(upbeat music) (upbeat music) >> Hi everybody, welcome back to our coverage of the Cloud Native Security Con. I'm Dave Vellante, here in our Boston studio. We're connecting today with Palo Alto, with John Furrier and Lisa Martin. We're also live from the show floor in Seattle. But right now, I'm here with Andy Thurai who's from Constellation Research, friend of theCUBE, and we're going to discuss the intersection of AI and security, the potential of AI, the risks and the future. Andy, welcome, good to see you again. >> Good to be here again. >> Hey, so let's get into it, can you talk a little bit about, I know this is a passion of yours, the ethical considerations surrounding AI. I mean, it's front and center in the news, and you've got accountability, privacy, security, biases. Should we be worried about AI from a security perspective? >> Absolutely, man, you should be worried. See the problem is, people don't realize this, right? I mean, the ChatGPT being a new shiny object, it's all the craze that's about. But the problem is, most of the content that's produced either by ChatGPT or even by others, it's an access, no warranties, no accountability, no whatsoever. Particularly, if it is content, it's okay. But if it is something like a code that you use for example, one of their site projects that GitHub's co-pilot, which is actually, open AI + Microsoft + GitHub's combo, they allow you to produce code, AI writes code basically, right? But when you write code, problem with that is, it's not exactly stolen, but the models are created by using the GitHub code. Actually, they're getting sued for that, saying that, "You can't use our code". Actually there's a guy, Tim Davidson, I think he's named the professor, he actually demonstrated how AI produces exact copy of the code that he has written. So right now, it's a lot of security, accountability, privacy issues. Use it either to train or to learn. But in my view, it's not ready for enterprise grade yet. >> So, Brian Behlendorf today in his keynotes said he's really worried about ChatGPT being used to automate spearfishing. So I'm like, okay, so let's unpack that a little bit. Is the concern there that it just, the ChatGPT writes such compelling phishing content, it's going to increase the probability of somebody clicking on it, or are there other dimensions? >> It could, it's not necessarily just ChatGPT for that matter, right? AI can, actually, the hackers are using it to an extent already, can use to individualize content. For example, one of the things that you are able to easily identify when you're looking at the emails that are coming in, the phishing attack is, you look at some of the key elements in it, whether it's a human or even if it's an automated AI based system. They look at certain things and they say, "Okay, this is phishing". But if you were to read an email that looks exact copy of what I would've sent to you saying that, "Hey Dave, are you on for tomorrow? Or click on this link to do whatever. It could individualize the message. That's where the volume at scale to individual to masses, that can be done using AI, which is what scares me. >> Is there a flip side to AI? How is it being utilized to help cybersecurity? And maybe you could talk about some of the more successful examples of AI in security. Like, are there use cases or are there companies out there, Andy, that you find, I know you're close to a lot of firms that are leading in this area. You and I have talked about CrowdStrike, I know Palo Alto Network, so is there a positive side to this story? >> Yeah, I mean, absolutely right. Those are some of the good companies you mentioned, CrowdStrike, Palo Alto, Darktrace is another one that I closely follow, which is a good company as well, that they're using AI for security purposes. So, here's the thing, right, when people say, when they're using malware detection systems, most of the malware detection systems that are in today's security and malware systems, use some sort of a signature and pattern scanning in the malware. You know how many identified malwares are there today in the repository, in the library? More than a billion, a billion. So, if you are to check for every malware in your repository, that's not going to work. The pattern based recognition is not going to work. So, you got to figure out a different way of identification of pattern of usage, not just a signature in a malware, right? Or there are other areas you could use, things like the usage patterns. For example, if Andy is coming in to work at a certain time, you could combine a facial recognition saying, that should he be in here at that time, and should he be doing things, what he is supposed to be doing. There are a lot of things you could do using that, right? And the AIOps use cases, which is one of my favorite areas that I work, do a lot of work, right? That it has use cases for detecting things that are anomaly, that are not supposed to be done in a way that's supposed to be, reducing the noise so it can escalate only the things what you're supposed to. So, AIOps is a great use case to use in security areas which they're not using it to an extent yet. Incident management is another area. >> So, in your malware example, you're saying, okay, known malware, pretty much anybody can deal with that now. That's sort of yesterday's problem. >> The unknown is the problem. >> It's the unknown malware really trying to understand the patterns, and the patterns are going to change. It's not like you're saying a common signature 'cause they're going to use AI to change things up at scale. >> So, here's the problem, right? The malware writers are also using AI now, right? So, they're not going to write the old malware, send it to you. They are actually creating malware on the fly. It is possible entirely in today's world that they can create a malware, drop in your systems and it'll it look for the, let me get that name right. It's called, what are we using here? It's called the TTPs, Tactics, Techniques and procedures. It'll look for that to figure out, okay, am I doing the right pattern? And then malware can sense it saying that, okay, that's the one they're detecting. I'm going to change it on the fly. So, AI can code itself on the fly, rather malware can code itself on the fly, which is going to be hard to detect. >> Well, and when you talk about TTP, when you talk to folks like Kevin Mandia of Mandiant, recently purchased by Google or other of those, the ones that have the big observation space, they'll talk about the most malicious hacks that they see, involve lateral movement. So, that's obviously something that people are looking for, AI's looking for that. And of course, the hackers are going to try to mask that lateral movement, living off the land and other things. How do you see AI impacting the future of cyber? We talked about the risks and the good. One of the things that Brian Behlendorf also mentioned is that, he pointed out that in the early days of the internet, the protocols had an inherent element of trust involved. So, things like SMTP, they didn't have security built in. So, they built up a lot of technical debt. Do you see AI being able to help with that? What steps do you see being taken to ensure that AI based systems are secure? >> So, the major difference between the older systems and the newer systems is the older systems, sadly even today, a lot of them are rules-based. If it's a rules-based systems, you are dead in the water and not able, right? So, the AI-based systems can somewhat learn from the patterns as I was talking about, for example... >> When you say rules-based systems, you mean here's the policy, here's the rule, if it's not followed but then you're saying, AI will blow that away, >> AI will blow that away, you don't have to necessarily codify things saying that, okay, if this, then do this. You don't have to necessarily do that. AI can somewhat to an extent self-learn saying that, okay, if that doesn't happen, if this is not a pattern that I know which is supposed to happen, who should I escalate this to? Who does this system belong to? And the other thing, the AIOps use case we talked about, right, the anomalies. When an anomaly happens, then the system can closely look at, saying that, okay, this is not normal behavior or usage. Is that because system's being overused or is it because somebody's trying to access something, could look at the anomaly detection, anomaly prevention or even prediction to an extent. And that's where AI could be very useful. >> So, how about the developer angle? 'Cause CNCF, the event in Seattle is all around developers, how can AI be integrated? We did a lot of talk at the conference about shift-left, we talked about shift-left and protect right. Meaning, protect the run time. So, both are important, so what steps should be taken to ensure that the AI systems are being developed in a secure and ethically sound way? What's the role of developers in that regard? >> How long do you got? (Both laughing) I think it could go for base on that. So, here's the problem, right? Lot of these companies are trying to see, I mean, you might have seen that in the news that Buzzfeed is trying to hire all of the writers to create the thing that ChatGPT is creating, a lot of enterprises... >> How, they're going to fire their writers? >> Yeah, they replace the writers. >> It's like automated automated vehicles and automated Uber drivers. >> So, the problem is a lot of enterprises still haven't done that, at least the ones I'm speaking to, are thinking about saying, "Hey, you know what, can I replace my developers because they are so expensive? Can I replace them with AI generated code?" There are a few issues with that. One, AI generated code is based on some sort of a snippet of a code that has been already available. So, you get into copyright issues, that's issue number one, right? Issue number two, if AI creates code and if something were to go wrong, who's responsible for that? There's no accountability right now. Or you as a company that's creating a system that's responsible, or is it ChatGPT, Microsoft is responsible. >> Or is the developer? >> Or the developer. >> The individual developer might be. So, they're going to be cautious about that liability. >> Well, so one of the areas where I'm seeing a lot of enterprises using this is they are using it to teach developers to learn things. You know what, if you're to code, this is a good way to code. That area, it's okay because you are just teaching them. But if you are to put an actual production code, this is what I advise companies, look, if somebody's using even to create a code, whether with or without your permission, make sure that once the code is committed, you validate that the 100%, whether it's a code or a model, or even make sure that the data what you're feeding in it is completely out of bias or no bias, right? Because at the end of the day, it doesn't matter who, what, when did that, if you put out a service or a system out there, it is involving your company liability and system, and code in place. You're going to be screwed regardless of what, if something were to go wrong, you are the first person who's liable for it. >> Andy, when you think about the dangers of AI, and what keeps you up at night if you're a security professional AI and security professional. We talked about ChatGPT doing things, we don't even, the hackers are going to get creative. But what worries you the most when you think about this topic? >> A lot, a lot, right? Let's start off with an example, actually, I don't know if you had a chance to see that or not. The hackers used a bank of Hong Kong, used a defect mechanism to fool Bank of Hong Kong to transfer $35 million to a fake account, the money is gone, right? And the problem that is, what they did was, they interacted with a manager and they learned this executive who can control a big account and cloned his voice, and clone his patterns on how he calls and what he talks and the whole name he has, after learning that, they call the branch manager or bank manager and say, "Hey, you know what, hey, move this much money to whatever." So, that's one way of kind of phishing, kind of deep fake that can come. So, that's just one example. Imagine whether business is conducted by just using voice or phone calls itself. That's an area of concern if you were to do that. And imagine this became an uproar a few years back when deepfakes put out the video of Tom Cruise and others we talked about in the past, right? And Tom Cruise looked at the video, he said that he couldn't distinguish that he didn't do it. It is so close, that close, right? And they are doing things like they're using gems... >> Awesome Instagram account by the way, the guy's hilarious, right? >> So, they they're using a lot of this fake videos and fake stuff. As long as it's only for entertainment purposes, good. But imagine doing... >> That's right there but... >> But during the election season when people were to put out saying that, okay, this current president or ex-president, he said what? And the masses believe right now whatever they're seeing in TV, that's unfortunate thing. I mean, there's no fact checking involved, and you could change governments and elections using that, which is scary shit, right? >> When you think about 2016, that was when we really first saw, the weaponization of social, the heavy use of social and then 2020 was like, wow. >> To the next level. >> It was crazy. The polarization, 2024, would deepfakes... >> Could be the next level, yeah. >> I mean, it's just going to escalate. What about public policy? I want to pick your brain on this because I I've seen situations where the EU, for example, is going to restrict the ability to ship certain code if it's involved with critical infrastructure. So, let's say, example, you're running a nuclear facility and you've got the code that protects that facility, and it can be useful against some other malware that's outside of that country, but you're restricted from sending that for whatever reason, data sovereignty. Is public policy, is it aligned with the objectives in this new world? Or, I mean, normally they have to catch up. Is that going to be a problem in your view? >> It is because, when it comes to laws it's always miles behind when a new innovation happens. It's not just for AI, right? I mean, the same thing happened with IOT. Same thing happened with whatever else new emerging tech you have. The laws have to understand if there's an issue and they have to see a continued pattern of misuse of the technology, then they'll come up with that. Use in ways they are ahead of things. So, they put a lot of restrictions in place and about what AI can or cannot do, US is way behind on that, right? But California has done some things, for example, if you are talking to a chat bot, then you have to basically disclose that to the customer, saying that you're talking to a chat bot, not to a human. And