so much uncertainty. I mean, technology is still booming, digital transformations are happening in earnest, leading companies have momentum and they got cash runways. And moreover, the CEOs of these leading companies are still really optimistic. But strong guidance in an environment of uncertainty is somewhat risky. Hello and welcome to this week's Wikibon CUBE Insights Powered by ETR. In this breaking analysis, we share takeaways from ETR'S latest spending survey, which was released to their private clients on October 21st. Today, we're going to review the macro spending data. We're going to share where CIOs think their cloud spend is headed. We're going to look at the actions that organizations are taking to manage uncertainty and then review some of the technology companies that have the most positive and negative outlooks in the ETR data set. Let's first look at the sample makeup from the latest ETR survey. ETR captured more than 1300 respondents in this latest survey. Its highest figure for the year and the quality and seniority of respondents just keeps going up each time we dig into the data. We've got large contributions as you can see here from sea level executives in a broad industry focus. Now the survey is still North America centric with 20% of the respondents coming from overseas and there is a bias toward larger organizations. And nonetheless, we're still talking well over 400 respondents coming from SMBs. Now ETR for those of you who don't know, conducts a quarterly spending intention survey and they also do periodic drilldowns. So just by the way of review, let's take a look at the expectations in the latest drilldown survey for IT spending. Before we look at the broader technology spending intentions survey data, followers of this program know that we reported on this a couple of weeks ago, spending expectations that peaked last December at 8.3% are now down to 5.5% with a slight uptick expected for next year as shown here. Now one CIO in the ETR community said these figures could be understated because of inflation. Now that's an interesting comment. Real GDP in the US is forecast to be around 1.5% in 2022. So these figures are significantly ahead of that. Nominal GDP is forecast to be significantly higher than what is shown in that slide. It was over 9% in June for example. And one would interpret that survey respondents are talking about real dollars which reflects inflationary factors in IT spend. So you might say, well if nominal GDP is in the high single digits this means that IT spending is below GDP which is usually not the case. But the flip side of that is technology tends to be deflationary because prices come down over time on a per unit basis, so this would be a normal and even positive trend. But it's mixed right now with prices on hard to find hardware, they're holding more firms. Software, you know, software tends to be driven by lock in and competition and switching costs. So you have those countervailing factors. Services can be inflationary, especially now as wages rise but certain sectors like laptops and semis and NAND are seeing less demand and maybe even some oversupply. So the way to look at this data is on a relative basis. In other words, IT buyers are reporting 280 basis point drop in spending sentiment from the end of last year. Now, something that we haven't shared from the latest drilldown survey which we will now is how IT bar buyers are thinking about cloud adoption. This chart shows responses from 419 IT execs from that drilldown and depicts the percentage of workloads their organizations have in the cloud today and what the expectation is through years from now. And you can see it's 27% today and it's nearly 50% in three years. Now the nuance is if you look at the question, that ETRS, it's they asked about IaaS and PaaS, which to some could include on-prem. Now, let me come back to that. In particular, financial services, IT, telco and retail and services industry cited expectations for the future for three years out that we're well above the average of the mean adoption levels. Regardless of how you interpret this data there's most certainly plenty of public cloud in the numbers. And whether you believe cloud is an operating environment or a place out there in the cloud, there's plenty of room for workloads to move into a cloud model well beyond mid this decade. So you know, as ho hum as we've been toward recent as-a-service models announced from the likes of HPE with GreenLake and Dell with APEX, the timing of those offerings may be pretty good actually. Now let's expand on some of the data that we showed a couple weeks ago. This chart shows responses from 282 execs on actions their organizations are taking over the next three months. And the Deltas are quite traumatic from the early part of this charter than the left hand side. The brown line is hiring freezes, the black line is freezing IT projects, and the green line is hiring increases and that red line is layoffs. And we put a box around the sort of general area of the isolation economy timeframe. And you can see the wild swings on this chart. By mid last summer, people were kickstarting things and more hiring was going on and the black line shows IT project freezes, you know, came way down. And now, or on the way back up as our hiring freezes. So we're seeing these wild swings in organizational actions and strategies which underscores the lack of predictability. As with supply chains around the world, this is likely due to the fact that organizations, pre pandemic they were optimized for efficiency, not a lot of waste rather than business resilience. Meaning, you know, there's again not a lot of fluff in the system or if there was it got flushed out during the pandemic. And so the need for productivity and automation is becoming increasingly important, especially as actions that solely rely on headcount changes are very, very difficult to manage. Now, let's dig into some of the vendor commentary and take a look at some of the names that have momentum and some of the others possibly facing headwinds. Here's a list of companies that stand out in the ETR survey. Snowflake, once again leads the pack with a positive spending outlook. HashiCorp, CrowdStrike, Databricks, Freshworks and ServiceNow, they round out the top six. Microsoft, they seem to always be in the mix, as do a number of other security and related companies including CyberArk, Zscaler, CloudFlare, Elastic, Datadog, Fortinet, Tenable and to a certain extent Akamai, you can kind of put them sort of in that group. You know, CDN, they got to worry about security. Everybody worries about security, but especially the CDNs. Now the other software names that are highlighted here include Workday and Salesforce. On the negative side, you can see Dynatrace saw some negatives in the latest survey especially around its analytics business. Security is generally holding up better than other sectors but it's still seeing greater levels of pressure than it had previously. So lower spend. And defections relative to its observability peers, that's really for Dynatrace. Now the other one that was somewhat surprising is IBM. You see the IBM was sort of in that negative realm here but IBM reported an outstanding quarter this past week with double digit revenue growth, strong momentum in software, consulting, mainframes and other infrastructure like storage. It's benefiting from the Kyndryl restructuring and it's on track IBM to deliver 10 billion in free cash flow this year. Red Hat is performing exceedingly well and growing in the very high teens. And so look, IBM is in the midst of a major transformation and it seems like a company that is really focused now with hybrid cloud being powered by Red Hat and consulting and a decade plus of AI investments finally paying off. Now the other big thing we'll add is, IBM was once an outstanding acquire of companies and it seems to be really getting its act together on the M&A front. Yes, Red Hat was a big pill to swallow but IBM has done a number of smaller acquisitions, I think seven this year. Like for example, Turbonomic, which is starting to pay off. Arvind Krishna has the company focused once again. And he and Jim J. Kavanaugh, IBM CFO, seem to be very confident on the guidance that they're giving in their business. So that's a real positive in our view for the industry. Okay, the last thing we'd like to do is take 12 of the companies from the previous chart and plot them in context. Now these companies don't necessarily compete with each other, some do. But they are standouts in the ETR survey and in the market. What we're showing here is a view that we like to often show, it's net score or spending velocity on the vertical axis. And it's a measure, that's a measure of the net percentage of customers that are spending more on a particular platform. So ETR asks, are you spending more or less? They subtract less from the mores. I mean I'm simplifying, but that's what net score is. Now in the horizontal axis, that is a measure of overlap which is which measures presence or pervasiveness in the dataset. So bigger the better. We've inserted a table that informs how the dots in the companies are positioned. These companies are all in the green in terms of net score. And that right most column in the table insert is indicative of their presence in the dataset, the end. So higher, again, is better for both columns. Two other notes, the red dotted line there you see at 40%. Anything over that indicates an highly elevated spending momentum for a given platform. And we purposefully took Microsoft out of the mix in this chart because it skews the data due to its large size. Everybody else would cluster on the left and Microsoft would be all alone in the right. So we take them out. Now as we noted earlier, Snowflake once again leads with a net score of 64%, well above the 40% line. Having said that, while adoption rates for Snowflake remains strong the company's spending velocity in the survey has come down to Earth. And many more customers are shifting from where they were last year and the year before in growth mode i.e. spending more year to year with Snowflake to now shifting more toward flat spending. So a plus or minus 5%. So that puts pressure on Snowflake's net score, just based on the math as to how ETR calculates, its proprietary net score methodology. So Snowflake is by no means insulated completely to the macro factors. And this was seen especially in the data in the Fortune 500 cut of the survey for Snowflake. We didn't show that here, just giving you anecdotal commentary from the survey which is backed up by data. So, it showed steeper declines in the Fortune 500 momentum. But overall, Snowflake, very impressive. Now what's more, note the position of Streamlit relative to Databricks. Streamlit is an open source python framework for developing data driven, data science oriented apps. And it's ironic that it's net score and shared in is almost identical to those of data bricks, as the aspirations of Snowflake and Databricks are beginning to collide. Now, however, the Databricks net score has held up very well over the past year and is in the 92nd percentile of its machine learning and AI peers. And while it's seeing some softness, like Snowflake in the Fortune 500, Databricks has steadily moved to the right on the X axis over the last several surveys even though it was unable to get to the public markets and do an IPO during the lockdown tech bubble. Let's come back to the chart. ServiceNow is impressive because it's well above the 40% mark and it has 437 shared in on this cut, the largest of any company that we chose to plot here. The only real negative on ServiceNow is, more large customers are keeping spending levels flat. That's putting a little bit pressure on its net score, but that's just conservatives. It's kind of like Snowflakes, you know, same thing but in a larger scale. But it's defections, the ServiceNow as in Snowflake as well. It's defections remain very, very low, really low churn below 2% for ServiceNow, in fact, within the dataset. Now it's interesting to also see Freshworks hit the list. You can see them as one of the few ITSM vendors that has momentum and can potentially take on ServiceNow. Workday, on this chart, it's the other big app player that's above the 40% line and we're only showing Workday HCM, FYI, in this graphic. It's Workday Financials, that offering, is below the 40% line just for reference. Now let's talk about CrowdStrike. We attended Falcon last month, CrowdStrike's user conference and we're very impressed with the product visio, the company's execution, it's growing partnerships. And you can see in this graphic, the ETR survey data confirms the company's stellar performance with a net score at 50%, well above the 40% mark. And importantly, more than 300 mentions. That's second only to ServiceNow, amongst the 12 companies that we've chosen to highlight here. Only Microsoft, which is not shown here, has a higher net score in the security space than CrowdStrike. And when it comes to presence, CrowdStrike now has caught up to Splunk in terms of pervasion in the survey. Now CyberArk and Zscaler are the other two security firms that are right at that 40% red dotted line. CyberArk for names with over a hundred citations in the security sector, is only behind Microsoft and CrowdStrike. Zscaler for its part in the survey is seeing strong momentum in the Fortune 500, unlike what we said for Snowflake. And its pervasion on the X-axis has been steadily increasing. Again, not that Snowflake and CrowdStrike compete with each other but they're too prominent names and it's just interesting to compare peers and business models. Cloudflare, Elastic and Datadog are slightly below the 40% mark but they made the sort of top 12 that we showed to highlight here and they continue to have positive sentiment in the survey. So, what are the big takeaways from this latest survey, this really quick snapshot that we've taken. As you know, over the next several weeks we're going to dig into it more and more. As we've previously reported, the tide is going out and it's taking virtually all the tech ships with it. But in many ways the current market is a story of heightened expectations coming down to Earth, miscalculations about the economic patterns and the swings and imperfect visibility. Leading Barclays analyst, Ramo Limchao ask the question to guide or not to guide in a recent research note he wrote. His point being, should companies guide or should they be more cautious? Many companies, if not most companies, are actually giving guidance. Indeed, when companies like Oracle and IBM are emphatic about their near term outlook and their visibility, it gives one confidence. On the other hand, reasonable people are asking, will the red hot valuations that we saw over the last two years from the likes of Snowflake, CrowdStrike, MongoDB, Okta, Zscaler, and others. Will they return? Or are we in for a long, drawn out, sideways exercise before we see sustained momentum? And to that uncertainty, we add elections and public policy. It's very hard to predict right now. I'm sorry to be like a two-handed lawyer, you know. On the one hand, on the other hand. But that's just the way it is. Let's just say for our part, we think that once it's clear that interest rates are on their way back down and we'll stabilize it under 4% and we have clarity on the direction of inflation, wages, unemployment and geopolitics, the wild swings and sentiment will subside. But when that happens is anyone's guess. If I had to peg, I'd say 18 months, which puts us at least into the spring of 2024. What's your prediction? You know, it's almost that time of year. Let's hear it. Please keep in touch and let us know what you think. Okay, that's it for now. Many thanks to Alex Myerson. He is on production and he manages the podcast for us. Ken Schiffman as well is our newest addition to the Boston Studio. Kristin Martin and Cheryl Knight, they help get the word out on social media and in our newsletters. And Rob Hoff is our EIC, editor-in-chief over at SiliconANGLE. He does some wonderful editing for us. Thank you all. Remember all these episodes, they are available as podcasts. Wherever you listen, just search breaking analysis podcast. I publish each week on wikibon.com and siliconangle.com. Or you can email me at david.vellante@siliconangle.com or DM me @dvellante. Or feel free to comment on our LinkedIn posts. And please do check out etr.ai. They've got the best survey data in the enterprise tech business. If you haven't checked that out, you should. It'll give you an advantage. This is Dave Vellante for theCUBE Insights Powered by ETR. Thanks for watching. Be well and we'll see you next time on Breaking Analysis. (soft upbeat music)

>> From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is "Breaking Analysis" with Dave Vellante. >> Virtually all tech companies have expressed caution in their respective earnings calls, and why not? I know you're sick in talking about the macroeconomic environment, but it's full of uncertainties and there's no upside to providing aggressive guidance when sellers are in control. They punish even the slightest miss. Moreover, the spending data confirms the softening market across the board, so it's becoming expected that CFOs will guide cautiously. But companies facing execution challenges, they can't hide behind the macro, which is why it's important to understand which firms are best positioned to maintain momentum through the headwinds and come out the other side stronger. Hello, and welcome to this week's Wikibon Cube Insights powered by ETR. In this "Breaking Analysis," we'll do three things. First, we're going to share a high-level view of the spending pinch that almost all sectors are experiencing. Second, we're going to highlight some of those companies that continue to show notably strong momentum and relatively high spending velocity on their platforms, albeit less robust than last year. And third, we're going to give you a peak at how one senior technology leader in the financial sector sees the competitive dynamic between AWS, Snowflake, and Databricks. So I landed on the red eye this morning and opened my eyes, and then opened my email to see this. My Barron's Daily had a headline telling me how bad things are and why they could get worse. The S&P Thursday hit a new closing low for the year. The safe haven of bonds are sucking wind. The market hasn't seemed to find a floor. Central banks are raising rates. Inflation is still high, but the job market remains strong. Oh, not to mention that the US debt service is headed toward a trillion dollars per year, and the geopolitical situation is pretty tense, and Europe seems to be really struggling. Yeah, so the Santa Claus rally is really looking pretty precarious, especially if there's a liquidity crunch coming, like guess why they call Barron's Barron's. Last week, we showed you this graphic ahead of the UiPath event. For months, the big four sectors, cloud, containers, AI, and RPA, have shown spending momentum above the rest. Now, this chart shows net score or spending velocity on specific sectors, and these four have consistently trended above the 40% red line for two years now, until this past ETR survey. ML/AI and RPA have decelerated as shown by the squiggly lines, and our premise was that they are more discretionary than the other sectors. The big four is now the big two: cloud and containers. But the reality is almost every sector in the ETR taxonomy is down as shown here. This chart shows the sectors that have decreased in a meaningful way. Almost all sectors are now below the trend line and only cloud and containers, as we showed earlier, are above the magic 40% mark. Container platforms and container orchestration are those gray dots. And no sector has shown a significant increase in spending velocity relative to October 2021 survey. In addition to ML/AI and RPA, information security, yes, security, virtualizations, video conferencing, outsourced IT, syndicated research. Syndicated research, yeah, those Gartner, IDC, Forrester, they stand out as seemingly the most discretionary, although we would argue that security is less discretionary. But what you're seeing is a share shift as we've previously reported toward modern platforms and away from point tools. But the point is there is no sector that is immune from the macroeconomic environment. Although remember, as we reported last week, we're still expecting five to 6% IT spending growth this year relative to 2021, but it's a dynamic environment. So let's now take a look at some of the key players and see how they're performing on a relative basis. This chart shows the net score or spending momentum on the y-axis and the pervasiveness of the vendor within the ETR survey measured as the percentage of respondents citing the vendor in use. As usual, Microsoft and AWS stand out because they are both pervasive on the x-axis and they're highly elevated on the vertical axis. For two companies of this size that demonstrate and maintain net scores above the 40% mark is extremely impressive. Although AWS is now showing much higher on the vertical scale relative to Microsoft, which is a new trend. Normally, we see Microsoft dominating on both dimensions. Salesforce is impressive as well because it's so large, but it's below those two on the vertical axis. Now, Google is meaningfully