hybrid work is the new reality according to the most recent survey data from enterprise technology research cios expect that 65 of their employees will work either as fully remote or in a hybrid model splitting time between remote and in office remote of course can be anywhere it could be home it could be at the beach overseas literally anywhere there's internet so it's no surprise that these same technology executives cite security as their number one priority well ahead of other critical technology initiatives including collaboration software cloud computing and analytics which round out the top four in the etr survey now as we've reported securing endpoints was important prior to the pandemic but the explosion in the past two plus years of remote work and corollary device usage has made the problem even more acute and let's face it managing sprawling i.t assets has always been a pain patch management for example has been a nagging concern for practitioners and with ransomware attacks on the rise it's critical that security teams harden it assets throughout their life cycle staying current and constantly staying on top of vulnerabilities within the threat surface welcome to this special program on the cube enable and secure the everywhere workplace brought to you by ivanti in this program we highlight key partnerships between avanti and its ecosystem to address critical problems faced by technology and security teams in our first segment we explore a collaboration between avanti and sentinel one where the two companies are teaming to simplify patch management my name is dave vellante and i'll be your host today and with me are nayaki nayar who's the president and chief product officer at avanti and nick warner president and security of the security group at sentinel one welcome naki and nick and hackie good to have you back in the cube great to see you guys thank you thank you dave uh really good to be back on cube uh i'm a veteran of cube so thank you for having us and um look forward to a great discussion today yeah you better thanks okay hey good nick nick good to have you on as well what do we need to know about this partnership please so uh if you look at uh we are super excited about this partnership nick thank you for joining us on this session today um when you look at ivanti ivanti has been a leader in two big segments uh we are a leader in unified endpoint management with the acquisition of mobileye now we have a holistic end-to-end management of all devices be it windows linux mac ios you name it right so we have that seamless single pane of glass to manage all devices but in addition to that we are also a leader in risk-based patch management um dave that's what we are very excited about this partnership with the with central one where now we can combine the strength we have in the risk-based patch management with central one's xdr platform and truly help address what i call the need of the hour with our customers for them to be able to detect uh vulnerabilities and being able to remediate them proactively remediate them right so that's what we are super excited about this partnership and nick would love to hand it over to you to talk about uh the partnership and the journey ahead of us thanks and you know from center one's perspective we see autonomous vulnerability assessment and remediation as really necessary given the evolution uh in the sophistication the volume and the ferocity of threats out there and what's really key is being able to remediate risks and machine speed and also identify vulnerability exposure in real time and you know if you look traditionally at uh vulnerability scanning and patch management they've really always been two separate things and when things are separate they take time between the two coordination communication what we're looking to do with our singularity xdr platform is holistically deliver one unified solution that can identify threats identify vulnerabilities and automatically and autonomously leverage patch management to much better protect our customers so maybe maybe that's why patch management is such a challenge for many organizations because as you described nick it's sort of a siloed from security and those worlds are coming together but maybe you guys could address the specific problems that you're trying to solve with this collaboration yeah so if you look at uh just in a holistic level uh dave today cyber crime is at catastrophic heights right and this is not just a cio or a cso issue this is a board issue every organization every enterprise is addressing this at the board level and when you double click on it one of the challenges that we have heard from our customers over and over again is the complexity and the manual processes that are in place for remediation or patching all their operating systems their applications their third party apps and that is where it's very very time consuming very complex very cumbersome and the question is how do we help them automate it right how do we help them remove those manual processes and autonomously intermediate right so which is where this partnership between ivanti and central one helps organizations to bring this autonomous nature to bring those proactive predictive capabilities to detect an issue prioritize that issue based on risk-based prioritization is what we call it and autonomously remediate that issue right so that's where uh this partnership really really uh helps our customers address the the top concerns they have in cyber crime or cyber security got it so prioritization automation nick maybe you could address what are the keys i mean you got to map vulnerabilities to software updates how do you make sure that your the patches there's not a big lag between your patch and and the known vulnerabilities and you've got this diverse set of you know i.t portfolio assets how do you manage all that it's a great question and i and i think really the number one uh issue around this topic is that security teams and it teams are facing a really daunting task of identifying all the time every day all the vulnerabilities in their ecosystem and the biggest problem with this is how do they get context and priority and i think what people have come to realize through the years of dealing with with patch management uh and vulnerability scanning is that patching without the context of what the possible impact or priority of that risk is really comes down to busy work and i think what's so important in a totally interconnected world with attacks happening at machine speed is being able to take that precious asset that we call time and make sure you properly prioritize that how we're doing it from sentinel one singularity xdr perspective is by leveraging autonomous threat information and being able to layer that against vulnerability information to properly view through that lens the highest priority threats and vulnerabilities that you need to patch and then using our single agent technology be able to autonomously remediate and patch those vulnerabilities whether or not it's on a mac a pc server a cloud workload and the beauty of our solution is it gives you proper clarity so you can see the impact of vulnerabilities each and every day in your environment and know that you're doing the right thing in the right order got it okay so the context gives you the risks profile allows you to prioritize and then of course you can you know remediate what else should we know about this this joint solution uh in terms of you know what it is how i engage any other detail on how it addresses the the problem specifically yeah so it's all about race against the time um uh dave when it's how we help our customers uh detect the vulnerability prioritize it and remediate it the attackers are able to weaponize those vulnerabilities and and have an attack right so it's really it's how we help our customers be a lot more proactive and predictive address those vulnerabilities versus um before the attackers really get access to it right so that's where our joint solution in fact i always say whatever edr with this edr or mdr or xdr the r portion of that r is very one he comes in our neurons for patch management or what we call neurons but risk based patch management combined with um central ones xdr is where we truly uh bring the combined solutions to to to life right so the r is where ivanti really plays a big part in uh in the joint solution yeah absolutely the response i mean people i think all agree you're going to get infiltrated that's how you respond to it you know the thing about this topic is when you make a business case a lot of times you'll go to the cfo and say hey if we don't do this we're going to be in big trouble and so it's this fear factor and i get that it's super important but but are there other measurements of success that that you you can share in other words how are customers going to determine the value of this joint solution so it's a mean time to repair let me go nick and then i'm sure you have your uh metrics and how you're measuring the success it's about how we can detect an issue and repair that issue it's reducing that mean time to repair as much as possible and making it as real-time as possible for our customers right that's where the true outcome through success and the metric that customers can track measure and continuously improve on nick you want to add to that for sure yeah you know you make some great great points niaki and what what i would add is um what sentinel one singularity platform is known for is automated and autonomous detection prevention and response and remediation across threats and if you look traditionally at patch management or vulnerability assessment they're typically deployed and run in point-of-time solutions what i mean by that is that they're scans and re-scans the way that advanced edr solutions and xdr solutions such as single one singularity platform work is we're constantly recording everything that's happening on all of your systems in real time and so what we do is literally eliminate the window of opportunity between a patch being uh needed a vulnerability being discovered and you knowing that you have that need for that vulnerability to be patched in your environment you don't have to wait for that 12 or 24-hour window to scan for vulnerabilities you will immediately know it in your network you'll also know the security implications of that vulnerability so you know when and how to prioritize and then furthermore you can take autonomous hatching measures against that so at the end of the day the name of the game in security is time and it's about reducing that window of opportunity for the adversaries for the threat actors and this is a epic leap forward in in doing that for our customers and that capability nick is a function of your powerful agent or is it architecture where's that come from that's a great question it's it's a combination of a couple of things the first is our agent technology which performs constant monitoring on every system every behavior every process