that's just a very basic rule that they have in place. I mean, there are times that when a decision is made by the, problem is, AI is a black box now. The decision making is also a black box now, and we don't tell people. And the problem is if you tell people, you'll get sued immediately because every single time, we talked about that last time, there are cases involving AI making decisions, it gets thrown out the window all the time. If you can't substantiate that. So, the bottom line is that, yes, AI can assist and help you in making decisions but just use that as a assistant mechanism. A human has to be always in all the loop, right? >> Will AI help with, in your view, with supply chain, the software supply chain security or is it, it's always a balance, right? I mean, I feel like the attackers are more advanced in some ways, it's like they're on offense, let's say, right? So, when you're calling the plays, you know where you're going, the defense has to respond to it. So in that sense, the hackers have an advantage. So, what's the balance with software supply chain? Are the hackers have the advantage because they can use AI to accelerate their penetration of the software supply chain? Or will AI in your view be a good defensive mechanism? >> It could be but the problem is, the velocity and veracity of things can be done using AI, whether it's fishing, or malware, or other security and the vulnerability scanning the whole nine yards. It's scary because the hackers have a full advantage right now. And actually, I think ChatGPT recently put out two things. One is, it's able to direct the code if it is generated by ChatGPT. So basically, if you're trying to fake because a lot of schools were complaining about it, that's why they came up with the mechanism. So, if you're trying to create a fake, there's a mechanism for them to identify. But that's a step behind still, right? And the hackers are using things to their advantage. Actually ChatGPT made a rule, if you go there and read the terms and conditions, it's basically honor rule suggesting, you can't use this for certain purposes, to create a model where it creates a security threat, as that people are going to listen. So, if there's a way or mechanism to restrict hackers from using these technologies, that would be great. But I don't see that happening. So, know that these guys have an advantage, know that they're using AI, and you have to do things to be prepared. One thing I was mentioning about is, if somebody writes a code, if somebody commits a code right now, the problem is with the agile methodologies. If somebody writes a code, if they commit a code, you assume that's right and legit, you immediately push it out into production because need for speed is there, right? But if you continue to do that with the AI produced code, you're screwed. >> So, bottom line is, AI's going to speed us up in a security context or is it going to slow us down? >> Well, in the current version, the AI systems are flawed because even the ChatGPT, if you look at the the large language models, you look at the core piece of data that's available in the world as of today and then train them using that model, using the data, right? But people are forgetting that's based on today's data. The data changes on a second basis or on a minute basis. So, if I want to do something based on tomorrow or a day after, you have to retrain the models. So, the data already have a stale. So, that in itself is stale and the cost for retraining is going to be a problem too. So overall, AI is a good first step. Use that with a caution, is what I want to say. The system is flawed now, if you use it as is, you'll be screwed, it's dangerous. >> Andy, you got to go, thanks so much for coming in, appreciate it. >> Thanks for having me. >> You're very welcome, so we're going wall to wall with our coverage of the Cloud Native Security Con. I'm Dave Vellante in the Boston Studio, John Furrier, Lisa Martin and Palo Alto. We're going to be live on the show floor as well, bringing in keynote speakers and others on the ground. Keep it right there for more coverage on theCUBE. (upbeat music) (upbeat music) (upbeat music) (upbeat music)

>> From theCUBE studios in Palo Alto and Boston, bringing you data-driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> The pandemic precipitated what is shaping up to be a permanent shift in cybersecurity spending patterns. As a direct result of hybrid work, CSOs have vested heavily in endpoint security, identity access management, cloud security, and further hardening the network beyond the headquarters. We've reported on this extensively in this Breaking Analysis series. Moreover, the need to build security into applications from the start rather than bolting protection on as an afterthought has led to vastly high heightened awareness around DevSecOps. Finally, attacking security as a data problem with automation and AI is fueling new innovations in cyber products and services and startups. Hello and welcome to this week's Wikibon CUBE Insights powered by ETR. In this Breaking Analysis, we present our quarterly findings in the security industry, and share the latest ETR survey data on the spending momentum and market movers. Let's start with the most recent news in cybersecurity. Nary a week goes by without more concerning news. The latest focus in the headlines is, of course, Russia's relentless cyber attacks on critical infrastructure in the Ukraine, including banking, government websites, weaponizing information. The hacker group, BlackByte, put a double whammy on the San Francisco 49ers, meaning they exfiltrated data and they encrypted the organization's files as part of its ransomware attack. Then there's the best Super Bowl ad last Sunday, the Coinbase floating QR code. Did you catch that? As people rushed to scan the code and participate in the Coinbase Bitcoin giveaway, it highlights yet another exposure, meaning we're always told not to click on links that we don't trust or we've never seen, but so many people activated this random QR code on their smartphones that it crashed Coinbase's website. What does that tell you? In other news, Securonix raised a billion dollars. They did this raise on top of Lacework's massive $1.3 billion raise last November. Both of these companies are attacking security with data automation and APIs that can engage machine intelligence. Securonix, specifically in the announcement, mentioned the uptake from MSSPs, managed security service providers, something we've talked about in this series. And that's a trend that we see as increasingly gaining traction as customers are just drawing in and drowning in security incidents. Peter McKay's company, Snyk, acquired Fugue, a company focused on making sure security policies are consistent throughout the software development life cycle. It's a really an example of a developer-defined security approach where policy can be checked at the dev, deployment, and production phases to ensure the same policies are in place at all stages, including monitoring at runtime. Fugue, according to Crunchbase, had raised $85 million to date. In some other company news, Cisco was rumored to be acquiring Splunk for not much more than Splunk is worth today. And the talks reportedly broke down. This would be a major move in security by Cisco and underscores the pressure to consolidate. Cisco would get an extremely strong customer base and through efficiencies could improve Splunk's profitability, but it seems like the premium Cisco was willing to pay was not enough to entice board to act. Splunk board, that is. Datadog blew away its earnings, and the stock was up 12%. It's pulled back now, thanks to Putin, but it's one of those companies that is disrupting Splunk. Datadog is less than half the size of Splunk, revenue-wise, but its valuation is more than 2 1/2 times greater. Finally, Elastic, another Splunk disruptor, settled its trademark dispute with AWS, and now AWS will now stop using the name Elasticsearch. All right, let's take a high level look at how cyber companies have performed in the stock market over time. Here's a graph of the Cyber ETF, and you can see the March 1st crosshairs of 2020 signifying the start of the lockdown. The trajectory of cybersecurity stocks is shown by the orange and blue lines, and it surely has steepened post March of 2020. And, of course, it's been down with the market lately, but the run up, as you can see, was substantial and eclipsed the trajectory of the previous cycles over the last couple of years, owing much of the momentum to the spending dynamics that we talked about at our open. Let's now drill into some of the names that we've been following over the last few years and take a look at the firm level. This chart shows some data that we've been tracking since before the pandemic. The top rows show the S&P 500 and the NASDAQ prices, and the bottom rows show specific stocks. The first column is the index price or the market cap of the company just before the pandemic, then the same data one year later. Then the next column shows the peak value during the pandemic, and then the current value. Then it shows in the next column where it is today, in percentage terms, i.e., how far has it pulled back from the peak, then the delta from pre-pandemic, in other words, how much did the issue earn or lose during the pandemic for investors? We then compare the pre-pandemic revenue multiple using a trailing 12-month revenue metric. Sorry, that's what we used. It's easy to get. (laughs) And that's the revenue multiple compared to the August in 2020, when multiples were really high, and where they are today, and then a recent quarterly growth rate guide based on the last earnings report. That's the last column. Okay, so I'm throwing a lot of data at you here, but what does it tell us? First, the S&P and the NAS are well up from pre-pandemic levels, yet they're off 9% and 15%, respectively, from their peaks today. That was earlier on Friday morning. Now let's look at the names more closely. Splunk has been struggling. It definitely had a tailwind from the pandemic as all boats seem to rise, but its execution has been lacking. It's now 30% off from its pre-pandemic levels. (groans) And it's multiple is compressing, and perhaps Cisco thought it could pick up the company for a discount. Now let's talk about Palo Alto Networks. We had reported on some of the challenges the company faced moving into a cloud-friendly model. that was before the pandemic. And we talked about the divergence between Palo Alto's stock price and the valuations relative to Fortinet, and we said at the time, we fully expected Palo Alto to rebound, and that's exactly what happened. It rode the tailwinds of the last two years. It's up over 100% from its pre-COVID levels, and its revenue multiple is expanding, owing to the nice growth rates. Now Fortinet had been doing well coming into the pandemic. In fact, we said it was executing on a cloud strategy better than Palo Alto Networks, hence that divergence in valuations at the time. So it didn't get as much of a boost from the pandemic. Didn't get that momentum at first, but the company's been executing very well. And as you can see, with 155% increase in valuation since just before the pandemic, it's going more than okay for Fortinet. Now, Okta is a name that we've really followed closely, the identity access management specialist that rocketed. But since it's Auth0 acquisition, it's pulled back. Investors are concerned about its guidance and its profitability. And several analyst have downgraded their price targets on Okta. We still really like the company. The Auth0 acquisition gives Okta a developer vector, and we think the company is going hard after market presence and is willing to sacrifice short-term profitability. We actually like that posture. It's very Frank Slupin-like. This company spends a lot of money on R&D and go-to-market. The question is, does Okta have inherent profitability? The company, as they say, spends a ton in some really key areas but it looks to us like it's going to establish a footprint. It's guiding revenue CAGR in the mid-30s over the mid to long-term and near term should beat that benchmark handily. But you can see the red highlights on Okta. And even though Okta is up 59% from its pre-pandemic levels, it's far behind its peers shown in the chart, especially CrowdStrike and Zscaler, the latter being somewhat less impacted by the pullback in stocks recently, of course, due to the fears of inflation and interest rates, and, of course, Russian invasion escalation. But these high flyers, they were bound to pull back. The question is can they maintain their category leadership? And for the most part, we think they can. All right, let's get into some of the ETR data. Here's our favorite XY view with net score, or spending momentum on the Y-axis, and market share or pervasiveness in the data center on the horizontal axis. That red 40% line, that indicates a highly elevated spending level. And the chart inserts to the right, that shows how the data is plotted with net score and shared N in each of the columns by each company. Okay, so this is an eye chart, but there really are three main takeaways. One is that it's a crowded market. And this shows only the companies ETR captures in its survey. We filtered on those that had more than 50 mentions. So there's others in the ETR survey that we're not showing here, and there are many more out there which don't get reported in the spending data in the ETR survey. Secondly, there are a lot of companies above the 40% mark, and plenty with respectable net scores just below. Third, check out SentinelOne, Elastic, Tanium, Datadog, Netskope, and Darktrace. Each has under 100 N's but we're watching these companies closely. They're popping up in the survey, and they're catching our attention, especially SentinelOne, post-IPO. So we wanted to pare this back a bit and filter the data some more. So let's look at companies with more than 100 mentions in the same chart. It gets a little cleaner this picture, but it's still crowded. Auth0 leads everyone in net score. Okta is also up there, so that's very positive sign since they had just acquired Auth0. CrowdStrike SalePoint, Cyberark, CloudFlare, and Zscaler are all right up there as well. And then there's the bigger security companies. Palo Alto Network, very impressive because it's well above the 40% mark, and it has a big presence in the survey, and, of course, in the market. And Microsoft as well. They're such a big whale. They skew the data for everybody else to kind of mess up these charts. And the position of Cisco and Splunk make for an interesting combination. They get both decent net scores, not above the 40% line but they got a good presence in the survey as well. Thinking about the acquisition, Al Shugart was the CEO of of Seagate, and founder. Brilliant Silicon valley icon and engineer. Great business person. I was asking him one time, hey, you