large, but relative to the other big public clouds, AWS and Azure, we see this as disappointing. John Blackledge of Cowen went on CNBC this past week and said that GCP, by his estimates, are 75% of Google Cloud's reported revenue and is now only five years behind AWS in Azure. Now, our models say, "No way." Google Cloud Platform, by our estimate, is running at about $3 billion per quarter or more like 60% of Google's reported overall cloud revenue. You have to go back to 2016 to find AWS running at that level and 2018 for Azure. So we would estimate that GCP is six years behind AWS and four years behind Azure from a revenue performance standpoint. Now, tech-wise, you can make a stronger case for Google. They have really strong tech. But revenue is, in our view, a really good indicator. Now, we circle here ServiceNow because they have become a generational company and impressively remain above the 40% line. We were at CrowdStrike with theCUBE two weeks ago, and we saw firsthand what we see as another generational company in the making. And you can see the company spending momentum is quite impressive. Now, HashiCorp and Snowflake have now surpassed Kubernetes to claim the top net score spots. Now, we know Kubernetes isn't a company, but ETR tracks it as though it were just for context. And we've highlighted Databricks as well, showing momentum, but it doesn't have the market presence of Snowflake. And there are a number of other players in the green: Pure Storage, Workday, Elastic, JFrog, Datadog, Palo Alto, Zscaler, CyberArk, Fortinet. Those last ones are in security, but again, they're all off their recent highs of 2021 and early 2022. Now, speaking of AWS, Snowflake, and Databricks, our colleague Eric Bradley of ETR recently held an in-depth interview with a senior executive at a large financial institution to dig into the analytics space. And there were some interesting takeaways that we'd like to share. The first is a discussion about whether or not AWS can usurp Snowflake as the top dog in analytics. I'll let you read this at your at your leisure, but I'll pull out some call-outs as indicated by the red lines. This individual's take was quite interesting. Note the comment that quote, this is my area of expertise. This person cited AWS's numerous databases as problematic, but Redshift was cited as the closest competitors to Snowflake. This individual also called out Snowflake's current cross-cloud Advantage, what we sometimes call supercloud, as well as the value add in their marketplace as a differentiator. But the point is this person was actually making, the point that this person was actually making is that cloud vendors make a lot of money from Snowflake. AWS, for example, see Snowflake as much more of a partner than a competitor. And as we've reported, Snowflake drives a lot of EC2 and storage revenue for AWS. Now, as well, this doesn't mean AWS does not have a strong marketplace. It does. Probably the best in the business, but the point is Snowflake's marketplace is exclusively focused on a data marketplace and the company's challenge or opportunity is to build up that ecosystem and to continue to add partners and create network effects that allow them to create long-term sustainable moat for the company, while at the same time, staying ahead of the competition with innovation. Now, the other comment that caught our attention was Snowflake's differentiators. This individual cited three areas. One, the well-known separation of compute and storage, which, of course, AWS has replicated sort of, maybe not as elegant in the sense that you can reduce the compute load with Redshift, but unlike Snowflake, you can't shut it down. Two, with Snowflake's data sharing capability, which is becoming quite well-known and a key part of its value proposition. And three, its marketplace. And again, key opportunity for Snowflake to build out its ecosystem. Close feature gaps that it's not necessarily going to deliver on its own. And really importantly, create governed and secure data sharing experiences for anyone on the data cloud or across clouds. Now, the last thing this individual addressed in the ETR interview that we'll share is how Databricks and Snowflake are attacking a similar problem, i.e. simplifying data, data sharing, and getting more value from data. The key messages here are there's overlap with these two platforms, but Databricks appeals to a more techy crowd. You open a notebook, when you're working with Databricks, you're more likely to be a data scientist, whereas with Snowflake, you're more likely to be aligned with the lines of business within sometimes an industry emphasis. We've talked about this quite often on "Breaking Analysis." Snowflake is moving into the data science arena from its data warehouse strength, and Databricks is moving into analytics and the world of SQL from its AI/ML position of strength, and both companies are doing well, although Snowflake was able to get to the public markets at IPO, Databricks has not. Now, even though Snowflake is on the quarterly shock clock as we saw earlier, it has a larger presence in the market. That's at least partly due to the tailwind of an IPO, and, of course, a stronger go-to market posture. Okay, so we wanted to share some of that with you, and I realize it's a bit of a tangent, but it's good stuff from a qualitative practitioner perspective. All right, let's close with some final thoughts. Look forward a little bit. Things in the short-term are really hard to predict. We've seen these oversold rallies peter out for the last couple of months because the world is such a mess right now, and it's really difficult to reconcile these counterveiling trends. Nothing seems to be working from a public policy perspective. Now, we know tech spending is softening, but let's not forget it, five to 6% growth. It's at or above historical norms, but there's no question the trend line is down. That said, there are certain growth companies, several mentioned in this episode, that are modern and vying to be generational platforms. They're well-positioned, financially sound, disciplined, with strong cash positions, with inherent profitability. What I mean by that is they can dial down growth if they wanted to, dial up EBIT, but being a growth company today is not what it was a year ago. Because of rising rates, the discounted cash flows are just less attractive. So earnings estimates, along with revenue multiples on these growth companies, are reverting toward the mean. However, companies like Snowflake, and CrowdStrike, and some others are able to still command a relative premium because of their execution and continued momentum. Others, as we reported last week, like UiPath for example, despite really strong momentum and customer spending, have had execution challenges. Okta is another example of a company with strong spending momentum, but is absorbing off zero for example. And as a result, they're getting hit harder from evaluation standpoint. The bottom line is sellers are still firmly in control, the bulls have been humbled, and the traders aren't buying growth tech or much tech at all right now. But long-term investors are looking for entry points because these generational companies are going to be worth significantly more five to 10 years down the line. Okay, that's it for today. Thanks for watching this "Breaking Analysis" episode. Thanks to Alex Myerson and Ken Schiffman on production. And Alex manages our podcast as well. Kristen Martin and Cheryl Knight. They help get the word out on social media and in our newsletters. And Rob Hof is our editor-in-chief over at SiliconANGLE do some wonderful editing for us, so thank you. Thank you all. Remember that all these episodes are available as podcast wherever you listen. All you do is search "Breaking Analysis" podcast. I publish each week on wikibon.com and siliconangle.com and you can email me at david.vellante@siliconangle.com, or DM me @dvellante, or comment on my LinkedIn post. And please check out etr.ai for the very best survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights, powered by ETR. Thanks for watching, and we'll see you next time on "Breaking Analysis." (gentle music)

>> From theCUBE Studios in Palo Alto and Boston bringing you data driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> After a two year hiatus, AWS re:Inforce is back on as an in-person event in Boston next week. Like the All-Star break in baseball, re:Inforce gives us an opportunity to evaluate the cyber security market overall, the state of cloud security and cross cloud security and more specifically what AWS is up to in the sector. Welcome to this week's Wikibon cube insights powered by ETR. In this Breaking Analysis we'll share our view of what's changed since our last cyber update in May. We'll look at the macro environment, how it's impacting cyber security plays in the market, what the ETR data tells us and what to expect at next week's AWS re:Inforce. We start this week with a checkpoint from Breaking Analysis contributor and stock trader Chip Simonton. We asked for his assessment of the market generally in cyber stocks specifically. So we'll summarize right here. We've kind of moved on from a narrative of the sky is falling to one where the glass is half empty you know, and before today's big selloff it was looking more and more like glass half full. The SNAP miss has dragged down many of the big names that comprise the major indices. You know, earning season as always brings heightened interest and this time we're seeing many cross currents. It starts as usual with the banks and the money centers. With the exception of JP Morgan the numbers were pretty good according to Simonton. Investment banks were not so great with Morgan and Goldman missing estimates but in general, pretty positive outlooks. But the market also shrugged off IBM's growth. And of course, social media because of SNAP is getting hammered today. The question is no longer recession or not but rather how deep the recession will be. And today's PMI data was the weakest since the start of the pandemic. Bond yields continue to weaken and there's a growing consensus that Fed tightening may be over after September as commodity prices weaken. Now gas prices of course are still high but they've come down. Tesla, Nokia and AT&T all indicated that supply issues were getting better which is also going to help with inflation. So it's no shock that the NASDAQ has done pretty well as beaten down as tech stocks started to look oversold you know, despite today's sell off. But AT&T and Verizon, they blamed their misses in part on people not paying their bills on time. SNAP's huge miss even after guiding lower and then refusing to offer future guidance took that stock down nearly 40% today and other social media stocks are off on sympathy. Meta and Google were off, you know, over 7% at midday. I think at one point hit 14% down and Google, Meta and Twitter have all said they're freezing new hires. So we're starting to see according to Simonton for the first time in a long time, the lower income, younger generation really feeling the pinch of inflation. Along of course with struggling families that have to choose food and shelter over discretionary spend. Now back to the NASDAQ for a moment. As we've been reporting back in mid-June and NASDAQ was off nearly 33% year to date and has since rallied. It's now down about 25% year to date as of midday today. But as I say, it had been, you know much deeper back in early June. But it's broken that downward trend that we talked about where the highs are actually lower and the lows are lower. That's started to change for now anyway. We'll see if it holds. But chip stocks, software stocks, and of course the cyber names have broken those down trends and have been trading above their 50 day moving averages for the first time in around four months. And again, according to Simonton, we'll see if that holds. If it does, that's a positive sign. Now remember on June 24th, we recorded a Breaking Analysis and talked about Qualcomm trading at a 12 X multiple with an implied 15% growth rate. On that day the stock was 124 and it surpassed 155 earlier this month. That was a really good call by Simonton. So looking at some of the cyber players here SailPoint is of course the anomaly with the Thoma Bravo 7 billion acquisition of the company holding that stock up. But the Bug ETF of basket of cyber stocks has definitely improved. When we last reported on cyber in May, CrowdStrike was off 23% year to date. It's now off 4%. Palo Alto has held steadily. Okta is still underperforming its peers as it works through the fallout from the breach and the ingestion of its Auth0 acquisition. Meanwhile, Zscaler and SentinelOne, those high flyers are still well off year to date, with Ping Identity and CyberArk not getting hit as hard as their valuations hadn't run up as much. But virtually all these tech stocks generally in cyber issues specifically, they've been breaking their down trend. So it will now come down to earnings guidance in the coming months. But the SNAP reaction is quite stunning. I mean, the environment is slowing, we know that. Ad spending gets cut in that type of market, we know that too. So it shouldn't be a huge surprise to anyone but as Chip Simonton says, this shows that sellers are still in control here. So it's going to take a little while to work through that despite the positive signs that we're seeing. Okay. We also turned to our friend Eric Bradley from ETR who follows these markets quite closely. He frequently interviews CISOs on his program, on his round tables. So we asked to get his take and here's what ETR is saying. Again, as we've reported while CIOs and IT buyers have tempered spending expectations since December and early January when they called for an 8% plus spending growth, they're still expecting a six to seven percent uptick in spend this year. So that's pretty good. Security remains the number one priority and also is the highest ranked sector in the ETR data set when you measure in terms of pervasiveness in the study. Within security endpoint detection and extended detection and response along with identity and privileged account management are the sub-sectors with the most spending velocity. And when you exclude Microsoft which is just dominant across the board in so many sectors, CrowdStrike has taken over the number one spot in terms of spending momentum in ETR surveys with CyberArk and Tanium showing very strong as well. Okta has seen a big dropoff in net score from 54% last survey to 45% in July as customers maybe put a pause on new Okta adoptions. That clearly shows in the survey. We'll talk about that in a moment. Look Okta still elevated in terms of spending momentum, but it doesn't have the dominant leadership position it once held in spend velocity. Year on year, according to ETR, Tenable and Elastic are seeing the biggest jumps in spending momentum, with SailPoint, Tanium, Veronis, CrowdStrike and Zscaler seeing the biggest jump in new adoptions since the last survey. Now on the downside, SonicWall, Symantec, Trellic which is McAfee, Barracuda and TrendMicro are seeing the highest percentage of defections and replacements. Let's take a deeper look at what the ETR data tells us about the cybersecurity space. This is a popular view that we like to share with net score or spending momentum on the Y axis and overlap or pervasiveness in the data on the X axis. It's a measure of presence in the data set we used to call it market share. With the data, the dot positions, you see that little inserted table, that's how the dots are plotted. And it's important to note that this data is filtered for firms with at least 100 Ns in the survey. That's why some of the other ones that we mentioned might have dropped off. The red dotted line at 40% that indicates highly elevated spending momentum and there are several firms above that mark including of course, Microsoft, which is literally off the charts in both dimensions in the upper right. It's quite incredible actually. But for the rest of the pack, CrowdStrike has now taken back its number one net score position in the ETR survey. And CyberArk and Okta and Zscaler, CloudFlare and Auth0 now Okta through the acquisition, are all above the 40% mark. You can stare at the data at your leisure but I'll just point out, make three quick points. First Palo Alto continues to impress and as steady as she goes. Two, it's a very crowded market still and it's complicated space. And three there's lots of spending in different pockets. This market has too many tools and will continue to consolidate. Now I'd like to drill into a couple of firms net scores and pick out some of the pure plays that are leading the way. This series of charts shows the net score or spending velocity or granularity for Okta, CrowdStrike, Zscaler and CyberArk. Four of the top pure plays in the ETR survey that also have over a hundred responses. Now the colors represent the following. Bright red is defections. We're leaving the platform. The pink is we're spending less, meaning we're spending 6% or worse. The gray is flat spend plus or minus 5%. The forest green is spending more, i.e, 6% or more and the lime green is we're adding the platform new. That red dotted line at the 40% net score mark is the same elevated level that we like to talk about. All four are above that target. Now that blue line you see there is net score. The yellow line is pervasiveness in the data. The data shown in each bar goes back 10 surveys all the way back to January 2020. First I want to call out that all four again are seeing down trends in spending momentum with the whole market. That's that blue line. They're seeing that this quarter, again, the market is off overall. Everybody is kind of seeing that down trend for the most part. Very few exceptions. Okta is being hurt by fewer new additions which is why we highlighted in red, that red dotted area, that square that we put there in the upper right of that Okta bar. That lime green, new ads are off as well. And the gray for Okta, flat spending is noticeably up. So it feels like people are pausing a bit and taking a breather for Okta. And as we said earlier, perhaps with the breach earlier this year and the ingestion of Auth0 acquisition the company is seeing some friction in its business. Now, having said that, you can see Okta's yellow line or presence in the data set, continues to grow. So it's a good proxy from market presence. So Okta remains a leader in identity. So again, I'll let you stare at the data if you want at your leisure, but despite some concerns on declining momentum, notice this very little red at these companies when it comes to the ETR survey data. Now one more data slide which brings us to our four star cyber firms. We started a tradition a few years ago where we sorted the ETR data by net score. That's the left hand side of this graphic. And we sorted by shared end or presence in the data set. That's the right hand side. And again, we filtered by companies with at least 100 N and oh, by the way we've excluded Microsoft just to level the playing field. The red dotted line signifies the top 10. If a company cracks the top 10 in both spending momentum and presence, we give them four stars. So Palo Alto, CrowdStrike, Okta, Fortinet and Zscaler all made the cut this time. Now, as we pointed out in May if you combined Auth0 with Okta, they jumped to the number two on the right hand chart in terms of presence. And they would lead the pure plays there although it would bring down Okta's net score somewhat, as you can see, Auth0's net score is lower than Okta's. So when you combine them it would drag that down a little bit but it would give them bigger presence in the data set. Now, the other point we'll make is that Proofpoint and Splunk both dropped off the four star list this time as they both saw marked declines in net score or spending velocity. They both got four stars last quarter. Okay. We're going to close on what to expect at re:Inforce this coming week. Re:Inforce, if you don't know, is AWS's security event. They first held it in Boston back in 2019. It's dedicated to cloud security. The past two years has been virtual and they announced that reinvent that it would take place in Houston in June, which everybody said, that's crazy. Who wants to go to Houston in June and turns out nobody did so they postponed the event, thankfully. And so now they're back in Boston, starting on Monday. Not that it's going to be much cooler in Boston. Anyway, Steven Schmidt had been the face of AWS security at all these previous events as the Chief Information Security Officer. Now he's dropped the I from his title and is now the Chief Security Officer at Amazon. So he went with Jesse to the mothership. Presumably he dropped the I because he deals with physical security now too, like at the warehouses. Not that he didn't have to worry about physical security at the AWS data centers. I don't know. Anyway, he and CJ Moses who is now the new CISO at AWS will be keynoting along with some others including MongoDB's Chief Information Security Officer. So that should be interesting. Now, if you've been following AWS you'll know they like to break things down into, you know, a couple of security categories. Identity, detection and response, data protection slash privacy slash GRC which is governance, risk and compliance, and we would expect a lot more