running on all your systems live and in real time so this is not a batch process that that kicks up once a day this is always running in the background so the moment a new application is installed the moment a new application version is deployed we know about it we record it instantaneously so if you think about that and layer against getting best in class vulnerability information from a partner like avanti and then also being able to deploy patch management against that you can start to see how you're applying that in real time in your environment and the last thing i i'd like to add is because we're watching everything and then layering it against thread intel and context using our proprietary machine learning technology that that idea of being able to prioritize and escalate is critical because if you talk to security providers there's a couple different uh challenges that they're facing and i would say the top two are alert fatigue and then also human human power limitations and so no security team has enough people on their team and no security teams have an absence of alerts and so the fact that we can prioritize alerts surface the ones that are the most important give context to that and also save them precious hours of their personnel's time by being able to do this autonomously and automatically we're really killing two birds with one stone that's great there's the business case right there you just laid out some other things that we can measure right it all comes back to the data doesn't it we got to go but i'll give you the last word yeah i mean we are super excited about this partnership uh like nick said uh we believe in how we can help our customers discover all the assets we have they have um manage those assets but a big chunk of it is how we help them secure it right secure uh their devices the applications the data that's on those devices the end points and being able to provide an experience a service experience at the end of the day so that end users don't have to worry about securing you don't have to think about security it should be embedded it should be autonomous and it should be contactually personalized right so uh that's the journey we are on and uh thank you nick for this great partnership and look forward to a great journey ahead of us thank you yeah thanks to both of you nick appreciate it okay keep it right there after this quick break we're gonna be back to look at how ivanti is working with other partners to simplify and harden the anywhere workplace you're watching the cube your leader in enterprise and emerging tech coverage [Music] you

(techno music) [Announcer] Live from Las Vegas, its the Cube! Covering Fortinet Accelerate 18. Brought to you buy Fortinet. >> Welcome back to the Cube's continuing coverage of Fortinet Accelerate 2018. I'm Lisa Martin joined by my cohost Peter Burris, and we have a very cozy set. Right now, I'd like to introduce you to our next guests, Daniel Bernard, the vice-president of business development for SentinelOne, and Basil Habib, you are the IT director at Tri City Foods. Gentleman, welcome to the Cube. >> Great to be here, thanks. >> We're excited to have you guys here. So first, Daniel first question to you. Tell us about SentinelOne, what's your role there, and how does SentinelOne partner with Fortinet? >> Sure, I run technologies integration and alliances. SentinelOne is a next generation endpoint protection platform company. Where we converge EPP and EDR into one agent that operates autonomously. So whether its connected to the internet or not, we don't rely on a cloud deliver solution. It works just as well online and offline. And we're there to disrupt the legacy AV players that have been in this market for 25 years with technology driven by artificial intelligence to map every part of the threat life cycle to specific AI capabilities, so we can stop attacks before they even occur. >> And your partnership with Fortinet, this is your first Accelerate, so talk to us about the duration of that partnership and what is differentiating-- >> Yeah. >> Lisa: For you. >> Its great to be here at Accelerate and also to work with Fortinet. We've been working with them for about a year and a half, and we're proud members of the Fortinet Security Fabric. What it means to us is that for enterprises, like Tri City Foods that we'll talk about, a defense and depth approach is really the way to go. Fortinet, leading edge, network security solutions. We have a very meaningful and exciting opportunity to work with Fortinet, given the breadth of our APIs. We have over 250 APIs, the most of any endpoint solution out there on the market. So the things we can enable within Fortinet's broad stack is really powerful. Fortinet has a lot of customers, a lot of endpoints in their environments to protect. So we're proud to partner with Fortinet to help go after those accounts together. To not only go into those accounts ourselves but also strengthen the security that Fortinet is able to offer their customers as well. >> If we can pivot on that for just a second. How do you-- how does SentinelOne help strengthen, for example, some of the announcements that came out from Fortinet this morning about the Security Fabric? How do you give an advantage to Fortinet? >> Sure. So where we come in, is we sit at the endpoint level and we're able to bring a lot of different pieces of intelligence to core and critical Fortinet assets. For example, with the Fortinet connector that we are going to be releasing tomorrow, so a little sneak peek on that right here on the Cube. The endpoint intelligence is actually through API to API connections able to go immediately into FortiSandbox and then be pushed to FortiGate. And that's in real time. So, whether an endpoint is inside of a network or running around somewhere in the world, whether its online or offline, a detection and a conviction we make through the SentinelOne client and the agent that actually sits on the endpoint, all the sudden is able to enrich and make every single endpoint inside of a Fortinet network much smarter and prone and also immune from attacks before they even occur. >> So as you think about that, how does it translate into a company like Tri City which has a large number of franchises, typically without a lot of expertise in those franchises, to do complex IT security but still very crucial data that has to be maintained and propagated. >> Well from Tri City's perspective, we look into security environment. And when you look into the Security Fabric between Fortinet and SentinelOne, that really helps us out a great deal. By looking into automating some of theses processes, mitigating some of these threats, that integration and the zero-day attack that can be prevented, that really helps us out day one. >> So tell us a little bit about Tri City. >> Well Tri City Foods is basically the second largest Franchisees for Burger King. We currently have approximately about 500 locations. Everybody thinks about Burger King as just the, you know, you go purchase Whopper. But nobody knows about all of the technology that goes in the back and in order to support that environment. You look into it, you got the Point of Sale, taking your credit card transaction, you got your digital menu board, you got all of the items in the back end, the drive-through. And we support all of those devices and we ensure that all of these are working properly, and operating efficiently. So if one of these devices is not functioning, that's all goes down. The other thing we do is basically we need to ensure that the security is up, most important for us. We're processing credit card transaction, we cannot afford to have any kind of issue to the environment. And this is, again, this is were SentinelOne comes into the picture where all of our devices down there are protected with the solution, as well as protecting the assets with Fortinet security. >> So I hear big environment complexity. Tell us about the evolution of security in your environment. You mention SentinelOne but how has that evolved as you have to, you said so many different endpoints that are vulnerable and there's personal information. Tell us about this evolution that you helped drive. >> The issue I put an end to when I first started on that is, we had the traditional antivirus. We had traditional antivirus, its just basically protecting what it knows about, it did not protect anything that is zero-day. We got in a head to a couple ransom wares. Which we are not willing to take any chances with the environment. That evolution came through as, no we cannot afford to have these type of system be taken down or be compromised. And we do like to assure the security of our clients. So this is, again, this is where we decided to go into the next gen and for protection. Ensuring the uptime and the security of the environment. >> But very importantly, you also don't have the opportunity to hire really, really expensive talent in the store to make sure that the store is digitally secure. Talk a little bit about what Daniel was talking about, relative to AI, automation, and some of the other features that you're looking for as you ensure security in those locations. >> The process to go down there is basically, we cannot expect everybody to understand security. So in order-- >> That's a good bet! (laughing) >> So in order to make-- >> While we're all here! >> That's right! >> So in order to make it easy for everybody to process the solutions, its best if we have to simplify as much as possible. We need to make sure its zero touch, we need to make sure that it works all the time, irrelevant to if you are on the network or off the network. We needed to make sure that its reliable and it works without any compromise. >> And very importantly, its multibonal right? It can be online, offline, you can have a variety of different operator characteristics, centralized, more regional. Is that all accurate? >> Multi-tenant, on-prem. >> Definitely. With every location, you got your local users, you have your managers, the district managers, they are mobile. These are mobile users that we have to protect. And in order to protect them we need to make sure that they are protected offline as well as online. And again, the SentinelOne client basically provided that security for us. It is always on, its available offline, and its preventing a lot of malware from coming in. >> Talk to us about, kind of the reduction in complexity and visibility. Cause I'm hearing that visibility is probably a key capability that you now have achieved across a pretty big environment. >> Correct. So, before with the traditional antivirus, you got on-prem solution. On-prem solution, in order to see that visibility, you have be logged in, you have to be able to access that solution, you have to be pushing application updates, signature updates, its very static. Moving into SentinelOne, its a successful solution. I don't have to touch anything, basically everything works in the background. We update the backend and just the clients get