>> From the SiliconANGLE media office in Boston, Massachusetts, it's theCUBE. Now here's your host, Stu Miniman. (techy music) >> Hi, I'm Stu Miniman, and welcome to a special CUBE conversation here in our Boston area studio. Happy to welcome to the program first time guest, Patrick Morley, who's the CEO of Carbon Black. Of course, recently announced acquisition by VMware of $2.1 billion. Patrick, thanks so much for joining us. >> Stu, thanks for having me. >> All right. So, you know, we love digging into tech. There is no hotter space than security, you know? All the cybers are, you know, really exciting stuff, and even your company's Waltham-based. >> That's right. >> So actually a little closer to Boston than we are here in Marlborough, Massachusetts. When we had a green screen we used to kind of fake it with the skyline, but you know, the Boston area people know more than just Massachusetts Tech, but you know, a lot of, you know, great technology in Boston of course, you know? A lot of good technologies, a lot of good schools that have driven things. You have been CEO since 2007 and have seen quite a bit. You know, merger, Bit9 and Carbon Black many years ago, IPO, you know, not that long ago in the past, and now acquisition, as we said, for $2.1 billion. So, you know, give us a little bit of step back as to, you know, the journey, how we got here, and you know, what's it like to be kind of at the helm with your crew through, you know, all of those changes? >> Yep, well certainly very, very proud and very thankful to all of the customers that have been with us for many, many, many years. And as you said when you first started here, Boston is an awesome place for cybersecurity. I think I fits a bit of the personality on the East Coast, and if you just look at Boston in general there's a lot of great cybersecurity talent, a lot of great cybersecurity companies. And I'm extremely proud and grateful to all of my employees in Massachusetts who have built Carbon Black over the last number of years. And of course we have offices elsewhere across the globe, but Boston is, and Massachusetts is, where the companies roots really come from. And as you said, 2007 is when I joined the company. Obviously cyber was a very different world back then, and it's amazing if you just kind of roll back. In 2007, the idea of a CISO, of a chief information security officer, was still very new, and most companies we dealt with back then did not have a CISO, they had a network administrator or somebody, so that's all changed. If you look at security as a board-level issue, in 2007 there were certainly some areas of some sectors like the government where it had a lot of importance, but outside of that it did not have the same visibility as a strategic issue as it does now, it's been amazing. >> So much, you know, my background is networking and virtualization. I've spent a lot of time, you know, since 2007 looking at all the cloud world, and as I said, back in the early 2000s security was top of mind but often bottom of budget. You know, the network people, you know, back in the day it was like, "Can't you just lock the door," or you know, "Make sure the rack is secure," and you know, "Well we'll run things over Optical," and therefore we'll know if somebody splices into it from a networking standpoint. Today, as you stated, clearly it's a board-level discussion, CISOs, you know, rising power in the organization, and often dictating a lot of how the stack is built out there. >> Absolutely. >> So wow, bring us a little bit, you know, your portfolio. You know, security is not a thing. You know, any customer I talk to, they're like, you know, there is no such thing as a silver bullet in security. Most customers I talk to really think of security as a programmatic effort, so help us understand a little bit, you know, where Carbon Black fits today, and then we'll get into, you know, your, you know, broadened scope once you're going to be under VMware. >> Yeah, so the core founding idea behind Carbon Black was a simple one, which was that fundamentally the adversary was in a position where they eventually would figure out a way to get in, and if you fundamentally believe that then you do everything you can to stop the adversary, but you say, "I need telemetry. "I need data in order to understand what's happening across my environment in order to be able to see and stop the adversary." And so we began a journey to essentially be able to collect and analyze all the data that an adversary, that an attacker would touch in order to run their program, and you know, we always have equated it to essentially a movie camera that allows you to rewind the tape, and with all that data that we collect we can run tremendous analytics against that in order to be able to see and stop the adversary and understand what's happening across the environment. We essentially created a market that's now called EDR endpoint detection and response, and it's that simple idea of being able to understand and have situational analysis, situational visibility across the whole enterprise. We did that initially on-premise, so we did all that analytics, and each one of our customers' back-ends