talk this year on container security. So you're going to hear also product updates and they like to talk about how they're adding value to services and try to help, they try to help customers understand how to apply services. Things like GuardDuty, which is their threat detection that has machine learning in it. They'll talk about Security Hub, which centralizes views and alerts and automates security checks. They have a service called Detective which does root cause analysis, and they have tools to mitigate denial of service attacks. And they'll talk about security in Nitro which isolates a lot of the hardware resources. This whole idea of, you know, confidential computing which is, you know, AWS will point out it's kind of become a buzzword. They take it really seriously. I think others do as well, like Arm. We've talked about that on previous Breaking Analysis. And again, you're going to hear something on container security because it's the hottest thing going right now and because AWS really still serves developers and really that's what they're trying to do. They're trying to enable developers to design security in but you're also going to hear a lot of best practice advice from AWS i.e, they'll share the AWS dogfooding playbooks with you for their own security practices. AWS like all good security practitioners, understand that the keys to a successful security strategy and implementation don't start with the technology, rather they're about the methods and practices that you apply to solve security threats and a top to bottom cultural approach to security awareness, designing security into systems, that's really where the developers come in, and training for continuous improvements. So you're going to get heavy doses of really strong best practices and guidance and you know, some good preaching. You're also going to hear and see a lot of partners. They'll be very visible at re:Inforce. AWS is all about ecosystem enablement and AWS is going to host close to a hundred security partners at the event. This is key because AWS doesn't do it all. Interestingly, they don't even show up in the ETR security taxonomy, right? They just sort of imply that it's built in there even though they have a lot of security tooling. So they have to apply the shared responsibility model not only with customers but partners as well. They need an ecosystem to fill gaps and provide deeper problem solving with more mature and deeper security tooling. And you're going to hear a lot of positivity around how great cloud security is and how it can be done well. But the truth is this stuff is still incredibly complicated and challenging for CISOs and practitioners who are understaffed when it comes to top talent. Now, finally, theCUBE will be at re:Inforce in force. John Furry and I will be hosting two days of broadcast so please do stop by if you're in Boston and say hello. We'll have a little chat, we'll share some data and we'll share our overall impressions of the event, the market, what we're seeing, what we're learning, what we're worried about in this dynamic space. Okay. That's it for today. Thanks for watching. Thanks to Alex Myerson, who is on production and manages the podcast. Kristin Martin and Cheryl Knight, they helped get the word out on social and in our newsletters and Rob Hoff is our Editor in Chief over at siliconangle.com. You did some great editing. Thank you all. Remember all these episodes they're available, this podcast. Wherever you listen, all you do is search Breaking Analysis podcast. I publish each week on wikibon.com and siliconangle.com. You can get in touch with me by emailing avid.vellante@siliconangle.com or DM me @dvellante, or comment on my LinkedIn post and please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching and we'll see you in Boston next week if you're there or next time on Breaking Analysis (soft music)

>> From theCUBE studios in Palo Alto in Boston bringing you data driven insights from theCUBE and ETR. This is breaking analysis with Dave Vellante. >> Despite fears of inflation, supply chain issues skyrocketing energy and home prices and global instability caused by the Ukraine crisis CIOs and IT buyers continue to expect overall spending to increase more than 6% in 2022. Now, while this is lower than our 8% prediction that we made earlier this year in January, it remains in line with last year's roughly six to 7% growth and is holding firm with the expectations reported by tech executives on the ETR surveys last quarter. Hello and welcome to this week's wiki bond cube insights powered by ETR in this breaking analysis, we'll update you on our latest look at tech spending with a preliminary take from ETR's latest macro drill down survey. We'll share some insights to which vendors have shown the biggest change in spending trajectory. And we'll tap our technical analysts to get a read on what they think it means for technology stocks going forward. The IT spending sentiment among IT buyers remains pretty solid. >> In the past two months, we've had conversations with dozens of CIOs, chief digital officers data executives, IT managers, and application developers, and across the board, they've indicated that for now at least their spending levels remain largely unchanged. The latest ETR drill down data which will share shortly, confirms these anecdotal checks. However, the interpretation of this data it's somewhat nuanced. Part of the reason for the spending levels being you know reasonably strong and holding up is inflation. Stuff costs more so spending levels are higher forcing IT managers to prioritize. Now security remains the number one priority and is less susceptible to cuts, cloud migration, productivity initiatives and other data projects remain top priorities. >> So where are CIO's robbing from Peter to pay Paul to focus on these priorities? Well, we've seen a slight uptick in certain speculative. IT projects being put on hold or frozen for a period of time. And according to ETR survey data we've seen some hiring freezes reported and this is especially notable in the healthcare sector. ETR also surveyed its buyer base to find out where they were adjusting their budgets and the strategies and tactics they were using to do so. Consolidating IT vendors was by far the most cited tactic. Now this makes sense as companies in an effort to negotiate better deals will often forego investments in newer so-called best of breed products and services, and negotiate bundles from larger suppliers. You know, even though they might not be as functional, the buyers >> can get a better deal if they bundle together from one of their larger suppliers. Think Microsoft or a Dell or other, you know, large companies. ETR survey respondents also cited cutting the cloud bill where discretionary spending was in play was another strategy or tactic that they were using. We certainly saw this with some of the largest snowflake customers this past quarter. Where even though they were still growing consumption rapidly certain snowflake customers dialed down their consumption and pushed spending off to future quarters. Now remember in the case of snowflake, anyway, customers negotiate consumption rates and their pricing based on a total commitment over a period of time. So while they may consume less in one quarter, over the lifetime of the contract, snowflake, as do many other cloud companies, have good visibility on the lifetime value of a deal. Now this next chart shows the latest ETR spending expectations among more than 900 respondents. The bars represent spending growth expectations from the periods of December, 2021 that's the gray bars, March of 2022 survey in the blue, and the most recent June data, That's the yellow bar. So you can see spending expectations for the quarter is down slightly in the mid 5% range. But overall for the year expectations remain in the mid 6% range. Now it's down from 8%, 8.3% in December where it looked like 2022 was going to really be a breakout year and have more momentum than even last year. Now, remember this was before Russia invaded Ukraine which occurred in mid-February of this year. So expectations were a little higher. So look, generally speaking CIOs have told us that their CFOs and CEOs have lowered their earnings outlooks and communicated that to Wall Street. They've told us that unless and until these revised forecasts appear at risk, they continue to expect their budget levels to remain pretty constant. Now there's still plenty of momentum and spending velocity on specific vendor platforms. Let's take a look at that. >> This chart shows the companies with the greatest spending momentum as measured by ETRs proprietary net score methodology. Net score essentially measures the net percent of customers spending more on a particular platform. That measurement is shown on the Y axis. The red line there that's inserted that red dotted line at 40%, we consider to be a highly elevated mark. And the green dots are companies in the ETR survey that are near or above that line. The X axis measures the presence in the data set, how much, you know sort of pervasiveness, if you will, is in the data. It's kind of a proxy for market presence. Now, of course we all know Kubernetes is not a company, but it remains an area where organizations are spending lots of resources and time particularly to modernize and mobilize applications. Snowflake remains the company which leads all firms in spending velocity, but as you'll see momentarily, despite its highest position relative to everybody else in the survey, it's still down from its previous levels in the high seventies and low 80% range. AWS is incredibly impressive because it has an elevated level but also a big presence in the data set in the survey. Same with Microsoft, same with ServiceNow which also stands out. And you can see the other smaller vendors like HashiCorp which is increasingly being seen as a strategic cross cloud enabler. They're showing, spending momentum. The RPA vendors you see in there automation anywhere and UI path are in the mix with numerous security companies, CrowdStrike, CyberArk, Netskope, Cloudflare, Tenable Okta, Zscaler Palo Alto networks, Sale Point Fortunate. A big number of cybersecurity firms hovering at or above that 40% mark you can see pure storage remains elevated as do PagerDuty and Coupa. So plenty of good news here, despite the recent tech crash. So that was the good, here's the not so good. So >> there is no 40% line on this chart because all these companies are well below that line. Now this doesn't mean these companies are bad companies. They just don't have the spending velocity of the ones we showed earlier. A good example here is Oracle. Look how they stand out on the X axis with a huge market presence. And Oracle remains an incredibly successful company selling to high end customers and really owning that mission critical data and application space. And remember ETR measures spending activity, but not actual spending dollars. So Oracle is skewed as a result because Oracle customers spend big bucks. But the fact is that Oracle has a large legacy install base that pulls down their growth rates. And that does show up in the ETR survey data. Broadcom is another example. They're one of the most successful companies in the industry, and they're not going after growth at all costs at all. They're going after EBITDA and of course ETR doesn't measure EBIT. So just keep that in mind, as you look at this data. Now another way to look at the data and the survey, is exploring the net score movement over the last period amongst companies. So how are they moving? What's happening to the net score over time. And this chart shows the year over year >> net score change for vendors that participate in at least three sectors within the ETR taxonomy. Remember ETR taxonomy has 12, 15 different segments. So the names above or below the gray dotted line are those companies where the net score has increased or decreased meaningfully. So to the earlier chart, it's all relative, right? Look at Oracle. While having lower net scores has also shown a more meaningful improvement in net score than some of the others, as have SAP and Teradata. Now what's impressive to me here is how AWS, Microsoft, and Google are actually holding that dotted line that gray line pretty well despite their size and the other ironically interesting two data points here are Broadcom and Nutanix. Now Broadcom, of course, as we've reported and dug into, is buying VMware and, and of, of course most customers are concerned about getting hit with higher prices. Once Broadcom takes over. Well Nutanix despite its change in net scores, in a good position potentially to capture some of that VMware business. Just yesterday, I talked to a customer who told me he migrated his entire portfolio off VMware using Nutanix AHV, the Acropolis hypervisor. And that was in an effort to avoid the VTEX specifically. Now this was a smaller customer granted and it's not representative of what I feel is Broadcom's ICP the ideal customer profile, but look, Nutanix should benefit from the Broadcom acquisition. If it can position itself to pick up the business that Broadcom really doesn't want. That kind of bottom of the pyramid. One person's trash is another's treasure as they say, okay. And here's that same chart for companies >> that participate in less than three segments. So, two or one of the segments in the ETR taxonomy. Only three names are seeing positive movement year over year in net score. SUSE under the leadership of amazing CEO, Melissa Di Donato. She's making moves. The company went public last year and acquired rancher labs in 2020. Look, we know that red hat is the big dog in Kubernetes but since the IBM acquisition people have looked to SUSE as a possible alternative and it's showing up in the numbers. It's a nice business. It's going to do more than 600 million this year in revenue, SUSE that is. It's got solid double digit growth in kind of the low teens. It's profitability is under pressure but they're definitely a player that is found a niche and is worth watching. The SolarWinds, What can I say there? I mean, maybe it's a dead cat bounce coming off the major breach that we saw a couple years ago. Some of its customers maybe just can't move off the platform. Constant contact we really don't follow and don't really, you know, focus on them. So, not much to say there. Now look at all the high priced earning stocks or infinite PE stocks that have no E and divide by zero or a negative number and boom, you have infinite PE and look at how their net scores have dropped. We've reported extensively on snowflake. They're still number one as we showed you earlier, net score, but big moves off their highs. Okta, Datadog, Zscaler, SentinelOne Dynatrace, big downward moves, and you can see the rest. So this chart really speaks to the change in expectations from the COVID bubble. Despite the fact that many of these companies CFOs would tell you that the pandemic wasn't necessarily a tailwind for them, but it certainly seemed to be the case when you look back in some of the ETR data. But a big question in the community is what's going to happen to these tech stocks, these tech companies in the market? We reached out to both Eric Bradley of ETR who used to be a technical analyst on Wall Street, and the long time trader and breaking analysis contributor, Chip Symington to get a read on what they thought. First, you know the market >> first point of the market has been off 11 out of the past 12 weeks. And bare market rallies like what we're seeing today and yesterday, they happen from time to time and it was kind of expected. Chair Powell's testimony was broadly viewed as a positive by the street because higher interest rates appear to be pushing commodity prices down. And a weaker consumer sentiment may point to a less onerous inflation outlook. That's good for the market. Chip Symington pointed out to breaking analysis a while ago that the NASDAQ has been on a trend line for the past six months where its highs are lower and the lows are lower and that's a bad sign. And we're bumping up against that trend line here. Meaning if it breaks through that trend it could be a buying signal. As he feels that tech stocks are oversold. He pointed to a recent bounce in semiconductors and cited the Qualcomm example. Here's a company trading at 12 times forward earnings with a sustained 14% growth rate over the next couple of years. And their cash flow is able to support their 2.4, 2% annual dividend. So overall Symington feels this rally was absolutely expected. He's cautious because we're still in a bear market but he's beginning to, to turn bullish. And Eric Bradley added that He feels the market is building a base here and he doesn't expect a 1970s or early 1980s year long sideways move because of all the money that's still in the system. You know, but it could bounce around for several months And remember with higher interest rates there are going to be more options other than equities which for many years has not been the case. Obviously inflation and recession. They are like two looming towers that we're all watching closely and will ultimately determine if, when, and how this market turns around. Okay, that's it for today. Thanks to my colleagues, Stephanie Chan, who helps research breaking analysis topics sometimes, and Alex Myerson who is on production in the podcast. Kristin Martin and Cheryl Knight they help get the word out and do all of our newsletters. And Rob Hof is our Editor in Chief over at siliconangle.com and does some wonderful editing for breaking analysis. Thank you. Remember, all these episodes are available as podcasts wherever you listen. All you got to do is search breaking analysis podcasts. I publish each week on wikibon.com and Siliconangle.com. And of course you can reach me by email at david.vellante@siliconangle.com or DM me at DVellante comment on my LinkedIn post and please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for the CUBE insights powered by ETR. Stay safe, be well. And we'll see you next time. (soft music)

>> From theCUBE Studios in Palo Alto in Boston, bringing you data driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> Cybersecurity stocks have been sending mixed signals as of late, mostly negative like much of tech, but some such as Palo Alto Networks, despite a tough go of it recently have held up better than most tech names. Others like CrowdStrike, had been out performing Broader Tech in March, but then flipped in May. Okta's performance was pretty much tracking along with CrowdStrike for most of the past several months, a little bit below, but then the Okta hack changed the trajectory of that name. Zscaler has crossed the critical billion dollar ARR revenue milestone, and now sees a path to five billion dollars in revenue, but the company stock fell sharply after its last earnings report and has been on a down trend since last November. Meanwhile, CyberArk's recent beat and raise, was encouraging and the stock acted well after its last report. Security remains the number one initiative priority amongst IT organizations and the spending momentum for many high flying cyber names remain strong. So what gives in cyber security? Hello, and welcome to this week's Wikibon CUBE insights powered by ETR. In this breaking analysis, we focus on security and will update you on the latest data from ETR to try to make sense out of the market and read into what this all means in both the near and long term, for some of our favorite names in cyber. First, the news. There's always something happening in security news cycles. The big recent news is new President Rodrigo Chavez declared a national emergency in Costa Rica due to the preponderance of Russian cyber attacks on the country's critical infrastructure. Such measures are normally reserved for natural disasters like earthquakes, but this move speaks to the nature of today's cyber threats. Of no surprise is modern superpower warfare even for a depleted power like Russia almost certainly involves cyber warfare as we continue to see in Ukraine. Privately held Arctic Wolf Networks hired Dustin Williams as its new CFO. Williams has taken three companies to IPO, including Nutanix in 2016, a very successful IPO for that company. Whether AWN chooses to pull the trigger this year or will wait until markets are less choppy or obviously remains to be seen. But it's a pretty clear sign the company is headed to IPO at some point. Now, big point of discussion this week at Red Hat Summit in Boston and the prior week at Dell technologies world was security. In the case of Red Hat, securing the digital supply chain was the main theme. And from Dell building, many security features into its storage arrays and cyber resilience services into its as a service offering called Apex. And we're seeing a trend where buyers want to reduce the number of bespoke tools they use if they, in fact can. Here's IDC's Jim Mercer, sharing data from a recent survey they conducted on the topic. Play the clip. >> Interestingly, we did a survey, I think around last August or something. And one of the questions was around where do you want your security, right? Where do you want to get your DevSecOps security from? Do you want to get it from individual vendors, right? Or do you want to get it from like your platforms that you're using and deploying changes in Kubernetes? >> Great question. What