pushed, the updates get pushed, and its protected. I only have one engineer basically looking after the solution. Which is great in this environment. Because again, everywhere you go, up access is a big problem. So in order to reduce the cost, we need to make sure that we have that automation in place. We need to make sure that everything works with minimal intervention. That issues were mitigated dynamically without having any physical intervention to it. And this where the solution came in handy. >> So I'm hearing some really strong positive business outcomes. If we can kind of shift, Daniel, back to you. This is a great testimonial for how a business is continuing to evolve and grow at the speed and scale that consumers are demanding. Tell us a little bit on the SentinelOne side about some of the announcements that Fortinet has made today. For example, the Security Fabric, as well as what they announced with AI. How is that going to help your partnership and help companies like Tri City Foods and others achieve the visibility and the security that they need, at that scale and speed that they demand. >> Yeah I think Fortinet has very progressive approach when it comes to every part of their stack. What we see with the Fortinet Security Fabric is a real desire to work with best of breed vendors and bring in their capabilities so that customers can still utilize all the different pieces of what Fortinet offers, whether it be FortiGate, FortiSandbox, FortiMail, all these different fantastic products but compliment those products and enrich them with all these other great vendors here on the floor. And what we heard from Basil is what we hear from our other 2000 customers, these themes of we need something that's simple. With two people on the team, you can easily spend all your time just logging into every single console. Fortinet brings that light so seamlessly in their stack 20, 30 products that are able to be easily managed. But if you don't partner with a vendor like Fortinet or SentinelOne and your going into all these different products all day long, there's no time to actually do anything with that data. I think the problem in cyber security today is really one of data overload. What do you do with all this data? You need something that's going to be autonomous and work online and offline but also bring in this level of automation to connect all these different pieces of a security ecosystem together to make what Fortinet has very nicely labeled a Security Fabric. And that's what I believe is what's going inside Basil's environment, that's what we see in our 2000 customers and hopefully that's something that all of Fortinet's customers can benefit from. >> Basil, one of the many things that people think about is they associate digital transformation with larger businesses. Now, Tri City Food is not a small business, 500 Burger King franchises is a pretty sizable business, when you come right down to it. But how is SentinelOne, Fortinet facilitating changes in the in-store experience? Digital changes in the in-store experience? Are there things that you can now think about doing as a consequence of bringing this endpoint security into the store, in an automated, facile, simple way that you couldn't think about before? >> Actually yes, by using the Fortinet platform we deployed the FortiAPs. We have the FortiManager, we're looking into, basically, trying to manage and push all of the guest services, to provide guest services. Before we had to touch a lot of different devices, right now its just two click of a button and I'm able to provide that SSID to all of my stores. We're able to change the security settings with basically couple clicks. We don't have to go and manage 500 locations. I'm only managing a single platform and FortiManager, for instance, or FortiCloud. So this is very progressive for us. Again, when you're working with a small staff, the more automation and the more management you can do on the backend to simplify the environment, as well as providing the required security is a big plus for us. >> There's some key features that we've brought to market to help teams like Basil's. A couple ones that come to mind, our deep visibility capability where you can actually see into encrypted traffic directly from the endpoint, without any changes in network topography. That's something that's pretty groundbreaking. We're the only endpoint technology to actually do that, where you can actually threat hunt for IOCs and look around and see 70 percent of traffics encrypted today and that number is rising. You can actually see into all that traffic and look for specific data points. That's a really good example, where you can turn what you use to have to go to a very high level of SOC analyst and you can have anybody actually benefit from a tool like that. The other one that comes to mind is our rollback capability, where if something does get through or we're just operating in EDR mode, by customer choice, you can actually completely rollback a system to the previously noninfected, nonencrypted state directly from that central location. So whether that person is on an island or in Bermuda, or sitting in a store somewhere, if a system is compromise you don't need to re-image it anymore. You can just click rollback and within 90 seconds its back to where it was before. So, the time savings we can drive is really the key value proposition from a business outcome standpoint because you need all these different check boxes and more than check boxes, but frankly there's just not the people and the hours in the day to do it all. >> So, you said time savings affects maybe resource allocation. I'm wondering in terms of leveraging what you've established from a security standpoint as differentiation as Tri City is looking to grow and expand. Tell us a little bit about how this is a differentiator for your business, compared to your competition. >> I cannot speak to the competition. (all laughs) What I can speak to is, again, the differentiator for us as Daniel mentioned is basically, again, the automation pieces, the rollback features. The minimizing the threat analyses into the environment. All these features basically is going to make us more available for our customers, the environment is going to be secure and customers will be more than welcome to come into us and they know that their coming in their information is secure and their not going to be compromised. >> Well are you able to set up stores faster? Are you able to, as you've said, roll out changes faster? So you do get that common kind of view of things. >> We're at zero zero breach. >> We're at zero zero breach yes. So, basically, in order through a lot faster, we do it lock the source faster. We basically, with the zero touch deployment, that Fortinet is offering, basically send the device to the store, bring it online and its functional. We just push it out the door and its operational. With the SentinelOne platform, push the client to the store and set it and forget it. That is basically the best solution that we ever deployed. >> Set it and forget it. >> I like that. >> Set it and forget it. >> That's why you look so relaxed. (laughs) >> I can sleep at night. (all laugh) >> That's what we want to hear. >> Exactly. So Daniel, last question to you, this is your first Accelerate? >> It is our first Accelerate. >> Tell us about what excites you about being here? What are some of the things that you've heard and what are you excited about going forward in 2018 with this partnership? >> Yeah, well as we launch our Fortinet connector tomorrow, what really excites me about being here is the huge partner and customer base that Fortinet has built over the last 20 years. Customers and partners that have not only bought the first time, but they're in it to win it with Fortinet. And that's what we are too. I'm excited about the year ahead and enabling people like Basil to be able to sleep on the weekends because they can stitch they're security solutions together in a meaningful way with best of breed technologies and we're honored to be part of that Fortinet Security Fabric for that very reason. >> Well gentleman thank you both so much for taking the time to chat with us today and share your story at Accelerate 2018. >> Thanks a lot. >> Thank you. >> For this cozy panel up here, I'm Lisa Martin my cohost with the Cube is Peter Burris. You're watching us live at Fortinet Accelerate 2018. Stick around we will be right back. (techno music)

>> From theCUBE studios in Palo Alto in Boston bringing you data driven insights from theCUBE and ETR. This is "Breaking Analysis" with Dave Vellante. >> In just over 10 years, CrowdStrike has become a leading independent security firm with more than 2 billion in annual recurring revenue, nearly 60% ARR growth, and approximate $40 billion market capitalization, very high retention rates, low churn, and a path to 5 billion in revenue by mid decade. The company has joined Palo Alto Networks as a gold standard pure play cyber security firm. It has achieved this lofty status with an architecture that goes beyond a point product. With outstanding go to market and financial execution, some sharp acquisitions and an ever increasing total available market. Hello, and welcome to this week's Wikibon Cube Insights powered by ETR. In this "Breaking Analysis" and ahead of Falcon, Fal.Con, CrowdStrike's user conference, we take a deeper look into CrowdStrike, its performance, its platform, and survey data from our partner ETR. Now, the general consensus is that spending on Cyber is non-discretionary and is held up better than other technology sectors. While this is generally true, as this data shows, it's nuanced. Let's explore this a bit. First, this is a year-to-date chart of the stock performance of CrowdStrike relative to Palo Alto, the BUG ETF, which is a Cyber index, the NASDAQ and SentinelOne, a relatively new entrant to the IPO public markets. Now, as you can see the security sector as evidenced by the orange line, that Cyber ETF, is holding up better than the overall NASDAQ which is off 28% year-to-date. Palo Alto has held up incredibly well, the best, being off only around 4% year-to-date. Whereas CrowdStrike is off in the double digits this year. But up as we talked about in one of our last "Breaking Analysis" on Cyber, up from its lows this past May. Now, CrowdStrike had a very nice beat and raise on August 30th. But the stop didn't respond well initially. We asked "Breaking Analysis" contributor, Chip Simonton for his technical take and he stated that CrowdStrike has bounced around for the last three months in its current range. He said that Cyber stocks have held up better than the rest of the market, as we're showing. And now might be a good time to take a shot but he is cautious. FedEx had a warning today of a global recession and that's obvious case for a concern. You know, maybe some of these quality Cyber stocks like Palo Alto and CrowdStrike and Zscaler will outperform in a recession, but that play is not for the faint of heart. In