>> Narrator: theCUBE's live coverage is made possible by funding from Dell Technologies, creating technologies that drive human progress. (bright upbeat music plays) >> Welcome back to Barcelona, everybody. You're watching theCUBE's coverage of MWC '23, my name is Dave Vellante. Just left a meeting with the CEO of Cisco, Chuck Robbins, to meet with Jeetu Patel, who's our Executive Vice President and General Manager of security and collaboration at Cisco. Good to see you. >> You never leave a meeting with Chuck Robbins to meet with Jeetu Patel. >> Well, I did. >> That's a bad idea. >> Walked right out. I said, hey, I got an interview to do, right? So, and I'm excited about this. Thanks so much for coming on. >> Thank you for having me. It's a pleasure. >> So, I mean you run such an important part of the business. I mean, obviously the collaboration business but also security. So many changes going on in the security market. Maybe we could start there. I mean, there hasn't been a ton of security talk here Jeetu, because I think it's almost assumed. It was 45 minutes into the keynote yesterday before anybody even mentioned security. >> Huh. >> Right? And so, but it's the most important topic in the enterprise IT world. And obviously is important here. So why is it you think that it's not the first topic that people mention. >> You know, it's a complicated subject area and it's intimidating. And actually that's one of the things that the industry screwed up on. Where we need to simplify security so it actually gets to be relatable for every person on the planet. But, if you think about what's happening in security, it's not just important for business it's critical infrastructure that if you had a breach, you know lives are cost now. Because hospitals could go down, your water supply could go down, your electricity could go down. And so it's one of these things that we have to take pretty seriously. And, it's 51% of all breaches happen because of negligence, not because of malicious intent. >> It's that low. Interesting. I always- >> Someone else told me the same thing, that they though it'd be higher, yeah. >> I always say bad user behavior is going to trump good security every time. >> Every single time. >> You can't beat it. But, you know, it's funny- >> Jeetu: Every single time. >> Back, the earlier part of last decade, you could see that security was becoming a board level issue. It became, it was on the agenda every quarter. And, I remember doing some research at the time, and I asked, I was interviewing Robert Gates, former Defense Secretary, and I asked him, yeah, but we're getting attacked but don't we have the best offense? Can't we have the best technology? He said, yeah but we have so much critical infrastructure the risks to United States are higher. So we have to be careful about how we use security as an offensive weapon, you know? And now you're seeing the future of war involves security and what's going on in Ukraine. It's a whole different ballgame. >> It is, and the scales always tip towards the adversary, not towards the defender, because you have to be right every single time. They have to be right once. >> Yeah. And, to the other point, about bad user behavior. It's going now beyond the board level, to it's everybody's responsibility. >> That's right. >> And everybody's sort of aware of it, everybody's been hacked. And, that's where it being such a complicated topic is problematic. >> It is, and it's actually, what got us this far will not get us to where we need to get to if we don't simplify security radically. You know? The experience has to be almost invisible. And what used to be the case was sophistication had to get to a certain level, for efficacy to go up. But now, that sophistication has turned to complexity. And there's an inverse relationship between complexity and efficacy. So the simpler you make security, the more effective it gets. And so I'll give you an example. We have this great kind of innovation we've done around passwordless, right? Everyone hates passwords. You shouldn't have passwords in 2023. But, when you get to passwordless security, not only do you reduce a whole lot of friction for the user, you actually make the system safer. And that's what you need to do, is you have to make it simpler while making it more effective. And, I think that's what the future is going to hold. >> Yeah, and CISOs tell me that they're, you know zero trust before the pandemic was like, yeah, yeah zero trust. And now it's like a mandate. >> Yeah. >> Every CISO you talk to says, yes we're implementing a zero trust architecture. And a big part of that is that, if they can confirm zero trust, they can get to market a lot faster with revenue generating or critical projects. And many projects as we know are being pushed back, >> Yeah. >> you know? 'Cause of the macro. But, projects that drive revenue and value they want to accelerate, and a zero trust confirmation allows people to rubber stamp it and go faster. >> And the whole concept of zero trust is least privileged access, right? But what we want to make sure that we get to is continuous assessment of least privileged access, not just a one time at login. >> Dave: 'Cause things change so frequently. >> So, for example, if you happen to be someone that's logged into the system and now you start doing some anomalous behavior that doesn't sound like Dave, we want to be able to intercept, not just do it at the time that you're authenticating Dave to come in. >> So you guys got a good business. I mentioned the macro before. >> Yeah. >> The big theme is consolidating redundant vendors. So a company with a portfolio like Cisco's obviously has an advantage there. You know, you guys had great earnings. Palo Alto is another company that can consolidate. Tom Gillis, great pickup. Guy's amazing, you know? >> Love Tom. >> Great respect. Just had a little webinar session with him, where he was geeking out with the analyst and so- >> Yeah, yeah. >> Learned a lot there. Now you guys have some news, at the event event with Mercedes? >> We do. >> Take us through that, and I want to get your take on hybrid work and what's happening there. But what's going on with Mercedes? >> Yeah so look, it all actually stems from the hybrid work story, which is the future is going to be hybrid, people are going to work in mixed mode. Sometimes you'll be in the office, sometimes at home, sometimes somewhere in the middle. One of the places that people are working more and more from is their cars. And connected cars are getting to be a reality. And in fact, cars sometimes become an extension of your home office. And many a times I have found myself in a parking lot, because I didn't have enough time to get home and I was in a parking lot taking a conference call. And so we've made that section easier, because we have now partnered with Mercedes. And they aren't the first partner, but they're a very important partner where we are going to have Webex available, through the connected car, natively in Mercedes. >> Ah, okay. So I could take a call, I can do it all the time. I find good service, pull over, got to take the meeting. >> Yeah. >> I don't want to be driving. I got to concentrate. >> That's right. >> You know, or sometimes, I'll have the picture on and it's not good. >> That's right. >> Okay, so it'll be through the console, and all through the internet? >> It'll be through the console. And many people ask me like, how's safety going to work over that? Because you don't want to do video calls while you're driving. Exactly right. So when you're driving, the video automatically turns off. And you'll have audio going on, just like a conference call. But the moment you stop and put it in park, you can have video turned on. >> Now, of course the whole hybrid work trend, we, seems like a long time ago but it doesn't, you know? And it's really changed the security dynamic as well, didn't it? >> It has, it has. >> I mean, immediately you had to go protect new endpoints. And those changes, I felt at the time, were permanent. And I think it's still the case, but there's an equilibrium now happening. People as they come back to the office, you see a number of companies are mandating back to work. Maybe the central offices, or the headquarters, were underfunded. So what's going on out there in terms of that balance? >> Well firstly, there's no unanimous consensus on the way that the future is going to be, except that it's going to be hybrid. And the reason I say that is some companies mandate two days a week, some companies mandate five days a week, some companies don't mandate at all. Some companies are completely remote. But whatever way you go, you want to make sure that regardless of where you're working from, people can have an inclusive experience. You know? And, when they have that experience, you want to be able to work from a managed device or an unmanaged device, from a corporate network or from a Starbucks, from on the road or stationary. And whenever you do any of those things, we want to make sure that security is always handled, and you don't have to worry about that. And so the way that we say it is the company that created the VPN, which is Cisco, is the one that's going to kill it. Because what we'll do is we'll make it simple enough so that you don't, you as a user, never have to worry about what connection you're going to use to dial in to what app. You will have one, seamless way to dial into any application, public application, private application, or directly to the internet. >> Yeah, I got a love, hate with my VPN. I mean, it's protecting me, but it's in the way a lot. >> It's going to be simple as ever. >> Do you have kids? >> I do, I have a 12 year old daughter. >> Okay, so not quite high school age yet. She will be shortly. >> No, but she's already, I'm not looking forward to high school days, because she has a very, very strong sense of debate and she wins 90% of the arguments. >> So when my kids were that age, I've got four kids, but the local high school banned Wikipedia, they can't use Wikipedia for research. Many colleges, I presume high schools as well, they're banning Chat GPT, can't use it. Now at the same time, I saw recently on Medium a Wharton school professor said he's mandating Chat GPT to teach his students how to prompt in progressively more sophisticated