in their data center, and two years ago we began a journey to say, "Look, we want to do two things." One is we want to leverage that data to be able to provide more security capabilities across a platform, so let's revolutionize, continue to revolutionize cybersecurity by offering a cloud-based platform, we're going to move all of that analytics up into the cloud, all those capabilities up into the cloud, and offer a multi-tenant, cloud native SaaS platform, and over the last two years we've done that with multiple services now up on that cloud, with thousands of customers who are using it, and the benefits of the cloud are pretty straightforward, and they've revolutionized other industries, they're revolutionizing cyber right now. Certainly you can analyze data at a scale that's just not possible when that data's locked up in multiple customers, so that's one big change. Obviously-- >> Yeah, I just, to want to help unpack and tease out that data piece, because you know, we always hear out there it almost, you know, is a bit trite, you know, the importance of data. Data's the new oil, it's the rocket ship, but you know, the value of that data, how much of that is Carbon Black leveraging the data, how much can the customer themselves take advantage of that data, or you know, this isn't in a vacuum. There are other security products, other pieces of, you know, that vendor's stack that might be able to leverage that data. >> Yeah, well Carbon Black's cloud native platform, security platform, is built on a totally, it's totally open, so from an API basis, so you should, you should think about, our customers certainly think about it this way, as one, we're leveraging that data, we analyze a trillion security events a day, one trillion, just immense, and the benefit of that is if we see something across the globe that has a high risk score, that's known malware, that might be a new form of attack, that might be a living-off-the-land attack, all of our customers get the benefit of that analytic. So Carbon Black, we certainly leverage it, but in addition, the way we've built the platform, customers can get access to all the data from their enterprise, and they can correlate that data with other aspects of their security or their IT infrastructure in order to build a more holistic view across the entire enterprise, and we also have third party partners out there, managed security service providers and others, who also have access to that data for their customer set to be able to run analytics on it. So when we think about data, as you said, you know, as the oil of the new world, we need to leverage that data, but we also need, in this new world order, to give our partners and our customers the capabilities to do what they want with that data as well for their own data. >> Yeah, love that, especially if you're talking in that cloud native world it can't just be something that's locked up and only used in one environment. You know, we track the observability companies out there, you know, they have similar type of messaging. Of course data protection, you know, once there is that, you know, breach, you know, how do I recover from this information? So that ripple effect, and love, you know, openness, APIs, making sure that can be shared. You know, maybe not something that traditionally I'd heard from VMware when you talk about the openness and where they're doing maybe. I think there are a couple things you want to talk about Carbon Black, but why not get to the VMware piece, too? >> Yeah, I was just going to, on the cloud side, you know, the power of the cloud, obviously it's revolutionized other industries, and certainly one of it is the ability to provide analytics at scale. The other piece, which I already mentioned, is the network effect on my ability to see something somewhere across the globe and help millions of other customers across the globe when I see something, and the other piece is just my ability to deploy quickly and my ability to innovate quickly, because rather than having to deliver new software into each enterprise I can do that on my cloud native platform. So I think it positions the defender, the security teams around the globe where they can be more on the offensive than they've ever been before because suddenly I don't have to spend my time worrying about deployment mechanics or other pieces. I can focus on what I really want to do, which is I want to secure my environment, I want to be able to understand what the adversary might be doing. So we're real excited about what we've done over the last two years with our cloud platform. >> Okay, so the deal hasn't closed yet but it's announced that you will be leading up the cloud security group at VMware. Give us a little bit, you know, directionally, where's that heading, what will that mean? Of course we've tracked, you know, where VMware touches a lot of that environment, you know, with my background in networking I talked to the Nicira team before, and then through what's become a very successful NSX, Sanjay Poonen with the AirWatch acquisition and where they've gone. Of course I would expect that's the closest piece that you started out with the