fact, it's feeling like a longer, more drawn out tech lash than many had hoped. Perhaps as much as 12 to 18 months of bouncing around with sellers still in control, is generally the sentiment from Simonton. So in terms of Cyber spending being non-discretionary, we'd say it's less discretionary than other it sectors but the CISO still does not have an open wallet, as we've reported before. We've seen that spending momentum has decelerated in all sectors throughout the year. This is an across the board trend. Now, independent of the stock price, George Kurtz, CEO of CrowdStrike, he's running a marathon, not a sprint. And this company is running at a nice pace despite tough macro headwinds. The company is free cash flow positive and is in the black, or a non-GAAP operating profit basis and yet it's growing ARR at nearly 60%. Frank Slootman uses the term inherent profitability, meaning that the company could drive more profits if it wanted to dial down expenses especially in go to market costs. But that would be a mistake for a company like CrowdStrike, in our opinion. While it has an impressive nearly 20,000 customers, there are hundreds of thousands of customers that CrowdStrike could penetrate. So like Snowflake and Slootman, Kurtz is not taking its foot off the gas. Now, the fundamental strength of CrowdStrike and its secret sauce is its architecture and platform, in our view, so let's take a deeper look. CrowdStrike believes that the unstoppable breach is a myth. Now, CISOs don't agree with that because they assume they're going to get breached, but that's CrowdStrike's point of view, so lofty vision. CrowdStrike's mission is to consolidate the patchwork of solutions by introducing modules that go beyond point products. CrowdStrike has more than 20 modules, I think 22, that span a range of capabilities as shown in this table. Now, there are a few critical aspects of the CrowdStrike architecture that bear mentioning. First is the lightweight agent, that is fundamental. You know, we're used to thinking that agentless is good and agent is bad, but in this case, a powerful but small, slim and easy to install but unobtrusive agent has its advantages because it supports multiple CrowdStrike modules. The second point is CrowdStrike from the beginning has been dogmatic about getting all the telemetry data into the cloud. It sort of shunned doing bespoke on prem so that all the data could be analyzed. So the more agents that CrowdStrike installs around the world, the more data it has access to and the better its intelligence. Few companies have access to more data, perhaps Microsoft given it scale and size is an exception in that endpoint space. CrowdStrike has developed a purpose-built threat graph and analytics platform that allows it to quickly ingest in near real time key telemetry data and detect not only known malware, that's pretty straightforward, pretty much anybody could do that. But using machine intelligence, it can also detect unknown malware and other potentially malicious behavior using indicators of attack, IOC, or IOAs. Humio is shown here as a company that CrowdStrike bought for around 400 million in early 2020, early 2021. It's the company's Splunk killer and will serve as an observability platform. It's really starting to take off, that's a great market for them to go after. CrowdStrike, to try to put it into sort of a summary, uses a three pronged approach. First is it's next generation anti-virus, meaning it's SaaS base. SAS based solution that can do fast lookups to telemetry data and that data lives in the cloud. And this leverages cloud strikes proprietary threat graph. Now, the second is endpoint detection and response. CrowdStrike sends all endpoint activity to the cloud and can process the data in real time. CrowdStrike EDR allows you to search data history and its partners with threat intelligent platforms who push the data into CrowdStrike, the CrowdStrike cloud. This increases CloudStrike's observation space. It also has containment capabilities in EDR to fence off compromised system. Now, the third leg of the stool is CrowdStrike's world class manage hunting approach. Like many firms, CrowdStrike has a crack team of experts that is looking at the data, but CrowdStrike's advantage is the amount of data, that observation space that we just talked about, and near real time capabilities of the architecture thanks to that proprietary database that they've developed. And all this is built in the cloud and so it enables global scale. And of course, agility. Now, let's dig into some of the survey data and take a look at what ETR respondents are saying about the spending momentum for CrowdStrike in context with its peers. Here's a very recent dataset, the October preliminary data from the October dataset in ETR's survey. Eric Bradley shared with us, ETR's head of strategy, and he runs the round tables, he's a frequent "Breaking Analysis" contributor. This is an XY graph with Netcore or spending momentum on the vertical axis and the overlap or pervasiveness in the survey on the horizontal axis. That dotted red line at 40% indicates an elevated level of spending velocity. Anything above that, we consider really impressive. Note the CrowdStrike progression since the pandemic started. The two notable points are one, that CrowdStrike has remained consistently above that 40% mark and two, it has made notable progress to the right. You can see that sort of squiggly line consistently increasing its share with one little anomaly there in the early days of over a two-year period. The other call out here is Microsoft in the upper-right. We circled Microsoft as usual. Microsoft messes up the data because it's such a dominant player and has referenced earlier as a massive scale and very quality telemetry from its endpoints. Unlike AWS, Microsoft is a direct competitor of CrowdStrike's. Nonetheless, the sector remains very strong with lots of players. Cyber is a large and expanding TAM with too many point tools that CrowdStrike is well positioned to consolidate, in our view. Now, here's a more narrow view of that same XY graph. What it does is it takes out Microsoft to kind of normalize the data a bit and it compares a number of firms that specialize in endpoint, along with CrowdStrike such as Tanium which also has a lightweight agent, by the way, and appears to be doing pretty well. SentinelOne did a relatively recent IPO, took off, stock hasn't done as well since, as you saw earlier. Carbon Black which VMware bought for around $2 billion and Cylance which is the Blackberry pivot. Now, we've also for context included Palo Alto and Cisco because they are major players with the big presence in security and they've got solutions that compete with CrowdStrike. But you can see how CrowdStrike looms large with a higher net score than these others. Although Palo Alto is very impressive, as is Cisco, steady. But Palo Alto also, sorry, CrowdStrike also has a very steady posture instead of just looming on that X axis. Let's now take a look at XDR, extended detection and response. XDR is kind of this bit of a buzzword but CrowdStrike seems to be taking the mantle and trying to sort of own the category and define it, in our view. It's a natural evolution of endpoint detection and response, EDR. In a recent ETR Roundtable hosted by our colleague, Eric Bradley, the sentiment among several CIOs is that existing SIEM, security information and event management platforms are inadequate and some see XDR as a replacement for, or at least a strong compliment to SIEM. CISOs want a single view of their data. Hmm, you haven't heard that before. They want help prioritizing potentially high impact breaches and they want to automate the low level stuff because the problem is sometimes too much information becomes information overload and you can't prioritize. So they want to consolidate platforms. They want better co consistency. They have too many dashboards, too many stove pipes. They have difficulty scaling and they have inconsistent telemetry data. As one CISO said, it's a call out here. "If the regulatory requirement isn't there, I absolutely would get rid of my SIEM." So CrowdStrike, we feel, is in a good position to continue to gain, share and disrupt this space. And that's what Dave Nicholson and I will be looking for next week when theCUBE is at Fal.Con, CrowdStrike's user conference. We'll be there for two days at the area in Vegas. In addition to CrowdStrike CEO, we'll hear from government cyber experts. We always hear that at security conferences and the CEO of Mandiant. Google just the other day closed its $5 billion plus acquisition of Mandiant, which is a threat intelligence expert and MSSP. I'm going to hear a lot about MSSPs by the way. CrowdStrike is a growing MSSP base. We think that's a really interesting sector because many companies don't have a SOC. As many as 50% of companies in the United States don't have a security operations center. So they need help, that's where MSPs come in. At the conference, there'll be a real focus on the Falcon platform. And we expect CrowdStrike to educate the audience on its multiple modules and how to take advantage of the capabilities beyond endpoint. And we'll also be watching for the ecosystem conversations. We saw this at reinforced, for example, where CrowdStrike and Okta were presenting together to show how these companies products compliment each other in the marketplace. Sometimes it gets confusing when you hear that CrowdStrike has an identity product. Okta, of course, is the identity specialist. So we'll be helping extract that signal from the noise. Because a generational company must have a strong ecosystem. CrowdStrike is evolving and our belief is that it has some work to do to create a stronger partner flywheel, and we're eager to dig into that next week. So if you're at the event, please do stop by theCUBE, say hello to Dave Nicholson and myself. Okay, we're going to leave it there today. Many thanks to Chip Simonton and Eric Bradley for their input and contributions to today's episode. Thanks to Alex Myerson, who does production, he also manages our podcast, Ken Schiffman as well, in our Boston studios, Kristen Martin and Cheryl Knight help get the word out on social media and our newsletters, and Rob Hof is our editor in chief over at siliconangle.com. He does some wonderful editing and I really appreciate that. Remember, all these episodes are available as podcasts wherever you listen, just search "Breaking Analysis" Podcast. I publish each week on wikibon.com and siliconangle.com and you can email me at david.vellante@siliconangle.com or DM me @DVellante or comment on our LinkedIn post. And please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching, and we'll see you next time on "Breaking Analysis". (upbeat music)