prompts, because the future is interacting with machines. You know, they say in five years we're all going to be interacting in some way, shape, or form with AI. Maybe we already are. What's the intersection between AI and security? >> So a couple very, very consequential things. So firstly on Chat GPT, the next generation skill is going to be to learn how to go out and have the right questions to ask, which is the prompt revolution that we see going on right now. But if you think about what's happening in security, and there's a few areas which are, firstly 3,500 hundred vendors in this space. On average, most companies have 50 to 70 vendors in security. Not a single vendor owns more than 10% of the market. You take out a couple vendors, no one owns more than 5%. Highly fractured market. That's a problem. Because it's untenable for companies to go out and manage 70 policy engines. And going out and making sure that there's no contention. So as you move forward, one of the things that Chat GPT will be really good for is it's fundamentally going to change user experiences, for how software gets built. Because rather than it being point and click, it's going to be I'm going to provide an instruction and it's going to tell me what to do in natural language. Imagine Dave, when you joined a company if someone said, hey give Dave all the permissions that he needs as a direct report to Chuck. And instantly you would get all of the permissions. And it would actually show up in a screen that says, do you approve? And if you hit approve, you're done. The interfaces of the future will get more natural language kind of dominated. The other area that you'll see is the sophistication of attacks and the surface area of attacks is increasing quite exponentially. And we no longer can handle this with human scale. You have to handle it in machine scale. So detecting breaches, making sure that you can effectively and quickly respond in real time to the breaches, and remediate those breaches, is all going to happen through AI and machine learning. >> So, I agree. I mean, just like Amazon turned the data center into an API, I think we're now going to be interfacing with technology through human language. >> That's right. >> I mean I think it's a really interesting point you're making. Now, from a security standpoint as well, I mean, the state of the art today in my email is be careful, this person's outside your organization. I'm like, yeah I know. So it's a good warning sign, but it's really not automated in any way. So two part question. One is, can AI help? You know, with the phishing, obviously it can, but the bad guys have AI too. >> Yeah. >> And they're probably going to be smarter than I am about using it. >> Yeah, and by the way, Talos is our kind of threat detection and response >> Yes. >> kind of engine. And, they had a great kind of piece that came out recently where they talked about this, where Chat GPT, there is going to be more sophistication of the folks that are the bad actors, the adversaries in using Chat GPT to have more sophisticated phishing attacks. But today it's not something that is fundamentally something that we can't handle just yet. But you still need to do the basic hygiene. That's more important. Over time, what you will see is attacks will get more bespoke. And in order, they'll get more sophisticated. And, you will need to have better mechanisms to know that this was actually not a human being writing that to you, but it was actually a machine pretending to be a human being writing something to you. And that you'll have to be more clever about it. >> Oh interesting. >> And so, you will see attacks get more bespoke and we'll have to get smarter and smarter about it. >> The other thing I wanted to ask you before we close is you're right on. I mean you take the top security vendors and they got a single digit market share. And it's like it's untenable for organizations, just far too many tools. We have a partner at ETR, they do quarterly survey research and one of the things they do is survey emerging technology companies. And when we look at in the security sector just the number of emerging technology companies that are focused on cybersecurity is as many as there are out there already. And so, there's got to be consolidation. Maybe that's through M & A. I mean, what do you think happens? Are company's going to go out of business? There's going to be a lot of M & A? You've seen a lot of companies go private. You know, the big PE companies are sucking up all these security companies and may be ready to spit 'em out and go back public. How do you see the landscape? You guys are obviously an inquisitive company. What are your thoughts on that? >> I think there will be a little bit of everything. But the biggest change that you'll see is a shift that's going to happen with an integrated platform, rather than point solution vendors. So what's going to happen is the market's going to consolidate towards very few, less than a half a dozen, integrated platforms. We believe Cisco is going to be one. Microsoft will be one. There'll be others over there. But these, this platform will essentially be able to provide a unified kind of policy engine across a multitude of different services to protect multiple different entities within the organization. And, what we found is that platform will also be something that'll provide, through APIs, the ability for third parties to be able to get their technology incorporated in, and their telemetry ingested. So we certainly intend to do that. We don't believe, we are not arrogant enough to think that every single new innovation will be built by us. When there's someone else who has built that, we want to make sure that we can ingest that telemetry as well, because the real enemy is not the competitor. The real enemy is the adversary. And we all have to get together, so that we can keep humanity safe. >> Do you think there's been enough collaboration in the industry? I mean- >> Jeetu: Not nearly enough. >> We've seen companies, security companies try to monetize private data before, instead of maybe sharing it with competitors. And so I think the industry can do better there. >> Well I think the industry can do better. And we have this concept called the security poverty line. And the security poverty line is the companies that fall below the security poverty line don't have either the influence or the resources or the know how to keep themselves safe. And when they go unsafe, everyone else that communicates with them also gets that exposure. So it is in our collective interest for all of us to make sure that we come together. And, even if Palo Alto might be a competitor of ours, we want to make sure that we invite them to say, let's make sure that we can actually exchange telemetry between our companies. And we'll continue to do that with as many companies that are out there, because actually that's better for the market, that's better for the world. >> The enemy of the enemy is my friend, kind of thing. >> That's right. >> Now, as it relates to, because you're right. I mean I, I see companies coming up, oh, we do IOT security. I'm like, okay, but what about cloud security? Do you that too? Oh no, that's somebody else. But, so that's another stove pipe. >> That's a huge, huge advantage of coming with someone like Cisco. Because we actually have the entire spectrum, and the broadest portfolio in the industry of anyone else. From the user, to the device, to the network, to the applications, we provide the entire end-to-end story for security, which then has the least amount of cracks that you can actually go out and penetrate through. The biggest challenges that happen in security is you've got way too many policy engines with way too much contention between the policies from these different systems. And eventually there's a collision course. Whereas with us, you've actually got a broad portfolio that operates as one platform. >> We were talking about the cloud guys earlier. You mentioned Microsoft. They're obviously a big competitor in the security space. >> Jeetu: But also a great partner. >> So that's right. To my opinion, the cloud has been awesome as a first line of defense if you will. But the shared responsibility model it's different for each cloud, right? So, do you feel that those guys are working together or will work together to actually improve? 'Cause I don't see that yet. >> Yeah so if you think about, this is where we feel like we have a structural advantage in this, because what does a company like Cisco become in the future? I think as the world goes multicloud and hybrid cloud, what'll end up happening is there needs to be a way, today all the CSPs provide everything from storage to computer network, to security, in their own stack. If we can abstract networking and security above them, so that we can acquire and steer any and all traffic with our service providers and steer it to any of those CSPs, and make sure that the security policy transcends those clouds, you would actually be able to have the public cloud economics without the public cloud lock-in. >> That's what we call super cloud Jeetu. It's securing the super cloud. >> Yeah. >> Hey, thanks so much for coming to theCUBE. >> Thank you for having me. >> Really appreciate you coming on our editorial program. >> Such a pleasure. >> All right, great to see you again. >> Cheers. >> All right, keep it right there. Dave Vellante with David Nicholson and Lisa Martin. We'll be back, right after this short break from MWC '23 live, in the Fira, in Barcelona. (bright music resumes) (music fades out)