endpoint protection with that team, with the Workforce ONE. So explain kind of the security portfolio, and interesting, cloud security is the discussion because that's the newer piece of the Carbon Black portfolio. Help us understand how the whole, all the pieces fit together. >> Yeah, so first I'll just reiterate what you said, which is the transaction's not yet closed, so everything I'm talking about is pre-closed, and obviously post-close we'll have additional commentary about what everything will look like. But absolutely we are very, my team, my customers, we announced the transaction a little over a month ago. Everyone was really, really excited, and I think fundamentally they're excited because organizations understand what Carbon Black delivers today, and what we deliver are great security products, and increasingly the majority of those products are in the cloud. And VMware has a tremendous reputation in the industry for the technical capabilities, for the value that they provide to customers, and just for the breadth of the portfolio that they have. You mentioned a few of them, right? And many organizations and people think about VMware from a virtualization standpoint. But increasingly over the last few years they've dramatically expanded their portfolio, network virtualization, and the NSX, the Workspace ONE as well, which was based on the AirWatch acquisition they did. Those are big businesses today, and they're helping organizations transform their infrastructure, the way they manage devices, et cetera. And so Carbon Black, on the security side, we've been partnered with VMware for the last couple of years. We've had an opportunity to get to know each other quite well. We've had an opportunity to integrate in two key spots. One, we've integrated with their App D capabilities, which you can think about essentially as helping to protect and provide telemetry for what's happening inside of the virtualized environment. And then secondarily, we've also partnered with Workspace ONE as well, again more on the device side. Those are two natural points where security, building security intrinsically into that compute stack, we've seen with customer reaction, has a fundamental impact on being able to have security right there rather than having to bolt it on afterwards. >> Yeah, you walk into an interesting configuration. First of all, you know, as you said VMware not thought of as a security company per se, lots of products that absolutely fit in the security space and are there. When you look out, of course VMware, you know, primarily owned by Dell, there's Secureworks, there's RSA, those are well known security brands. You know, how, give us how you think of how all those pieces go together and kind of the trajectory of where things are headed. >> Yeah, well goal number one, once we close the transaction, goal number one is to do two things. One, we're going to continue to drive forward with the cloud roadmap that we have. It's an aggressive road map we've been innovating aggressively over the last couple of years and we're going to continue to do that within VMware. The second piece is obviously to maximize the opportunity to build security into the compute stack of VMware, so that when customers think about security they don't have to think about it as a separate piece, but it's already there at their fingertips. And then as you mentioned, so those are two big goals right there, and as you mentioned obviously Dell has a large portfolio. There's other security products within the Dell portfolio, and you know, when we think about that obviously over time we're already partnered with some of those. Secureworks, for example, has been a very close and valuable part of Carbon Black's for many years. You'll see us continue to partner. There's other parts of the Dell family where we have partnered in the past, not tightly, but I think we'll have the opportunity to do more as part of the Dell family. All of this means for customers more value, because rather than having to go and figure it out themselves we're going to be delivering it in conjunction with the solutions they're already using. >> All right, Patrick, I want to help you, have you address a schism I see in the marketplace when it comes to the messaging around security. When peers of mine went to the RSA conference this year they came back almost unanimously with two words, doom and gloom. >> (laughing) Right. >> In Boston this year Amazon held the inaugural re:Inforce, positioned itself as the, you know, cloud security conference for the industry. We covered that, you know, both of those shows with theCUBE, and Stephen Schmidt from AWS said the state of cloud security is strong. VMware, very much we hear from Pat, you know, we need to do over, security's broken. Friends of mine in the security industry, and Carbon Black's been around since 2002, is you know, come on, you know, it's not just another acquisition, it's going to be a point product. You know, yes we have work to do as a whole, but you know, saying we need a do over or it's broken is a between hyperbolic from my peers in the industry, so what is the state of the industry, is there traditional storage