thinking about buying this company or that company? And of course, he's not going to tell me who he's thinking about buying or acquiring. He said, let me just tell you this. If you want to know what I'm thinking, ask yourself if it were free, would you take it? And he said the answer's not always obviously yes, because acquisitions can be messy and disruptive. In the case of Cisco and Splunk, I think the answer would be a definitive yes It would expand Cisco's portfolio and make it the leader in security, with an opportunity to bring greater operating leverage to Splunk. Cisco's just got to pay more if it wants that asset. It's got to pay more than the supposed $20 billion offer that it made. It's going to have to get kind of probably north of 23 billion. I pinged my ETR colleague, Erik Bradley, on this, and he generally agreed. He's very close to the security space. He said, Splunk isn't growing the customer base but the customers are sticky. I totally agree. Cisco could roll Splunk into its security suite. Splunk is the leader in that space, security information and event management, and Cisco really is missing that piece of the pie. All right, let's filter the data even more and look at some of the companies that have moved in the survey over the past year and a half. We'll go back here to July 2020. Same two-dimensional chart. And we're isolating here Auth0, Okta, SalePoint CrowdStrike, Zscaler, Cyberark, Fortinet, and Cisco. No Microsoft. That cleans up the chart. Okay, why these firms? Because they've made some major moves to the right, and some even up since last July. And that's what this next chart shows. Here's the data from the January 2022 survey. The arrow start points show the position that we just showed you earlier in July 2020, and all these players have made major moves to the right. How come? Well, it's likely a combination of strong execution, and the fact that security is on the radar of every CEO, CIO, of course, CSOs, business heads, boards of directors. Everyone is thinking about security. The market momentum is there, especially for the leaders. And it's quite tremendous. All right, let's now look at what's become a bit of a tradition with Breaking Analysis, and look at the firms that have earned four stars. Four-star firms are leaders in the ETR survey that demonstrate both a large presence, that's that X-axis that we showed you, and elevated spending momentum. Now in this chart, we filter the N's. Has to be greater than 100. And we isolate on those companies. So more than 100 responses in the survey. On the left-hand side of the chart, we sort by net score or spending velocity. On the right-hand side, we sort by shared N's or presence in the dataset. We show the top 20 for each of the categories. And the red line shows the top 10 cutoffs. Companies that show up in the top 10 for both spending momentum and presence in the data set earn four stars. If they show up in one, and make the top 10 in one, and make the top 20 in the other, they get two stars. And we've added a one-star category as honorable mention for those companies that make the top 20 in both categories. Microsoft, Palo Alto Networks, CrowdStrike, and Okta make the four-star grade. Okta makes it even without Auth0, which has the number one net score in this data set with 115 shared N to boot. So you can add that to Okta. The weighted average would pull Okta's net score to just above Cyberark's into fourth place. And its shared N would bump Okta up to third place on the right-hand side of the chart Cisco, Splunk, Proofpoint, KnowBe4, Zscaler, and Cyberark get two stars. And then you can see the honorable mentions with one star. Now thinking about a Cisco, Splunk combination. You'd get an entity with a net score in the mid-20s. Yeah, not too bad, definitely respectable. But they'd be number one on the right-hand side of this chart, with the largest market presence in the survey by far. Okay, let's wrap. The trends around hybrid work, cloud migration and the attacker escalation that continue to drive cybersecurity momentum and they're going to do so indefinitely. And we've got some bullet points here that you're seeing private companies, (laughs) they're picking up gobs of money, which really speaks to the fact that there's no silver bullet in this market. It's complex, chaotic, and cash-rich. This idea of MSSPs on the rise is going to continue, we think. About half the mid-size and large organization in the US don't have a SecOps, a security operation center, and outsourcing to one that can be tapped on a consumption basis, cloud-like, as a service just makes sense to us. We see the momentum that companies that we've highlighted over the many quarters of Breaking Analysis are forming. They're forming a strong base in the market. They're going for market share and footprint, and they're focusing on growth, at bringing in new talent. They have good balance sheets and strong management teams and we think they'll be leading companies in the future, Zscaler, CrowdStrike, Okta, SentinelOne, Cyberark, SalePoint, over time, joining the ranks of billion dollar cyber firms, when I say billion dollar, billion dollar revenue like Palo Alto Networks, Fortinet, and Splunk, if it doesn't get acquired. These independent firms that really focus on security. Which underscores the pressure and consolidation and M&A in the whole space. It's almost assured with the fragmentation of companies and so many new entrants fighting for escape velocity that this market is going to continue with robust M&A and consolidation. Okay, that's it for today. Thanks to my colleague, Stephanie Chan, who helped research this week's topics, and Alex Myerson on the production team. He also manages the Breaking Analysis podcast. Kristen Martin and Cheryl Knight, who get the word out. Thank you to all. Remember these episodes are all available as podcasts wherever you listen. All you do is search Breaking Analysis podcast. Check out ETR's website at etr.ai. We also publish a full report every week on wikibon.com and siliconangle.com. You can email me at david.vellante@siliconangle.com. @dvellante is my DM. Comment on our LinkedIn posts. This is Dave Vellante for theCUBE Insights powered by ETR. Have a great week. Be safe, be well, and we'll see you next time. (upbeat music)

>> From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is "Breaking Analysis" with Dave Vellante. >> When Facebook changed its name to Meta last fall, it catalyzed a chain reaction throughout the tech industry. Software firms, gaming companies, chip makers, device manufacturers, and others have joined in hype machine. Now, it's easy to dismiss the metaverse as futuristic hyperbole, but do we really believe that tapping on a smartphone, or staring at a screen, or two-dimensional Zoom meetings are the future of how we work, play, and communicate? As the internet itself proved to be larger than we ever imagined, it's very possible, and even quite likely that the combination of massive processing power, cheap storage, AI, blockchains, crypto, sensors, AR, VR, brain interfaces, and other emerging technologies will combine to create new and unimaginable consumer experiences, and massive wealth for creators of the metaverse. Hello, and welcome to this week's Wiki Bond Cube Insights, powered by ETR. In this "Breaking Analysis" we welcome in cyber expert, hacker gamer, NFT expert, and founder of ORE System, Nick Donarski. Nick, welcome, thanks so much for coming on theCUBE. >> Thank you, sir, glad to be here. >> Yeah, okay, so today we're going to traverse two parallel paths, one that took Nick from security expert and PenTester to NFTs, tokens, and the metaverse. And we'll simultaneously explore the complicated world of cybersecurity in the enterprise, and how the blockchain, crypto, and NFTs will provide key underpinnings for digital ownership in the metaverse. We're going to talk a little bit about blockchain, and crypto, and get things started there, and some of the realities and misconceptions, and how innovations in those worlds have led to the NFT craze. We'll look at what's really going on in NFTs and why they're important as both a technology and societal trend. Then, we're going to dig into the tech and try to explain why and how blockchain and NFTs are going to lay the foundation for the metaverse. And, finally, who's going to build the metaverse. And how long is it going to take? All right, Nick, let's start with you. Tell us a little bit about your background, your career. You started as a hacker at a really, really young age, and then got deep into cyber as a PenTester. You did some pretty crazy stuff. You have some great stories about sneaking into buildings. You weren't just doing it all remote. Tell us about yourself. >> Yeah, so I mean, really, I started a long time ago. My dad was really the foray into technology. I wrote my first program on an Apple IIe in BASIC in 1989. So, I like to say I was born on the internet, if you will. But, yeah, in high school at 16, I incorporated my first company, did just tech support for parents and teachers. And then in 2000 I transitioned really into security and focused there ever since. I joined Rapid7 and after they picked up Medis boy, I joined HP. I was one of their founding members of Shadowlabs and really have been part of the information security and the cyber community all throughout, whether it's training at various different conferences or talking. My biggest thing and my most awesome moments as various things of being broken into, is really when I get to actually work with somebody that's coming up in the industry and who's new and actually has that light bulb moment of really kind of understanding of technology, understanding an idea, or getting it when it comes to that kind of stuff. >> Yeah, and when you think about what's going on in crypto and NFTs and okay, now the metaverse it's you get to see some of the most innovative people. Now I want to first share a little bit of data on enterprise security and maybe Nick get you to comment. We've reported over the past several years on the complexity in the security business and the numerous vendor choices that SecOps Pros face. And this chart really tells that story in the cybersecurity space. It's an X,Y graph. We've shown it many times from the ETR surveys where the vertical axis, it's a measure of spending momentum called net score. And the horizontal axis is market share, which represents each company's presence in the data set, and a couple of points stand out. First, it's really crowded. In that red dotted line that you see there, that's 40%, above that line on the net score axis, marks highly elevated spending momentum. Now, let's just zoom in a bit and I've cut the data by those companies that have more than a hundred responses in the survey. And you can see here on this next chart, it's still very crowded, but a few call-outs are noteworthy. First companies like SentinelOne, Elastic, Tanium, Datadog, Netskope and Darktrace. They were all above that 40% line in the previous chart, but they've fallen off. They still have actually a decent presence in the survey over 60 responses, but under that hundred. And you can see Auth0 now Okta, big $7 billion acquisition. They got the highest net score CrowdStrike's up there, Okta classic they're kind of enterprise business, and Zscaler and others above that line. You see Palo Alto Networks and Microsoft very impressive because they're both big and they're above that elevated spending velocity. So Nick, kind of a long-winded intro, but it was a little bit off topic, but I wanted to start here because this is the life of a SecOps pro. They lack the talent in a capacity to keep bad guys fully at bay. And so they have to keep throwing tooling at the problem, which adds to the complexity and as a PenTester and hacker, this chaos and complexity means cash for the bad guys. Doesn't it? >> Absolutely. You know, the more systems that these organizations find to integrate into the systems, means that there's more components, more dollars and cents as far as the amount of time and the engineers that need to actually be responsible for these tools. There's a lot of reasons that, the more, I guess, hands in the cookie jar, if you will, when it comes to the security architecture, the more links that are, or avenues for attack built into the system. And really one of the biggest things that organizations face is being able to have engineers that are qualified and technical enough to be able to support that architecture as well, 'cause buying it from a vendor and deploying it, putting it onto a shelf is good, but if it's not tuned properly, or if it's not connected properly, that security tool can just hold up more avenues of attack for you. >> Right, okay, thank you. Now, let's get into the meat of the discussion for today and talk a little bit about blockchain and crypto for a bit. I saw sub stack post the other day, and it was ripping Matt Damon for pedaling crypto on TV ads and how crypto is just this big pyramid scheme. And it's all about allowing criminals to be anonymous and it's ransomware and drug trafficking. And yes, there are definitely scams and you got to be careful and lots of dangers out there, but these are common criticisms in the mainstream press, that overlooked the fact by the way that IPO's and specs are just as much of a pyramid scheme. Now, I'm not saying there shouldn't be more regulation, there should, but Bitcoin was born out of the 2008 financial crisis, cryptocurrency, and you think about, it's really the confluence of software engineering, cryptography and game theory. And there's some really powerful innovation being created by the blockchain community. Crypto and blockchain are really at the heart of a new decentralized platform being built out. And where today, you got a few, large internet companies. They control the protocols and the platform. Now the aspiration of people like yourself, is to create new value opportunities. And there are many more chances for the little guys and girls to get in on the ground floor and blockchain technology underpins all this. So Nick, what's your take, what are some of the biggest misconceptions around blockchain and crypto? And do you even pair those two in the same context? What are your thoughts? >> So, I mean, really, we like to separate ourselves and say that we are a blockchain company, as opposed to necessarily saying(indistinct) anything like that. We leverage those tools. We leverage cryptocurrencies, we leverage NFTs and those types of things within there, but blockchain is a technology, which is the underlying piece, is something that can be used and utilized in a very large number of different organizations out there. So, cryptocurrency and a lot of that negative context comes with a fear of something new, without having that regulation in place, without having the rules in place. And we were a big proponent of, we want the regulation, right? We want to do right. We