>> From theCUBE Studios in Palo Alto and Boston, bringing you data-driven insights from theCUBE in ETR. This is "Breaking Analysis" with Dave Vellante. >> Cisco is a company at the crossroads. It's transitioning from a high margin hardware business to a software subscription-based model, which also should be high margin through both organic moves and targeted acquisitions. It's doing so in the context of massive macro shifts to digital in the cloud. We believe Cisco's dominant position in networking combined with a large market opportunity and a strong track record of earning customer trust, put the company in a good position to capitalize on cloud momentum. However, there are clear challenges ahead for Cisco, not the least of which is the growing complexity of its portfolio, a large legacy business, and the mandate to maintain its higher profitability profile as it transitions into a new business model. Hello and welcome to this week's Wiki-bond cube insights powered by ETR. In this breaking analysis, we welcome in Zeus Kerravala, who's the founder and principal analyst at ZK Research, long time Cisco watcher who together with me crafted the premise of today's session. Zeus, great to see you welcome to the program. >> Thanks Dave. It's always a pleasure to be with you guys. >> Okay, here's what we're going to talk about today, set the agenda. The catalyst for this session, Zeus and I attended Cisco's financial analyst day. We received a day and a half of firehose presentations, drill downs, interactions, Q and A with Cisco execs and one key customer. So we're going to share our takeaways from these sessions and add our additional thoughts. Now, in particular, we're going to talk about Cisco's TAM, its transformation to a subscription-based model, and how we see that evolving. As always, we're going to bring in some ETR spending data for context and get Zeus' take on what that tells us. And we'll end with a summary of Cisco's cloud strategy and outlook for how it could win in the cloud. So let's talk about Cisco's sort of structure and TAM opportunities. First, Zeus, Cisco has four main lines of business where it's organized it's executives around sort of four product areas. And it's got a large service component as well. Network equipment, SP routing, data center, collaboration that security, and as I say services, that's not necessarily how it's going to market, but that's kind of the way it organizes its ELT, its executive leadership team. >> Yeah, the in fact, the ELT has been organized around those products, as you said. It used to report to the street three product segments, infrastructure platforms, which was by far the biggest, it was all their networking equipment, then applications, and then security. Now it's moved to five new segments, secure agile networks, hybrid work, end to end security, internet for the future and optimized app experiences. And I think what Cisco's trying to do is align their, the way they report along the lines of the way customers buy. 'Cause I think before, you know, they had a very simplistic model before. It was just infrastructure, apps, and security. The ELT is organized around product roadmap and the product innovation, but that's not necessarily the way customers purchase things and so, purchase things so I think they've tried to change things a little bit there. When you look at those segments though, you know, by, it's interesting. They're all big, right? So, by far the biggest distilled networking, which is almost a hundred billion dollar TAM as they reported and they have it growing a about a 9% CAGR as reported by other analyst firms. And when you think about how mature networking is Dave, the fact that that's still growing at high single digit CAGR is still pretty remarkable. So I think that's one of those things that, you know, watchers of Cisco historically have been calling for the network to be commoditized for decades. For as long as I've been watching Cisco, we've been, people have been waiting for the network to be commoditized. My thesis has always been, if you can drive enough innovation into things, you can stave off commoditization and that's what they've done. But that's really the anchor for them to sell all their other products, some of which are higher margin, some which are a little bit sore, but they're all good high margin businesses to your point. >> Awesome. We're going to dig into that. So, so they flattened the organization when Geckler left. You've got Todd Nightingale, Jonathan Davidson, Liz Centoni, and Jeetu Patel who we heard from and we'll make some comments on what we heard from them. One of the big takeaways at the financial analysts meeting was on the TAM, as you just mentioned. Liz Centoni who also is heavily involved in strategy and the CFO Scott Herren, showed this slide, which speaks to the company's TAM and the organizational structure that you were just talking about. So the big message was that Cisco has got a large and growing market, you know, no shortage of available market. Somewhere between eight and 900 billion, depending on which of the slides you pull out of the deck. And ironically Zeus, when you look at the current markets number here on the right hand side of this slide, 260 billion, it just about matches the company's market cap. Maybe an interesting coincidence, but at any rate, what was your takeaway from this data? >> Well, I think, you know, the big takeaway from the data is there's still a lot of room ahead for Cisco to grow, right? Again, this is a, it's a company that I think most people would put in the camp of legacy IT vendor, just because of how long they've been around. But they have done a very good job of staving off innovation. And part of that is just these markets that they play in continue to grow and they continue to have challenges that they can solve. I think one of the things Cisco has done though, since the arrival of Chuck Robbins, is they don't fight these trends anymore, Dave. I know prior to Chuck's arrival, they really fought the tide of software defined networking and you know, trends like that, and even cloud to some extent. And I remember one of the first meetings I had with Chuck, I asked him about that and he said that Cisco will never do that again. That under his watch, if customers are going through a market transition, Cisco wants to lead them through it, not try and hold them back. And I think for that reason, they're able to look at, all of those trends and try and take a leadership position in them, even though you might look at some of those and feel that some of them might be detrimental to Cisco's business in the short term. So something like software defined WANs, which you would throw into secure agile networks, certainly doesn't, may not carry the same kind of RPOs and margins with it that their traditional routers did, but ultimately customers are going to buy it and Cisco would like to be the ones to sell it to them. >> You know, you bring up a great point. This industry is littered, there's a graveyard of executives who fought the trend. Many people, some people remember Ken Olson of Digital Equipment Corporation. "Unix is snake oil," is what he said. IBM mainframe guys said, "PCs are a toy." And of course the history, they were the wrong side of history. The other big takeaway was the shift to software in subscription. They really made a big point of this. Here's a chart Cisco showed a couple of times to make the point that it's one of the largest software companies in the world. You know, in the top 10. They also made the point that Chuck Robbins, when he joined in 2015, and since that time, it's nearly 4x'ed it's subscription software revenue, and roughly doubled its software sales. And it now has an RPO, remaining performance obligations, that exceeds 30 billion. And it's committing to grow its subscription business in the forward-looking statements by 15 to 17% CAGR through 25, which would imply about a doubling of these, the blue lines. Zeus, it's unclear if that forward-looking forecast is just software. I presume it includes some services, but as Herren pointed out, over time, these services will be bundled into the product revenue, same way SAS companies do it. But the point is Cisco is committed, like many of their peers, to moving to an ARR model. But please, share your thoughts on Cisco's move to software subscriptions and how you see the future of consumption-based pricing. >> Yeah, this has been a big shift for Cisco, obviously. It's one that's highly disruptive. It's one that I know gave their partners a lot of angst for a long time because when you sell things upfront, you get a big check for selling that, right? And when you sell things in a subscription model, you get a much smaller check for a number of months over the period of the contract. It also changes the way you deal with the customer. When you sell a one-time product, you basically wipe your hands. You come back in three or four years and say, "it's time to upgrade." When you sell a subscription, now, the one thing that I've tried to talk to Cisco and its partners about is customers don't renew things they don't use. And so it becomes incumbent on the partner, it becomes incumbent upon Cisco to make sure that things that the customer is subscribing to, that they do use. And so Cisco's had to create a customer success organization. They've had to help their partners create those customer success organizations. So it's really changed the model. And Cisco not only made the shift, they've done it faster than they actually had originally forecast. So during the financial analyst day, they actually touted their execution on software, noting that it hit it's 30% revenue as percent of total target well before it was supposed to, it's actually exceeded its targets. And now it's looking to increase that to, it actually raised its guidance in this area a little bit by a few percentage points, looking out over the next few years. And so it's moved to the subscription model, Dave, the thing that you brought up, which I do see as somewhat of a challenge is the shift to consumption-based pricing. So subscription is one thing in that I write you a check every month for the same amount. When I go to the consumption-based pricing, that's easy to do for cloud services, things like WebEx or Duo or, you know, CloudLock, some of the security products. That that shift should be relatively simple. If customers want to buy it that way. It's unclear as to how you do that when you're selling on-prem equipment with the software add-on to it because in that case, you have to put metering technology in to understand how much they're using. You have to have a minimum baseline to start with. They've done it in some respects. The old HCS product that they sold, the Telcos, actually was sold with a minimum commit and then they tacked on a utilization on top of that. So maybe they move into that kind of model. But I know it's something that they've, they get asked about a lot. I know they're still thinking about it, but it's something that I believe is coming