>> From theCUBE Studios in Palo Alto and Boston bringing you data driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> After a two year hiatus, AWS re:Inforce is back on as an in-person event in Boston next week. Like the All-Star break in baseball, re:Inforce gives us an opportunity to evaluate the cyber security market overall, the state of cloud security and cross cloud security and more specifically what AWS is up to in the sector. Welcome to this week's Wikibon cube insights powered by ETR. In this Breaking Analysis we'll share our view of what's changed since our last cyber update in May. We'll look at the macro environment, how it's impacting cyber security plays in the market, what the ETR data tells us and what to expect at next week's AWS re:Inforce. We start this week with a checkpoint from Breaking Analysis contributor and stock trader Chip Simonton. We asked for his assessment of the market generally in cyber stocks specifically. So we'll summarize right here. We've kind of moved on from a narrative of the sky is falling to one where the glass is half empty you know, and before today's big selloff it was looking more and more like glass half full. The SNAP miss has dragged down many of the big names that comprise the major indices. You know, earning season as always brings heightened interest and this time we're seeing many cross currents. It starts as usual with the banks and the money centers. With the exception of JP Morgan the numbers were pretty good according to Simonton. Investment banks were not so great with Morgan and Goldman missing estimates but in general, pretty positive outlooks. But the market also shrugged off IBM's growth. And of course, social media because of SNAP is getting hammered today. The question is no longer recession or not but rather how deep the recession will be. And today's PMI data was the weakest since the start of the pandemic. Bond yields continue to weaken and there's a growing consensus that Fed tightening may be over after September as commodity prices weaken. Now gas prices of course are still high but they've come down. Tesla, Nokia and AT&T all indicated that supply issues were getting better which is also going to help with inflation. So it's no shock that the NASDAQ has done pretty well as beaten down as tech stocks started to look oversold you know, despite today's sell off. But AT&T and Verizon, they blamed their misses in part on people not paying their bills on time. SNAP's huge miss even after guiding lower and then refusing to offer future guidance took that stock down nearly 40% today and other social media stocks are off on sympathy. Meta and Google were off, you know, over 7% at midday. I think at one point hit 14% down and Google, Meta and Twitter have all said they're freezing new hires. So we're starting to see according to Simonton for the first time in a long time, the lower income, younger generation really feeling the pinch of inflation. Along of course with struggling families that have to choose food and shelter over discretionary spend. Now back to the NASDAQ for a moment. As we've been reporting back in mid-June and NASDAQ was off nearly 33% year to date and has since rallied. It's now down about 25% year to date as of midday today. But as I say, it had been, you know much deeper back in early June. But it's broken that downward trend that we talked about where the highs are actually lower and the lows are lower. That's started to change for now anyway. We'll see if it holds. But chip stocks, software stocks, and of course the cyber names have broken those down trends and have been trading above their 50 day moving averages for the first time in around four months. And again, according to Simonton, we'll see if that holds. If it does, that's a positive sign. Now remember on June 24th, we recorded a Breaking Analysis and talked about Qualcomm trading at a 12 X multiple with an implied 15% growth rate. On that day the stock was 124 and it surpassed 155 earlier this month. That was a really good call by Simonton. So looking at some of the cyber players here SailPoint is of course the anomaly with the Thoma Bravo 7 billion acquisition of the company holding that stock up. But the Bug ETF of basket of cyber stocks has definitely improved. When we last reported on cyber in May, CrowdStrike was off 23% year to date. It's now off 4%. Palo Alto has held steadily. Okta is still underperforming its peers as it works through the fallout from the breach and the ingestion of its Auth0 acquisition. Meanwhile, Zscaler and SentinelOne, those high flyers are still well off year to date, with Ping Identity and CyberArk not getting hit as hard as their valuations hadn't run up as much. But virtually all these tech stocks generally in cyber issues specifically, they've been breaking their down trend. So it will now come down to earnings guidance in the coming months. But the SNAP reaction is quite stunning. I mean, the environment is slowing, we know that. Ad spending gets cut in that type of market, we know that too. So it shouldn't be a huge surprise to anyone but as Chip Simonton says, this shows that sellers are still in control here. So it's going to take a little while to work through that despite the positive signs that we're seeing. Okay. We also turned to our friend Eric Bradley from ETR who follows these markets quite closely. He frequently interviews CISOs on his program, on his round tables. So we asked to get his take and here's what ETR is saying. Again, as we've reported while CIOs and IT buyers have tempered spending expectations since December and early January when they called for an 8% plus spending growth, they're still expecting a six to seven percent uptick in spend this year. So that's pretty good. Security remains the number one priority and also is the highest ranked sector in the ETR data set when you measure in terms of pervasiveness in the study. Within security endpoint detection and extended detection and response along with identity and privileged account management are the sub-sectors with the most spending velocity. And when you exclude Microsoft which is just dominant across the board in so many sectors, CrowdStrike has taken over the number one spot in terms of spending momentum in ETR surveys with CyberArk and Tanium showing very strong as well. Okta has seen a big dropoff in net score from 54% last survey to 45% in July as customers maybe put a pause on new Okta adoptions. That clearly shows in the survey. We'll talk about that in a moment. Look Okta still elevated in terms of spending momentum, but it doesn't have the dominant leadership position it once held in spend velocity. Year on year, according to ETR, Tenable and Elastic are seeing the biggest jumps in spending momentum, with SailPoint, Tanium, Veronis, CrowdStrike and Zscaler seeing the biggest jump in new adoptions since the last survey. Now on the downside, SonicWall, Symantec, Trellic which is McAfee, Barracuda and TrendMicro are seeing the highest percentage of defections and replacements. Let's take a deeper look at what the ETR data tells us about the cybersecurity space. This is a popular view that we like to share with net score or spending momentum on the Y axis and overlap or pervasiveness in the data on the X axis. It's a measure of presence in the data set we used to call it market share. With the data, the dot positions, you see that little inserted table, that's how the dots are plotted. And it's important to note that this data is filtered for firms with at least 100 Ns in the survey. That's why some of the other ones that we mentioned might have dropped off. The red dotted line at 40% that indicates highly elevated spending momentum and there are several firms above that mark including of course, Microsoft, which is literally off the charts in both dimensions in the upper right. It's quite incredible actually. But for the rest of the pack, CrowdStrike has now taken back its number one net score position in the ETR survey. And CyberArk and Okta and Zscaler, CloudFlare and Auth0 now Okta through the acquisition, are all above the 40% mark. You can stare at the data at your leisure but I'll just point out, make three quick points. First Palo Alto continues to impress and as steady as she goes. Two, it's a very crowded market still and it's complicated space. And three there's lots of spending in different pockets. This market has too many tools and will continue to consolidate. Now I'd like to drill into a couple of firms net scores and pick out some of the pure plays that are leading the way. This series of charts shows the net score or spending velocity or granularity for Okta, CrowdStrike, Zscaler and CyberArk. Four of the top pure plays in the ETR survey that also have over a hundred responses. Now the colors represent the following. Bright red is defections. We're leaving the platform. The pink is we're spending less, meaning we're spending 6% or worse. The gray is flat spend plus or minus 5%. The forest green is spending more, i.e, 6% or more and the lime green is we're adding the platform new. That red dotted line at the 40% net score mark is the same elevated level that we like to talk about. All four are above that target. Now that blue line you see there is net score. The yellow line is pervasiveness in the data. The data shown in each bar goes back 10 surveys all the way back to January 2020. First I want to call out that all four again are seeing down trends in spending momentum with the whole market. That's that blue line. They're seeing that this quarter, again, the market is off overall. Everybody is kind of seeing that down trend for the most part. Very few exceptions. Okta is being hurt by fewer new additions which is why we highlighted in red, that red dotted area, that square that we put there in the upper right of that Okta bar. That lime green, new ads are off as well. And the gray for Okta, flat spending is noticeably up. So it feels like people are pausing a bit and taking a breather for Okta. And as we said earlier, perhaps with the breach earlier this year and the ingestion of Auth0 acquisition the company is seeing some friction in its business. Now, having said that, you can see Okta's yellow line or presence in the data set, continues to grow. So it's a good proxy from market presence. So Okta remains a leader in identity. So again, I'll let you stare at the data if you want at your leisure, but despite some concerns on declining momentum, notice this very little red at these companies when it comes to the ETR survey data. Now one more data slide which brings us to our four star cyber firms. We started a tradition a few years ago where we sorted the ETR data by net score. That's the left hand side of this graphic. And we sorted by shared end or presence in the data set. That's the right hand side. And again, we filtered by companies with at least 100 N and oh, by the way we've excluded Microsoft just to level the playing field. The red dotted line signifies the top 10. If a company cracks the top 10 in both spending momentum and presence, we give them four stars. So Palo Alto, CrowdStrike, Okta, Fortinet and Zscaler all made the cut this time. Now, as we pointed out in May if you combined Auth0 with Okta, they jumped to the number two on the right hand chart in terms of