and cloud storage is all rainbows and unicorns, or you know, where do you see it today? Of course we know as an industry there's always work to do, but you know, how do you round that circle? >> Yeah, I would take it, and you're right, by the way, I hear all the same commentary, and I think we have to take a step back and just look at industry, the industry in general, look at security in general. We started the interview talking about well, what was the world like in security in 2007? Security has gone from, "Hey, it's a niche area over here "and we know it's important but don't talk to us," to super strategic, again, at a board level, at a company level, and so that rapid growth has driven a lot of funding into the environment, a lot of vendors, there's over 5,000 security vendors out there today, all competing. I don't know how CISOs and CIOs and practitioners really figure out who does what, it's very challenging, and at the same time you've got the adversary, this third party continuing to advance their attack types using new techniques. You've got ransomware, which is a huge industry now, driving billions of dollars, so you have all of that happening, and so in hyper growth environments like that you get a lot of vendors. The average enterprise security team has 75 different products, and so, and they have to stitch that together, so the fundamentals of what, the way you described it I think are accurate on both sides. One, security's broken, it is broken. We've got too many vendors and we're bolting it on, we got to fix that. VMware is in a position, partnered with Carbon Black, to do that I think really well. The second piece is that the cloud does allow us, I'm not sure about rainbows, but the cloud does allow us to change security fundamentally because of some of the characteristics that I described earlier, and if you take Carbon Black plus VMware, plus what VMware is doing to deliver across any cloud, any device, any application, I think we're in a really interesting spot to help customers get more value from their compute stack and from security. >> You know, one of the things that VMware has always done well is they play in multiple environments. Back in the early days of server ritualization, didn't matter what hardware, they would get that across. Their cloud strategy went through quite a few iterations, you know, Sanjay Poonen came on our program and said, you know, "vCloud Air, we failed. "We got it wrong, we did it," but today every cloud show I go to there's a VMware piece of that. They're partnering with AWS, with Azure, with Google, with Alibaba, with Oracle even-- (chuckling) And IBM recently. But still one of the critiques I have for VMware is VMware does good at managing their house, but security, customers, as you said, they've got 75 tools and they're going to have their VMware state, and they're going to have their native cloud pieces, and they're going to have their non-VMware environment. So how can, you know, once you're under VMware, you know, participate in that environment? Will you primarily be VMware environment and the VMware cloud environment, or will it be a broader cloud security strategy? >> Yeah, well I think certainly VMware has done an amazing job over the last few years of really pushing this any-cloud model, right? "Hey, no matter where your workloads "are going to be in a hybrid cloud environment," you know, "we're going to be there to help you," and more effectively, more efficiently, faster, better performance, strong ROI. And so if you look at Carbon Black's roots, and I mentioned this earlier, one of our core beliefs is that one vendor can't do it all. You have to build on an open, extensible API-based platform, and that's what we've done since the beginning of the company, and so you will not see Carbon Black change our philosophy. You know, we will continue to be very, very open, and I think, by the way, that reflects very much VMware's strategy as of late, which is an open strategy where they're playing with lots of providers in the marketplace. Again, the benefit of Carbon Black plus VMware on that platform is that for VMware infrastructure, their products, I think you're going to see out of the box security capabilities that are going to give advantage to customers, from ease of use, from the way that that security works, et cetera, and then we will continue to partner with other vendors out there across the market. >> All right, Patrick, we know, you mentioned how many different tools customers have to deal with. There are more new threats coming out, you know, every day. There's no way that a person or a team can keep up with all of this, so you know, is AI the answer? How are these technologies going to be able to allow our systems to be able to protect us better and update, you know, we haven't talked abut AI yet. I know it does fit in-- >> We have to talk about AI. (chuckling) >> So just to understand how you know, the systems and the software and the solutions are going to help enable teams to be able to keep up with, you know, the rapidly expanding and changing landscape in security. >> Yeah, AI is a tool, we use it, and just as I've mentioned cloud, right, along