and it's going to come pretty fast. >> I want to pick up on that because I think, you know, they made the point that we're one of the top 10 software companies in the world. It's very difficult for hardware companies to make the transition to software. You know, HP couldn't do it. >> Well, no one's done it. >> Well, IBM has kind of done it, but they really struggle. It's kind of this mishmash of tooling and software products that aren't really well-integrated. But, I would say this, everybody now, Cisco, Dell, HPE with GreenLake, Lenovo, pretty much all the traditional hardware players are trying to move to an as a service model or at least for a portion of their business. HPE's all in, Dell transitioning. And for the most part, I would make the following observation. And I'd love to get your thoughts on this. They're pretty much following a SAS like model, which in my view is outdated and kind of flawed from a customer standpoint. All these guys say, "Hey, we're doing this because "this is what the customers want." I think the cloud is really a true consumption based model. And if you look at modern SAS companies, a lot of the startups, they're moving to a consumption based model. You see that with Snowflake, you see that with Stripe. Now they will offer incentives. But most of the traditional enterprise players, they're saying, "Okay, pay us upfront, "commit to some base level. "If you go over it, you know, "we'll charge you for it. "If you go under it, you're still going to pay "for that base level." So it's not true consumption base. It's not really necessarily the customer's best interest. So that's, I think there's some learnings there that are going to have to play out. >> Yeah, the reason customers are shying away from that SAS type model, I think during the pandemic, the one thing we learned, Dave, is that the business will ebb and flow greatly from month to month sometimes. And I was talking with somebody that worked for one of the big hotel chains, and she was telling me that what their CRM providers, she wouldn't tell me who it was, except said it rhymed with Shmalesforce, that their utilization of it went from, you know, from a nice steady level to spiking really high when customers started calling in to cancel hotel rooms. And then it dropped down to almost nothing as we went through that period of stay at home. And now it's risen back up. And so for her, she wanted to move to a consumption-based model because what happens otherwise is you wind up buying for peak utilization, your software subscriptions go largely underutilized the majority of the year, and you wind up paying, you know, a lot more than you need to. If you go to more of a true consumption model, it's harder to model out from a financial perspective 'cause there's a lot of ebbs and flows in the business, but over a longer period of time, it's more cost-effective, right? And so the, again, what the pandemic taught us was we don't really know what we're going to need from a consumption standpoint, you know, nevermind a year from now, maybe even six months from now. And consumption just creates a lot more flexibility and agility. You can scale up, you can scale down. You can bring in users, you can take out users, you can add consultants, things like that. And it just, it's much more aligned with the way businesses are run today. >> Yeah, churn is a silent killer of a software company. And so there's retention is the key here. So again, I think there's lots of learning. Let's put Cisco into context with some of its peers. So this chart we developed compares five companies to Cisco. Core Dell, meaning Dell, without VMware. VMware, HPE, IBM, we've put an AWS, and then Cisco as, IBM, AWS and Cisco is the integrated plays. So the chart shows the latest quarterly revenue multiplied by four to get a run rate, a three-year growth outlook, gross margin percentage, market cap, and revenue multiple. And the key points here are that one, Cisco has got a pretty awesome business model. It's got 60% gross margin, strong operating margins, not shown here, but in the mid twenties, 25%. It's got a higher growth rate than most of its peers. And as such, a much better, multiple than say, for instance, Core Dell gets 33 cents on the revenue dollar. HPE is double that. IBM's below two X. Cisco's revenue multiple rivals VMware, which is a pure software company. Now in a large part that's because VMware stock took a hit recently, but still the point is obvious. Cisco's got a great business. Now for context, we've added AWS, which blows away any company on this chart. We've inferred a market cap of nearly 600 billion, which frankly is conservative at a 10 X revenue multiple given it's inferred margins and growth rate. Now Zeus, if AWS were a separate company, it could have a market cap that approached 800 billion in my view. But what does this data tell you? >> Well, it just tells me that Cisco continues to be a very well-run company that has staved off commoditization, despite the calling for it for years. And I think the big lesson, and I've talked to financial analysts about this over the years, is that if, I don't really believe anything in this world is a commodity, Dave. I think even when Cisco went to the server market, if you remember back then, they created a new way of handling memory management. They were getting well above average margins for service, albeit less than Cisco's network margins, but still above average for server margins. And so I think if you can continue to innovate, you will see the margin stay where they are. You will see customers continue to buy and refresh. And I think one of the challenges Cisco's had in the past, and this is where the subscription business will help, is getting customers to stay with the latest and greatest. Prior to this refresh of network equipment, some of the stuff that I've seen in the fields, 10, 15 years old, once you move to that sell me a box and then tack on the subscription revenue that you pay month by month, you do drive more consistent refresh. Think about the way you just handle your own mobile phone. If you had to go pay, you know, a thousand dollars every three years, you might not do it at that three-year cycle. If you pay 40 bucks a month, every time there's a new phone, you're going to take it, right? So I think Cisco is able to drive greater, better refresh, keep their customers current, keep the features in there. And we've seen that with a lot of the new products. The new Cat 9,000, some of the new service provider products, the new wifi products, they've all done very well. In fact, they've all outpaced their previous generation products as far as growth rate goes. And so I think that is a testament to the way they've run the business. But I do think when people bucket Cisco in with HP and Dell, and I understand why they do, their businesses were similar at one time, it's really not a true comparison anymore. I think Cisco has completely changed their business and they're not trying to commoditize markets, they're trying to drive innovation and keep the margins up, where I think HP and Dell tend to really compete on price versus innovation. >> Well, and we are going to get to this point about the tailwinds and headwinds and cloud, and how Cisco to do it. But, to your point about, you know, the cell phone analogy. To the extent that Cisco can make that seamless for customers could hide that underlying complexity, that's going to be critical for the cloud. Now, but before we get there, I want to talk about one of the reasons why Cisco such a high multiple, and has been able to preserve its margins, to your point, not being commoditized. And it's been able to grow both organically, but also has a strong history of M and A. It's this chart shows a dominant position in core networking. So this shows, so ETR data within the Fortune 500. It plots companies in the ETR taxonomy in two dimensions, net score on the vertical axis, which is a measure of spending velocity, and market share on the horizontal axis, which is a measure of presence in the survey. It's not like IDC market share, it's mentioned market share if you will. The point is Cisco is far and away the most pervasive player in the market, it's generally held its dominant position. Although, it's been under pressure in the last few years in core networking, but it retains or maintains a very respectable net score and consistently performs well for such a large company. Zeus, anything you'd add with respect to Cisco's core networking business? >> Yeah, it's maintained a dominant network position historically. I think part of because it drives good products, but also because the competitive landscape, historically has been pretty weak, right? We saw companies like 3Com and Nortel who aren't around anymore. It'll be interesting to see moving forward now that companies like VMware are involved in networking. AWS is interested in networking. Arista is a much stronger company. You know, Juniper bought Mist and is in better position. Even Extreme Networks who most people thought was dead a few years ago has made a number of acquisitions and is now a billion dollar company. So while Cisco has done a great job of execution, they've done a great job on the innovation side, their competitive landscape, looking out over the next five years, I think is going to be more difficult than it has been over the previous five years. And largely, Dave, I think that's good for Cisco. I think whenever Cisco's pressed a little bit from competition, they tend to step on the innovation gas a little bit more. And I look back and even just the transition when VMware bought Nicira, that got Cisco's SDN business into gear, like nothing else could have, right? So competition for that company, they always seem to respond well to it. >> So, let's break down Cisco's net score a little bit. Explain why the company has been able to hold its spending momentum despite its large size. This will give you a little insight to the survey. So this chart shows the granular components of net score. The lime green is new adoptions to Cisco. The forest green is spending more than 6%. The gray is flat plus or minus 5%. The pink is spending drops by more than 5%. And the red is we're chucking the platform, we're getting off. And Cisco's overall net score here is 25%, which for a company of its