did they say? >> The majority of them, they're hoping they can get it built into the platform. That's really what they want-- >> Now, whether that's actually achievable is debatable because you have so much innovation and investment going on from the likes of startups and for instance, lace work or sneak and security companies that you see even trying to build platforms, you've got CrowdStrike, Okta, Zscaler and many others, trying to build security platforms and put it all under their umbrella. Now the last point will hit here is there was a lot of buzz in the news about Okta. The reaction to what was a relatively benign hack was pretty severe and probably overblown, but Okta's stock is paying the price of what is generally considered a blown communications plan versus a technical failure. Remember, identity is not an easy thing to rip and replace and Okta remains a best-of-breed player and leader in the space. So we're going to look at some ETR data later in this segment to try and make sense of the recent action in the market and certain names. Speaking of which let's take a look at how some of the names in cybersecurity have fared relative to some of the indices and relative indicators that we like to look at. Here's a Google finance comparison for a number of stocks and names in the bottom there you can see we plot the hack ETF which tracks security stocks. This is a year to date view. And so we don't show it here but the tech heavy NASDAQ is off around 26% year to date whereas the cyber ETF that we're showing is down 18%, okay. So cyber holding up a little bit better than broader tech as we've reported earlier, was actually much better and still seems to be a gap there, but the data are mixed. You can see Okta is way off relative to its peers. That's a combination of the breach that we talked about but also the run up in the stock since COVID. CrowdStrike was actually faring better but broke this month, we'll see how it's upcoming earnings announcements are received when it announces on June 2nd after the close. Palo Alto in the light blue has done better than most and until recently was holding up quite well. And of course, Sailpoint is another identity specialist, it is kind of off the charts here because it's going private with the acquisition by Thoma Bravo at nearly seven billion dollars. So you see some mixed signals in cyber these past several months and weeks. And so we're trying to understand what that all means. So let's take a look at the survey data and see how spending momentum is holding up. As we've reported IT spending forecast, at the macro level, they've come off their 8% highs from the end of the year, the ETRS December survey, but robust tech spending is still there. It's expected at nearly seven percent and this is amongst 1200 ETR respondents. Here's a picture from the ETR survey of the cybersecurity landscape. That y-axis that's net score or a measure of spending momentum and that horizontal access is overlap. We used to talk about it as a market share which is a measure of pervasiveness in the data set. That dotted red line at 40% indicates an elevated spending momentum level on the vertical axis and we filter the names and limited to only those with a hundred or more responses in the ETR survey. Then the pictures still pretty crowded as you can see. You got lots of companies above the red dotted line, including Microsoft which is up into the right, they're so far off the chart, it's just amazing. But also Palo Alto and Okta, Auth0, which of course is now owned by Okta, Zscaler, CyberArk is making moves. Sailpoint and Cloudflare, they're all above that magic 40% line. Now, you look at Cisco, it shows a very large presence in the horizontal axis in the data set. And it's got pretty respectable momentum and you see Splunk doing okay, no before and tenable just below that 40% line and a lot of names in the very respectable 20% zone. And we've included some legacy names just for context that fall below the zero percent line with a negative net score. And that means a larger proportion, that negative net score means a larger proportion of their customers in the survey are spending less than those that are spending more. Now, typically for these legacy names you're going to have a huge proportion of customers who have flat spending that kind of fat middle and that's why they sort of don't have that highly elevated score, but they're still viable as they get the recurring revenue each year. But the bottom line is that spending remains robust for some of the top names that we've talked about earlier despite their rocky stock performance. Now, let's filter this data a bit more to make it a little bit easier to read. So to do that, we take out Microsoft because they're just so dominant and we cherry pick some names to make the data more consumable and scannable. The other data point we've added is Okta's net score breakdown, the multicolored rows there, that row in the bottom right. Net score, it measures the percent of customers that are adding the platform new, that's the lime green, at 18% for Okta. The forest green is at 42%. That's the percent of customers in the survey that are spending six percent or more. The gray is flat spending. That's 32% for Okta, this past survey. The pink is customers that are spending less, that's three percent. They're spending six percent or worse in the survey, so only three percent for Okta. And the bright red at three percent is decommissioning the platform. You subtract the reds from the greens and you get a net score, well, into the 50s for Okta and you can see. We highlight Okta here because it's a name that we've been following for quite some time and customers have given us really solid feedback on the technology and up until the hack, they're affinity to Okta, but that seems to be continuing. We'll talk more about that. This recent breach to Okta has caused us to take a closer look. And you may recall, we reported with our ETR colleague, Eric Bradley. The breach was announced right in the middle of ETR collecting data in the last survey. And while we did see a noticeable downtick right after the announcement, the exposure of the hack and Okta's net score just after the breach was disclosed, you can see the combination of Okta and Auth0 remains very strong. I asked Eric Bradley this morning what he thought about Okta, and he pointed out that you can't evaluate this company on its price to earnings ratio. But it's forward sales multiple is now below 7X. And while attractive, these high flyers at some point, Eric says, they got to start making a profit. So you going to hold that thought, we'll come back to that. Now, another cut of the ETR data to look at our four star security names here. A while back we developed a methodology to try and cut through the noise of the crowded security sector using the ETR data to evaluate two key metrics; net score and shared N. Net score again is, spending momentum, the latter is an indicator of presence in the data set which is a proxy for market presence. Okay, we assigned those companies that cracked the top 10 in both net score and shared N, we give them four stars, okay, if they make the top 10. This chart here shows the April survey data for those companies with an N that's greater than, equal to a hundred responses. So again, we're filtering on those with a hundred or more responses. The table on the left that you see there, that's sorted by net score, okay. So we're sorting by spending momentum. And then the one on the right is sorted by shared N, so their presence in the data set. Seven companies hit the top 10 for both categories; Palo Alto Network, Splunk, CrowdStrike Okta, Proofpoint, Fortinet and Zscaler. Now, remember, take a look, Okta excludes Auth0, in this little methodology that we came up with. Auth0 didn't make the cuts but it hits the top 10 for net score. So if you add in Auth0's 112 N there that you see on the right. You add that into Okta, we put Okta in the number two spot in the survey on the right most table with the shared N of 354. Only Cisco has a higher presence in the data set. And you can see Cisco in the left lands just below that red dotted line. That's the top 10 in security. So if we were to combine Okta and Auth0 as one, Cisco would make the cut and earn four stars. Now, some other notables are CyberArk, which is just below the red line on the right most chart with an impressive 177 shared N. Again, if you combine Auth0 and Okta, CyberArk makes the four star grade because it's in the top 10 for net score on the left. And Sailpoint is another notable with a net score above 50% and it's got a shared N of 122, which is respectable. So despite the market's choppy waters, we're seeing some positive signs in the survey data for some of the more prominent names that we've been following for the last couple of years. So what does this mean for the markets going forward? As always, when we see these confusing signs we like to reach out to the network and one of the sharpest traders out there is Chip Simonton. We've quoted him before and we like to share some of his insights. And so we're going to highlight some of that here. So technically, almost every good tech stock is oversold. And as such, he suggested we might see a bounce here. We certainly are seeing that on this Friday, the 13th. But the right call tactically has been to sell into the rally these past several months, so we'll see what happens on Monday. The key issue with the name like Okta and some other momentum names like CrowdStrike and Zscaler is that when money comes back into tech, it's likely going to go to the FAANG stocks, the Facebook, Apple, Amazon, Netflix, Google, and of course, you put Microsoft in there as well. And we'll see about Amazon, by the way, it's kind of out of favor right now, as everyone's focused on the retail side of the business meanwhile it's cloud business is booming and that's where all the profit is. We think that should be the real focus for Amazon. But the point is, for these momentum names in cybersecurity that don't make money, they face real headwinds, as growth is slowing overall and interest rates rise, that makes the net present value of these investments much less attractive. We've talked about that before. But longer term, we agree with Chip Simonton that these are excellent companies and they will weather the storm and we think they're going to lead their respective markets. And in cyber, we would expect continued M&A activity, which could act as a booster shot in the arms of these names. Now in 2019, we saw the ETR data, it pointed to CrowdStrike, Zscaler, Okta and others in the security space. Some of those names that really looked to us like they were moving forward and the pandemic just created a surge in these names and admittedly they got out over their skis. But the data suggests that these leading companies have continued momentum and the potential for stay in power. Unlike the SolarWinds hack, it seems at this point anyway that Okta will recover in the market. For the reasons that we cited, investors, they might stay away for some time but longer term, there's a shift in CSO security strategies that appear to be permanent. They're really valuing cloud-based modern platforms, these platforms will likely continue to gain share and carry their momentum forward. Okay, that's it for now, thanks to Stephanie Chan, who helps with the background research and with social, Kristen Martin and Cheryl Knight help get the word out and do some great work as well. Alex Morrison is on production and handles all of our podcast. Alex, thank you. And Rob Hof is our Editor in Chief at SiliconANGLE. Remember, all these episodes, they're available as podcast, you can pop in the headphones and listen, just search "Breaking Analysis Podcast." I publish each week on wikibon.com and SiliconANGLE.com. Don't forget to check out etr.ai, best in the business for real customer data. It's an awesome platform. You can reach me at dave.vellante@siliconangle.com or @dvellante. You can comment on our LinkedIn posts. This is Dave Vellante for the CUBEinsights powered by ETR. Thanks for watching. And we'll see you next time. (bright upbeat music)

(gentle music) >> We're back at the Seaport in Boston. I'm Dave Vellante with my co-host, Paul Gillin. Tracie Zenti is here. She's the Director of Global Partner Management at Microsoft, and Tom Anderson is the Vice President of Ansible at Red Hat. Guys, welcome to theCube. >> Hi, thank you. >> Yep. >> Ansible on Azure, we're going to talk about that. Why do I need Ansible? Why do I need that kind of automation in Azure? What's the problem you're solving there? >> Yeah, so automation itself is connecting customers' infrastructure to their end resources, so whether that infrastructure's in the cloud, whether it's in the data center, or whether it's at the edge. Ansible is the common automation platform that allows customers to reuse automation across all of those platforms. >> And so, Tracie, I mean, Microsoft does everything. Why do you need Red Hat to do Ansible? >> We want that automation, right? We want our customers to have that ease of use so they can be innovative and bring their workloads to Azure. So that's exactly why we want Ansible. >> Yeah, so kind of loaded questions here, right, as we were sort of talking offline. The nature of partnerships is changing. It's about co-creating, adding value together, getting those effects of momentum, but maybe talk about how the relationship started and how it's evolving and I'd love to have your perspective on the evolving nature of ecosystems. >> Yeah, I think the partnership with Red Hat has been strong for a number of years. I think my predecessor was in the role for five years. There was a person in there for a couple years before that. So I think seven or eight years, we've been working together and co-engineering. Red Hat enterprised Linux. It's co-engineered. Ansible was co-engineered. We work together, right? So we want it to run perfectly on our platform. We want it to be a good customer experience. I think the evolution that we're seeing is in how customers buy, right? They want us to be one company, right? They want it to be easy. They want be able to buy their software where they run it on the cloud. They don't want to have to call Red Hat to buy and then call us to buy and then deploy. And we can do all that now with Ansible's the first one we're doing this together and we'll grow that on our marketplace so that it's easy to buy, easy to deploy, easy to keep track of. >> This is not just Ansible in the marketplace. This is actually a fully managed service. >> That's right. >> What is the value you've added on top of that? >> So it runs in the customer account, but it acts kind of like SaaS. So Red Hat gets to manage it, right? And it's in their own tenant. So they get in the customer's own tenant, right? So with a service principle, Red Hat's able to do that management. Tom, do you want to add anything to that? >> Yeah, the customers don't have to worry about managing Ansible. They just worry about using Ansible to automate their infrastructure. So it's a kind of a win-win situation for us and for our customers. We manage the infrastructure for them and the customer's resources themselves and they get to just focus on automating their business. >> Now, if they want to do cross-cloud automation or automation to their hybrid cloud, will you support that as well? >> 100%. >> Absolutely. >> Yeah. >> We're totally fine with that, right? I mean, it's unrealistic to think customers run everything in one place. That isn't enterprise. That's not reality. So yeah, I'm fine with that. >> Well, that's not every cloud provider. >> No (laughing) that's true. >> You guys over here, at Amazon, you can't even say multicloud or you'll get thrown off the stage. >> Of course we'd love it to all run on Azure, but we want our customers to be happy and have choice, yeah. >> You guys have all, I mean, you've been around a long time. So you had a huge on-prem state, brought that to the cloud, and Azure Stack, I mean, it's been around forever and it's evolved. So you've always believed in, whatever you call it, Hybrid IT, and of course, you guys, that's your call of mission. >> Yeah, exactly. >> So how do you each see hybrid? Where's the points of agreement? It sounds like there's more overlap than gaps, but maybe you could talk about your perspective. >> Yeah, I don't think there are any points of disagreement. I think for us, it's meeting our customers where their center of gravity is, where they see their center of management gravity. If it's on Azure, great. If it's on their data center, that's okay, too. So they can manage to or from. So if Azure is their center of gravity, they can use automation, Ansible automation, to manage all the things on Azure, things on other cloud providers, things in their data center, all the way out to their edge. So they have the choice of what makes the most sense to them. >> And Azure Arc is obviously, that's how Azure Stack is evolving, right? >> Yeah, and we have Azure Arc integration with Ansible. >> Yeah. >> So yeah, absolutely. And I mean, we also have Rell on our marketplace, right? So you can buy the basement and you could buy the roof and everything in between. So we're growing the estate on marketplace as well to all the other products that we have in common. So absolutely. >> How much of an opportunity, just go if we go inside? Give us a little peak inside Microsoft. How much of an opportunity does Microsoft think about multi-cloud specifically? I'm not crazy about the term multicloud, 'cause to me, multicloud, runs an Azure, runs an AWS, runs on Google, maybe runs somewhere else. But multicloud meaning that common experience, your version of hybrid, if you will. How serious is Microsoft about that as a business opportunity? A lot of people would say, well, Microsoft really doesn't want. They want everything in their cloud. But I'd love to hear from you if that is good. >> Well, we have Azure Red Hat OpenShift, which is a Microsoft branded version of OpenShift. We have Ansible now on our marketplace. We also, of course, we have AKS. So I mean, container strategy runs anywhere. But we also obviously have services that enhance all these things. So I think, our marketplace is a third party marketplace. It is designed to let customers buy and run easily on Azure and we'd want to make that experience good. So I don't know that it's... I can't speak to our strategy on multicloud, but what I can speak to is when businesses need to do innovation, we want it to be easy to do that, right? We want it to be easy to buy, defined, buy, deploy, manage, and that's what we're trying to accomplish. >> Fair to say, you're not trying to stop it. >> No, yeah, yeah. >> Whether or not it evolves into something that you heavily lean into or see. >> When we were talking before the cameras turned on, you said that you think marketplaces are the future. Why do you say that? And how will marketplaces be differentiated from each other in the future? >> Well, our marketplace is really, first of all, I think, as you said off camera, they're now. You can buy now, right? There's nothing that stops you. But to me, it's an extension of consumerization of IT. I've been in IT and manageability for about 23 years and full automation is what we and IT used to always talk about, that single pane of glass. How do you keep track of everything? How do you make it easy? How do you support? And IT is always eeking out that last little bit of funding to do innovation, right? So what we can do with consumerization of IT is make it easier to innovate. Make it cheaper to innovate, right? So I think marketplaces do that, right? They've got gold images you can deploy. You're also able to deploy custom images. So I think the future is as particularly with ours, like we support, I don't remember the exact number, but over a hundred countries of tax calculation. We've got like 17 currencies. So as we progress and customers can run from anywhere in the world and buy from anywhere in the world and make it simple to do those things that used to take maybe two months to spin up services for innovation and Ansible helps with that, that's going to help enterprises innovate faster. And I think that's what marketplaces are really going to bring to the forefront is that innovation. >> Tom, why did Ansible, I'm going to say one, I mean, you're never done. But it was unclear a few years ago, which automation platform was going to win in the marketplace and clearly, Ansible has taken a leading position. Why? What were the factors that led to that? >> Honestly, it was the strength of the community, right? And Red Hat leaning into that community to support that community. When you look out at the upstream community for Ansible and the number of participants, active participants that are contributing to the community just increases its value to everybody. So the number of integrations, the number of things that you can automate with Ansible is in the thousands and thousands, and that's not because a group of Red Hat engineers wrote it. That's because our community partners, like Microsoft wrote the user integrations for Ansible. F5 does theirs. Customers take those and expand on them. So the number of use cases that we can address through the community and through our partners is immense. >> But that doesn't just happen. I mean, what