with the ability to analyze trillions of events on a daily basis, things like AI can play a very significant role in helping me to understand what's happening across very large corpuses of data, and so we use a lot of it, and that allows us to understand when there's an anomaly somewhere across the globe on some system, some endpoint or device, anywhere across the globe and then leverage that to help our other customers. So AI role is playing an important part. It will continue to play an important part. But AI leverages the data that we collect, so if you go back to where Carbon Black is today with all that data that we're analyzing, one of the really interesting things is VMware today has 70 million VMs. 60 million of those are on-prem, 10 million of them are on the cloud. Part of the benefit that Carbon Black gets from VMware is we're going to get all this additional telemetry that we're going to be able to, again, consume, leverage AI capabilities to help with the analysis of that, and again, provide more customer back to the value on seeing and stopping the adversary. That also extends to what VMware's doing on the device side with Workspace ONE, et cetera, so there's a lot of opportunity over the coming quarters and years to provide more value for customers in understanding what's happening across their environment because of all of the touchpoints we're going to have as part of the VMware compute stack. >> All right, Patrick, final thing, what does this mean for your customers? You know, I think back to, you know, not that long ago you did an IPO, you know? What would that mean for the growth, the investment into technology and growing the team. Now, you know, in industry parlance, you know, you had another exit and you will be part of VMware, so we might not get as much visibility into the specific revenues and the hiring that you're doing there, but what will this ultimately mean for Carbon Black's current and potential future customers? >> Yeah, so we have over 5,000 global customers out there today, and first and foremost it's going to mean more investment from a product roadmap standpoint. If you look at 2019, this year, the number one area of investment for Carbon Black was in R&D, and as we move forward, again post-close, our customers are going to see continued investment in the platform, in our cloud security platform, in order to ensure we continue to bring more capabilities to market. And then, as I said earlier, in conjunction with that do everything we can to integrate in with the VMware product portfolio, again, so that security's not bolted on but it's intrinsic to the compute stack, and so I think that's the biggest thing. I have had the opportunity to go out and speak to many customers over the last four weeks. Customer and partner reaction has been outstanding. They get it, they understand it, they understand that there's a better way and that's what we're going to be doing as part of VMware. >> Yeah, any surprising nuggets in the last month talking to the customers and partners more that you've learned? >> This is going to sound self-serving, but it's the truth. I will tell you that the VMware reputation out there is outstanding. I mean, and I had been surprised at how little I have to do to tell them why this makes so much sense. They get it, the majority of our customers get it. They understand the possibilities of what we can provide, and there's a level of excitement out there, again with our customers and partners. It's just, it's awesome. >> All right, Patrick Morley, CEO of Carbon Black. Thank you so much for joining us on theCUBE. >> Stu, thanks. >> All right, lots of coverage, of course, through 2019 and gearing up for 2020 where we'll all have perfect hindsight, I'm sure. Check out thecube.net for the events we've been at, search where we're going to be, and please reach out if you have any questions. I'm Stu Miniman, and as always, thank you for watching theCUBE. (techy music)

>> From the SiliconANGLE Media office in Boston, Massachusetts, it's theCUBE. Now, here's your host, Dave Vellante. >> Hello, everyone, and welcome to this week's Cube Insights, powered by ETR. Today is November 8, 2019 and I'd like to address one of the most important topics in the minds of a lot of executives. I'm talking about CEOs, CIOs, Chief Information Security Officers, Boards of Directors, governments and virtually every business around the world. And that's the topic of cyber security. The state of cyber security has changed really dramatically over the last 10 years. I mean, as a cyber security observer I've always been obsessed with Stuxnet, which the broader community discovered the same year that theCUBE started in 2010. It was that milestone that opened my eyes. Think about this. It's estimated that Stuxnet cost a million dollars to create. That's it. Compare that to an F-35 fighter jet. It costs about $85-$100 million to build one. And that's on top of many billions of dollars in R&D. So Stuxnet, I mean, it hit me like a ton of bricks. That the future of war was all about cyber, not about tanks. And the barriers to entry were very, very low. Here's my point. We've gone from an era where