want to do it by the rules. We want to do it under the context of, this is what should be done. And we also want to help write those rules as well, because a lot of the lawmakers, a lot of the lobbyists and things, they have a certain aspect or a certain goal of when they're trying to get these things. Our goal is simplicity. We want the ability for the normal average person to be able to interact with crypto, interact with NFTs, interact with the blockchain. And basically by saying, blockchain in quotes, it's very ambiguous 'cause there's many different things that blockchain can be, the easiest way, right? The easiest way to understand blockchain is simply a distributed database. That's really the core of what blockchain is. It's a record keeping mechanism that allows you to reference that. And the beauty of it, is that it's quote unquote immutable. You can't edit that data. So, especially when we're talking about blockchain, being underlying for technologies in the future, things like security, where you have logging, you have keeping, whether you're talking about sales, where you may have to have multiple different locations (indistinct) users from different locations around the globe. It creates a central repository that provides distribution and security in the way that you're ensuring your data, ensuring the validation of where that data exists when it was created. Those types of things that blockchain really is. If you go to the historical, right, the very early on Bitcoin absolutely was made to have a way of not having to deal with the fed. That was the core functionality of the initial crypto. And then you had a lot of the illicit trades, those black markets that jumped onto it because of what it could do. The maturity of the technology though, of where we are now versus say back in 97 is a much different world of blockchain, and there's a much different world of cryptocurrency. You still have to be careful because with any fed, you're still going to have that FUD that goes out there and sells that fear, uncertainty and doubt, which spurs a lot of those types of scams, and a lot of those things that target end users that we face as security professionals today. You still get mailers that go out, looking for people to give their social security number over during tax time. Snail mail is considered a very ancient technology, but it still works. You still get a portion of the population that falls for those tricks, fishing, whatever it might be. It's all about trying to make sure that you have fear about what is that change. And I think that as we move forward, and move into the future, the simpler and the more comfortable these types of technologies become, the easier it is to utilize and indoctrinate normal users, to be able to use these things. >> You know, I want to ask you about that, Nick, because you mentioned immutability, there's a lot of misconceptions about that. I had somebody tell me one time, "Blockchain's Bs," and they say, "Well, oh, hold on a second. They say, oh, they say it's a mutable, but you can hack Coinbase, whatever it is." So I guess a couple of things, one is that the killer app for blockchain became money. And so we learned a lot through that. And you had Bitcoin and it really wasn't programmable through its interface. And then Ethereum comes out. I know, you know a lot about Ether and you have solidity, which is a lot simpler, but it ain't JavaScript, which is ubiquitous. And so now you have a lot of potential for the initial ICO's and probably still the ones today, the white papers, a lot of security flaws in there. I'm sure you can talk to that, but maybe you can help square that circle about immutability and security. I've mentioned game theory before, it's harder to hack Bitcoin and the Bitcoin blockchain than it is to mine. So that's why people mine, but maybe you could add some context to that. >> Yeah, you know it goes to just about any technology out there. Now, when you're talking about blockchain specifically, the majority of the attacks happen with the applications and the smart contracts that are actually running on the blockchain, as opposed to necessarily the blockchain itself. And like you said, the impact for whether that's loss of revenue or loss of tokens or whatever it is, in most cases that results from something that was a phishing attack, you gave up your credentials, somebody said, paste your private key in here, and you win a cookie or whatever it might be, but those are still the fundamental pieces. When you're talking about various different networks out there, depending on the blockchain, depends on how much the overall security really is. The more distributed it is, and the more stable it is as the network goes, the better or the more stable any of the code is going to be. The underlying architecture of any system is the key to success when it comes to the overall security. So the blockchain itself is immutable, in the case that the owner are ones have to be trusted. If you look at distributed networks, something like Ethereum or Bitcoin, where you have those proof of work systems, that disperses that information at a much more remote location, So the more disperse that information is, the less likely it is to be able to be impacted by one small instance. If you look at like the DAO Hack, or if you look at a lot of the other vulnerabilities that exist on the blockchain, it's more about the code. And like you said, solidity being as new as it is, it's not JavaScript. The industry is very early and very infantile, as far as the developers that are skilled in doing this. And with that just comes the inexperience and the lack of information that you don't learn until JavaScript is 10 or 12 years old. >> And the last thing I'll say about this topic, and we'll move on to NFTs, but NFTs relate is that, again, I said earlier that the big internet giants have pretty much co-opted the platform. You know, if you wanted to invest in Linux in the early days, there was no way to do that. You maybe have to wait until red hat came up with its IPO and there's your pyramid scheme folks. But with crypto it, which is again, as Nick was explaining underpinning is the blockchain, you can actually participate in early projects. Now you got to be careful 'cause there are a lot of scams and many of them are going to blow out if not most of them, but there are some, gems out there, because as Nick was describing, you've got this decentralized platform that causes scaling issues or performance issues, and people are solving those problems, essentially building out a new internet. But I want to get into NFTs, because it's sort of the next big thing here before we get into the metaverse, what Nick, why should people pay attention to NFTs? Why do they matter? Are they really an important trend? And what are the societal and technological impacts that you see in this space? >> Yeah, I mean, NFTs are a very new technology and ultimately it's just another entry on the blockchain. It's just another piece of data in the database. But how it's leveraged in the grand scheme of how we, as users see it, it can be the classic idea of an NFT is just the art, or as good as the poster on your wall. But in the case of some of the new applications, is where are you actually get that utility function. Now, in the case of say video games, video games and gamers in general, already utilize digital items. They already utilize digital points. As in the case of like Call of Duty points, those are just different versions of digital currencies. You know, World of Warcraft Gold, I like to affectionately say, was the very first cryptocurrency. There was a Harvard course taught on the economy of WOW, there was a black market where you could trade your end game gold for Fiat currencies. And there's even places around the world that you can purchase real world items and stay at hotels for World of Warcraft Gold. So the adoption of blockchain just simply gives a more stable and a more diverse technology for those same types of systems. You're going to see that carry over into shipping and logistics, where you need to have data that is single repository for being able to have multiple locations, multiple shippers from multiple global efforts out there that need to have access to that data. But in the current context, it's either sitting on a shipping log, it's sitting on somebody's desk. All of those types of paper transactions can be leveraged as NFTs on the blockchain. It's just simply that representation. And once you break the idea of this is just a piece of art, or this is a cryptocurrency, you get into a world where you can apply that NFT technology to a lot more things than I think most people think of today. >> Yeah, and of course you mentioned art a couple of times when people sold as digital art for whatever, it was 60, 65 million, 69 million, that caught a lot of people's attention, but you're seeing, I mean, there's virtually infinite number of applications for this. One of the Washington wizards, tokenized portions of his contract, maybe he was creating a new bond, that's really interesting use cases and opportunities, and that kind of segues into the latest, hot topic, which is the metaverse. And you've said yourself that blockchain and NFTs are the foundation of the metaverse, they're foundational elements. So first, what is the metaverse to you and where do blockchain and NFTs, fit in? >> Sure, so, I mean, I affectionately refer to the metaverse just a VR and essentially, we've been playing virtual reality games and all the rest for a long time. And VR has really kind of been out there for a long time. So most people's interpretation or idea of what the metaverse is, is a virtual reality version of yourself and this right, that idea of once it becomes yourself, is where things like NFT items, where blockchain and digital currencies are going to come in, because if you have a manufacturer, so you take on an organization like Nike, and they want to put their shoes into the metaverse because we, as humans, want to individualize ourselves. We go out and we want to have that one of one shoe or that, t-shirt or whatever it is, we're going to want to represent that same type of individuality in our virtual self. So NFTs, crypto and all of those digital currencies, like I was saying that we've known as gamers are going to play that very similar role inside of the metaverse. >> Yeah. Okay. So basically you're going to take your physical world into the metaverse. You're going to be able to, as you just mentioned, acquire things- I loved your WOW example. And so let's stay on this for a bit, if we may, of course, Facebook spawned a lot of speculation and discussion about the concept of the metaverse and really, as you pointed out, it's not new. You talked about why second life, really started in 2003, and it's still around today. It's small, I read recently, it's creators coming back into the company and books were written in the early 90s that used the term metaverse. But Nick, talk about how you see this evolving, what role you hope to play with your company and your community in the future, and who builds the metaverse, when is it going to be here? >> Yeah, so, I mean, right now, and we actually just got back from CES last week. And the Metaverse is a very big buzzword. You're going to see a lot of integration of what people are calling, quote unquote, the metaverse. And there was organizations that were showing virtual office space, virtual malls, virtual concerts, and those types of experiences. And the one thing right now that I don't think that a lot of organizations have grasp is how to make one metaverse. There's no real player one, if you will always this yet, There's a lot of organizations that are creating their version of the metaverse, which then again, just like every other software and game vendor out there has their version of cryptocurrency and their version of NFTs. You're going to see it start to pop up, especially as Oculus is going to come down in price, especially as you get new technologies, like some of the VR glasses that look more augmented reality and look more like regular glasses that you're wearing, things like that, the easier that those technologies become as in adopting into our normal lifestyle, as far as like looks and feels, the faster that stuff's going to actually come out to the world. But when it comes to like, what we're doing is we believe that the metaverse should actually span multiple different blockchains, multiple different segments, if you will. So what ORE system is doing, is we're actually building the underlying architecture and technologies for developers to bring their metaverse too. You can leverage the ORE Systems NFTs, where we like to call our utility NFTs as an in-game item in one game, or you can take it over and it could be a t-shirt in another game. The ability for having that cross support within the ecosystem is what really no one has grasp on yet. Most of the organizations out there are using a very classic business model. Get the user in the game, make them spend their money in the game, make all their game stuff as only good in their game. And that's where the developer has you, they have you in their bubble. Our goal, and what we like to affectionately say is, we want to bring white collar tools and technology to blue collar folks, We want to make it simple. We want to make it off the shelf, and we want to make it a less cost prohibitive, faster, and cheaper to actually get out to all the users. We do it by supporting the technology. That's our angle. If you support the technology and you support the platform, you can build a community that will build all of the metaverse around them. >> Well, and so this is interesting because, if you think about some of the big names, we've Microsoft is talking about it, obviously we mentioned Facebook. They have essentially walled gardens. Now, yeah, okay, I could take Tik Tok and pump it into Instagram is fine, but they're really siloed off. And what you're saying is in the metaverse, you should be able to buy a pair of sneakers in one location and then bring it to another one. >> Absolutely, that's exactly it. >> And so my original kind of investment in attractiveness, if you will, to crypto, was that, the little guy can get an early, but I worry that some of these walled gardens, these big internet giants are going to try to co-op this. So I think what you're doing is right on, and I think it's aligned with the objectives of consumers and the users who don't want to be forced in to a pen. They want to be able to live freely. And that's really what you're trying to do. >> That's exactly it. You know, when you buy an item, say a Skin in Fortnite or Skin in Call of Duty, it's only good in that game. And not even in the franchise, it's only good in that version of the game. In the case of what we want to do is, you can not only have that carry over and your character. So say you buy a really