presence. And they would lead the pure plays there although it would bring down Okta's net score somewhat, as you can see, Auth0's net score is lower than Okta's. So when you combine them it would drag that down a little bit but it would give them bigger presence in the data set. Now, the other point we'll make is that Proofpoint and Splunk both dropped off the four star list this time as they both saw marked declines in net score or spending velocity. They both got four stars last quarter. Okay. We're going to close on what to expect at re:Inforce this coming week. Re:Inforce, if you don't know, is AWS's security event. They first held it in Boston back in 2019. It's dedicated to cloud security. The past two years has been virtual and they announced that reinvent that it would take place in Houston in June, which everybody said, that's crazy. Who wants to go to Houston in June and turns out nobody did so they postponed the event, thankfully. And so now they're back in Boston, starting on Monday. Not that it's going to be much cooler in Boston. Anyway, Steven Schmidt had been the face of AWS security at all these previous events as the Chief Information Security Officer. Now he's dropped the I from his title and is now the Chief Security Officer at Amazon. So he went with Jesse to the mothership. Presumably he dropped the I because he deals with physical security now too, like at the warehouses. Not that he didn't have to worry about physical security at the AWS data centers. I don't know. Anyway, he and CJ Moses who is now the new CISO at AWS will be keynoting along with some others including MongoDB's Chief Information Security Officer. So that should be interesting. Now, if you've been following AWS you'll know they like to break things down into, you know, a couple of security categories. Identity, detection and response, data protection slash privacy slash GRC which is governance, risk and compliance, and we would expect a lot more talk this year on container security. So you're going to hear also product updates and they like to talk about how they're adding value to services and try to help, they try to help customers understand how to apply services. Things like GuardDuty, which is their threat detection that has machine learning in it. They'll talk about Security Hub, which centralizes views and alerts and automates security checks. They have a service called Detective which does root cause analysis, and they have tools to mitigate denial of service attacks. And they'll talk about security in Nitro which isolates a lot of the hardware resources. This whole idea of, you know, confidential computing which is, you know, AWS will point out it's kind of become a buzzword. They take it really seriously. I think others do as well, like Arm. We've talked about that on previous Breaking Analysis. And again, you're going to hear something on container security because it's the hottest thing going right now and because AWS really still serves developers and really that's what they're trying to do. They're trying to enable developers to design security in but you're also going to hear a lot of best practice advice from AWS i.e, they'll share the AWS dogfooding playbooks with you for their own security practices. AWS like all good security practitioners, understand that the keys to a successful security strategy and implementation don't start with the technology, rather they're about the methods and practices that you apply to solve security threats and a top to bottom cultural approach to security awareness, designing security into systems, that's really where the developers come in, and training for continuous improvements. So you're going to get heavy doses of really strong best practices and guidance and you know, some good preaching. You're also going to hear and see a lot of partners. They'll be very visible at re:Inforce. AWS is all about ecosystem enablement and AWS is going to host close to a hundred security partners at the event. This is key because AWS doesn't do it all. Interestingly, they don't even show up in the ETR security taxonomy, right? They just sort of imply that it's built in there even though they have a lot of security tooling. So they have to apply the shared responsibility model not only with customers but partners as well. They need an ecosystem to fill gaps and provide deeper problem solving with more mature and deeper security tooling. And you're going to hear a lot of positivity around how great cloud security is and how it can be done well. But the truth is this stuff is still incredibly complicated and challenging for CISOs and practitioners who are understaffed when it comes to top talent. Now, finally, theCUBE will be at re:Inforce in force. John Furry and I will be hosting two days of broadcast so please do stop by if you're in Boston and say hello. We'll have a little chat, we'll share some data and we'll share our overall impressions of the event, the market, what we're seeing, what we're learning, what we're worried about in this dynamic space. Okay. That's it for today. Thanks for watching. Thanks to Alex Myerson, who is on production and manages the podcast. Kristin Martin and Cheryl Knight, they helped get the word out on social and in our newsletters and Rob Hoff is our Editor in Chief over at siliconangle.com. You did some great editing. Thank you all. Remember all these episodes they're available, this podcast. Wherever you listen, all you do is search Breaking Analysis podcast. I publish each week on wikibon.com and siliconangle.com. You can get in touch with me by emailing avid.vellante@siliconangle.com or DM me @dvellante, or comment on my LinkedIn post and please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching and we'll see you in Boston next week if you're there or next time on Breaking Analysis (soft music)

>> From theCUBE studios in Palo Alto in Boston bringing you data driven insights from theCUBE and ETR. This is breaking analysis with Dave Vellante. >> Despite fears of inflation, supply chain issues skyrocketing energy and home prices and global instability caused by the Ukraine crisis CIOs and IT buyers continue to expect overall spending to increase more than 6% in 2022. Now, while this is lower than our 8% prediction that we made earlier this year in January, it remains in line with last year's roughly six to 7% growth and is holding firm with the expectations reported by tech executives on the ETR surveys last quarter. Hello and welcome to this week's wiki bond cube insights powered by ETR in this breaking analysis, we'll update you on our latest look at tech spending with a preliminary take from ETR's latest macro drill down survey. We'll share some insights to which vendors have shown the biggest change in spending trajectory. And we'll tap our technical analysts to get a read on what they think it means for technology stocks going forward. The IT spending sentiment among IT buyers remains pretty solid. >> In the past two months, we've had conversations with dozens of CIOs, chief digital officers data executives, IT managers, and application developers, and across the board, they've indicated that for now at least their spending levels remain largely unchanged. The latest ETR drill down data which will share shortly, confirms these anecdotal checks. However, the interpretation of this data it's somewhat nuanced. Part of the reason for the spending levels being you know reasonably strong and holding up is inflation. Stuff costs more so spending levels are higher forcing IT managers to prioritize. Now security remains the number one priority and is less susceptible to cuts, cloud migration, productivity initiatives and other data projects remain top priorities. >> So where are CIO's robbing from Peter to pay Paul to focus on these priorities? Well, we've seen a slight uptick in certain speculative. IT projects being put on hold or frozen for a period of time. And according to ETR survey data we've seen some hiring freezes reported and this is especially notable in the healthcare sector. ETR also surveyed its buyer base to find out where they were adjusting their budgets and the strategies and tactics they were using to do so. Consolidating IT vendors was by far the most cited tactic. Now this makes sense as companies in an effort to negotiate better deals will often forego investments in newer so-called best of breed products and services, and negotiate bundles from larger suppliers. You know, even though they might not be as functional, the buyers >> can get a better deal if they bundle together from one of their larger suppliers. Think Microsoft or a Dell or other, you know, large companies. ETR survey respondents also cited cutting the cloud bill where discretionary spending was in play was another strategy or tactic that they were using. We certainly saw this with some of the largest snowflake customers this past quarter. Where even though they were still growing consumption rapidly certain snowflake customers dialed down their consumption and pushed spending off to future quarters. Now remember in the case of snowflake, anyway, customers negotiate consumption rates and their pricing based on a total commitment over a period of time. So while they may consume less in one quarter, over the lifetime of the contract, snowflake, as do many other cloud companies, have good visibility on the lifetime value of a deal. Now this next chart shows the latest ETR spending expectations among more than 900 respondents. The bars represent spending growth expectations from the periods of December, 2021 that's the gray bars, March of 2022 survey in the blue, and the most recent June data, That's the yellow bar. So you can see spending expectations for the quarter is down slightly in the mid 5% range. But overall for the year expectations remain in the mid 6% range. Now it's down from 8%, 8.3% in December where it looked like 2022 was going to really be a breakout year and have more momentum than even last year. Now, remember this was before Russia invaded Ukraine which occurred in mid-February of this year. So expectations were a little higher. So look, generally speaking CIOs have told us that their CFOs and CEOs have lowered their earnings outlooks and communicated that to Wall Street. They've told us that unless and until these revised forecasts appear at risk, they continue to expect their budget levels to remain pretty constant. Now there's still plenty of momentum and spending velocity on specific vendor platforms. Let's take a look at that. >> This chart shows the companies with the greatest spending momentum as measured by ETRs proprietary net score methodology. Net score essentially measures the net percent of customers spending more on a particular platform. That measurement is shown on the Y axis. The red line there that's inserted that red dotted line at 40%, we consider to be a highly elevated mark. And the green dots are companies in the ETR survey that are near or above that line. The X axis measures the presence in the data set, how much, you know sort of