size speaks to the relationships that it has with customers. It's of course got a fat middle in the gray area, like all sort of large established companies. But very low defections as well, it's got low new adoptions. But very respectable. So that is background, Zeus. Let's look at spending momentum over time across Cisco's portfolio. So this chart shows Cisco's net score by that methodology within the ETR taxonomy for Cisco over three survey periods. And what jumps out is Meraki on the left, very strong. Virtualization business, its core networking, analytics and security, all showing upward momentum. AppD is a little bit concerning, but that could be related to Cisco's sort of pivot to full stack observability. So maybe AppD is being bundled there. Although some practitioners have cited to us some concerns in that space. And then WebEx at the end of the chart, it's showing some relative strength, but not that high. Zeus, maybe you could comment on Meraki and any other takeaways across the portfolio. >> Yeah, Meraki has proven to be an excellent acquisition for Cisco. In fact, you might, I think it's arguable to say it's its best acquisition in history going all the way back to camp Kalpana and Grand Junction, the ones that brought up catalyst switches. So, in fact, I think Meraki's revenue might be larger than security now. So, that shows you the momentum it has. I think one of the lessons it brought to Cisco was that simpler is better, sometimes. I think when they first bought Meraki, the way Meraki's deployed, it's very easy to set up. There's a lot of engineering work though that goes into making a product simple to use. And I think a lot of Cisco engineers historically looked at Meraki as, that's a little bit of a toy. It's meant for small businesses, things like that, but it's not for enterprise. But, Rocky's done a nice job of expanding the portfolio, of leveraging the cloud for analytics and showing you a lot of things that you wouldn't necessarily get from traditional networking equipment. And one of the things that I was really delighted to see was when they put Todd Nightingale in charge of all the networking business, because that showed to me that Chuck Robbins understood that the things Meraki were doing were right and they infuse a little bit of Meraki into the rest of the company. You know, that's certainly a good thing. The other areas that you showed on the chart, not really a surprise, Dave. When you think of the shift hybrid work and you think of the, some of the other transitions going on, I think you would expect to see the server business in decline, the storage business, you know, maybe in a little bit of decline, just because people aren't building out data centers. Where the other ones are related more to hybrid working, hybrid cloud, things like that. So it is what you would expect. The WebEx one was interesting too, because it did show somewhat of a dip and then a rise. And I think that's indicative of what we've seen in the collaboration space since the pandemic came about. Companies like Zoom and RingCentral really got a lot of the headlines. Again, when you, the comment I made on competition, Cisco got caught a little bit flat-footed, they've caught up in features and now they really stepped on the gas there. Chuck joked that he gave the WebEx team a bit of a blank check to go do what it had to do. And I don't think that was a joke. I think he actually did that because they've added more features into WebEx in the last year then I think they did the previous five years before that. >> Well, let's just drill into video conferencing real quick here, if we could. Here's that two dimensional view, again, showing net score against market share or pervasiveness of mentions, and you can see Microsoft Teams in the upper right. I mean, it's off the chart, literally. Zoom's well ahead of Cisco in terms of, you know, mentions presence. And that could be a spate of freemium, you know, but it's basically a three horse race in this game. And Cisco, I don't think is trying to take Zoom head on, rather it seems to be making WebEx a core part of its broader collaboration agenda. But Zeus, maybe you could comment. >> Well, it's all coming together, right? So, it's hard to decouple calling from video from meetings. All of the vendors, including Teams, are going after the hybrid work experience. And if you believe the future is hybrid and not just work from home, then Cisco does have a pretty interesting advantage because it's the only one that makes its own end points, where Teams and Zoom doesn't. And so that end to end experience it can deliver. The Microsoft Teams one's interesting because that product, frankly, when you talk to users, it doesn't have a great user score, like as far as user satisfaction goes, but the one thing Microsoft has done a very good job of is bundling it in to the Office365 licenses, making it very easy for IT to deploy. Zoom is a little bit in the middle where they've appealed to the users. They've done a better job of appealing to IT, but there is a, there is a battleground now going on where video's not just video. It includes calling, includes meetings, includes room systems now, and I think this hybrid work friend is going to change the way we think about these meeting tools. >> Now we'd be remiss if we didn't spend a moment talking about security as a key part of Cisco's business. And we have a graphic on this same kind of X, Y. And it's been, we've seen several quarters of growth. Although, the last quarter security growth was in the low single digits, but Cisco is a major player in security. And this X, Y graph shows, they've got both a large presence and a solid spending momentum. Not nearly as much momentum as Okta or Zscaler or a CrowdStrike and some of the smaller companies, but they're, these guys are on a rocket ship, but others that we featured in these episodes, but much more than respectable for Cisco. And security is critical to the strategy. It's a big part of the subscriber base. And the last thing, Zeus, I'll say about Cisco made the point in analyst day, that this market is crowded. You can see that in this chart. And their goal is to simplify this picture and make it easier for customers to secure their data and apps. But that's not easy, Zeus. What are your thoughts on Cisco's security opportunities? >> Yeah, I've been waiting for Cisco go to break up in security a little more than it has. I do think, I was talking with a CSO the other day, Dave, that said to me he's starting to understand that you don't have to have best of breed everywhere to have best in class threat protection. In fact, there's a lot of buyers now will tell you that if you try and have best of breed everywhere, it actually creates a negative when it comes to threat protection because keeping all the policies and things up to date is very, very difficult. And so the industry is moving more to a platform model, right? Now, the challenge for Cisco is how do you get that, the customer to think of the network as part of the platform? Because while the platform model, I think, is starting to gain traction, FloridaNet, Palo Alto, even McAfee, companies like that also have their own version of a security platform. And if you look at the financial performance of companies like FloridaNet and Palo Alto over the past, you know, over the past couple of years, they've been through the roof, right? And so I think an interesting and unique challenge for Cisco is can they convince the security buyer that the network is as important a part of that platform as any other component? If they can do that, I think they can break away from the pack. If not, then they'll stay mixed in with those, you know, Palo, FloridaNet, Checkpoint, and, you know, and Cisco, in that mix. But I do think that may present their single biggest needle moving opportunity just because of how big the security TAM is, and the fact that there is no de facto leader in security today. If they could gain the same kind of position in security as they have a networking, who, I mean, that would move the needle like no other market would. >> Yeah, it's really interesting that they're coming at security, obviously from a position of networking strength. You've got, to your point, you've got best of breed, Okta in identity, you got CrowdStrike in endpoint, Zscaler in cloud security. They're all growing like crazy. And you got Cisco and you know, Palo Alto, CSOs tell us they want to work with Palo Alto because they're the thought leader and they're obviously a major player here. You mentioned FloridaNet, there's a zillion others. We could talk all day about security. But let's bring it back to cloud. We've talked about a number of the piece in Cisco's portfolio, and we haven't really spent any time on full stack observability, which is a big push for Cisco with AppD, Intersight and the ThousandEyes acquisition. And that plays into this equation. But my take, Zeus, is Cisco has a number of cloud knobs that it can turn, it sells core networking equipment to hyperscalers. It can be the abstraction layer to connect on-prem to the cloud and hybrid and across clouds. And it's in a good position with Telcos too, to go after the 5G. But let's use this chart to talk about Cisco's cloud prospects. It's an ETR cut of the cloud customer spending. So we cut it by cloud customers. And they're are, I don't know, 800 or so in the survey. And then looking at various companies performance within that cut. So these are companies that compete, or in the case of HashiCorp, partner with Cisco at some level. Let me just set this up and get your take. So the insert on the chart by the way shows the raw data that positions each dot, the net score and the shared n, i.e. the number of accounts in the survey that responded. The key points, first of all, Azure and AWS, dominant players in cloud. GCP is a distant third. We've reported on that a lot. Not only are these two companies big, they have spending momentum on their platforms. They're growing, they are on that flywheel. Second point, VMware and Cisco are very prominent. They have huge customer bases. And while they're often on a collision course, there's lots of room in cloud for multiple players. When we plotted some other Cisco properties like AppD and Meraki, which as we said, is strong. And then for context, we've placed