thwarting hacktivists was our biggest cyber challenge to one where we're now fighting nation states and highly skilled organized criminals. And of course, cyber crime and monetary theft is the number one objective behind most of these security breaches that we see in the press everyday. It's estimated that by 2021 cyber crime is going to cost society $6 trillion in theft, lost productivity, recovery costs. I mean, that's just a staggeringly large number. It's even hard to fathom. Now, the other C-change is how organizations have had to respond to the bad guys. It used to be pretty simple. I got a castle and the queen is inside. We need to protect her, so what do we do? We built a mote, put it around the perimeter. Now, think of the queen as data. Well, what's happened? The queen has cloned herself a zillion times. She's left the castle. She's gone up to the sky with the clouds. She's gone to the edge of the kingdom and beyond. She's also making visits to machines and the factories and hanging out with the commoners. She's totally exposed. Listen, by 2020, there's going to be hundreds of billions of IP addresses. These are going to be endpoints and phones, TVs, cameras, tablets, automobiles, factory machines, and all these represent opportunities for the bad guys to infiltrate. This explosion of endpoints that I'm talking about is created massive exposures, and we're seeing it manifest itself in the form of phishing, malware, and of course the weaponization of social media. You know, if you think that 2016 was nuts, wait 'til you see how the 2020 presidential election plays out. And of course, there's always the threat of ransomware. It's on everybody's minds these days. So I want to try to put some of this in context and share with you some insights that we've learned from the experts on theCUBE. And then let's drill into some of the ETR data and assess the state of security, the spending patterns. We're going to try to identify some of those companies with momentum and maybe some of those that are a little bit exposed. Let me start with the macro and the challenged faced by organization and that's complexity. Here's Robert Herjavec on theCUBE. Now, you know him from the Shark Tank, but he's also a security industry executive. Herjavec told me in 2017 at the Splunk.com Conference that he thought the industry was overly complex. Let's take a look and listen. >> I think that the industry continues to be extremely complicated. There's a lot of vendors. There's a lot of products. The average Fortune 500 company has 72 security products. There's a stat that RSA this year, that there's 1500 new security start-ups every year. Every single year. How are they going to survive? And which ones do you have to buy because they're critical and provide valuable insights? And which ones are going to be around for a year or two and you're never going to hear about again? So it's a extremely challenging complex environment. >> So it's that complexity that had led people like Pat Gelsinger to say security is a do-over, and that cyber security is broken. He told me this years ago on theCUBE. And this past VM World we talked to Pat Gelsinger and remember, VMware bought Carbon Black, which is an endpoint security specialist, for $2.1 billion. And he said that he's basically creating a cloud security division to be run by Patrick Morley, who is the Carbon Black CEO. Now, many have sort of questioned and been skeptical about VMware's entrance into the space. But here's a clip that Pat Gelsinger shared with us on theCUBE this past VM World. Let's listen and we'll come back and talk about it. >> And this move in security, I am just passionate about this, and as I've said to my team, if this is the last I do in my career is I want to change security. We just not are satisfying our customers. They shouldn't put more stuff on our platforms. >> National defense issues, huge problems. >> It's just terrible. And I said, if it kills me, right, I'm going to get this done. And they says, "It might kill you, Pat." >> So this brings forth an interesting dynamic in the industry today. Specifically, Steven Smith, the CISO of AWS, at this year's Reinforce, which is their security conference, Amazon's big cloud security conference, said that this narrative that security is broken, it's just not true, he said. It's destructive and it's counterproductive. His and AWS's perspective is that the state of cloud security is actually strong. Kind of reminded me of a heavily messaged State of the Union address by the President of the United States. At the same time, in many ways, AWS is doing security over. It's coming at it from the standpoint of a clean slate called cloud and infrastructure as a surface. Here's my take. The state of security in this union is not good. Every year we spend more, we lose more, and we feel less safe. So why does AWS, the security czar, see if differently? Well, Amazon uses this notion of a shared responsibility security model. In other words, they secure the S3 buckets, maybe the EC2 infrastructure, not maybe, the EC2 infrastructure. But it's up to the customer to make sure that she is enforcing the policies and configuring systems that