have you done to cultivate that community? >> Well, it's in Red Hat's DNA, right? To be the catalyst in a community, to bring partners and users together, to share their knowledge and their expertise and their skills, and to make the code open. So anybody can go grab Ansible from upstream and start doing stuff with it, if they want. If they want to mature on it and management for it and support all the other things that Red Hat provides, then they come to us for a subscription. So it's really been about sort of catalyzing and supporting that community, and Red Hat is a good steward of these upstream communities. >> Is Azure putting Ansible to use actually within your own platform as opposed to being a managed service? Are you adopting Ansible for automation of the Azure Platform? >> I'll let you answer that. >> So two years ago, Microsoft presented at AnsibleFest, our fall conference, Budd Warrack, I'm butchering his last name, but he came on and told how the networking team at Microsoft supports about 35,000 access points across hundreds of buildings, all the Microsoft campuses using Ansible to do that. Fantastic story if you want to go on YouTube and look up that use case. So Microsoft is an avid user of the Ansible technology in their environment. >> Azure is kind of this really, I mean, incredible strategic platform for Microsoft. I wonder if you could talk about Azure as a honeypot for partners. I mean, it seems, I mean, the momentum is unbelievable. I mean, I pay attention to their earnings calls every quarter of Azure growth, even though I don't know what the exact number is, 'cause they won't give it to me but they give me the growth rates and it's actually accelerating. >> No lie. (Tracie laughing) >> I've got my number. It's in the tens of billions. I mean, I'm north of 35 billion, but growing at the high 30%. I mean, it's remarkable. So talk about the importance of that to the ecosystem as a honey pot. >> Paul Satia said it right. Many times partners are essential to our strategy. But if you think about it, software solves problems. We have software that solves problems. They have software that solves problems, right? So when IT and customers are thinking of solving a problem, they're thinking software, right? And we want that software to run on Azure. So partners have to be essential to our strategy. Absolutely. It's again, we're one team to the customer. They want to see that as working together seamlessly. They don't want it to be hardware Azure plus software. So that's absolutely critical to our success. >> And if I could add for us, the partners are super important. So some of our launch partners are like F5 and CyberArk who have certified Ansible content for Ansible on Azure. We have service provider partners like Accenture and Kindra that are launching with us and providing our joint customers with help to get up to speed. So it really is a partner play. >> Absolutely. >> Where are you guys taking this? Where do you want to see it go? What are some of the things that observers should pay attention to as marketers of success and evolution? >> Well, certainly for us, it's obviously customer adoption, but it is providing them with patterns. So out of the box patterns that makes it easy for them to get up and running and solve the use cases and problems that they run into most frequently. Problems ain't the right word. Challenges or opportunities on Azure to be able to automate the things. So we're really leaning into the different use cases, whether it's edge, whether it's cloud, whether it's cloud to edge, all of those things. We want to provide users with out of the box Ansible content that allows 'em to just get up and automating super fast, and doing that on Azure makes it way easier for us because we don't have to focus on the install and the setting up and configuring it. It's all just part of the experience >> And Tracie, for Microsoft, it's world domination with a smile. (all laughing) >> Of course. No, of course not. No, I think it's to continue to grow the co-engineering we do across all of the Red Hat products. I can't even tell you the number of things we work on together, but to look forward strategically at what opportunities we have across our products and theirs to integrate like Arc and Ansible, and then making it all easy to buy, making it available so that customers have choice and they can buy how they want to and simplify. So we're just going to continue to do that and we're at that infancy right now and as we grow, it'll just get easier and easier with more and more products. >> Well, bringing the edge into the equation is going to be really interesting. Microsoft with its gaming, vector is amazing, and recent, awesome acquisitions. All the gamers are excited about that and that's a huge edge play. >> You'll have to bring my son on for that interview. >> Yeah. >> My son will interview. >> He knows more than all of us, I'm sure. What about Ansible? What's ahead for Ansible? >> Edge, so part of the Red Hat play at the Edge. We've getting a lot of customer pull for both industrial Edge use cases in the energy sector. We've had a joint customer with Azure that has a combined Edge platform. Certainly, the cloud stuff that we're announcing today is a huge growth area. And then just general enterprise automation. There's lots of room to run there for Ansible. >> And lots of industries, right? >> Yeah. >> Telco, manufacturing. >> Retail. >> Retail. >> Yeah. >> Yeah. There's so many places to go, yeah, that need the help. >> The market's just, how you going to count it anymore? It's just enormous. >> Yeah. >> It's the entire GDP the world. But guys, thanks for coming to theCUBE. >> Yeah. >> Great story. Congratulations on the partnership and the announcements and look forward to speaking with you in the future. >> Yeah, thanks for having us. >> Thanks for having us. >> You're very welcome. And keep it right there. This is Dave Vellante for Paul Gillin. This is theCUBE's coverage of Red Hat Summit 2022. We'll be right back at Seaport in Boston. (gentle music)

>> From the theCUBE studios in Palo Alto, in Boston, bringing you data-driven insights from theCUBE and ETR. This is "Breaking Analysis", with Dave Vellante. >> The recent security breach of an Okta third party supplier has been widely reported. The criticisms of Okta's response have been harsh, and the impact on Okta's value has been obvious, investors shaved about $6 billion off the company's market cap during the week the hack was made public. We believe Okta's claim that the customer technical impact was, "Near zero," may be semantically correct. However, based on customer data, we feel Okta has a blind spot. There are customer ripple effects that require clear action which are missed in Okta's public statements, in our view. Okta's product portfolio remains solid, it's a clear leader in the identity space. But in our view, one part of the long journey back to credibility requires Okta to fully understand and recognize the true scope of this breach on its customers. Hello, and welcome to this week's Wikibon "CUBE Insights", powered by ETR. In this "Breaking Analysis", we welcome our ETR colleague, Erik Bradley, to share new data from the community. Erik, welcome. >> Thank you, Dave, always enjoy being on the show, particularly when we get to talk about a topic that's not being well covered in the mainstream media in my opinion. >> Yeah, I agree, you've got some new data, and we're going to share some of that today. Let's first review the timeline of this hack. On January 20th this year, Okta got an alert that something was amiss at one of its partners, a company called Sitel, that provides low-level contact center support for Okta. The next day, Sitel retained a forensic firm to investigate, which was completed, that investigation was completed on February 28th. A report dated March 10th was created, and Okta received a summary of that from Sitel on March 17th. Five days later, Lapsus$ posted the infamous screenshots on Twitter. And later that day, sheesh, Okta got the full report from Sitel, and then responded publicly. Then the media frenzy in the back and forth ensued. So Erik, you know, there's so much wrong with this timeline, it's been picked apart by the media. But I will say this, what appeared to be a benign incident and generally has turned into a PR disaster for Okta, and I imagine Sitel as well. Who I reached out to by the way, but they did not provide a comment, whereas Okta did. We'll share that later. I mean, where do we start on this, Erik? >> It's a great question, "Where do we start?" As you know, our motto here is opinions only exist due to a lack of data, so I'm going to start with the data. What we were able to do is because we had a survey that was in the field when the news broke, is that we were able to observe the data in realtime. So we sequestered the data up until that moment when it was announced, so before March 23rd and then after March 23rd. And although most of the responses came in prior, so it wasn't as much of an end as we would've liked. It really was telling to see the difference of how the survey responses changed from before the breach was announced to after, and we can get into a little bit more- >> So let's... Sorry, sorry to interrupt, let's bring that up, let's look at some of that data. And as followers of this program know... Let me just set it up, Erik. Every quarter, ETR, they have a proprietary net score methodology to determine customer spending momentum, and that's what we're talking about here. Essentially measuring the net number of customers spending more on a particular product or platform. So apologize for interrupting, but you're on this data right here. >> Not at all. >> So take us through this. >> Yeah, so again, let's caveat. Okta is still a premier company in our work. Top five in overall security, not just in their niche, and they still remained extremely strong at the end of the survey. However, when you kind of look at that at a more of a micro analysis, what you noticed was a true difference between before March 23rd and after. Overall, their cumulative net score or proprietary spending intention score that we use, was 56% prior. That dropped to 44% during the time period after, that is a significant drop. Even a little bit more telling, and again, small sample size, I want to be very fair about that. Before March 23rd, only three of our community members indicated any indication of replacing Okta. That number went to eight afterwards. So again, small number, but a big difference when you're talking about a percentage change. >> Yeah, so that's that sort of green line that was shown there. You know, not too damaging, but definitely a noticeable downturn with the caveat that it's a small end. But here's the thing that I love working with you, we didn't stop there. You went out, you talked to customers, I talked to a number of customers. You actually organized a panel. This week, Erik hosted a deep dive on the topic with CISOs. And we have, if we could bring up that next slide, Alex. These are some of the top CISOs in the community, and I'm going to just summarize the comments and then turn it over to you, Erik. The first one was really concerning, "We heard about this in the media," ooh, ooh, ouch. Next one, "Not a huge hit, but loss of trust." "We can't just shut Okta off like SolarWinds." So there's definitely a lock in effect there. "We may need to hire new people," i.e, "There's a business impact to us beyond the technical impact." "We're rethinking contract negotiations with Okta." And bottom line, "It's still a strong solution." "We're not really worried about our Okta environment, but this is a trust and communications issue." Erik, these are painful to read, and in the end of the day, Okta has to own this. Todd McKinnon did acknowledge this. As I said at the top, there are domino business impacts that Okta may not be seeing. What are your thoughts? >> There's a lot we're going to need to get into in a little bit, and I think you were spot on earlier, when McKinnon said there was no impact. And that's not actually true, there's a lot of peripheral, derivative impact that was brought up in our panel. Before we even did the panel though, I do want to say we went out quickly to about 20 customers and asked them if they were willing to give an opinion. And it was sort of split down the middle where about, you know, half of them were saying, "You know, this is okay. We're going to stand by 'em, Okta's the best in the industry." A few were cautious, "Opinion's unchanged, but we're going to take a look deeper." And then another 40% were just flat out negative. And again, small sample size, but you don't want to see that. It's indicative of reputational damage right away. That was what led us to say, "You know what, let's go do this panel." And as you know, from reading it and looking at the panel, well, a lot of topics were brought up about the derivative impact of it. And whether that's your own, you know, having to hire people to go look into your backend to deal with and manage Okta. Whether it's cyber insurance ramifications down the road, there's a lot of aspects that need to be discussed about this. >> Yeah now, so before I go on... And by the way, I've spent a fair amount of time just parsing, listening very carefully to Todd McKinnon's commentary. He did an interview with Emily Chang, it was quite useful. But before I go on, I reached out to Okta, and they were super responsive and I appreciate that. And I do believe they're taking this seriously, here's a statement they provided to theCUBE. Quote, "As a global leader in identity, we recognize the critical role Okta plays for our customers and our customers' end users. Okta has a culture of learning and improving, and we are taking the steps to prevent this from happening again. We know trust is earned, and building back our customers' trust in Okta through our actions and our ongoing support as their secure identity partner is our top priority." Okay, so look, you know, what are you going to say, right? I mean, I think they do own it. Again, the concern is the blind spots. So we put together this visual to try to explain how Okta is describing the impact, and maybe another way to look at it. So let me walk you through this. Here's a simple way in which organizations think about the impact of a breach. What's the probability of a breach, that's the vertical axis, and what's the impact on the horizontal. Now I feel as though business impact really is the financial, you know, condition. But we've narrowed this to map to Todd McKinnon's statements of the technical impact. And they've said the technical impact in terms of things customers need to do or change, is near zero, and that's the red dot that you see there. Look, the fact is, that Okta has more than 15,000 customers, and at most, 366 were directly impacted by this. That's less than 3% of the base, and it's probably less than that, they're just being conservative. And the technical impact which Todd McKinnon described in an interview, again, with Emily Chang, was near zero in terms of actions the customers had to take on things like reporting and changes and remediation. Basically negligible. But based on the customer feedback outside of that 366, that's what we're calling that blind spot and that bracket. And then we list the items that we are hearing from customers on things that they have to do now, despite that minimal exposure. Erik, this is new information that we've uncovered through the ETR process, and there's a long list of collateral impacts that you just referred to before, actions that customers have to take, right? >> Yeah, there's a lot, and the panel really brought that to life even more than I expected to be quite honest. First of all, you're right, most of them believe that this was a minimal impact. The true damage here was reputational, and the derivatives that come from it. We had one panelist say that they now have to go hire people, because, and I hate to say this, but Okta isn't known for their best professional support. So they have to go get people now in to kind of do that themselves and manage that. That's obviously not the easiest thing to do in this environment. We had other ones express concern about, "Hey I'm an Okta customer. When I have to do my cyber insurance renewal, is my policy going to go up? Is my premium going to go up?" And it's not something that they even want to have to handle, but they do. There were a lot of concerns. One particular person didn't think the impact was minimal, and I just think it's worth bringing up. There was no demand for ransom here. So there were only two and a half percent of Okta customers that were hit, but we don't know what the second play is, right, this could just be stage one. And I think that there was one particular person on the panel who truly believes that, that could be the case, that this was just the first step. And in his opinion, there wasn't anything specific about those 366 customers that made him feel like the bad actor was targeting them. So he does believe that this might be a step one of a step two situation. Now that's a, you know, bit of an alarmist opinion and the rest of the panel didn't really echo it, but it is something that's kind of worth bringing up out there. >> Well, you know, it just pays to be paranoid. I mean, you know, it was reported that supposedly, this hack was done by a 16-year-old in England, out of his, you know, mother's house, but who knows? You know, other actors might have paid that individual to see what they could do. It could have been a little bit of reconnaissance, throw the pawn in there and see how, you know, what the response is like. So I want to parse some of Todd McKinnon's statements from that Bloomberg interview. Look, we've always, you and I both have been impressed with Okta, and Todd McKinnon's management. His decisions, execution, leadership, super impressive individual. You know, big fans of the company. And in the interview, it looked like (chuckles) the guy hadn't slept in three weeks, so really you have to feel for him. But I think there are some statements that have to be unpacked. The first one, McKinnon took responsibility and talked about how they'll be transparent about steps they're taking in the future to avoid you know, similar problems. We talked about the near-zero technical impact, we don't need to go there anymore. But Erik, the two things that struck me as communication misfires were the last two. Especially the penultimate statement there, quote, "The competitor product was at fault for this breach." You know, by the way, I believe this to be true. Evidently, Sitel was not using Okta as its identity access platform. You know, we're all trying to figure out who that is. I can tell you it definitely was not CyberArk, we're still digging to find out who. But you know, you can't say in my view, "We are taking responsibility," and then later say it was the competitor's fault. And I know that's not what he meant, but that's kind of how it came across. And even if it's true, you just don't say that later in a conversation after saying that, "We own it." Now on the last point, love your thoughts on this, Erik? My first reaction was Okta's throwing Sitel under the bus. You know, Okta's asking for forgiveness from its customers, but it just shot its partner, and I kind of get it. This shows that they're taking action but I would've preferred something like, "Look, we've suspended our use of Sitel for the time being pending a more detailed review. We've shut down that relationship to block any exposures. Our focus right now is on customers, and we'll take a look at that down the road." But I have to say in looking at the timeline, it looks like Sitel did hide the ball a little bit, and so you can't blame 'em. And you know, what are your thoughts on that? >> Well, I'll go back to my panelists again, who unanimously agreed this was a masterclass on how not to handle crisis management. And I do feel for 'em, they're a fantastic management team. The acquisition of Auth0 alone, was just such a brilliant move that you have to kind of wonder what went wrong here, they clearly were blindsided. I agree with you that Sitel was not forthcoming quickly enough, and I have a feeling that, that's what got them in this position, in a bad PR. However, you can't go ahead and fire your partner and then turn around and ask other people not to fire you. Particularly until a very thorough investigation and a root cause analysis has been released to everyone. And the customers that I have spoken to don't believe that, that is done yet. Now, when I ask them directly, "Would you consider leaving Okta?" Their answers were, "No, it is not easy to rip and replace, and we're not done doing our due diligence." So it's interesting that Okta's customers are giving them that benefit of the doubt, but we haven't seen it, you know, flow the other way with Okta's partner. >> Yeah, and that's why I would've preferred a different public posture, because who knows? I mean, is Sitel the only partner that's not using Okta as its identity management, who knows? I'd like to learn more about that. And to your point, you know, maybe Okta's got to vertically integrate here and start, you know, supporting the lower level stuff directly itself, you know, and/or tightening up those partnerships. Now of course, the impact on Okta obviously