cool shirt, and you've got that in your Call of Duty or in our case, we're really Osiris Protocol, which is our proof of concept video game to show that this all thing actually works, but you can actually go in and you can get a gun in Osiris Protocol. And if we release, Osiris Protocol two, you'll be able to take that to Osiris Protocol two. Now the benefit of that is, is you're going to be the only one in the next version with that item, if you haven't sold it or traded it or whatever else. So we don't lock you into a game. We don't lock you into a specific application. You own that, you can trade that freely with other users. You can sell that on the open market. We're embracing what used to be considered the black market. I don't understand why a lot of video games, we're always against the skins and mods and all the rest. For me as a gamer and coming up, through the many, many years of various different Call of Duties and everything in my time, I wish I could still have some this year. I still have a World of Warcraft account. I wasn't on, Vanilla, Burning Crusade was my foray, but I still have a character. If you look at it that way, if I had that wild character and that gear was NFTs, in theory, I could actually pass that onto my kid who could carry on that character. And it would actually increase in value because they're NFT back then. And then if needed, you could trade those on the open market and all the rest. It just makes gaming a much different thing. >> I love it. All right, Nick, hey, we're out of time, but I got to say, Nick Donarski, thanks so much for coming on the program today, sharing your insights and really good luck to you and building out your technology platform and your community. >> Thank you, sir, it's been an absolute pleasure. >> And thank you for watching. Remember, all these episodes are available as podcasts, just search "Breaking Analysis Podcast", and you'll find them. I publish pretty much every week on siliconangle.com and wikibond.com. And you can reach me @dvellante on Twitter or comment on my LinkedIn posts. You can always email me david.vellante@siliconangle.com. And don't forget, check out etr.plus for all the survey data. This is Dave Vellante for theCUBE Insights, powered by ETR, happy 2022 be well, and we'll see you next time. (upbeat music)

>> Announcer: From theCUBE studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is a CUBE conversation. >> As you may recall, coming into the second part of 2019 we reported, based on ETR Survey data, that there was a narrowing of spending on emerging tech and an unplugging of a lot of legacy systems. This was really because people were going from experimentation into operationalizing their digital initiatives. When COVID hit, conventional wisdom suggested that there would be a flight to safety. Now, interestingly, we reported with Eric Bradley, based on one of the Venns, that a lot of CIOs were still experimenting with emerging vendors. But this was very anecdotal. Today, we have more data, fresh data, from the ETR Emerging Technology Study on private companies, which really does suggest that there's a notable decline in experimentation, and that's affecting emerging technology vendors. Hi, everybody, this is Dave Vellante, and welcome to this week's Wikibon Cube Insights, powered by ETR. Once again, Sagar Kadakia is joining us. Sagar is the Director of Research at ETR. Sagar, good to see you. Thanks for coming on. >> Good to see you again. Thanks for having me, Dave. >> So, it's really important to point out, this Emerging Tech Study that you guys do, it's different from your quarterly Technology Spending Intention Survey. Take us through the methodology. Guys, maybe you could bring up the first chart. And, Sagar, walk us through how you guys approach this. >> No problem. So, a lot of the viewers are used to seeing a lot of the results from the Technology Spending Intention Survey, or the TSIS, as we call it. That study, as the title says, it really tracks spending intentions on more pervasive vendors, right, Microsoft, AWS, as an example. What we're going to look at today is our Emerging Technology Study, which we conduct biannually, in May and November. This study is a little bit different. We ask CIOs around evaluations, awareness, planned evaluations, so think of this as pre-spend, right. So that's a major differentiator from the TSIS. That, and this study, really focuses on private emerging providers. We're really only focused on those really emerging private companies, say, like your Series B to Series G or H, whatever it may be, so, two big differences within those studies. And then today what we're really going to look at is the results from the Emerging Technology Study. Just a couple of quick things here. We had 811 CIOs participate, which represents about 380 billion in annual IT spend, so the results from this study matter. We had almost 75 Fortune 100s take it. So, again, we're really measuring how private emerging providers are doing in the largest organizations. And so today we're going to be reviewing notable sectors, but largely this survey tracks roughly 356 private technologies and frameworks. >> All right, guys, bring up the pie chart, the next slide. Now, Sagar, this is sort of a snapshot here, and it basically says that 44% of CIOs agree that COVID has decreased the organization's evaluation and utilization of emerging tech, despite what I mentioned, Eric Bradley's Venn, which suggested one CIO in particular said, "Hey, I always pick somebody in the lower left "of the magic quadrant." But, again, this is a static view. I know we have some other data, but take us through this, and how this compares to other surveys that you've done. >> No problem. So let's start with the high level takeaways. And I'll actually kind of get into to the point that Eric was debating, 'cause that point is true. It's just really how you kind of slice and dice the data to get to that. So, what you're looking at here, and what the overall takeaway from the Emerging Technology Study was, is, you know, you are going to see notable declines in POCs, of proof-of-concepts, any valuations because of COVID-19. Even though we had been communicating for quite some time, you know, the last few months, that there's increasing pressure for companies to further digitize with COVID-19, there are IT budget constraints. There is a huge pivot in IT resources towards supporting remote employees, a decrease in risk tolerance, and so that's why what you're seeing here is a rather notable number of CIOs, 44%, that said that they are decreasing their organization's evaluation and utilization of private emerging providers. So that is notable. >> Now, as you pointed out, you guys run this survey a couple of times a year. So now let's look at the time series. Guys, if you bring up the next chart. We can see how the sentiment has changed since last year. And, of course, we're isolating here on some of larger companies. So, take us through what this data means. >> No problem. So, how do we quantify what we just saw in the prior slide? We saw 44% of CIOs indicating that they are going to be decreasing their evaluations. But what exactly does that mean? We can pretty much determine that by looking at a lot of the data that we captured through our Emerging Technology Study. There's a lot going on in this slide, but I'll walk you through it. What you're looking at here is Fortune 1000 organizations, so we've really isolated the data to those organizations that matter. So, let's start with the teal, kind of green line first, because I think it's a little bit easier to understand. What you're looking at, Fortune 1000 evaluations, both planned and current, okay? And you're looking at a time series, one year ago and six months ago. So, two of the answer options that we provide CIOs in this survey, right, think about the survey as a grid, where you have seven answer options going horizontally, and then 300-plus vendors and technologies going vertically. For any given vendor, they can essentially indicate one of these options, two of them being on currently evaluating them or I plan to evaluate them in six months. So what you're looking at here is effectively the aggregate number, or the average number of Fortune 1000 evaluations. So if you look into May 2019, all the way on the left of that chart, that 24% roughly means that a quarter of selections made by Fortune 1000 of the survey, they selected plan to evaluate or currently evaluating. If you fast-forward six months, to the middle of the chart, November '19, it's roughly the same, one in four technologies that are Fortune 1000 selected, they indicated that I plan or am currently evaluating them. But now look at that big drop off going into May 2020, the 17%, right? So now one out of every six technologies, or one out of every selections that they made was an evaluation. So a very notable drop. And then if you look at the blue line, this is another answer option that we provided CIOs: I'm aware of the technology but I have no plans to evaluate. So this answer option essentially tracks awareness levels. If you look at the last six months, look at that big uptick from 44% to over 50%, right? So now, essentially one out of every two technologies, or private technologies that a CIO is aware of, they have no plans to evaluate. So this is going to have an impact on the general landscape, when we think about those private emerging providers. But there is one caveat, and, Dave, this is what you mentioned earlier, this is what Eric was talking about. The providers that are doing well are the ones that are work-from-home aligned. And so, just like a few years ago, we were really analyzing results based on are you cloud-native or are you Cloud-aligned, because those technologies are going to do the best, what we're seeing in the emerging space is now the same thing. Those emerging providers that enable organizations to maintain productivity for their employees, essentially allowing their employees to work remotely, those emerging providers are still doing well. And that is probably the second biggest takeaway from this study. >> So now what we're seeing here is this flight to perceive safety, which, to your point, Sagar, doesn't necessarily mean good news for all enterprise tech vendors, but certainly for those that are positioned for the work-from-home pivot. So now let's take a look at a couple of sectors. We'll start with information security. We've reported for years about how the perimeter's been broken down, and that more spend was going to shift from inside the moat to a distributed network, and that's clearly what's happened as a result of COVID. Guys, if you bring up the next chart. Sagar, you take us through this. >> No problem. And as you imagine, I think that the big theme here is zero trust. So, a couple of things here. And let me just explain this chart a little bit, because we're going to be going through a couple of these. What you're seeing on the X-axis here, is this is effectively what we're classifying as near term growth opportunity from all customers. The way we measure that effectively is we look at all the evaluations, current evaluations, planned evaluations, we look at people who are evaluated and plan to utilize these vendors. The more indications you get on that the more to the top right you're going to be. The more indications you get around I'm aware of but I don't plan to evaluate, or I'm replacing this early-stage vendor, the further down and on the left you're going to be. So, on the X-axis you have near term growth opportunity from all customers, and on the Y-axis you have near term growth opportunity from, really, the biggest shops in the world, your Global 2000, your Forbes Private 225, like Cargill, as an example, and then, of course, your federal agencies. So you really want to be positioned up and to the right here. So, the big takeaway here is zero trust. So, just a couple of things on this slide when we think about zero trust. As organizations accelerate their Cloud and Saas spend because of COVID-19, and, you know, what we were talking about earlier, Dave, remote work becomes the new normal, that perimeter security approach is losing appeal, because the perimeter's less defined, right? Apps and data are increasingly being stored in the Cloud. That, and employees are working remotely from everywhere, and they're accessing all of these items. And so what we're seeing now is a big move into zero trust. So, if we look at that chart again, what you're going to see in that upper right quadrant are a lot of identity and access management players. And look at the bifurcation in general. This is what we were talking about earlier in terms of the landscape not doing well. Most security vendors are in that red area, you know, in the middle to the bottom. But if you look at the top right, what are you seeing here? Unify ID, Auth0, WSO2, right, all identity and access management players. These are critical in your zero trust approach, and this is one of the few area where we are seeing upticks. You also see here BitSight, Lucideus. So that's going to be security assessment. You're seeing VECTRA and Netskope and Darktrace, and a few others here. And Cloud Security and IDPS, Intrusion Detection and Prevention System. So, very few sectors are seeing an uptick, very few security sectors actually look pretty good, based on opportunities that are coming. But, essentially, all of them are in that work-from-home aligned security stack, so to speak. >> Right, and of course, as we know, as we've been reporting, buyers have options, from both established companies and these emerging companies that are public, Okta, CrowdStrike, Zscaler. We've seen the work-from-home pivot benefit those guys, but even Palo Alto Networks, even CISCO, I asked (other speaker drowns out speech) last week, I said, "Hey, what about this pivot to work from home? "What about this zero trust?" And he said, "Look, the reality is, yes, "a big part of our portfolio is exposed "to that traditional infrastructure, "but we have options for zero trust as well." So, from a buyer's standpoint, that perceived flight to safety, you have a lot of established vendors, and that clearly is showing up in your data. Now, the other sector that we want to talk about is database. We've been reporting a lot on database, data warehouse. So, why don't you take us through the next graphic here, if you would. >> Sagar: No problem. So, our theme here is that Snowflake is really separating itself from the pack, and, again, you can see that here. Private database and data warehousing vendors really continue to impact a lot of their public peers, and Snowflake is leading the way. We expect Snowflake to gain momentum in the next few years. And, look, there's some rumors that IPOing soon. And so when we think about that set-up, we like it, because as organizations transition away from hybrid Cloud architectures to 100% or near-100% public Cloud, Snowflake