adhere to the EDIX of the corporation. So I think the shared security model is a bit misunderstood by a lot of people. What do I mean by that? I think sometimes people feel like well, my data's in the cloud, and AWS has better security than I do. Here I go, I'm good. Well, AWS probably does have better security than you do. Here's the problem with that. You still have all these endpoints and databases and file servers that you're managing, and that you have to make sure comply with your security policies. Even if you're all on the cloud, ultimately, you are responsible for securing your data. Let's take a listen to Katie Jenkins, the CISO of Liberty Mutual, on this topic and we'll come back. >> Yeah, so the shared responsibility model is, I think that's an important speaking point to this whole ecosystem. At the end of the day, Liberty Mutual, our duty is to protect policyholder data. It doesn't matter if it's in the cloud, if it's in our data centers, we have that duty to protect. >> It's on you. >> All right, so there you have it from a leading security practitioner. The cloud is not a silver bullet. Bad user behavior is going to trump good security every time. So unfortunately the battle goes on. And here's where it gets tricky. Security practitioners are drowning in a sea of incidents. They have to prioritize and respond to, and as you heard Robert Herjavec say, the average large company has 75 security products installed. Now, we recently talked to another CISO, Brian Lozada, and asked him what's the number one challenge for security pros. Here's what he said. >> Lack of talent. I mean, we're starving for talent. Cyber security's the only field in the world with negative unemployment. We just don't have the actual bodies to actually fill the gaps that we have. And in that lack of talent CISOs are starving. We're looking for the right things or tools to actually patch these holes and we just don't have it. Again, we have to force the industry to patch all of those resource gaps with innovation and automation. I think CISOs really need to start asking for more automation and innovation within their programs. >> So bottom line is we can't keep throwing humans at the problem. Can't keep throwing tools at the problem. Automation is the only way in which we're going to be able to keep up. All right, so let's pivot and dig in to some of the ETR data. First, I want to share with you what ETR is saying overall, what their narrative looks like around spending. So in the overall security space, it's pretty interesting what ETR says, and it dovetails into some of the macro trends that I've just shared with you. Let's talk about CIOs and CISOs. ETR is right on when they tell me that these executives no longer have a blank check to spend on security. They realize they can't keep throwing tools and people at the problem. They don't have the bodies, and as we heard from Brian Lozada. And so what you're seeing is a slowdown in the growth, somewhat of a slowdown, in security spending. It's still a priority. But there's less redundancy. In other words, less experimentation with new vendors and less running systems in parallel with legacy products. So there's a slowdown adoption of new tools and more replacement of legacy stuff is what we're seeing. As a result, ETR has identified this bifurcation between those vendors that are very well positioned and those that are losing wallet share. Let me just mention a few that have the momentum, and we're going to dig into this data in more detail. Palo Alto Networks, CrowdStrike, Okta, which does identity management, Cisco, who's coming at the problem from its networking strength. Microsoft, which recently announced Sentinel for Azure. These are the players, and some of them that are best positioned, I'll mention some others, from the standpoint spending momentum in the ETR dataset. Now, here's a few of those that are losing momentum. Checkpoint, SonicWall, ArcSight, Dell EMC, which is RSA, is kind of mixed. We'll talk about that a little bit. IBM, Symantec, even FireEye is seeing somewhat higher citations of decreased spending in the ETR surveys and dataset. So there's a little bit of a cause for concern. Now, let's remember the methodology here. Every quarter ETR asks are you green, meaning adopting this vendor as new or spending more? Are you neutral, which is gray, are you spending the same? Or are you red, meaning that you're spending less or retiring? You subtract the red from the green and you get what's called a net score. The higher the net score, the better. So here's a chart that shows a ranking of security players and their net scores. The bars show survey data from October '18, July '19, and October '19. In here, you see strength from CrowdStrike, Okta, Twistlock, which was acquired by Palo Alto Networks. You see Elastic, Microsoft, Illumio, the core, Palo Alto Classic, Splunk looking strong, Cisco, Fortinet, Zscaler is starting to show somewhat slowing net score momentum. Look at Carbon Black. Carbon Black is showing a meaningful drop in net score. So VMware has some work to do. But generally, the companies to the left are showing spending momentum in the ETR dataset. And I'll