has been really serious, big hit on the stock. You know, they're piling on inflation and quantitative tightening and rate hikes. But the real damage, as we've said, is trust and reputation, which Okta has earned, and now it has to work hard to earn back. And it's unfortunate. Look, Okta was founded in 2009 and in over a decade, you know, by my count, there have been no major incidents that are obvious. And we've seen the damage that hackers can do by going after the digital supply chain and third and fourth party providers. You know, rules on disclosure is still not tight and that maybe is part of the problem here. Perhaps the new law The House just sent over to President Biden, is going to help. But the point, Erik, is Okta is not alone here. It feels like they got what looked like a benign alert. Sitel wasn't fully transparent, and Okta is kind of fumbling on the comms, which creates this spiraling effect. Look, we're going to have to wait for the real near-term and midterm impacts, but longterm, I personally believe Okta is going to be fine. But they're going to have to sacrifice some margin possibly in the near to midterm, and go through more pain to regain the loyalty of its customers. And I really would like to hear from Okta that they understand that customers, the impact of this breach to customers, actually does go beyond the 366 that were possibly compromised. Erik, I'll give you the final word. >> Yeah, there's a couple of things there if I can have a moment, and yes, Okta... Well, there was a great quote, one of the guys said, "Okta's built like a tank, but they just gave the keys to a 16 year old valet." So he said, "There is some concern here." But yes, they are best of breed, they are the leader, but there is some concern. And every one of the guys I spoke to, all CISOs, said, "This is going to come up at renewal time. At a minimum, this is leverage. I have to ask them to audit their third parties and their partners. I have to bring this up when it comes time." And then the other one that's a little bit of a concern is data-wise. We saw Ping Identity jump big, from 9% net score to 24% net score. Don't know if it's causative or correlated, but it did happen. Another thing to be concerned about out there, is Microsoft is making absolutely massive strides in security. And all four of the panelists said, "Hey, I've got an E5 license, why don't I get the most out of it? I'm at least going to look." So for Okta to say, you know, "Hey, there's no impact here," it's just not true, there is an impact, they're saying what they need to say. But there's more to this, you know, their market cap definitely got hit. But you know, I think over time if the market stabilized, we could see that recover. It's a great management team, but they did just open the door for a big, big player like Microsoft. And you and I also both know that there's a lot of emerging names out there too, that would like to, you know, take a little bit of that share. >> And you know, but here's the thing, I want to keep going here for a minute. Microsoft got hit by lapses, Nvidia got hit by lapses. But I think, Erik, I feel like people, "Oh yeah, Microsoft, they get hit all the time." They're kind of used to it with Microsoft, right? So that's why I'm saying, it's really interesting here. Customers want to consolidate their security portfolio and the number of tools that they have, you know. But then you look at something like this and you say, "Okay, we're narrowing the blast radius. You know, maybe we have to rethink that and that creates more complexity," and so it's a very complicated situation. But you know, your point about Microsoft is ironic, right. Because you know, when you see Microsoft, Amazon, you know, customers get hit all the time and it's oftentimes the fault of the customer, or the partner. And so it seems like, again, coming back to the comms of this, is that really is the one thing that they just didn't get right. >> Yeah, the biggest takeaway from this without a doubt is it's not the impact of the breach, it was the impact of their delay and how they handled it and how they managed it. That's through the course of 25 CISOs I've spoken to now, that's unanimous. It's not about that this was a huge damaging hit, but the damage really came from their reaction or lack thereof. >> Yeah, and it's unfortunate, 'cause it feels like a lot of it was sort of, I want to say out of their control because obviously they could have audited the partners. But still, I feel like they got thrown a curve ball that they really had a, you know, difficult time, you know, parsing through that. All right, hey, we got to leave it there for now. Thank you, Erik Bradley, appreciate you coming on, It's always a pleasure to have you >> Always good talking to you too, Dave, thanks a lot. >> ETR team, you guys are amazing, do some great work. I want to thank Stephanie Chan, who helps me with background research for "Breaking Analysis". Kristen Martin and Cheryl Knight, help get the word out, as do some others. Alex Myerson on production, Alex, thank you. And Rob Hof, is our EIC at SiliconANGLE. Remember, all these episodes, they are available as podcasts. Wherever you listen, just search, "Breaking Analysis podcast." I publish each week on wikibon.com and siliconangle.com. Check out etr.ai, it's the best in the business for real customer data real-time, near real-time, awesome platform. You can reach out to me at david.vellante@siliconangle.com, or @DVellante, or comment on my LinkedIn post. This is Dave Vellante, for Erik Bradley, and "theCUBE Insights", powered by ETR. Thanks for watching, be well, and we'll see you next time. (bright music)

>> From theCUBE studios in Palo Alto and Boston, bringing you data-driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> The pandemic precipitated what is shaping up to be a permanent shift in cybersecurity spending patterns. As a direct result of hybrid work, CSOs have vested heavily in endpoint security, identity access management, cloud security, and further hardening the network beyond the headquarters. We've reported on this extensively in this Breaking Analysis series. Moreover, the need to build security into applications from the start rather than bolting protection on as an afterthought has led to vastly high heightened awareness around DevSecOps. Finally, attacking security as a data problem with automation and AI is fueling new innovations in cyber products and services and startups. Hello and welcome to this week's Wikibon CUBE Insights powered by ETR. In this Breaking Analysis, we present our quarterly findings in the security industry, and share the latest ETR survey data on the spending momentum and market movers. Let's start with the most recent news in cybersecurity. Nary a week goes by without more concerning news. The latest focus in the headlines is, of course, Russia's relentless cyber attacks on critical infrastructure in the Ukraine, including banking, government websites, weaponizing information. The hacker group, BlackByte, put a double whammy on the San Francisco 49ers, meaning they exfiltrated data and they encrypted the organization's files as part of its ransomware attack. Then there's the best Super Bowl ad last Sunday, the Coinbase floating QR code. Did you catch that? As people rushed to scan the code and participate in the Coinbase Bitcoin giveaway, it highlights yet another exposure, meaning we're always told not to click on links that we don't trust or we've never seen, but so many people activated this random QR code on their smartphones that it crashed Coinbase's website. What does that tell you? In other news, Securonix raised a billion dollars. They did this raise on top of Lacework's massive $1.3 billion raise last November. Both of these companies are attacking security with data automation and APIs that can engage machine intelligence. Securonix, specifically in the announcement, mentioned the uptake from MSSPs, managed security service providers, something we've talked about in this series. And that's a trend that we see as increasingly gaining traction as customers are just drawing in and drowning in security incidents. Peter McKay's company, Snyk, acquired Fugue, a company focused on making sure security policies are consistent throughout the software development life cycle. It's a really an example of a developer-defined security approach where policy can be checked at the dev, deployment, and production phases to ensure the same policies are in place at all stages, including monitoring at runtime. Fugue, according to Crunchbase, had raised $85 million to date. In some other company news, Cisco was rumored to be acquiring Splunk for not much more than Splunk is worth today. And the talks reportedly broke down. This would be a major move in security by Cisco and underscores the pressure to consolidate. Cisco would get an extremely strong customer base and through efficiencies could improve Splunk's profitability, but it seems like the premium Cisco was willing to pay was not enough to entice board to act. Splunk board, that is. Datadog blew away its earnings, and the stock was up 12%. It's pulled back now, thanks to Putin, but it's one of those companies that is disrupting Splunk. Datadog is less than half the size of Splunk, revenue-wise, but its valuation is more than 2 1/2 times greater. Finally, Elastic, another Splunk disruptor, settled its trademark dispute with AWS, and now AWS will now stop using the name Elasticsearch. All right, let's take a high level look at how cyber companies have performed in the stock market over time. Here's a graph of the Cyber ETF, and you can see the March 1st crosshairs of 2020 signifying the start of the lockdown. The trajectory of cybersecurity stocks is shown by the orange and blue lines, and it surely has steepened post March of 2020. And, of course, it's been down with the market lately, but the run up, as you can see, was substantial and eclipsed the trajectory of the previous cycles over the last couple of years, owing much of the momentum to the spending dynamics that we talked about at our open. Let's now drill into some of the names that we've been following over the last few years and take a look at the firm level. This chart shows some data that we've been tracking since before the pandemic. The top rows show the S&P 500 and the NASDAQ prices, and the bottom rows show specific stocks. The first column is the index price or the market cap of the company just before the pandemic, then the same data one year later. Then the next column shows the peak value during the pandemic, and then the current value. Then it shows in the next column where it is today, in percentage terms, i.e., how far has it pulled back from the peak, then the delta from pre-pandemic, in other words, how much did the issue earn or lose during the pandemic for investors? We then compare the pre-pandemic revenue multiple using a trailing 12-month revenue metric. Sorry, that's what we used. It's easy to get. (laughs) And that's the revenue multiple compared to the August in 2020, when multiples were really high, and where they are today, and then a recent quarterly growth rate guide based on the last earnings report. That's the last column. Okay, so I'm throwing a lot of data at you here, but what does it tell us? First, the S&P and the NAS are well up from pre-pandemic levels, yet they're off 9% and 15%, respectively, from their peaks today. That was earlier on Friday morning. Now let's look at the names more closely. Splunk has been struggling. It definitely had a tailwind from the pandemic as all boats seem to rise, but its execution has been lacking. It's now 30% off from its pre-pandemic levels. (groans) And it's multiple is compressing, and perhaps Cisco thought it could pick up the company for a discount. Now let's talk about Palo Alto Networks. We had reported on some of the challenges the company faced moving into a cloud-friendly model. that was before the pandemic. And we talked about the divergence between Palo Alto's stock price and the valuations relative to Fortinet, and we said at the time, we fully expected Palo Alto to rebound, and that's exactly what happened. It rode the tailwinds of the last two years. It's up over 100% from its pre-COVID levels, and its revenue multiple is expanding, owing to the nice growth rates. Now Fortinet had been doing well coming into the pandemic. In fact, we said it was executing on a cloud strategy better than Palo Alto Networks, hence that divergence in valuations at the time. So it didn't get as much of a boost from the pandemic. Didn't get that momentum at first, but the company's been executing very well. And as you can see, with 155% increase in valuation since just before the pandemic, it's going more than okay for Fortinet. Now, Okta is a name that we've really followed closely, the identity access management specialist that rocketed. But since it's Auth0 acquisition, it's pulled back. Investors are concerned about its guidance and its profitability. And several analyst have downgraded their price targets on Okta. We still really like the company. The Auth0 acquisition gives Okta a developer vector, and we think the company is going hard after market presence and is willing to sacrifice short-term profitability. We actually like that posture. It's very Frank Slupin-like. This company spends a lot of money on R&D and go-to-market. The question is, does Okta have inherent profitability? The company, as they say, spends a ton in some really key areas but it looks to us like it's going to establish a footprint. It's guiding revenue CAGR in the mid-30s over the mid to long-term and near term should beat that benchmark handily. But you can see the red highlights on Okta. And even though Okta is up 59% from its pre-pandemic levels, it's far behind its peers shown in the chart, especially CrowdStrike and Zscaler, the latter being somewhat less impacted by the pullback in stocks recently, of course, due to the fears of inflation and interest rates, and, of course, Russian invasion escalation. But these high flyers, they were bound to pull back. The question is can they maintain their category leadership? And for the most part, we think they can. All right, let's get into some of the ETR data. Here's our favorite XY view with net score, or spending momentum on the Y-axis, and market share or pervasiveness in the data center on the horizontal axis. That red 40% line, that indicates a highly elevated spending level. And the chart inserts to the right, that shows how the data is plotted with net score and shared N in each of the columns by each company. Okay, so this is an eye chart, but there really are three main takeaways. One is that it's a crowded market. And this shows only the companies ETR captures in its survey. We filtered on those that had more than 50 mentions. So there's others in the ETR survey that we're not showing here, and there are many more out there which don't get reported in the spending data in the ETR survey. Secondly, there are a lot of companies above the 40% mark, and plenty with respectable net scores just below. Third, check out SentinelOne, Elastic, Tanium, Datadog, Netskope, and Darktrace. Each has under 100 N's but we're watching these companies closely. They're popping up in the survey, and they're catching our attention, especially SentinelOne, post-IPO. So we wanted to pare this back a bit and filter the data some more. So let's look at companies with more than 100 mentions in the same chart. It gets a little cleaner this picture, but it's still crowded. Auth0 leads everyone in net score. Okta is also up there, so that's very positive sign since they had just acquired Auth0. CrowdStrike SalePoint, Cyberark, CloudFlare, and Zscaler are all right up there as well. And then there's the bigger security companies. Palo Alto Network, very impressive because it's well above the 40% mark, and it has a big presence in the survey, and, of course, in the market. And Microsoft as well. They're such a big whale. They skew the data for everybody else to kind of mess up these charts. And the position of Cisco and Splunk make for an interesting combination. They get both decent net scores, not above the 40% line but they got a good presence in the survey as well. Thinking about the acquisition, Al Shugart was the CEO of of Seagate, and founder. Brilliant Silicon valley icon and engineer. Great business person. I was asking him one time, hey, you thinking about buying this company or that company? And of course, he's not going to tell me who he's thinking about buying or acquiring. He said, let me just tell you this. If you want to know what I'm thinking, ask yourself if it were free, would you take it? And he said the answer's not always obviously yes, because acquisitions can be messy and disruptive. In the case of Cisco and Splunk, I think the answer would be a definitive yes It would expand Cisco's portfolio and make it the leader in security, with an opportunity to bring greater operating leverage to Splunk. Cisco's just got to pay more if it wants that asset. It's got to pay more than the supposed $20 billion offer that it made. It's going to have to get kind of probably north of 23 billion. I pinged my ETR colleague, Erik Bradley, on this, and he generally agreed. He's very close to the security space. He said, Splunk isn't growing the customer base but the customers are sticky. I totally agree. Cisco could roll Splunk into its security suite. Splunk is the leader in that space, security information and event management, and Cisco really is missing that piece of the pie. All right, let's filter the data even more and look at some of the companies that have moved in the survey over the past year and a half. We'll go back here to July 2020. Same two-dimensional chart. And we're isolating here Auth0, Okta, SalePoint CrowdStrike, Zscaler, Cyberark, Fortinet, and Cisco. No Microsoft. That cleans up the chart. Okay, why these firms? Because they've made some major moves to the right, and some even up since last July. And that's what this next chart shows. Here's the data from the January 2022 survey. The arrow start points show the position that we just showed you earlier in July 2020, and all these players have made major moves to the right. How come? Well, it's likely a combination of strong execution, and the fact that security is on the radar of every CEO, CIO, of course, CSOs, business heads, boards of directors. Everyone is thinking about security. The market momentum is there, especially for the leaders. And it's quite tremendous. All right, let's now look at what's become a bit of a tradition with Breaking Analysis, and look at the firms that have earned four stars. Four-star firms are leaders in the ETR survey that demonstrate both a large presence, that's that X-axis that we showed you, and elevated spending momentum. Now in this chart, we filter the N's. Has to be greater than 100. And we isolate on those companies. So more than 100 responses in the survey. On the left-hand side of the chart, we sort by net score or spending velocity. On the right-hand side, we sort by shared N's or presence in the dataset. We show the top 20 for each of the categories. And the red line shows the top 10 cutoffs. Companies that show up in the top 10 for both spending momentum and presence in the data set earn four stars. If they show up in one, and make the top 10 in one, and make the top 20 in the other, they get two stars. And we've added a one-star category as honorable mention for those companies that make the top 20 in both categories. Microsoft, Palo Alto Networks, CrowdStrike, and Okta make the four-star grade. Okta makes it even without Auth0, which has the number one net score in this data set with 115 shared N to boot. So you can add that to Okta. The weighted average would pull Okta's net score to just above Cyberark's into fourth place. And its shared N would bump Okta up to third place on the right-hand side of the chart Cisco, Splunk, Proofpoint, KnowBe4, Zscaler, and Cyberark get two stars. And then you can see the honorable mentions with one star. Now thinking about a Cisco, Splunk combination. You'd get an entity with a net score in the mid-20s. Yeah, not too bad, definitely respectable. But they'd be number one on the right-hand side of this chart, with the largest market presence in the survey by far. Okay, let's wrap. The trends around hybrid work, cloud migration and the attacker escalation that continue to drive cybersecurity momentum and they're going to do so indefinitely. And we've got some bullet points here that you're seeing private companies, (laughs) they're picking up gobs of money, which really speaks to the fact that there's no silver bullet in this market. It's complex, chaotic, and cash-rich. This idea of MSSPs on the rise is going to continue, we think. About half the mid-size and large organization in the US don't have a SecOps, a security operation center, and outsourcing to one that can be tapped on a consumption basis, cloud-like, as a service just makes sense to us. We see the momentum that companies that we've highlighted over the many quarters of Breaking Analysis are forming. They're forming a strong base in the market. They're going for market share and footprint, and they're focusing on growth, at bringing in new talent. They have good balance sheets and strong management teams and we think they'll be leading companies in the future, Zscaler, CrowdStrike, Okta, SentinelOne, Cyberark, SalePoint, over time, joining the ranks of billion dollar cyber firms, when I say billion dollar, billion dollar revenue like Palo Alto Networks, Fortinet, and Splunk, if it doesn't get acquired. These independent firms that really focus on security. Which underscores the pressure and consolidation and M&A in the whole space. It's almost assured with the fragmentation of companies and so many new entrants fighting for escape velocity that this market is going to continue with robust M&A and consolidation. Okay, that's it for today. Thanks to my colleague, Stephanie Chan, who helped research this week's topics, and Alex Myerson on the production team. He also manages the Breaking Analysis podcast. Kristen Martin and Cheryl Knight, who get the word out. Thank you to all. Remember these episodes are all available as podcasts wherever you listen. All you do is search Breaking Analysis podcast. Check out ETR's website at etr.ai. We also publish a full report every week on wikibon.com and siliconangle.com. You can email me at david.vellante@siliconangle.com. @dvellante is my DM. Comment on our LinkedIn posts. This is Dave Vellante for theCUBE Insights powered by ETR. Have a great week. Be safe, be well, and we'll see you next time. (upbeat music)