Dell, HPE, Aruba, IBM and Oracle. And also VMware cloud and AWS, which is notable on its elevation. And as I say, we've added HashiCorp because they're critical partner of Cisco and it's a multi-cloud play. Okay, Zeus, there's the setup. What does Cisco have to do to make the cloud a tailwind? Let's talk about strategy, tailwinds, headwinds, competition, and bottom line it for us. >> Yeah, well, I do think, well, I talked about security being the biggest needle mover for Cisco, I think its biggest challenge is convincing Wall Street in particular, that the cloud is a tailwind. I think if you look at the companies with the really high multiples to their stock, Dave, they're all ones where they're viewed as, they go along with the cloud ride, Right? So the, if you can associate yourself with the cloud and then people believe that the cloud is going to, more cloud equals more business, that obviously creates a better multiple because the cloud has almost infinite potential ahead of it. Now with respect to Cisco, I do think cloud has presented somewhat of a double-edged sword for Cisco. I don't believe the current consumption model for cloud is really a tailwind for Cisco, not really a headwind, but it doesn't really change Cisco's business. But I do think the very definition of cloud is changing before our eyes, Dave. And it's shifting away from centralized clouds. If you think of the way customers bought cloud before, it might have used AWS, it might've used Azure, but it really, that's not really multi-cloud, it's just multiple clouds in which I put things in these centralized resources. It's shifting more to this concept of distributed cloud in which a single application can be built using resources from your private cloud, for AWS, from Azure, from Edge locations, all the cloud providers have built their portfolios to support this concept of distributed cloud and what becomes important there, is a highly agile dynamic network. And in that case with distributed cloud, that is a tailwind for Cisco because now the network is that resource that ties all those distributed cloud components together. Now the network itself has to change. It needs to become a lot more agile and microservices and container friendly itself so I can spin up resources and, you know, in an Edge location, as fast as I can on-prem and things like that. But I do think it creates another wave of innovation and networking, and in that case, I think it does act as a tailwind for Cisco, aside from just the work it's done with the web scalers, you know, those types of companies. So, but I do think that Cisco needs to rethink its delivery model on network services somewhat to take advantage of that. >> At the analyst meeting, Cisco made the point that it does sell to the hyperscalers. It talked about the top six hyperscalers. You know, you had mentioned to me, maybe IBM and Oracle were in there. I always talk about four hyperscalers and only four, but that's fine. Here's my question. Practitioners have told me, buyers have told me, the more money and more workloads I put in the cloud, the less I spend with Cisco. Now, even though that might be Cisco gear powering those clouds, do you see that as a potential threat in that they don't own that relationship anymore and value will confer to the cloud players? >> Yeah, that's, I've heard that too. And I don't, I believe that's true when it comes to general purpose compute. You're probably not buying as many UCS servers and things like that because you are putting them in the cloud. But I do think you do need a refresh the network. I think the network becomes a very important role, plays a very important role there. The variant, the really interesting trend will be, what is your WAM look like? Do you have thousands of workers scattered all over the place, or do you just have a few centralized locations? So I think also, you know, Cisco will wind up providing connectivity within the cloud. If you think of the transition we've seen in other industries, Dave, as far as cloud goes, you think of, you know, F5, a company like that. People thought that AWS would commoditize F5's business because AWS provides their own load balancers, right? But what AWS provides is a very basic, very basic functionality and then use F5's virtual edition or a cloud edition for a lot of the advanced capabilities. And I think you'll see the same thing with the cloud that customers will start buying versions of Cisco that go in the cloud to drive a lot of those advanced capabilities that only Cisco delivers. And so I think you wind up buying more Cisco over time, although the per unit price of what you buy might be a little bit lower. If that makes sense here. >> It does, I think it makes a lot of sense and that fits into the cloud model. You know, you bring up a good point, the conversation with the customer was Rakuten. And that individual was essentially sharing with us, somebody was asking, one of the analysts was asking, "Well, what about the cloud guys? "Aren't they going to really threaten the whole Telco "industry and disrupt it?" And his point was, "Look at, this stuff is not trivial." So to your point, you know, maybe they'll provide some basic functionality. Kind of like they do in a lot of different areas. Data protection is another good example. Security is another good example. Where there's plenty of room for partners, competitors, of on-prem players to add value. And I've always said, "Look, the opportunity "is the cloud players spend 100 billion dollars a year "on CapEx." It's a gift to companies like Cisco who can build an abstraction layer that connects on-prem, cloud for hybrid, across clouds, out to the edge, and really be that layer that is that layer that takes advantage of cloud native, but also delivers that experience, I don't want to use the word seamlessly, but that experience across those clouds as the cloud expands. And that's fundamentally Cisco's cloud strategy, isn't it? >> Oh yeah. And I think people have underestimated over the years, how hard it is to build good networking products. Anybody can go get some silicon and build a product to connect two things together. The question is, can you do it at scale? Can you do it securely? And lots of companies have tried to commoditize networking, you know, White Boxes was looked at as the existential threat to Cisco. Huawei was looked at as the big threat to Cisco. And all of those have kind of come and gone because building high quality network equipment that scales is tough. And it's tougher than most people realize. And your other point on the cloud providers as well, they will provide a basic level of functionality. You know, AWS network equipment doesn't work in Azure. And Azure stuff doesn't work in Google, and Google doesn't work in AWS. And so you do need a third party to come in and act as almost the cloud middleware that can connect all those things together with a consistent set of policies. And that's what Cisco does really well. They did that, you know back when they were founded with routing protocols and you can think this is just an extension of what they're doing just up at the cloud layer. >> Excellent. Okay, Zeus, we're going to leave it there. Thanks to my guest today, Zeus Kerravala. Great analysis as always. Would love to have you back. Check out ZKresearch.com to reach him. Thank you again. >> Thank you, Dave. >> Now, remember I publish each week on Wikibond.com and siliconangle.com. All these episodes are available as podcasts, just search "Braking Analysis" podcast, and you can connect on Twitter at DVallante or email me David.Vallante@siliconangle.com. Thanks for the comments on LinkedIn. Check out etr.plus for all the survey action. This is Dave Vallante for theCUBE insights powered by ETR. Be well and we'll see you next time. (light music)

>> From The Cube Studios in Palo Alto in Boston, bringing you data-driven insights from The Cube in ETR. This is "Breaking Analysis" with Dave Vellante >> The pandemic not only accelerated the shift to digital but it also highlighted a rush of cyber criminal sophistication, collaboration, and chaotic responses by virtually every major company in the planet. The SolarWinds hack exposed supply chain weaknesses and so-called island hopping techniques that are exceedingly difficult to detect. Moreover, the will and aggressiveness of well-organized cybercriminals has elevated to the point where incident responses are now met with counter attacks, designed to both punish and extract money from victims via ransomware and other criminal activities. The only upshot is the cybersecurity market remains one of the most enduring and attractive investment sectors for those that can figure out where the market is headed and which firms are best positioned to capitalize. Hello, everyone. And welcome to this week's Wikibon Cube Insights powered by ETR. In this "Breaking Analysis" we'll provide our quarterly update of the security industry, and share new survey data from ETR and the Cube community that will help you navigate through the maze of corporate cyber warfare. We'll also share our thoughts on the game of 3D chess that Okta CEO, Todd McKinnon, is playing against the market. Now, we all know this market is complicated, fragmented and fast moving. And this next chart says it all. It's an interactive graphic from Optiv, a Denver, Colorado-based SI that's focused on cybersecurity. They've done some really excellent research and put together this awesome taxonomy, and it mapped vendor names therein. And this helps users navigate the complex security landscape. And there are over a dozen major sectors, high-level sectors within the security taxonomy and nearly 60 subsectors. From monitoring, vulnerability assessment, identity, asset management, firewalls, automation, cloud, data center, sim, threat detection and intelligent endpoint network, and so on and so on and so on. But this is a terrific resource, and going to help you understand where players fit and help you connect the dots in the space. Now let's talk about what's going on in the market. The dynamics in this crazy mess of a landscape are really confusing sometimes. Now, since the beginning of cyber time, we've talked about the increasing sophistication of the adversary, and the back and forth escalation between good and evil. And unfortunately, this trend is