is really going to benefit. So they look good, their data stacks look pretty good, right, that's resiliency, redundancy across data centers. So we kind of like them as well. Redis Labs bring a DB and they look pretty good here on the opportunity side, but we are seeing a little bit of churn, so I think probably Snowflake and DataStax are probably our two favorites here. And again, when you think about Snowflake, we continue to think more pervasive vendors, like Paradata and Cloudera, and some of the other larger database firms, they're going to continue seeing wallet and market share losses due to some of these emerging providers. >> Yeah. If you could just keep that slide up for a second, I would point out, in many ways Snowflake is kind of a safer bet, you know, we talk about flight to safety, because they're well-funded, they're established. You can go from zero to Snowflake very quickly, that's sort of their mantra, if you will. But I want to point out and recognize that it is somewhat oranges and tangerines here, Snowflake being an analytical database. You take MariaDB, for instance, I look at that, anyway, as relational and operational. And then you mentioned DataStax. I would say Couchbase, Redis Labs, Aerospike. Cockroach is really a... EValue Store. You've got some non-relational databases in there. But we're looking at the entire sector of databases, which has become a really interesting market. But again, some of those established players are going to do very well, and I would put Snowflake on that cusp. As you pointed out, Bloomberg broke the story, I think last week, that they were contemplating an IPO, which we've known for a while. >> Yeah. And just one last thing on that. We do like some of the more pervasive players, right. Obviously, AWS, all their products, Redshift and DynamoDB. Microsoft looks really good. It's just really some of the other legacy ones, like the Teradatas, the Oracles, the Hadoops, right, that we are going to be impacted. And so the claw providers look really good. >> So, the last decade has really brought forth this whole notion of DevOps, infrastructure as code, the whole API economy. And that's the piece we want to jump into now. And there are some real stand-outs here, you know, despite the early data that we showed you, where CIOs are less prone to look at emerging vendors. There are some, for instance, if you bring up the next chart, guys, like Hashi, that really are standing out, aren't they? >> That's right, Dave. So, again, what you're seeing here is you're seeing that bifurcation that we were talking about earlier. There are a lot of infrastructure software vendors that are not positioned well, but if you look at the ones at the top right that are positioned well... We have two kind of things on here, starting with infrastructure automation. We think a winner here is emerging with Terraform. Look all the way up to the right, how well-positioned they are, how many opportunities they're getting. And for the second straight survey now, Terraform is leading along their peers, Chef, Puppet, SaltStack. And they're leading their peers in so many different categories, notably on allocating more spend, which is obviously very important. For Chef, Puppet and SaltStack, which you can see a little bit below, probably a little bit higher than the middle, we are seeing some elevator churn levels. And so, really, Terraform looks like they're kind of separating themselves. And we've got this great quote from the CIO just a few months ago, on why Terraform is likely pulling away, and I'll read it out here quickly. "The Terraform tool creates "an entire infrastructure in a box. "Unlike vendors that use procedural languages, "like Ants, Bull and Chef, "it will show you the infrastructure "in the way you want it to be. "You don't have to worry about "the things that happen underneath." I know some companies where you can put your entire Amazon infrastructure through Terraform. If Amazon disappears, if your availability drops, load balancers, RDS, everything, you just run Terraform and everything will be created in 10 to 15 minutes. So that shows you the power of Terraform and why we think it's ranked better than some of the other vendors. >> Yeah, I think that really does sum it up. And, actually, guys, if you don't mind bringing that chart back up again. So, a point out, so, Mitchell Hashimoto, Hashi, really, I believe I'm correct, talking to Stu about this a little bit, he sort of led the Terraform project, which is an Open Source project, and, to your point, very easy to deploy. Chef, Puppet, Salt, they were largely disrupted by Cloud, because they're designed to automate deployment largely on-prem and DevOps, and now Terraform sort of packages everything up into a platform. So, Hashi actually makes money, and you'll see it on this slide, and things, Vault, which is kind of their security play. You see GitLab on here. That's really application tooling to deploy code. You see Docker containers, you know, Docker, really all about open source, and they've had great adoption, Docker's challenge has always been monetization. You see Turbonomic on here, which is application resource management. You can't go too deep on these things, but it's pretty deep within this sector. But we are comparing different types of companies, but just to give you a sense as to where the momentum is. All right, let's wrap here. So maybe some final thoughts, Sagar, on the Emerging Technology Study, and then what we can expect in the coming month here, on the update in the Technology Spending Intention Study, please. >> Yeah, no problem. One last thing on the zero trust side that has been a big issue that we didn't get to cover, is VPN spend. Our data is pointing that, yes, even though VPN spend did increase the last few months because of remote work, we actually think that people are going to move away from that as they move onto zero trust. So just one last point on that, just in terms of overall thoughts, you know, again, as we cover it, you can see how bifurcated all these spaces are. Really, if we were to go sector by sector by sector, right, storage and block chain and MLAI and all that stuff, you would see there's a few or maybe one or two vendors doing well, and the majority of vendors are not seeing as many opportunities. And so, again, are you work-from-home aligned? Are you the best vendor of all the other emerging providers? And if you fit those two criteria then you will continue seeing POCs and evaluations. And if you don't fit that criteria, unfortunately, you're going to see less opportunities. So think that's really the big takeaway on that. And then, just in terms of next steps, we're already transitioning now to our next Technology Spending Intention Survey. That launched last week. And so, again, we're going to start getting a feel for how CIOs are spending in 2H-20, right, so, for the back half of the year. And our question changes a little bit. We ask them, "How do you plan on spending in the back half year "versus how you actually spent "in the first half of the year, or 1H-20?" So, we're kind of, tighten the screw, so to speak, and really getting an idea of what's spend going to look like in the back half, and we're also going to get some updates as it relates to budget impacts from COVID-19, as well as how vendor-relationships have changed, as well as business impacts, like layoffs and furloughs, and all that stuff. So we have a tremendous amount of data that's going to be coming in the next few weeks, and it should really prepare us for what to see over the summer and into the fall. >> Yeah, very excited, Sagar, to see that. I just wanted to double down on what you said about changes in networking. We've reported with you guys on NPLS networks, shifting to SD-WAN. But even VPN and SD-WAN are being called into question as the internet becomes the new private network. And so lots of changes there. And again, very excited to see updated data, return of post-COVID, as we exit this isolation economy. Really want to point out to folks that this is not a snapshot survey, right? This is an ongoing exercise that ETR runs, and grateful for our partnership with you guys. Check out ETR.plus, that's the ETR website. I publish weekly on Wikibon.com and SiliconANGLE.com. Sagar, thanks so much for coming on. Once again, great to have you. >> Thank you so much, for having me, Dave. I really appreciate it, as always. >> And thank you for watching this episode of theCube Insights, powered by ETR. This Dave Vellante. We'll see you next time. (gentle music)

(upbeat electronic music) >> From the Hard Rock Hotel in Las Vegas, it's theCUBE covering HoshoCon 2018 brought to you by Hosho. >> OK, welcome back everyone. We're live in Las Vegas for HoshoCon. I'm John Furrier, the host of theCUBE. This is the first inaugural security conference around blockchain. Our next guest is John Kirch, who's the Chief Evangelist for Sentinel Protocol. Great to see you, thanks for coming on. Hey, it's great to be here, John. Thank you very much for inviting me. >> I love the shirt, I got my CUBE shirt here. You got your shirt on. Cool crowd here. So, before you get into some of the things you guys are working on, what's the scene here like, for people who aren't here, this is the first ever blockchain security conference around in the industry. What are the type of people that are here? And what's going on? Why is this important? >> Well, that's a really good question. I mean, I can think back and I remember meeting the president of Hosho. For the first time back in New York at Consensus. And he was giving a presentation, and I thought it was fantastic presentation, but we broke ice, we shook hands. And then we bumped into each other again in Soul. And then I was also talking to Tim Draper not too long ago. And Tim said, he was coming out here to Las Vegas to give a presentation. And he is one of our key investors. So we thought, it would be a good idea for us to show up as well. And we believe that many times in trade shows and other types of seminar series, there's too much emphasis on fintech and not on security. And the reason why I say that, is basically in the blockchain crypto world, right now one of the major challenges holding back the growth and the success is the lack of security. Not in a core blockchain technology, but in the Dapps and in the other connected applications. People are getting hacked. And there's different types of hackings, everything from Phishing, to malware, to DNS engine hacking, to smart contracts, web applications, I mean. >> The surface area is large. >> It, many different vectors, and it's complex. Something needs to be done about it in order to unlock the potential of blockchain crypto. >> Yeah, and I also love this event because one, it's, well first of anything is always good because it's present on creation, and you don't know, there might be another one, if it's around the next year or not. But I think this one seems like it's got the right people at it that it would grow. Because, remember. >> Yeah. >> The security is the number one problem, it should be seamless, it's complicated, multiple keys to deal with, multiple chains, never mind in the surface area for hacking. So I think blockchain is going to be a sea-change. We all know that, all tech alpha entrepreneurs are getting that. The complexity around the software is the key. What do you guys, how do you guys look at this? Because you guys are in the business to solve this problem. >> Right. >> What's the answer here? >> Well, we'd look at it from a experience point of view of cybersecurity. What I mean by that is that we have a lot of people on the team that come from companies like Palo Alto Networks, and F5, and Fortinet, I come from Darktrace, and other cybersecurity companies as well. But we'd look at it from the point of view, what did we do in the past, what were the problems, how can we leverage these technologies. What's wrong with the stuff that we did before, and how can we correct those gaps and provide a better product that's more usable, easier to install, and then has the multi-vector analysis capabilities to do the, not just antivirus, for instance, but how about AI, machine learning for detecting new anomalies and behavior or newer threats and attacks, or sandboxing. But how do we solve the problem is really our main focus. >> So I got to ask you question. A lot of people in the industry that are smart or trying to attack this problem, there's two schools of thoughts. We are going to get the software, going to get to the AI, got to do all the stuff over here, and then there's radical view is, Hey, the old model isn't working for blockchain, 'cause it's a different architecture, it's decentralized, so you can't just take network protocol stacks and say, Hey this is your security stack in the old network model to decentralize. So it needs a redo. >> Right. >> A refresh or a do-over. >> Right, right. >> So, this is, seems to be tension that's productive but still contentious. >> Right. >> What's the answer, because your old Juniper, Cisco switches might not be the perimeter-based firewall model, >> I'd love that question. >> We need a do-over or not? >> So, we are the world's first crowdsourced threat intelligence platform. I didn't say product, I said platform. And that means multiple various different types of products on our platform, but in addition to that, one of the biggest problems today is the need to update. Let's say, if you're looking at things from an antivirus point of view, if you haven't updated your database, your system, then you've got vulnerabilities that you haven't addressed. And so we don't need to be updated. Our system is running on a decentralized blockchain, and therefore is connected to APIs, to different types of endpoints. We are platform-agnostic, so we could connect to IoT-type devices or, you know, other types of, mobile telephones, or to PCs, servers, and so on. And, by having this collective cybersecurity intelligence, by definition, that means we have a richer, wider database of more information, than if you license a product from, let's say, any one of the antivirus vendors. You get that company's intelligence and support services only. But we're doing it, where we're taking company A plus B, plus C, plus this white hat hacker, plus this individual here, and we're, basically, combining all that together and offering it to our clients. >> And so, is it the single source of truth or knowledge around trust, how's the trust factor come in. 