(bright music) >> The challenges of legacy data warehouses and traditional business intelligence systems, they've been well-documented. They're built on rigid infrastructure, and they're managed by really specialized gatekeepers. Data warehouses of the past were, as one financial customer once said to me, like a snake swallowing a basketball, imagine that. The amount of data ingested into a data warehouse has just overwhelmed the system. Every time Intel came out with a new microprocessor, practitioners, they would chase the chip in an effort to try to compress the overly restrictive elapsed time to insights, and this cycle repeated itself for decades. Cloud data warehouses, generally, and Snowflake, specifically, changed all this. Not only were resources virtually infinite, but the ability to separate, compute from storage, it actually turned off the compute when you weren't using it, permanently altered the cost, the performance, the scale and the value equation. But as data makes its way into the cloud and is increasingly democratized as a shared resource across clouds and at the edge, practitioners have to bring Sec DevOps mindsets to securing their cloud data warehouses. Hello, and welcome to this week's Wikibon, "theCUBE Insights," powered by ETR. In this "Breaking Analysis," we take a closer look at the fundamentals of securing Snowflake and to do so, we welcome two guests into the program. Ben Herzberg is an experienced hacker and developer and an expert in several aspects of data security. He's currently working as the Chief Data Scientist at Satori, and he's joined by his colleague, Yoav Cohen, who is a technology visionary, and currently serving as CTO at Satori Cyber. Gentlemen, welcome to "theCUBE," great to see you. >> Great to be here. >> Thanks for having us, Dave. >> Now, these two individuals have co-authored a book on Snowflake Security. It's a comprehensive guide to what you need to know as a data practitioner using Snowflake. So guys, congratulations on the book. It's really detailed, packed with great information, best practices and practical advice and insights all in one place, so really good work. So, before we get into the discussion, I want to share some ETR survey data just to set the context. We're seeing cybersecurity and data, they're colliding in a really important way. And here's some data points that we've shared before from ETR's latest drill down survey. They asked more than 1200 respondents. We're talking CIOs, CSOs and IT professionals, "Which organizational priorities "will be most important in 2022?" And these were the top seven. There were a lot of others, but these were the most important. So, it's no surprise that security is number one, although, as we shared in our predictions post, the magnitude of its relative importance, it does vary by the degree of expertise within the organization. The Delta is maybe not as significant, for example, in large companies, and you can see where analytics and data fit. And we've tied these two domains together and picked up on a term that our two guests have used, in fact, you guys may have even coined it, called DataSecOps, which, to me, is the idea that you bring Agile DevOps practices to data operations and built-in security as part of the full cycle of managing, creating the data, using the data, accessing the data, not a bolt on, but it's fundamental, so guys, what do you make of this data, and what's your point of view on DataSecOps? >> So, definitely aligns with what we're seeing on the ground in the market. In between what you saw there, you had cybersecurity and data warehousing. In the middle you had cloud migration, and that's basically what's pushing companies to invest in both security and data and warehousing, because the cloud changed the game for cybersecurity. The tools that we use before are not the same tools that we need to use now. And also, it unlocks a lot of performance value and capabilities around data warehousing. So, all of that comes together to a big trend in the industry for investment, for replacement, and definitely we're seeing that on the Snowflake platform, which is doing really, really well recently. >> Yeah, well thank you, Yoav. And to that point, I want to share another data point and then dive in, maybe Ben, you can comment. And I want to address, why are we always talking about Snowflake? Of course, it's a hot company. Everybody knows that. You can see it in the company's financials, but the ETR survey data tells a really compelling story about the company. Here's a chart from the most recent ETR January survey. And so, you can see at the, at the top, that blue line, it represents net score or spending momentum, and the darker line at the bottom represents presence or pervasiveness in the survey sample. Just a background, there are 165 Snowflake customers that responded to this past survey. 10% of companies within the Fortune 500 were in the sample, and around 4% of Global 2000 companies participated. Just under 30% of the respondents were C-Suite executives, and about 20% were analysts or engineers or data specialist with around half were VP, director, manager roles that fat middle, with a very broad mix of industries, and there was a bias toward larger companies. Now, back to the chart, that net score for a moment, is that top line, is derived by asking customers, "Are you adopting Snowflake new in 2022?" That's the 27% lime green number. "Will you be spending 6% or more on Snowflake, "relative to 2021?" That's the 57% forest green. "Is your spending flat?" That's the gray. "Is it down by 6% or worse?" That's the other, the pink area. "Are you leaving the platform?" That's the bright red, and that's a zero defection, so there's none there. So you subtract the reds from the greens, and you get net score, which calculates out to 83% in his pet survey. But what's remarkable is that Snowflake has held this elevated score for more than 12 quarterly surveys. It's in the stratosphere among the many thousands and thousands of companies in the ETR survey. Remember, anything above that 40% line is elevated and Snowflake is like glued to the ceiling. So the bottom line shows that the company's market presence continues to grow, that darker line at the bottom, and that green shade shows us that the pace of last quarter is actually accelerating. Snowflake is becoming ubiquitous, and customers are becoming intimately familiar with its platform, and it's scaling like we've never seen before, and it's building a pretty hard to penetrate fortress, we think, and an ecosystem. Ben, I wonder, in your view, what accounts for Snowflake's performance? >> Okay, so I would say that we can spend a full session just about such thing, so I'll try to say what I think. I think, first of all, it does what it says on the box. You get from zero to being able to have a data warehouse easily, you have a very rich support of capability and features that you need for a cloud data warehouse. Your multi-cloud, you're not dependent on one of the big public clouds, and it's fast and scalable, and you don't need to worry yourself with the infrastructure behind. You don't need to, God-forbid, add any indexes or do things like that. You don't need to do that, at least not often, indexes never, but other maintenance. And the innovation rate, they innovate fast. They add a lot of new capabilities, like the move to unstructured data, like a lot of security and governance capabilities, high innovation rate as well. >> Okay, good, and we'll talk about that move. So let's get deeper into the topic now on securing Snowflake. My first question is look, Snowflake, when you talk to practitioners and customers, they get pretty high marks on security, largely because of the simplicity, so why did you feel the need to write a book on the subject? >> So, definitely Snowflake is investing a lot of effort and putting a lot of emphasis on security. However, it's connected to the cloud service, and like any other cloud service, there is a shared responsibility model between Snowflake and its customers when it comes to fully securing their data cloud. So Snowflake can build amazing features, but then customers have to really adopt them, implement them in the best way. One of the things that we've seen by working with Snowflake customers is that we typically interact with data engineers, but then they have to implement security features and security capability. We thought writing a book about the topic would help these customers to understand the features better, benefit from them better and really structure their implementation and decide what's most important to implement at every step of their journey. >> Yeah, and I think that when I was researching this topic, I could find a lot of good information on the web, but I kind of had to hunt and peck for it. It was really sort of dispersed, and you put the information all in one place. You have a nice table of contents, so I can just zip right to where I want to go, so that was quite useful, I thought. What are the very basic fundamentals of securing Snowflake? In other words, I'm interested in, you get this world of flexible, it's globally distributed. You get democratizing data. How do you really make sure that only those folks that should have access, do have access? I mean really, let's talk about that a little bit. >> Oh, I think that, of course there are a lot of different aspects, but I think that I would start with the big blocks. For example, when you get a Snowflake account out of the box, it's open to the world in terms of network. I would start by limiting that. That should be easy for an organization. It's a couple of commands, and you've lowered your risk significantly, both security and compliance. Then, one of the common things that you can get a good improvement in a decrease of your risk is around those indications. For example, do you have applications that are accessing Snowflake using user password? Okay, change that to using a key. Do you have users with username, password? Change that to Okta integration or your IDP integration. So I would start with the big blocks that can remove most of my risk, and then of course, there is a lot to do from getting to the data warehouse and to auditing and monitoring. >> Okay, thank you for that. But, Yoav, how are these fundamentals that we just heard from Ben, how are they different? Isn't this kind of common sense? What's unique about Snowflake? >> So, a couple things, first of all, security, we love to say that it's 80% good security hygiene. You have to make sure that your basics are locked and tightly configured and that brings a lot of value. But two points to consider, first of all, all of these types of controls are pretty static in the sense that once you get in, you get in, and then you have pretty broad access, and we'll talk about authorization concepts and everything, perhaps today, but these are really static gatekeepers around your data. Once you have access, then it's really free for all. When you compare it to other types of environments and what we're seeing in other domains, maybe a move to more dynamic type of controls, elevated access or elevated additional authentication steps before you get elevated access. And what we're thinking is that beyond those static controls, the market is going to move towards implementing more dynamic, more fine-grain control, especially because in Snowflake, but any other data warehouse or large-scale data store, which becomes an aggregation point of data in the company, and we work with really big companies, and they bring in data from multiple jurisdiction from across the world, so they can get an overview of the business and run the business in a much more efficient way, but that really creates a pressure point when it comes to securing that data. >> Okay, Ben, you touched on this a little bit. I want to kind of dig deeper. So, Snowflake takes a layered approach, of course, it's sensible, and the layers, network, which talked about identity, access and encryption. and so, with any cloud, as you guys mentioned, it's a shared responsibility model. So I want to break that down a bit, and let's start with the network. So my responsibility, as a customer, I'm going to be responsible to set up the DNS. How much public internet access am I going to have for other users and apps. So how should practitioners think about their end of the bargain on the network? What do they need to know? >> At the network level, as I mentioned before, a new account is open network-wise, it's open to the world. And one of the first thing I would do would be to set a network policy on the account to limit network access to that account. And of course, in many organizations, you would want to configure that with private link to your cloud environment, but that would be step two. (laughs) First step is simply set the network policy to make sure that it's not open to the public. >> Yeah, and that seems pretty straightforward, but let's talk about identity, 'cause it feels like that's where it starts to get tricky. You got to worry about setting up roles and managing users. You could even configure row and column base access, as I understand it, and I imagine access is where it really gets confusing for a lot of people, especially when you're crossing domain identities. Like for example, isn't a role-based security, let's land on that for a minute, I think you called it hierarchy hell in the book, so what should we think about in regards to identity? >> Well, first of all, it's hierarchy hell, in the book, it says that you can use hierarchy, but you should avoid getting to a hierarchy hell. Basically, we've seen that with several Snowflake customers where the ability to set roles in a hierarchy model, to set a role that inherits privileges from another role, that inherits privileges from other roles and maybe, of course, used in a good way, but it also in some of the cases, it leads to complexities and to access not being deterministic, at least not obvious to the person who gives access, who is usually the data engineer. So, whenever you start having a complex authorization model, whenever I want to give Yoav access to a certain data set, and because things are complex, I also, by mistake, give him access to the salary information of the company, that's when things become tricky. If your roles are messy and complex, then it may lead to data exposure within the organization or outside the organization. >> How do you find Snowflake's integrations? Like if I want to use Okta or I want to use a CyberArk, I mean, how would you grade them on their ability to integrate with popular third party platforms? >> So, I would say pretty high, actually. We haven't encountered many customers who haven't configured any of these... nowadays, really basic security integration, and it really, really helps, setting that good identity management foundation for the platform. So they're investing a lot in that area, and we've been following them for a couple of years now, and it's really, really coming along nicely. >> All right, let's talk about encryption. I mean, that seemed pretty straightforward. Correct me if I'm wrong. I think Snowflake auto rotates the keys every 30 days. It really seems like your responsibility there is monitoring, making sure you're in compliance. You got good log data or access to good log data. Is that right? >> So, this really depends. So, for the average company, I would say, yes. For some of the companies with higher security requirements or compliance requirements or both, sometimes there are issues like companies that do not want to have the data stored in clear text, in Snowflake, even encrypted as in the data warehouse encryption or the account encryption, even if someone accidentally gets access to the table, they want them not to be able to pull the data in clear text, and then it gets slightly more complicated. You have different ways of tackling this, but for the average company or companies who do not have such requirements, then everything in Snowflake is encrypted in transit and addressed, and of course, there are more advanced features for higher requirements. >> Okay, I'm interested in what you guys think of some of the more vulnerable aspects that Snowflake customers should really be aware of. Imagine I'm saying, "Guys, let's run a pen test. "Okay, make sure I have no open chest wounds, "but really try to fool me." What would you attack? Where should I be extra cautious? >> So, I would start with where data resides. And, if you look at the Snowflake architecture, there's a separation between storage and compute, but that also means storage is accessible without going through the compute. That can create opportunities for hackers to go and try and find access where access shouldn't be had. That's where I would focus on. >> I want to ask you about Virtual Private Snowflake. It seems to me, if I have sensitive data, if I don't use Virtual Private Snowflake, I feel like I'm increasing my risk that a security incident at the shared cloud services layer could impact multiple customers, and is this a valid concern? How should we think about reducing that risk, and when should I use that higher level of security? >> So, I think first of all, to the best of my knowledge, I'm not a Snowflake employee, but to the best of my knowledge, Virtual Private Snowflake is used by a minority of the customers, a small minority of the customers. There are other more popular ways within Snowflake, like private link, for example, I would say, to enhance your security and your account segregation. But I wouldn't say that simply because the platform is multi-tenant, it is vulnerable. Of course, in many cases, your security or compliance requirements requires you to eliminate even this risk, but I wouldn't say that there are a lot of other platforms in different areas that are multi-tenant and-- >> And probably better than your on-prem, your average on-prem installation. >> Probably, probably. >> Okay, so I buy that. >> I would say on that, that maybe a shared environment is a higher value target for hackers. So if you're on a shared environment with thousands of other customers, if I'm a hacker, I would go there, 'cause then I get data for thousands of customers instead of try to focus on just one target and getting data for just one company. I think that's the most significant advantage. And obviously, Snowflake are investing a lot in making all of their environments very, very secure, and from our interactions with large Snowflake customers, we know that Snowflake are going above and beyond in making sure these environments are secure. >> Yeah, that's good, that's good news, because if I don't have to spend up, I can put the budget elsewhere. How do you guys think Snowflake's recent moves... They're making a couple of big moves. They've recently added unstructured data. They used to have semi-structured data. They're going after the data science and data lake functionality. Do those kinds of moves, I guess they're two different things, but does that change the way that security pros should think about protecting their Snowflake environment? >> I would say that Snowflake is moving fast with adding new functionality, well fast, but not too fast. They're releasing it in a controlled way. I would say that for new capabilities, of course, in some cases there are new attack vectors or new risks and obviously, securing different types of data may bring new challenges, but the basics, I think, remains the same. The basics of the network, identity authentication, authorization and auditing monitoring. I would say they will be the same and perhaps new features or capability will need to be used. And the largest issue, as data democratization is growing within organizations, and more and more people are using your data cloud, that also needs to be addressed. >> All right, finally, I want to end, I want to talk a little bit about futures. Have you guys talked in your book about multi-cloud as a way to reduce your reliance on a single vendor? And of course, it happens through M and A, and that's cool. We've talked a lot about