unlikely to stop. Here's some data from Carbon Black's annual modern bank heist report. This is the fourth, and of course now, VMware's brand, highlights the Carbon Black study since the acquisition, and to catalyze the creation of VMware's cloud security division. Destructive malware attacks, according to the recent study are up 118% from last year. Now, one major takeaway from the report is that hackers aren't just conducting wire fraud, they are. 57% of the banks surveyed, saw an increase in wire fraud, but the cybercriminals are also targeting non-public information such as future trading strategies. This allows the bad guys to front-run large block trades and profit. It's become a very lucrative practice. Now the prevalence of so-called island hopping is up 38% from already elevated levels. This is where a virus enters a company supply chain via a partner, and then often connects with other stealthy malware downstream. These techniques are more common where the malware will actually self-form with other infected parts of the supply chain and create actions with different signatures, designed to identify and exfiltrate valuable information. It's a really complex problem. Of major concern is that 63% of banking respondents in the study reported that responses to incidents were then met with retaliation designed to intimidate, or initiate ransomware tax to extract a final pound of flesh from the victim. Notably, the study found that 75% of CISOs reported to the CIO, which many feel is not the right regime. The study called for a rethinking of the right cyber regime where the CISO has increased responsibility and a direct reporting line to the CEO, or perhaps the COO, with greater exposure to boards of directors. So, many thanks to VMware and Tom Kellerman specifically for sharing this information with us this past week. Great work by your team. Now, some of the themes that we've been talking about for several quarters are shown in the lower half of the chart. Cloud, of course is the big driver thanks to work-from-home and to the pandemic. And the interesting corollary of course, is we see a rapid rethinking of end point and identity access management, and the concept of zero trust. In a recent ESG survey, two thirds of respondents said that their use of cloud computing necessitated a change in how they approach identity access management. Now, as shown in the chart from Optiv, the market remains highly fragmented, and M&A is of course, way up. Now, based on our research, it looks like transaction volume has increased more than 40% just in the last five months. So let's dig into the M&A, the merger and acquisition trends for just a moment. We took a five-month snapshot and we were able to count about 80 deals that were completed in that timeframe. Those transactions represented more than $20 billion in value. Some of the larger ones are highlighted here. The biggest of course, being the Thoma Bravo, taking Proofpoint private for a $12 plus billion price tag. The stock went from the low 130s and is trading in the low 170s based on the $176 per share offer. So there's your arbitrage, folks. Go for it. Perhaps the more interesting acquisition was Auth0 by Optiv for 6.5 billion, which we're going to talk about more in a moment. There was more private equity action we saw as Insight bought Armis, an IOT security play, and Cisco shelled out $730 million for IMImobile, which is more of an adjacency to cyber, but it's going to go under Cisco security and applications business run by Jeetu Patel. But these are just the tip of the iceberg. Some of the themes that we see connecting the dots of these acquisitions are first, SIs like Accenture, Atos and Wipro are making moves in cyber to go local. They're buying SecOps expertise, as I say, locally in places like France, Germany, Netherlands, Canada, and Australia, that last mile, that belly to belly intimate service. Israeli-based startups chocked up five acquired companies in the space over the last five months. Also financial services firms are getting into the act with Goldman and MasterCard making moves to own its own part of the stack themselves to combat things like fraud and identity theft. And then finally, numerous moves to expand markets. Okta with Auth0, CrowdStrike buying a log management company, Palo Alto, picking up dev ops expertise, Rapid7 shoring up it's Coobernetti's chops, Tenable expanding beyond Insights and going after identity, interesting. Fortinet filling gaps in a multi-cloud offering. SailPoint extending to governance risk and compliance, GRC. Zscaler picked up an Israeli firm to fill gaps in access control. And then VMware buying Mesh7 to secure modern app development and distribution service. So tons and tons of activity here. Okay, so let's look at some of the ETR data to put the cyber market in context. ETR uses the concept of market share, it's one of the key metrics which is a measure of pervasiveness in the dataset. So for each sector, it calculates the number of respondents for that sector divided by the total to get a sense for how prominent the sector is within the CIO and IT buyer communities. Okay, this chart shows the full ETR sector taxonomy with security highlighted across three survey periods; April last year, January this year, and April this year. Now you wouldn't expect big moves in market share over time. So it's relatively stable by sector, but the big takeaway comes from observing which sectors are most prominent. So you see that red line, that dotted line imposed at the 60% level? You can see there are only six sectors above that line and cyber security is one of them. Okay, so we know that security is important in a large market. But this puts it in the context of the other sectors. However, we know from previous breaking analysis episodes that despite the importance of cyber, and the urgency catalyzed by the pandemic, budgets unfortunately are not unlimited, and spending is bounded. It's not an open checkbook for CSOs as shown in this chart. This is a two-dimensional graphic showing market share in the horizontal axis, or pervasiveness in net score in the vertical axis. Net score is ETR's measurement of spending velocity. And we've superimposed a red line at 40% because anything over 40%, we consider extremely elevated. We've filtered and limited the number of sectors to simplify the graphic. And you can see, in the sectors that we've highlighted, only the big four are above that 40% line; AI, containers, RPA, and cloud. They exceed that sort of 40% magic waterline. Information security, you can see that as highlighted and it's respectable, but it competes for budget with other important sectors. So this is of course creates challenges for organization, because not only are they strapped for talent as we've reported, they like everyone else in IT face ongoing budget pressures. Research firm, Cybersecurity Ventures estimates that in 2021, $6 trillion worldwide will be lost on cyber crime. Conversely, research firm, Cannolis peg security spending somewhere around $60 billion annually. IDC has at higher, around $100 billion. So either way, we're talking about spending between 1 to 1.6% annually of how much the bad guys are taking out. That's peanuts really when you consider the consequences. So let's double-click into the cyber landscape a bit and further look at some of the companies. Here's that same X/Y graphic with the companies ETR captures from respondents in the cybersecurity sector. That's what's shown on the chart here. Now, the usefulness of the red lines is 20% on the horizontal indicates the largest presence in the survey, and the magic 40% line that we talked about earlier shows those firms with the most elevated momentum. Only Microsoft and Palo Alto exceed both high watermarks. Of course, Splunk and Cisco are prominent horizontally. And there are numerous companies to the left of the 20% line and many above that 40% high watermark on the vertical axis. Now in the bottom left quadrant, that includes many of the legacy names that have been around for a long time. And there are dozens of companies that show spending momentum on their platforms, i.e above single digits. So that picture is like the first one we showed you, very, very crowded space. But so let's filter it a bit and only include companies in the ETR survey that had at least 100 responses. So an N of 100 or greater. So it was a little easier to read but still it's kind of crowded when you think about it. Okay, so same graphic, and we've superimposed the data that determined the plot position over in the bottom right there. So there's net score and shared in, including only companies with more than 100 N. So what does this data tell us about the market? Well, Microsoft is dominant as always, it seems in all dimensions but let's focus on that red line for a moment. Some of the names that we've highlighted over the past two years show very well here. First, I want to talk about Palo Alto Networks. Pre-COVID as you might recall, we highlighted the valuation divergence between Palo Alto and Fortinet. And we said Fortinet was executing better on its cloud strategy, and Palo Alto was at the time struggling with the transition especially with its go-to-market and its Salesforce compensation, and really refreshing its portfolio. But we told you that we were bullish on Palo Alto Networks at the time because of its track record, and the fact that CIOs consistently told us that they saw Palo Alto as a thought leader in the space that they wanted to work with. They said that Palo Alto was the gold standard, the best, especially larger company CISOs. So that gave us confidence that Palo Alto, a very well-run company was going to get its act together and perform better. And Palo Alto has just done just that. As we expected, they've done very well and rapidly moving customers to the next generation of platforms. And we're very impressed by the company's execution. And the stock has generally reflected that. Now, some other names that hit our radar in the ETR data a couple of years ago, continue to perform well. CrowdStrike, Zscaler, SailPoint, and CloudFlare. Now, CloudFlare just reported and beat earnings but was off, the stock fell on headwinds for tech overall, the big rotation. But the company is doing very well and they're growing rapidly and they have momentum as you can see