'Cause, if I'm a company I want to know that everything I'm running is updated. I want to know what it is first, and then it's updated. >> And you know, in this decentralized trustless world, there is, from our point of view, a need for an organization that can be trusted by people who have been hacked or experienced suspicious activity. So, we are addressing that, so we have a team of people called the Sentinels, and they are tested and certified by our internal cybersecurity experts, as having the capabilities and the knowledge and experience to contribute. And when those people make contributions, in terms of cybersecurity intelligence, we award them with points, and those points can be converted to fiat or into other crypto tokens. >> So you're tokenizing the contribution. >> We are. >> Relative to the crowdsourcing. >> Exactly. >> So this is like CrowdStrike, or is it different? >> Oh, it's different, I think, from CrowdStrike, because CrowdStrike, while it's a very good company and very good product, what we're doing is that we're combining blacklist with whitelist and we're providing the reporting service. And so, and we're running it on a blockchain, and the blockchain has certain elements that are very very good in terms immutability, or a very high type of resilience factor, or traceability, and so we're really taking our product and focusing it on the blockchain crypto world, but quite frankly, what we're building, because we're utilizing the technology in the optimal manner, it is also applicable to the conventional cybersecurity world too. And I expect that it'll be very commonly used there tomorrow. >> So, it's portable in the sense of the function. You can actually bring this to the class of cybersecurity, known detection type identification. >> I could be using it for Goldman Sachs or Bank of America, or, let's say, this hotel. >> Some of the global cybersecurity landscape, how would you, you know, if someone's putting their toe in the water for the first time. You're obviously in the trenches doing cutting edge work, certainly folks in Washington, D.C., around the world, have cyber conversations, from general Keith Alexander, there's new companies got some interesting things going on there. To kind of grokking it, what's so this, there's crowdsourcing, how would you brake up the cybersecurity market, 'cause cyber intelligence is a big part of regional cloud deployments now, Amazon's going to have a region in the Middle East. I'm sure they got their DNS monitored well. But you have network points and you have software running on them. How is the market sliced up? Is there categories, like, that are cleanly defined? How do you view that? >> Well, you know, I look at things from a point of view of having started in the cybersecurity world, John, back in 1998. And that was when I introduced the company called WatchGuard to the Japanese market, and also did that in Korea as well. But we pioneered the use of Linux appliances. Would you believe that? (John laughing) And we also pioneered managed security services. And so, one of the things that I learned over time as the cybersecurity world increased in complexity, I mean, back there it was easy, all you needed was an antivirus and you needed network firewall. >> And you had proprietary software too, open source wasn't as prevalent. >> Exactly, but things keep on getting ratcheted up, the complexity factor is growing. And now we look at cybersecurity and there are so many different types of products and services. And so it really comes down to understanding the security policy of the end user, of the organization or the individual. What type of PC they're using? Is it IBM, is it Apple? For them putting together a security policy and then bringing in different types of products that, basically, help that individual or that organization to satisfy that policy. And then tuning that over time. Most people don't think about that part, but the tuning process is also very important. So, and then educating people too, so. >> What's a number one industry problem that industry needs to solve as an industry, and then, what is the biggest concern that end users or organizations will have? Well, I think that biggest problem out there right now that hasn't been solved, is what's going on in front of our very eyes, this, the hacking of these exchanges and wallets. I mean, those organizations have lost now over three billion dollars, cumulative over the past few years, and then over one billion dollars this year. I mean, that's a lot of money. >> It's a lot of cash. >> And somebody needs to do something. >> And nobody knows where it goes, I mean, >> Well, actually we do know where it goes. Because, actually, that's the video I wanted to show today after my presentation, but there just wasn't enough time. We analyzed the Zaif hacking that happened just a few weeks ago. >> How much did they take? >> It was about 60 million dollars. But we analyzed that, and using crowdsourced information, we analyzed the transactions and so forth, and we found, believe it or not, that a large portion of those stolen Bitcoins were washed and went through Binance, the world's largest crypto exchange. And so, if they utilized our technology, to understand that the coins that are going through them were stolen, we would do a lot to increase the cost factor for monetizing stolen Bitcoins, we would help Binance to protect themselves. >> So the laundering of the coins, >> Yes. >> You could, basically, put a penalty on that, or >> Well, I don't look at it from a penalty point of view. I look at it from the point of view of helping people to make transactions that are kosher, that meet with their corporate policy, that comply with law, that enable them to ensure, that what they are doing is correct. >> So, you tracked the address, how do you know they are being washed, from that specific >> We, basically, track the addresses, we were able to track the addresses and I can show you a video later, if you like to, where we did just that. >> Yeah, I would like to get a copy of that. >> And the information, this is on the blockchain, show that the coins went through Binance. >> So, meaning the old classic IT operations, you always had the network management's piece, this is, again, can be a big part of traceability and accountability piece of it. >> Correct. >> This is important. >> Yeah, in fact, you know, it's really important that when you think about this world. For instance, if I were to give you five dollars. >> Thanks. >> And you were to get ripped off, and somebody took that five dollars from you, how would, John, how would you trace that five dollars? >> I would track the guy around that had stole it, find out where it is, but if I don't know who's took it, then... >> If you went to the police and ask them for help, do you think they could help you analyze and trace that and audit? >> Well, in San Francisco they break into cars and just take whatever they want. The police don't even show up. >> Right, but that's relying on luck, do you know, did he open the right car, >> I wouldn't. I wouldn't know who had this. >> But, you know, that's one of the great things is that with the blockchain technology, if you use it correctly, you can trace, many times, not all the time. But it does offer us very... >> 'Cause there's a digital footprint. >> Yeah. >> There's definitely a traceability aspect. >> And that's one of the nice advantages. So, I'd rather give you Bitcoin than the five-dollar bill. >> Yeah, I'll take the Bitcoin, it probably is worth more than the five. Money is going away, paper money, I don't now have a need for. Talk about the aspect of Bitcoin in cryptocurrency, as it relates to the funding of security attacks, because that's been a big concern, people trying to figure that out. Have you guys made any progress on tracking the funding, the underground funding for security attacks. >> Well, when you think about it, and when you think about the funding of security attacks, it's now teams, and a lot of these teams are very well trained and educated. >> And they're making some good money too. >> Yeah, and so they're making good money, they've monetized this. And all it takes is one time that they break in. And, so, once they break in, and you're compromised, so you have to defend every every time, and do it well, but they only need to break in once. But in terms of that, >> One bad day. >> The one bad day. >> One bad second. >> And your company's gone. >> Yeah. >> But the funding of these endeavors is getting more and more sophisticated, the money involved is becoming much much more bigger, and we need to ratchet up our defenses, so that we can provide an adequate response. >> So, what is the answer for me, let's just say, hypothetically, you know, I get, you know, 50 million in Bitcoin for theCUBE bank, for our community, and going to use that Bitcoin to have people have flourish with content, and I got to store it somewhere. >> Yeah. >> What do I do? >> Well. >> What's my answer? Do I call Binance and say, Hey if you going to wash and launder that, I might as well put it with you, because if you're the home for all the money. >> Well, I think that the optimal solution is to get it off the network, put it into a cold wallet, and safeguard that private key in a way that is very very secure. Do not leave it, you know, on your PC, don't tape it to your screen, but basically safeguard that privat key very well. Put it into a deposit box at a bank, that might be a good idea. >> Or multiple deposit boxes spread across. >> Yeah. >> With instructions, in case, >> But don't leave it, don't leave it in your wallet >> Yeah. >> And don't leave it on, writing on the chalkboard either, above your desk. >> Yeah (chuckling). >> But, I mean, basically, >> Or don't write it down where the surveillance cameras watching you write it down. >> And you might want to use a multisig wallet as well, and that will also increase the security as well. >> All right, well, what's the story with you guys? Give us a quick update on the Sentinel Protocol, the company. How big are you guys? You mentioned Draper funded you guys. What's the status? >> Well, you know, we started earlier this year, back in January, and now we have 30 security professionals, our headquarters are in Singapore, we have another big office up in Seoul, Korea, we have a third office in Tokyo. We now have over 42 partners. I'm very proud to say that we've got, amongst those partners, at least 10 exchanges and wallets signed on with us directly, that are very interested in using our technology, integrated into their applications. >> Yeah. >> And so, >> And why they work with you, for a hedge, for security, for insurance, what's the rationale? It's forensics, for data, what's the value for them? >> Once they've been hacked, it's pretty hard to recover. A lot of these companies that are hacked, in fact, it ends with the company closing, or being sold. So, basically, what they're trying to do is leverage our security to detect the threats and the attacks, you know, in a proactive online manner before they get damaged. And then, by doing that, they can enhance their branding, that's services they're providing to their clients, and they can also help to maximize the stability and growth of their organization, as well as, >> It's a heat shield. >> The future life. >> It's a shield for them. >> It's a shield, yes. >> So they're being proactive on the security front. >> Exactly. >> So minimize any damages that potentially could get through. >> You know, right now, John, unfortunately, if you get hacked, it's a wild, wild West, it's every man up to himself. >> Yeah, it's a total stage coach. >> Nobody's going to help you. >> With the mask on, no one knows who it is. You got to do some sort of real forensics and get lucky. >> Yeah. >> Sounds like it's hit or miss, right? >> Yeah, if you get lucky, you're a lucky man, I'll tell you, because most of the people out there are not getting lucky. >> Yeah. So, we're working together with our partners to, basically, solve this problem. >> And how much money did you guys raise? >> We raised approximately eight million dollars, but it was 25,000 Ethereum. >> OK, congratulations. >> Not at all, thank you very much. >> Well thanks for coming on. Great to meet you last night at dinner. Security is at the top of the agenda. We are here, this is theCUBE coverage, part of our ongoing 2018 blockchain cryptocurrency, now digital money coverage. Of course, as you know, we've been covering Bitcoin and blockchain on our blog since 2011, and more coverage here at HoshoCon, the first security conference dedicated to discuss security on the blockchain and the new digital assets that is now money. I'm John Furrier, stay with us for more after this short break. (upbeat electronic music)

(triumphant music) >> Hello and welcome to a special CUBE Conversation, exclusive content here in Palo Alto Studios, I'm John Furrier, the co-founder of SiliconANGLE Media, and cohost of theCUBE. We have exclusive news with Vectra Networks announcing new funding, new R and D facility. I'm here with the president and CEO, Hitesh Sheth, who's the president and CEO. Welcome to theCUBE Conversation, congratulations. >> Thank you John. glad to be here. >> So you've got some big news. >> Vectra Networks, you guys doing some pretty cool stuff with AI and cyber. >> Correct. >> But it's not just software, it's really kind of changing the game with IT operations, the entire Cloud movement, DevOps automations, all impacting the enterprise. >> Hitesh: Yes. >> And other companies. >> Hitesh: Yes. >> Before we dig into some of the exclusive news you guys have, take a minute to talk about, what is Vectra? What is Vectra Networks? >> Maybe it'd be useful to give you context of the way we see the security industry evolving. And if you think about the last 20 years, and if you were to speak to the security person in an enterprise, their primary concern would be around access banishment, who gets in, who gets out. The firewall industry was born to solve this problem. And you know, in many ways its been a gift that's kept on giving. You know, you've got companies with multi-billion dollar evaluations, Palo Alto, Checkpoint, Fortinet, you know, piece of Cisco, etc, right? There's roughly about 40 billion dollars on the market cap sitting in this industry today. Now, if you go back to the same enterprise today, and you look at the next 5-10 years and you ask them, "What is the number one issue that you care about?" Right? It's no longer who's getting in and out from an access policy standpoint, it's all about threat, management, and mitigation. So, the threat's signal is now the most important commodity inside the enterprise and the pervasive challenge for the customer, the enterprise customer, is, "How do I get my hands on this threat's signal in the most efficient way possible?" And we, at Vectra, are all about automating and helping our customers hunt for advanced cyber attacks using artificial intelligence. >> Where did you get the idea of AI's automation? I've always said in theCUBE, "Oh, AI's a bunch of b.s. Because real true AI is there. But again, AI is really kind of growing out of machine learning. >> Hitesh: Right >> Automating, and so this kind of loose definition but certainly is very sexy right now. People love AI. >> Hitesh: Correct. >> I mean, AI is awesome. But at a practical