multi-cloud, and we've been using this term that we coined, called supercloud, and it references an abstraction layer that exists on top of, and floats across, if you will, multiple clouds, and it hides some of that underlying complexity, and we feel like Snowflake is a good example of a company that's moving in that direction, building value on top of all that hyperscale infrastructure. So I wonder how you see Snowflake's moves in that direction would impact the way you think about DataSecOps. >> So definitely, we also see the trend of companies adopting more and more types of cloud and cloud technologies. They're in one cloud today. They want to move to a second one, almost every company that I talk to have, nowadays, a multi-cloud strategy. With respect to Snowflake, they basically have it figured out, because they are an overlay, like a supercloud, super data cloud, that is spread across any cloud, and you can basically pick and choose where you want to put your data for what use cases, and that's really, really helpful, because then you don't have to manage the complexity of multiple solutions for multiple areas of the business. We see this also in other areas where companies are saying, "Hey, I prefer to not use a specific cloud technology "for that purpose, but use a vendor that can cover my needs "across the clouds," definitely on the security side, where they want one throat to choke, so to speak, but they want to control things on a central place. As Ben mentioned before, complexity is the enemy of security and having those multi-cloud operations, from a security perspective, definitely adds complexity, which adds risks, so simplifying that is really, really helpful. >> Hey, thank you for that, and thank you guys for coming on today. Why don't you give us a little bumper sticker on Satori. What do you guys do? Give us the quick commercial. >> So, we help companies secure access to their data on platforms like Snowflake and others. We build really innovative technology that decouples security controls from the actual data layer. So if you think about it, where you can put controls to govern how people access data. You can put it inside the database. You can put it somewhere on the client. We've actually invented a technology that can do that in the middle, so you don't have to coalesce and mix your security concerns with your data. You don't have to go to your clients' users' end-points, laptops and put technology there. We set technology that fits in the middle, that decouples that aspect of your DataSecOps operations, and really helps companies implement those security controls much faster, because it's detached from the rest of their operation. >> Nice thought, leaning into that simplicity trend that you talked about. Okay guys, that's all the time we have today. Really, I want to thank Ben and Yoav for coming on "theCUBE." It was really great to have you. I'd love to welcome you back at some point. >> Thank you, Dave. >> Thank you, it was a pleasure >> All right, remember these episodes, these episodes are all available as podcasts, wherever you listen. All you got to do is search breaking analysis podcasts. Check out ETR's website at ETI.ai. We also publish full report every week on Wikibon.com and SiliconAngle.com. You can get in touch with me. Email me, David.Vellante@SiliconANGLE.com @DVellante or comment on our LinkedIn posts. This is Dave Vellante for "theCUBE Insights," powered by ETR. Have a great week, stay safe, be well, and we'll see you next time. (bright music)

>> From theCUBE studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE in ETR. This is Breaking Analysis with Dave Vellante. >> Despite the more than $100 billion spent each year fighting Cyber-crime. When we do an end-of-the year look back and ask "How did we do?" The answer is invariably the same, "Worse than last year." Pre pandemic, the picture was disheartening, but since March of 2020 the situation has only worsened as cyber-criminals have become increasingly sophisticated, better funded and more brazen. SecOps pros continue to fight, but unlike conventional wars, this one has no end. Now the flip side of course, is that markets continue to value cybersecurity firms at significant premiums. Because this huge market will continue to grow by double digits for the foreseeable future. Hello and welcome to this week's Wikibon theCUBE Insights powered by ETR. In this Breaking Analysis, we look at the state of cybersecurity in 2021 and beyond. We'll update you with the latest survey data from enterprise technology research and share the fundamentals that have investors piling into the security space like never before. Let's start with the customer view. Cybersecurity remains the number one priority for CIOs and CSOs. This latest ETR survey, once again asked IT buyers to rank their top priorities for the next 12 months. Now the last three polling period dating back to last March. Cybersecurity has outranked every top spending category, including cloud, data analytics, productivity software, networking, AI, and automation or RPA. Now this shouldn't surprise anybody, but it underscores the challenges that organizations face. Not only are they in the midst of a non-optional digital transformation, but they have to also fund a cyber war that has no ceasefires, no truces, and no exit path. Now there's much more going on in cybersecurity than ransomware, but certainly that has the attention of executives. And it's becoming more and more lucrative for attackers. Here's a snapshot of some of the more well-documented attacks this decade many which have occurred in very recent months. CNA Financial, they got hit earlier this year and paid a $40 million ransom. The Ireland Health Service also got hit this year and refused to pay the ransom, but it's estimated that the cost to recover and the damage to the organization exceeded half a billion dollars. The request was for a $20 million ransom. The JBS meat company hack, they paid $11 million. CWT travel paid $5 million. The disruption from the Colonial Pipeline company, was widely reported they paid more than $4 million, as the Brenntag, the chemical company. The NBA got hit. Computer makers, Quanta and Acer also. More than 2,000 random attacks were reported to the FBI in the first seven months of 2021. Up more than 60% from 2020. Now, as I've said many times, you don't have to be a genius to be a ransomware as today. Anyone can go on the dark web, tap into ransomware as a service. Attackers, they have insidious names like darkside, evil, the cobalt, crime gang, wizard spider, the Lazarus gang, and numerous others. Criminals they have negotiation services is most typically the attackers, they'll demand a specific amount of money but they're willing to compromise in an exchange of cryptocurrency for decryption keys. And as mentioned, it's not just ransomware supply chain attacks like the solar winds hack hit organizations within the U.S government and companies like Mimecast this year. Now, while these attacks often do end up in a ransom situation. The attackers sometimes find it more lucrative to live off the land and stealth fashion and ex filtrates sensitive data that can be sold or in the case of many financial institution attacks they'll steal information from say a chief investment officer that signals an upcoming trading strategy and then the attackers will front run that trade in the stock market. Now, of course phishing, remains one of the most prominent threats. Only escalated by the work from home trend as users bring their own devices and of course home networks are less secure. So it's bad, worse than ever before. But you know, if there's a problem, entrepreneurs and investors, they're going to be there to solve it. So here's a LinkedIn post from one of the top investors in the business, Mike Speiser. He was a founding investor in Snowflake. He helped get pure storage to escape velocity and many, many other successes. This hit my LinkedIn feed the other day, his company Sutter Hill Ventures is co-leading a 1.3 Series D on an $8.3 billion valuation. They're putting in over $200 million. Now Lacework is a threat detection software company that looks at security as a data problem and they monitor exposures across clouds. So very timely. So watch that company. They're going to soar. Now the right hand chart shows venture investments in cybersecurity over the past several years. You can see it exploded in 2019 to $7.6 billion. And people thought the market was peaking at that time, if you recall. But then investments rose a little bit to $7.8 billion in 2020 right in the middle of lockdown. And then the hybrid work, the cloud, the new normal thesis kicked in big time. It's in full gear this year. You can see nearly $12 billion invested in cybersecurity in the first half of 2021 alone. So the money keeps coming in as the problem gets worse and the market gets more crowded. Now we'd like to show this slide from Optiv, it's their security taxonomy. It'll make your eyes cross. It's so packed with companies in different sectors. We'll put a link in our posts, so you can stare at this. We've used this truck before. It's pretty good. It's comprehensive and it's worth spending some time to see what that landscape looks like. But now let's reduce this down a bit and bring in some of the ETR data. This is survey data from October that shows net score or spending momentum on the vertical axis and market share or pervasiveness in the dataset on the horizontal axis. That's a measure of mentioned share if you will. Now this is just isolated on the information security sector within the ETR taxonomies. No filters in terms of the number of responses. So it's every company that ETR picks up in cybersecurity from its buyer surveys. Now companies above that red line, we consider them to have a highly elevated spending momentum for their products and services. And you can see, there are a lot of companies that are in this map first of all, and several above that magic mark. So you can see the momentum of Microsoft and Palo Alto. That's most impressive because of their size, their pervasiveness in the study, Cisco and Splunk are also quite prominent. They don't have as much spending momentum, but they're pretty respectable. And you can see the companies that have been real movers in this market that we've been reporting on for a while. Okta, CrowdStrike, Zscaler, CyberArk, SailPoint, Authzero, all companies that we've extensively covered in previous breaking analysis episodes as the up and comers. And isn't it interesting that Datadog is now showing up in the vertical axis. You see that in the left-hand side up high, they're becoming more and more competitive to Splunk in this space as an alternative and lines are blurring between observability, log analytics, security, and as we previously reported even backup and recovery. But now let's simplify this picture a bit more and filter down a little bit further. This chart shows the same X, Y view. Same data construct and framework, but we required more than a hundred responses to hit the chart. So the companies, they have to have a notable market presence in the ETR survey. It's perhaps a bit less crowded, but still very packed. Isn't it? You can see firms that are less prominent in the space like Datadog fell off. The big companies we mentioned, obviously still prominent Microsoft, Palo Alto, Cisco and Splunk and then those with real momentum, they stand out a little bit. There's somewhat smaller, but they're gaining traction in the market. As we felt they would Okta and Auth zero, which Okta acquired as we reported on earlier this year, both showing strength as our CrowdStrike, Zscaler, CyberArk, which does identity and competition with Okta and SentinelOne, which went public mid this year. The company SentinelOne uses AI to do threat detection and has been doing quite well. SalePoint and Proofpoint are right on that red elevated line and then there's a big pack in the middle. Look, this is not an easy market to track. It's virtually every company plays in security. Look, AWS says some of the most advanced security in the business but they're not in the chart specifically, but you see Microsoft is. Because much of AWS security is built into services. Amazon customers heavily rely on the Amazon ecosystem which is in the Amazon marketplace for security products. And often they associate their security spend with those partners and not necessarily Amazon. And you'll see networking companies you see right there, like Juniper and the bottom there and in the ETR data set and the players like VMware in the middle of the pack. They've been really acquisitive for example, with carbon black. And the, of course, you've got a lot of legacy players like McAfee and RSA and IBM. Look, virtually every company has a security story and that will only become more common in the coming years. Now here's another look at the ETR data it's in the raw form, but it'll give you a sense of two things; One is how the data from the previous chart is plotted. And two, it gives you a time series of the data. So the data lists the top companies in the ETR data sets sorted by the October net score in the right most column. Again, that measures spending momentum. So to make the cut here, you had to have more than a hundred mentions which is shown on the left-hand side of the chart that shared N, IE that's shared accounts in the dataset. And you can track the data from last October, July of this year and the most recent October, 2021 survey. So we, drew that red line just about at the 40% net score market coincidentally, there are 10 companies that are over that figure over that bar. We sometimes call out the four star companies. We give four stars to those companies that both are in the top 10 and spending momentum and the top in prominence are shared N in the dataset. So some of these 10 would fit into that profile by that methodology, specifically, Microsoft, Okta, CrowdStrike, and Palo Alto networks. They would be the four star companies. Now a couple of other things to point out here, DDoS attacks, they're still relevant, and they're real threat. So a company like CloudFlare which is just above that red line they play in that space. Now we've also shaded the companies in the fat middle. A lot of these companies like Cisco and Splunk for example, they're major players in the security space with very strong offerings and customer affinity. We sometimes give them two stars. So this is what makes this market so interesting. It's not like the high end discourage market where literally every vendor in the Gartner magic quadrant is up in the right, okay. And there's only five or four or five, six vendors there. This market is diverse with many, many segments and sub segments, and it's such a vital space. And there's so many holes to fill with an ever changing threat landscape as we've seen in the last two years. So this is in part which makes it such a good market for investors. There's a lot of room for growth and not just from stealing market share. That's certainly an opportunity there, but things like cloud, multi-cloud, shifting end points, the edge ,and so forth make this space really ripe for investments. And to underscore this, we put together this little chart of some of the pure play security firms to see how their stock performance has done recently. So you can see that here, you know, it's a little hard to read, but it's not hard to see that Okta, CrowdStrike, Zscaler on the left have been big movers. These charts where possible all show a cross here, starting at the lockdown last year. The only exception is SentinelOne which IPO mid this year. So that's the point March, 2020 when the whole world changed and security priorities really started to shift to accommodate the work from home. But it's quite obvious that since the pandemic, these six companies have been on a tear for the fundamental reason that hybrid work has created a shift in spending priorities for CSOs. No longer are organizations just spending on hardening a perimeter, that perimeter has been blown away. The network is flattening. Work is what you do, it's no longer a place. As such threats are on the rise and cloud, endpoint security, identity access tools there become increasingly vital and the vendors who provide them are on the rise. So it's no surprise that the players that we've listed here which play quite prominently in those markets are all on fire. So now in summary, I want to stress that while the picture is sometimes discouraging. The entire world is becoming more and more tuned in to the cyber threat. And that's a good thing. Money is pouring in. Look, technology got us into this problem and technology is a defensive weapon that will help us continue this fight. But it's going to take more than technology. And I want to share something. We get dozens and dozens of in bounds this time of the year because we do an annual predictions posts. So folks and they want to help us out. So now most of the in bounds and the predictions that we get, they're just kind of observations or frankly, non predictions that can't really be measured as like where you right, or where you're wrong. So for the most part I like predictions that are binary. For example, last December we predicted their IT spending in 2021 would rebound and grow at 4% relative to 2020. Well, it did rebound but that prediction really wasn't as accurate as I'd like. It was frankly wrong. We think it's actually the market's going to actually grow. Spending's going to grow more like 7% this year. Not to worry plenty of our predictions came true, but we'll leave that for another day. Anyway, I got an email from Dean Fisk of Fisk partners. It's a PR firm representing an individual named Lyndon Brown chief of strategy officer of Pondurance. Pondurance is a security consultancy. And the email had the standard, Hey, in case you're working on a predictions post this year end, blah, blah, blah. But instead of sharing with me, a bunch of non predictions, the notes said here's some trends in cybersecurity that might be worth thinking about. And there were a few predictions sprinkled in there, but I wanted to call it a couple of the comments from Linden Brown, whom I don't know, I never met the guy, but I really thought his trends were spot on. The first was a stat I'll share that the United Nations report cyber crime is up 600% due to the pandemic. If as if I couldn't feel worse already. His first point though was that the hybrid workplace will be the new frontier for cyber. Yes, we totally agree. There are permanent shifts taking place. And we actually predicted that last year, but he further cited that many companies went from zero to full digital transformation overnight and many are still on that journey. And his point is that hybrid work is going to require a complete overhaul of how we think about security. We think this is very true. Now the other point that stood out is that governments are going to crack down on this behavior. And we've seen this where criminals have had their critical infrastructure dismantled by governments. No doubt the U.S government has the capabilities to do so. And it is very much focused on this issue. But it's tricky as Robert Gates, who was the former defense secretary, told me a few years back in theCUBE. He said, well, we have the best offense. We also have the most to lose. So we have to be very careful, but Linden's key point was you are going to see a much more forward and aggressive public policy and new laws that give crime fighters more latitude . Again, it's tricky kind of like the Patriot act was tricky but it's coming. Now, another call-out from Linden shares his assertion that natural disasters will bring increased cyber risk. And I thought this was a really astute point because natural disasters they're on the rise. And when there's chaos, there's cash opportunities for criminals. And I'll add to this that the supply chain risk is far from over. This is going to be continuing theme this coming year and beyond. And one of the things that Linden Brown said in his note to me is essentially you can't take humans out of the equation. Automation alone can't solve the problem, but some companies operate as though they can. Just as bad human behavior, can tramp good security, Good human education and behavior is going to be a key weapon in this endless war. Now the last point is we're going to see continued escalation government crackdowns are going to bring retaliation and to Gates' point. The U.S has a lot at stake. So expect insurance premiums are going to go through the roof. That's assuming you can even get cyber insurance. And so we got to hope for the best, but for sure, we have to plan for the worst because it's coming. Deploy technology aggressively but people in process will ultimately be the other ingredients that allow us to live to battle for another day. Okay. That's a wrap for today. Remember these episodes they're all available as podcasts, wherever you listen just search "breaking analysis" podcast. Check out ETR his website at ETR.plus. We also publish a full report every week on Wikibond.com and siliconangle.com. You can get in touch. Email me @david.volante@tsiliconangle.com or you can DM me @dvellante. Comment on our LinkedIn posts. This is Dave Vellante for theCUBE insights powered by ETR. Have a great week. everybody stay safe, be well. And we'll see you next time. (techno music)