pervasiveness, if you will, is in the data. It's kind of a proxy for market presence. Now, of course we all know Kubernetes is not a company, but it remains an area where organizations are spending lots of resources and time particularly to modernize and mobilize applications. Snowflake remains the company which leads all firms in spending velocity, but as you'll see momentarily, despite its highest position relative to everybody else in the survey, it's still down from its previous levels in the high seventies and low 80% range. AWS is incredibly impressive because it has an elevated level but also a big presence in the data set in the survey. Same with Microsoft, same with ServiceNow which also stands out. And you can see the other smaller vendors like HashiCorp which is increasingly being seen as a strategic cross cloud enabler. They're showing, spending momentum. The RPA vendors you see in there automation anywhere and UI path are in the mix with numerous security companies, CrowdStrike, CyberArk, Netskope, Cloudflare, Tenable Okta, Zscaler Palo Alto networks, Sale Point Fortunate. A big number of cybersecurity firms hovering at or above that 40% mark you can see pure storage remains elevated as do PagerDuty and Coupa. So plenty of good news here, despite the recent tech crash. So that was the good, here's the not so good. So >> there is no 40% line on this chart because all these companies are well below that line. Now this doesn't mean these companies are bad companies. They just don't have the spending velocity of the ones we showed earlier. A good example here is Oracle. Look how they stand out on the X axis with a huge market presence. And Oracle remains an incredibly successful company selling to high end customers and really owning that mission critical data and application space. And remember ETR measures spending activity, but not actual spending dollars. So Oracle is skewed as a result because Oracle customers spend big bucks. But the fact is that Oracle has a large legacy install base that pulls down their growth rates. And that does show up in the ETR survey data. Broadcom is another example. They're one of the most successful companies in the industry, and they're not going after growth at all costs at all. They're going after EBITDA and of course ETR doesn't measure EBIT. So just keep that in mind, as you look at this data. Now another way to look at the data and the survey, is exploring the net score movement over the last period amongst companies. So how are they moving? What's happening to the net score over time. And this chart shows the year over year >> net score change for vendors that participate in at least three sectors within the ETR taxonomy. Remember ETR taxonomy has 12, 15 different segments. So the names above or below the gray dotted line are those companies where the net score has increased or decreased meaningfully. So to the earlier chart, it's all relative, right? Look at Oracle. While having lower net scores has also shown a more meaningful improvement in net score than some of the others, as have SAP and Teradata. Now what's impressive to me here is how AWS, Microsoft, and Google are actually holding that dotted line that gray line pretty well despite their size and the other ironically interesting two data points here are Broadcom and Nutanix. Now Broadcom, of course, as we've reported and dug into, is buying VMware and, and of, of course most customers are concerned about getting hit with higher prices. Once Broadcom takes over. Well Nutanix despite its change in net scores, in a good position potentially to capture some of that VMware business. Just yesterday, I talked to a customer who told me he migrated his entire portfolio off VMware using Nutanix AHV, the Acropolis hypervisor. And that was in an effort to avoid the VTEX specifically. Now this was a smaller customer granted and it's not representative of what I feel is Broadcom's ICP the ideal customer profile, but look, Nutanix should benefit from the Broadcom acquisition. If it can position itself to pick up the business that Broadcom really doesn't want. That kind of bottom of the pyramid. One person's trash is another's treasure as they say, okay. And here's that same chart for companies >> that participate in less than three segments. So, two or one of the segments in the ETR taxonomy. Only three names are seeing positive movement year over year in net score. SUSE under the leadership of amazing CEO, Melissa Di Donato. She's making moves. The company went public last year and acquired rancher labs in 2020. Look, we know that red hat is the big dog in Kubernetes but since the IBM acquisition people have looked to SUSE as a possible alternative and it's showing up in the numbers. It's a nice business. It's going to do more than 600 million this year in revenue, SUSE that is. It's got solid double digit growth in kind of the low teens. It's profitability is under pressure but they're definitely a player that is found a niche and is worth watching. The SolarWinds, What can I say there? I mean, maybe it's a dead cat bounce coming off the major breach that we saw a couple years ago. Some of its customers maybe just can't move off the platform. Constant contact we really don't follow and don't really, you know, focus on them. So, not much to say there. Now look at all the high priced earning stocks or infinite PE stocks that have no E and divide by zero or a negative number and boom, you have infinite PE and look at how their net scores have dropped. We've reported extensively on snowflake. They're still number one as we showed you earlier, net score, but big moves off their highs. Okta, Datadog, Zscaler, SentinelOne Dynatrace, big downward moves, and you can see the rest. So this chart really speaks to the change in expectations from the COVID bubble. Despite the fact that many of these companies CFOs would tell you that the pandemic wasn't necessarily a tailwind for them, but it certainly seemed to be the case when you look back in some of the ETR data. But a big question in the community is what's going to happen to these tech stocks, these tech companies in the market? We reached out to both Eric Bradley of ETR who used to be a technical analyst on Wall Street, and the long time trader and breaking analysis contributor, Chip Symington to get a read on what they thought. First, you know the market >> first point of the market has been off 11 out of the past 12 weeks. And bare market rallies like what we're seeing today and yesterday, they happen from time to time and it was kind of expected. Chair Powell's testimony was broadly viewed as a positive by the street because higher interest rates appear to be pushing commodity prices down. And a weaker consumer sentiment may point to a less onerous inflation outlook. That's good for the market. Chip Symington pointed out to breaking analysis a while ago that the NASDAQ has been on a trend line for the past six months where its highs are lower and the lows are lower and that's a bad sign. And we're bumping up against that trend line here. Meaning if it breaks through that trend it could be a buying signal. As he feels that tech stocks are oversold. He pointed to a recent bounce in semiconductors and cited the Qualcomm example. Here's a company trading at 12 times forward earnings with a sustained 14% growth rate over the next couple of years. And their cash flow is able to support their 2.4, 2% annual dividend. So overall Symington feels this rally was absolutely expected. He's cautious because we're still in a bear market but he's beginning to, to turn bullish. And Eric Bradley added that He feels the market is building a base here and he doesn't expect a 1970s or early 1980s year long sideways move because of all the money that's still in the system. You know, but it could bounce around for several months And remember with higher interest rates there are going to be more options other than equities which for many years has not been the case. Obviously inflation and recession. They are like two looming towers that we're all watching closely and will ultimately determine if, when, and how this market turns around. Okay, that's it for today. Thanks to my colleagues, Stephanie Chan, who helps research breaking analysis topics sometimes, and Alex Myerson who is on production in the podcast. Kristin Martin and Cheryl Knight they help get the word out and do all of our newsletters. And Rob Hof is our Editor in Chief over at siliconangle.com and does some wonderful editing for breaking analysis. Thank you. Remember, all these episodes are available as podcasts wherever you listen. All you got to do is search breaking analysis podcasts. I publish each week on wikibon.com and Siliconangle.com. And of course you can reach me by email at david.vellante@siliconangle.com or DM me at DVellante comment on my LinkedIn post and please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for the CUBE insights powered by ETR. Stay safe, be well. And we'll see you next time. (soft music)

>> From theCUBE studios in Palo Alto and Boston, bringing you data-driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> The pandemic precipitated what is shaping up to be a permanent shift in cybersecurity spending patterns. As a direct result of hybrid work, CSOs have vested heavily in endpoint security, identity access management, cloud security, and further hardening the network beyond the headquarters. We've reported on this extensively in this Breaking Analysis series. Moreover, the need to build security into applications from the start rather than bolting protection on as an afterthought has led to vastly high heightened awareness around DevSecOps. Finally, attacking security as a data problem with automation and AI is fueling new innovations in cyber products and services and startups. Hello and welcome to this week's Wikibon CUBE Insights powered by ETR. In this Breaking Analysis, we present our quarterly findings in the security industry, and share the latest ETR survey data on the spending momentum and market movers. Let's start with the most recent news in cybersecurity. Nary a week goes by without more concerning news. The latest focus in the headlines is, of course, Russia's relentless cyber attacks on critical infrastructure in the Ukraine, including banking, government websites, weaponizing information. The hacker group, BlackByte, put a double whammy on the San Francisco 49ers, meaning they exfiltrated data and they encrypted the organization's files as part of its ransomware attack. Then there's the best Super Bowl ad last Sunday, the Coinbase floating QR code. Did you catch that? As people rushed to scan the code and participate in the Coinbase Bitcoin giveaway, it highlights yet another exposure, meaning we're always told not to click on links that we don't trust or we've never seen, but so many people activated this random QR code on their smartphones that it crashed Coinbase's website. What does that tell you? In other news, Securonix raised a billion dollars. They did this raise on top of