matter, it seems to be very important for good things, also for the enterprise, where'd you get the idea for using AI for cyber? >> Well, you know, I would go back to in my journey intersection with the notion of using AI for cyber security, Back in about 2010, there are major cyber events reported in the press. At that time, I was in the networking sector and in the networking sector, we all looked at it and said, "You know, we can do something about this," and being good networking company is, we thought we would build chips that would do DPI and do packet inspection. It was, too be blunt, old school thinking, okay? Fast forward to 2012 and I was sitting with Vinod Khosla of Khosla ventures and we were talking about the notion of security. How can you transform security dramatically >> Mhmm. >> Hitesh: And this is when we started talking about using artificial intelligence. It was very nascent and frankly, if you went up and down Sand Hill at that time, you know, most of the venture companies would have- and they did, because we were raising money at the time, they would look at us and said, "You guys are nuts. This is just not going to happen." You know, it's very experimental, it would take forever to come to pass. But that's usually the best time to go and build a new business and take a risk, right? And we said, you know what, AI has matured enough. >> By the way, at that time, they were also poo-pooing the Cloud. >> Absolutely. >> Amazon will be nothing. >> Yeah, exactly. Generally, a good time, a good time to go and do something revolutionary. But, here are the other things to know. Not only had the technology around AI and its applicability had advanced enough, but two other things have happened at the same time. The cost of compute had changed dramatically. The cost of storage had changed dramatically. And ultimately, if AI is going to be efficient, not only is the software got to be good, but the computer's got to be valid as well. Storage got to be valid as well. These three things were really coming together on their timeframe. >> Well, what's interesting, let's dig into that for a second because knowing what the scene was with networking at the time, you said, "old thinking," but the state of the art, you know, In the 90's and 2000's was, hardware got advanced, so you had wire speed capability. So, you can do some cool things like, you know, like still move through the network and do some inspection. >> Hitesh: Correct. >> And you said DPACK is recommended But that's the concept of looking at the data. >> Hitesh: That's correct. >> John: So, okay, now they might have been narrow view so now you take it back >> Hitesh: Yes. >> With AI, am I getting it right? You're thinking of zooming out saying, okay, >> Hitesh: A couple of things. >> You find that notion of inspection of data >> Right. >> With more storage, more compute >> But it comes down to also, you know, what data are you looking at, right? When you had wire spec in booties, you would apply your classic signature based approaches. So you could deal with known attacks, right? What is really happening, like 2011-2012 onwards is, the attack landscape is more stored dramatically. It changes so fast that the approach of just dealing with the known was never going to be enough. >> Yeah. >> So, how do you deal with the unknown? You need software that can learn. You need software that can adapt on the fly. And this is where machine learning comes into play. >> You got to assume everyone's a bad actor at that point. >> You got to assume everybody has been infiltrated in some way or fashion. >> Well, the Cloud, certainly, you guys were on the front end, kind of probably thought we're crazy with other VC's, you mentioned that. But at the time, I do remember when Cloud was kind of looked at as just nonsense. >> Yeah >> But if you then go look at what that impact has been, you're in the right side of history, congratulations,. What really happened? When was the C change? You mentioned 2012, was that because of the overall threat landscape change? Was that because of open source? Was that because of new state sponsored threats? >> Hitesh: Yeah. A couple things. >> What was the key flash point? >> Hitesh: A couple of things. We saw, at the time, that there was an emerging class of threats in the marketplace being sponsored by either state actors but we also saw that there was significant funding going into creating organized entities that were going to go and hack large enterprises. >> John: Not state sponsored directly, state sponsored, kind of, you know, >> On the side. >> Yeah, on the side. >> Let's call them, "For Profit Entities," okay? >> Sounds like Equifax to me. (laughter) >> That's a good point. And we saw that happening. Trend two was, there were enough public on the record, hacks are getting reported, right? Sony would be a really good example at the time. But just as fundamentally, it's not just enough that there's a market. The technology has got to be sufficiently ready to be transformative, and this is the whole point around what we saw in compute and storage and the fact that there was enough advancement in the machine learning itself that it was worth taking a risk and experimenting to see what's going to happen. And in our journey, I can tell you, it took us about 18 months, really, to kind of tune what we were doing because we tried and we failed for 18 months before we kind of came to an answer that was actually going to gel and work for the customers. >> And what's interesting is having a pattern oriented to look for the unknown >> Hitesh: Yeah >> Because it's, you know, in the old days was, "Hey, here's a bunch of threats, look for'em and be prepared to deploy." Here, you got to deal with a couple of the unknown potentially attack. But also I would say that we've observed the surface areas increased. So, you mention Checkpoint in these firewalls. >> Hitesh: Yes. Absolutely. >> Those are perimeter based security models. So you got a perimeter based environment. >> Hitesh: Correct. >> Everyday. >> Hitesh: And you got IOT. >> IOT. So it's a hacker's dream. >> It's absolutely. The way I like to think about it is you got an end by end probatational issue. You got an infinite possible, if you're a hacker, you're absolutely right, it's Nirvana. You've got endless opportunities to break into the enterprise today. It's just going to get better. It's absolutely going to get better for them. >> John: Well, let's get to the hard news. You guys have an announcement. You've got new funding >> Hitesh: Yeah. >> And an R and D facility, in your words, what is the announcement? Share the data. >> We're really excited to announced that we have raised closed a round of 36 million dollars, Series D funding, it's being led by Atlantic Bridge, they are a growth fund, and they've got significant European roots, and in addition to Atlantic Bridge, we're bringing on board two new investors, two additional investors. The Ireland's Strategic Investment Fund, number one, effectively the sovereign fund of Ireland, and then secondly, Nissho Electronics of Japan. This is going to bring our double funding to 123 millions dollars, today. What we're going to be using this funds for is to find things with. One is the classic expansion of sales and marketing. I think we've had very significance success in our business. From 2016 to 2017, our business grew 181% year end year, subscription based, all subscription revenue. So, we're going to use this, this new fuel, to drive business growth, but just as important, we're going to drive our needs growth significantly. And as part of this new funding, we are opening up a brand new R & D center in Dublin, Ireland. This is our fourth R & D center. We've got one here in San Jose, California. We've got one in Austin, Texas, Cambridge, Massachusetts, and so this is number four. >> John: So, you hired some really smart people. How many engineers do you guys have? >> So, we are about a 140% company, roughly half the company is in R and D. >> I see a lot of engineering going on and you need it, too. So let's talk about competitors. Darktrace is out there, heavily funded companies, >> Hitesh: Yes. >> Their competitor, how do you compare against the competition and why do you think you'll be winning? >> I can tell you, statistically, whether it is Darktrace or we run into barcoding with Cisco as well. We win into large enterprise. We win 90% of the time. [Overlapping Conversation] >> It's actually correct. And I'll describe to you why is it that we win. We look at people like Darktrace and there are other smaller players in the marketplace as well And I'll tell you one thing fundamentally true about the competitive landscape and that differentiates us. AI is on everybody's lips nowadays, right? As you pointed out. But what is generally true for most companies doing AI and I think this is true for our competition as well, it tends to be human augmented AI. It's not really AI, right? This is sort of like the Wizard of Oz, you know, somebody behind the curtain actually doing the work and that ultimately does not deliver the promise of AI and automation to the customer. The one thing we have been very - >> John: They're using AI to cover up essentially manual business models for all people added, is that what you're saying? >> Hitesh: That's correct. Effectively, it's still people oriented answer for the customer and if AI is really true, then automation has got to be the forefront and if automation is really going to be true, then the user experience of the software has got to be second to none >> John: So, I know Mike Lynch is on the board of that company, Darktrace, he was indicted or charged with fraud to front for HP for billions of dollars. So, is he involved? Is he a figurehead? How does he relate to that? >> I think you should talk to Mike. You should put him in this chair and have this conversation. I recommend it, that would be great. >> John: I don't think he'd come on. >> But my understanding is that he has a very heavy hand in the reign of Darktrace. Darktrace, if you go to their website, so this is all public data, if you look at their management chain, this is all Autonomy people. What that means, respect to how Autonomy was running and how Vectra is being run, is for them to speak about, what I can tell you is that, when we meet them competitively, we meet other competitors. >> John: I mean, if I'm a customer, I would have a lot of fear and certainty in doubt to work with an Autonomy led because they had such a head fake with the HP deal and how they handled that software and just software stack wasn't that great either. So, I mean, I would be concerned about that. [Overlapping Discussion] >> History may be repeating itself. >> Okay, so you won't answer the question. Okay, well, let's get back to Vectra. Some interesting, notable things I discovered was, you guys had been observing what's been reported in the press with the Olympics. >> Hitesh: Correct. >> You have information and insight on what's going on with the Olympics. Apparently, they were hacked. Obviously, it's in Korea, so it's Asia, there's no DNS that doesn't have certificates that have been hacked or whatever so, I mean, what's going on in South Korea with the Olympics? What's the impact? What's the data? >> Hitesh: Well, I'm going to think, what is really remarkable is that, despite the history of different kinds of attacks, Equifax, what have you, nation state events, political elections getting impacted and so forth, once again, a very public event. We have had a massive breach and they've been able to infiltrate their systems and the remarkable thing is they- >> John: There's proof on this? >> There's proof on this. This is in the press. There's no secret data in our part, which is, this very much out there, in the public arena, they have been sitting in the infrastructure of the Olympics, in Korea, for months and the remarkable thing is, why were they able to get in? Well, I can tell you, I'm pretty sure that the approach to security that these people took is no different than the approach of security most enterprises take. Right? The thing that should really concern us all is that they chose to attack, they chose to infiltrate, but they actually paused before really fundamentally damaging the infrastructure. It goes to show you that they are demonstrating control. I can come in. I can do what I want for as long as I want. I can stop when I want. >> John: They were undetected. >> They were undetected. Absolutely. >> John: And they realized that these attacks reflected that. >> Absolutely. And given the fact there seems to be a recent trend of going after public events, we have many other such public events coming to bear. >> How would you guys have helped? >> The way we would help them, most fundamentally is that, look, here's the fundamental reality, there are, as we've discussed just a second ago, there are infinite options as to break in, into the infrastructure, but once you're in, right? For people like you and I, who are networking people, you're on our turf and the things you can do inside the network are actually very visible. They're very visible, right? It's like somebody breaking through your door, once they get in, their footprints are everywhere, right? And if you had the ability to get your hands on those footprints, right? You can actually contain the attack at- as close to real time as possible, before any real damage is done. >> But then we're going to see where the action is, no doubt about it, you can actually roll that data up and that's where the computer- >> And then you could apply machine learning. You can extract the data, look at the network, extract the right data out of it, apply machine learning or AI and you can get your hands on the attack well before it does any real damage. >> John: And so to your point, if I get this right, if I hear ya properly, computers are much stronger now. >> Hitesh: Correct. >> And with software and AI techniques, you can move on this data quickly. >> Hitesh: Correct. But you have got to, you've got to have a fundamental mindset shift, which is, "I'm not in the business of stopping attacks anymore, I should try, but I recognize I will be breached every single time. So, then, I better have the mechanisms and the means to catch the attack once it's in my environment." And that mindset shift is not pervasive. I am 1,000% sure at the Olympics that people designed the security search have said, "We can stop this stuff, don't worry about it." You had that taught differently that would not be in this position today. >> This is the problem. In all society, whether it's a shooting at a school or Olympic hack event, the role of data is super critical. That's the focus, thanks for coming on and sharing the exclusive news at theCUBE with exclusive coverage of the breaking news of the new round of funding for Vectra Networks. I'm John Furrier. Thanks for watching. >> Hitesh: Thank you, John. (triumphant music)