from the ETR data. Now, we put that double star around Proofpoint to highlight that it was worthy of fetching $12.5 billion from private equity firm. So nice exit there, supporting the continued consolidation trend that we've predicted in cybersecurity. Now let's turn our attention to Okta and Auth0. This is where it gets interesting, and is a clever play for Okta we think, and we want to drill into it a bit. Okta is acquiring Auth0 for big money. Why? Well, we think Todd McKinnon, Okta CEO, wants to run the table on identity and then continue to expand as TAM has to do that, to justify his lofty valuation. So Okta's ascendancy around identity and single sign-on is notable. The fragmented pictures that we've shown you, they scream out for simplification and trust, and that's what Okta brings. But it competes with some major players, most notably Microsoft with active directory. So look, of course, Microsoft is going to dominate in its massive customer base, but the rest of the market, that's like (indistinct) wide open. And we think McKinnon saw the opportunity to go dominate that sector. Now Okta comes at this from an enterprise perspective bringing top-down trust to the equation, and throwing a big blanket over all the discreet SaaS platforms and unifying employee access. Okta's timing was perfect. It was founded in 2009, just as the massive SaaSifiation trend was happening around CRM and HR, and service management and cloud, et cetera. But the one thing that Okta didn't have that Auth0 does is serious developer chops. While Okta was crushing it with its enterprise sales strategy, Auth0 was laser-focused on developers and building a bottoms up approach to identity. By acquiring Auth0, Okta can dominate both sides of the barbell and then capture the fat middle. So yes, it's a pricey acquisition, but in our view, it's a great move by McKinnon. Now, I don't know McKinnon personally, but last week I spoke to Arun Shrestha, who's the CEO of security specialist, BeyondID, they're a platinum services partner of Okta. And they're a zero trust expert. He worked for Okta for a number of years and shared with me a bit about McKinnon's style, and think big approach. Arun said something that caught my attention. He said, firewalls used to be the perimeter, now people are. And while that's self-serving to Okta and probably BeyondID, it's true. People, apps and data are the new perimeter, and they're not in one location. And that's the point. Now, unfortunately, I had lined up an interview with Diya Jolly, who was the chief product officer at Okta and a Cube alum for this past week, knowing that we were running this segment in this episode but she unfortunately fell ill the day of our interview and had to cancel. But I want to follow up with her, and understand how she's thinking about connecting the dots with Auth0 with devs and enterprises and really test our thesis there. This is a really interesting chess match that's going on. Let's look a little deeper into that identity space. This chart here shows some of the major identity players. It has some of the leaders in the identity market, and is a breakdown at ETR's net score. Now net score comprises five elements. The lime green is, we're adding the platform new. The forest green is we're spending 6% or more relative to last year. The gray is flat send plus or minus flat spend, plus or minus 5%. The pinkish is spending less. And the bright red is we're exiting the platform, retiring. Now you subtract the red from the green, and that gets you the result for net score which you can see super-imposed on the right hand chart at the bottom, that first column there. The far column is shared in which informs and indicates the number of responses and is a proxy for presence in the market. Oh, look at the top two players in terms of spending momentum. Now SailPoint is right there, but Auth0 combined with Okta's distribution channel will extend Okta's lead significantly in our view. And then there's Microsoft. Now just a caveat, this includes all of Microsoft's security offerings, not just identity, but it's there for context. And CyberArk as well includes this acquisition of adaptive, but also other parts of CyberArk's portfolio. So you can see some of the other names that are there, many of which you'll find in the Gartner magic quadrant for identity. And as we said, we really like this move by Okta. It combines positive market forces with lead offerings from very well-run companies that have winning DNA and passionate people. Now, to further emphasize what's happening here, take a look at this. This chart shows ETR data for Okta within SailPoint and CyberArk accounts. Out of the 230 CyberArk and SailPoint customers in the dataset, there are 81 Okta accounts. That's a 35% overlap. And the good news for Okta is that within that base of SailPoint and CyberArk accounts, Okta is shown by the net score line, that green line has a very elevated spending in momentum. And the kicker is, if you read the fine print in the right hand column, ETR correctly points out that while SailPoint and CyberArk have long been partners with Okta, at the recent Octane21 event, Okta's big customer event, The company announced that it was expanding into privileged access management, PAM, and identity governance. Hello, and welcome to co-opetition in the 2020s. Now, our current thinking is that this bodes very well for Okta and CyberArk and SailPoint. Well, they're going to have to make some counter moves to fend off the onslaught that is coming. Now, let's wrap up with what has become a tradition in our quarterly security updates. Looking at those two dimensions of net score and market share, we're going to see which companies crack the top 10 for both measures within the ETR dataset. We do this every quarter. So here in the left, we have the top 20, sorted by net score spending momentum and on the right, we sort by shared N. So it's again, top 20, which informs, shared N informs the market share metric or presence in the dataset. That red horizontal lines, those two lines on each separate the top 10 from the remaining 10 within those top 20. And our method, what we do is we assign four stars to those companies that crack the top 10 for both metrics. So again, you see Microsoft, Palo Alto Networks, Okta, CrowdStrike, and Fortinet. Fortinet by the way, didn't make it last quarter. They've kind of been in and out and on the bubble, but company is very strong, and doing quite well. Only the other four did last quarter. They were the same for last quarter. And we give two stars to those companies that make it in both categories within the top 20 but didn't make the top 10. So Cisco, Splunk, which has been steadily decelerating from a spending momentum standpoint, and Zscaler, which is just on the cusp. We really like Zscaler and the company has great momentum, but that's the methodology. That is what it is. Now you can see, we kept Carbon Black on the right most chart, it's like kind of cut off, it's number 21. Only because they're just outside looking in on net score. You see them there, they're just below on net score, number 11. And VMware's presence in the market we think, that Carbon Black is right really worth paying attention to. Okay, so we're going to close with some summary and final thoughts. Last quarter, we did a deeper dive on the SolarWinds hack, and we think the ramifications are significant. It has set the stage for a new era of escalation and adversary sophistication. Now, major change we see is a heightened awareness that when you find intruders, you'd better think very carefully about your next moves. When someone breaks into your house, if the dog barks, or if you come down with a baseball bat or other weapon, you might think the intruder is going to flee. But if the criminal badly wants what you have in your house and it's valuable enough, you might find yourself in a bloody knife fight or worse. Well, what's happening is intruders come to your company via island hopping or insider subterfuge or whatever method. And they'll live off the land stealthily using your own tools against you so that you can't find them so easily. So instead of injecting new tools in that send off an alert, they just use what you already have there. That's what's called living off the land. They'll steal sensitive data, for example, positive COVID test results when that was really, really sensitive, obviously still is, or other medical data. And when you retaliate, they will double-extort you. They'll encrypt your data and hold it for ransom, and at the same time threaten to release the sensitive information, crushing your brand in the process. So your response must be as stealthy as their intrusion, as you marshal your resources and devise an attack plan. And you face serious headwinds. Not only is this a complicated situation, there's your ongoing and acute talent shortage that you tell us about all the time. Many companies are mired in technical debt, that's an additional challenge. And then you've got to balance the running of the business while actually effecting a digital transformation. That's very, very difficult, and it's risky because the more digital you become, the more exposed you are. So this idea of zero trust, people used to call it a buzzword, it's now a mandate along with automation. Because you just can't throw labor at the problem. This is all good news for investors as cyber remains a market that's ripe for valuation increases and M&A activity, especially if you know where to look. Hopefully we've helped you squint through the maze a little bit. Okay, that's it for now. Thanks to the community for your comments and insights. Remember I publish each week on wikibon.com and siliconangle.com. These episodes, they're all available as podcasts. All you got to do is search breaking analysis podcasts, put in the headphones, listen when you're in your car, or out for your walk or run, and you can always connect on Twitter @DVellante, or email me at david.vellante@siliconangle.com. I appreciate the comments on LinkedIn and in Clubhouse, please follow me, so you're notified when we start a room and riff on these topics and others. And don't forget to check out etr.plus for all the survey data. This is Dave Vellante for The Cube Insights powered by ETR. Be well, and we'll see you next time. (light instrumental music)