show another view on net score in a moment. But I want to show a chart here that shows replacement spending and decreased spending citations. Notice the yellow. That's the ETR October '19 survey of spending intentions. And the bigger the yellow bar, the more negative. So Sagar, the director of research at ETR, pointed this out to me, that, look at this. There are about a dozen companies where 20%, a fifth of the customer base is decreasing spend or ripping them out heading into the year end. So you can see SonicWall, CA, ArcSight, Symantec, Carbon Black, again, a big negative jump. IBM, same thing. Dell EMC, which is RSA, slight uptick. That's a bit of a concern. So you can see this bifurcation that ETR has been talking about for awhile. Now, here's a really interesting kind of net score. What I'm showing here is the ETR data sorted by net score, again, higher is better, and shared N, which is the number of shared accounts in the survey, essentially the number of mentions in that October survey with 1,336 IT buyers responded. So how many of that 1,300 identified these companies? So essentially it's a proxy for the size of the install base. So showing up on both charts is really good. So look, CrowdStrike has a 62% net score with a 133 shared account. So a fairly sizable install base and a very high net score. Okta, similar. Palo Alto Networks and Splunk, both large, continue to show strength. They got net scores of 44% and 313 shared N. Fortinet shows up in both. Proofpoint. Look at Microsoft and Cisco. With 521 and 385 respectively on the right hand side. So big install bases with very solid net scores. Now look at the flip side. Go down to the bottom right to IBM. 132 shared accounts with a 14.4% net score. That's very low. Check Point similarly. Same with Symantec. Again, bifurcation that ETR has been citing. Really stark in this chart. All right, so I want to wrap. In some respects from a practitioner perspective, the sky erectus is falling. You got increased attack surface. You've got exploding number of IP addresses. You got data distributed all over the place, tool creep. You got sloppy user behavior, overwork security op staff, and a scarcity of skills. And oh, by the way, we're all turning into a digital business, which is all about data. So it's a very, very dangerous time for companies. And it's somewhat chaotic. Now, chaos, of course, can mean cash for cyber security companies and investors. This is still a very vibrant space. So just by the way of comparison and looking at some of the ETR data, check this out. What I'm showing is companies in two sectors, security and storage, which I've said in previous episodes of breaking analysis, storage, and especially traditional storage disk arrays are on the back burner spending wise for many, many shops. This chart shows the number of companies in the ETR dataset with a net score greater than a specific target. So look, security has seven companies with a 49% net score or higher. Storage has one. Security has 18 above 39%. Storage has five. Security has 31 companies in the ETR dataset with a net score higher than 30%. Storage only has nine. And I like to think of 30% as kind of that the point at which you want to be above that 30%. So as you can see, relatively speaking, security is an extremely vibrant space. But in many ways it is broken. Pat Gelsinger called it a do-over and is affecting a strategy to fix it. Personally, I don't think one company can solve this problem. Certainly not VMware, or even AWS, or even Microsoft. It's too complicated, it's moving too fast. It's so lucrative for the bad guys with very low barriers to entry, as I mentioned, and as the saying goes, the good guys have to win every single day. The bad guys, they only have to win once. And those are just impossible odds. So in my view, Brian Lozada, the CISO that we interviewed, nailed it. The focus really has to be on automation. You know, we can't just keep using brute force and throwing tools at the problem. Machine intelligence and analytics are definitely going to be part of the answer. But the reality is AI is still really complicated too. How do you operationalize AI? Talk to companies trying to do that. It's very, very tricky. Talk about lack of skills, that's one area that is a real challenge. So I predict the more things change the more you're going to see this industry remain a game of perpetual whack a mole. There's certainly going to be continued consolidation, and unquestionably M&A is going to be robust in this space. So I would expect to see continued storage in the trade press of breaches. And you're going to hear scare tactics by the vendor community that want to take advantage of the train wrecks. Now, I wish I had better news for practitioners. But frankly, this is great news for investors if they can follow the trends and find the right opportunities. This is Dave Vellante for Cube Insights powered by ETR. Connect with me at David.Vellante@siliconangle.com, or @dvellante on Twitter, or please comment on what you're seeing in the marketplace in my LinkedIn post. Thanks for watching. Thank you for watching this breaking analysis. We'll see you next time. (energetic music)