Lacework's massive $1.3 billion raise last November. Both of these companies are attacking security with data automation and APIs that can engage machine intelligence. Securonix, specifically in the announcement, mentioned the uptake from MSSPs, managed security service providers, something we've talked about in this series. And that's a trend that we see as increasingly gaining traction as customers are just drawing in and drowning in security incidents. Peter McKay's company, Snyk, acquired Fugue, a company focused on making sure security policies are consistent throughout the software development life cycle. It's a really an example of a developer-defined security approach where policy can be checked at the dev, deployment, and production phases to ensure the same policies are in place at all stages, including monitoring at runtime. Fugue, according to Crunchbase, had raised $85 million to date. In some other company news, Cisco was rumored to be acquiring Splunk for not much more than Splunk is worth today. And the talks reportedly broke down. This would be a major move in security by Cisco and underscores the pressure to consolidate. Cisco would get an extremely strong customer base and through efficiencies could improve Splunk's profitability, but it seems like the premium Cisco was willing to pay was not enough to entice board to act. Splunk board, that is. Datadog blew away its earnings, and the stock was up 12%. It's pulled back now, thanks to Putin, but it's one of those companies that is disrupting Splunk. Datadog is less than half the size of Splunk, revenue-wise, but its valuation is more than 2 1/2 times greater. Finally, Elastic, another Splunk disruptor, settled its trademark dispute with AWS, and now AWS will now stop using the name Elasticsearch. All right, let's take a high level look at how cyber companies have performed in the stock market over time. Here's a graph of the Cyber ETF, and you can see the March 1st crosshairs of 2020 signifying the start of the lockdown. The trajectory of cybersecurity stocks is shown by the orange and blue lines, and it surely has steepened post March of 2020. And, of course, it's been down with the market lately, but the run up, as you can see, was substantial and eclipsed the trajectory of the previous cycles over the last couple of years, owing much of the momentum to the spending dynamics that we talked about at our open. Let's now drill into some of the names that we've been following over the last few years and take a look at the firm level. This chart shows some data that we've been tracking since before the pandemic. The top rows show the S&P 500 and the NASDAQ prices, and the bottom rows show specific stocks. The first column is the index price or the market cap of the company just before the pandemic, then the same data one year later. Then the next column shows the peak value during the pandemic, and then the current value. Then it shows in the next column where it is today, in percentage terms, i.e., how far has it pulled back from the peak, then the delta from pre-pandemic, in other words, how much did the issue earn or lose during the pandemic for investors? We then compare the pre-pandemic revenue multiple using a trailing 12-month revenue metric. Sorry, that's what we used. It's easy to get. (laughs) And that's the revenue multiple compared to the August in 2020, when multiples were really high, and where they are today, and then a recent quarterly growth rate guide based on the last earnings report. That's the last column. Okay, so I'm throwing a lot of data at you here, but what does it tell us? First, the S&P and the NAS are well up from pre-pandemic levels, yet they're off 9% and 15%, respectively, from their peaks today. That was earlier on Friday morning. Now let's look at the names more closely. Splunk has been struggling. It definitely had a tailwind from the pandemic as all boats seem to rise, but its execution has been lacking. It's now 30% off from its pre-pandemic levels. (groans) And it's multiple is compressing, and perhaps Cisco thought it could pick up the company for a discount. Now let's talk about Palo Alto Networks. We had reported on some of the challenges the company faced moving into a cloud-friendly model. that was before the pandemic. And we talked about the divergence between Palo Alto's stock price and the valuations relative to Fortinet, and we said at the time, we fully expected Palo Alto to rebound, and that's exactly what happened. It rode the tailwinds of the last two years. It's up over 100% from its pre-COVID levels, and its revenue multiple is expanding, owing to the nice growth rates. Now Fortinet had been doing well coming into the pandemic. In fact, we said it was executing on a cloud strategy better than Palo Alto Networks, hence that divergence in valuations at the time. So it didn't get as much of a boost from the pandemic. Didn't get that momentum at first, but the company's been executing very well. And as you can see, with 155% increase in valuation since just before the pandemic, it's going more than okay for Fortinet. Now, Okta is a name that we've really followed closely, the identity access management specialist that rocketed. But since it's Auth0 acquisition, it's pulled back. Investors are concerned about its guidance and its profitability. And several analyst have downgraded their price targets on Okta. We still really like the company. The Auth0 acquisition gives Okta a developer vector, and we think the company is going hard after market presence and is willing to sacrifice short-term profitability. We actually like that posture. It's very Frank Slupin-like. This company spends a lot of money on R&D and go-to-market. The question is, does Okta have inherent profitability? The company, as they say, spends a ton in some really key areas but it looks to us like it's going to establish a footprint. It's guiding revenue CAGR in the mid-30s over the mid to long-term and near term should beat that benchmark handily. But you can see the red highlights on Okta. And even though Okta is up 59% from its pre-pandemic levels, it's far behind its peers shown in the chart, especially CrowdStrike and Zscaler, the latter being somewhat less impacted by the pullback in stocks recently, of course, due to the fears of inflation and interest rates, and, of course, Russian invasion escalation. But these high flyers, they were bound to pull back. The question is can they maintain their category leadership? And for the most part, we think they can. All right, let's get into some of the ETR data. Here's our favorite XY view with net score, or spending momentum on the Y-axis, and market share or pervasiveness in the data center on the horizontal axis. That red 40% line, that indicates a highly elevated spending level. And the chart inserts to the right, that shows how the data is plotted with net score and shared N in each of the columns by each company. Okay, so this is an eye chart, but there really are three main takeaways. One is that it's a crowded market. And this shows only the companies ETR captures in its survey. We filtered on those that had more than 50 mentions. So there's others in the ETR survey that we're not showing here, and there are many more out there which don't get reported in the spending data in the ETR survey. Secondly, there are a lot of companies above the 40% mark, and plenty with respectable net scores just below. Third, check out SentinelOne, Elastic, Tanium, Datadog, Netskope, and Darktrace. Each has under 100 N's but we're watching these companies closely. They're popping up in the survey, and they're catching our attention, especially SentinelOne, post-IPO. So we wanted to pare this back a bit and filter the data some more. So let's look at companies with more than 100 mentions in the same chart. It gets a little cleaner this picture, but it's still crowded. Auth0 leads everyone in net score. Okta is also up there, so that's very positive sign since they had just acquired Auth0. CrowdStrike SalePoint, Cyberark, CloudFlare, and Zscaler are all right up there as well. And then there's the bigger security companies. Palo Alto Network, very impressive because it's well above the 40% mark, and it has a big presence in the survey, and, of course, in the market. And Microsoft as well. They're such a big whale. They skew the data for everybody else to kind of mess up these charts. And the position of Cisco and Splunk make for an interesting combination. They get both decent net scores, not above the 40% line but they got a good presence in the survey as well. Thinking about the acquisition, Al Shugart was the CEO of of Seagate, and founder. Brilliant Silicon valley icon and engineer. Great business person. I was asking him one time, hey, you thinking about buying this company or that company? And of course, he's not going to tell me who he's thinking about buying or acquiring. He said, let me just tell you this. If you want to know what I'm thinking, ask yourself if it were free, would you take it? And he said the answer's not always obviously yes, because acquisitions can be messy and disruptive. In the case of Cisco and Splunk, I think the answer would be a definitive yes It would expand Cisco's portfolio and make it the leader in security, with an opportunity to bring greater operating leverage to Splunk. Cisco's just got to pay more if it wants that asset. It's got to pay more than the supposed $20 billion offer that it made. It's going to have to get kind of probably north of 23 billion. I pinged my ETR colleague, Erik Bradley, on this, and he generally agreed. He's very close to the security space. He said, Splunk isn't growing the customer base but the customers are sticky. I totally agree. Cisco could roll Splunk into its security suite. Splunk is the leader in that space, security information and event management, and Cisco really is missing that piece of the pie. All right, let's filter the data even more and look at some of the companies that have moved in the survey over the past year and a half. We'll go back here to July 2020. Same two-dimensional chart. And we're isolating here Auth0, Okta, SalePoint CrowdStrike, Zscaler, Cyberark, Fortinet, and Cisco. No Microsoft. That cleans up the chart. Okay, why these firms? Because they've made some major moves to the right, and some even up since last July. And that's what this next chart shows. Here's the data from the January 2022 survey. The arrow start points show the position that we just showed you earlier in July 2020, and all these players have made major moves to the right. How come? Well, it's likely a combination of strong execution, and the fact that security is on the radar of every CEO, CIO, of course, CSOs, business heads, boards of directors. Everyone is thinking about security. The market momentum is there, especially for the leaders. And it's quite tremendous. All right, let's now look at what's become a bit of a tradition with Breaking Analysis, and look at the firms that have earned four stars. Four-star firms are leaders in the ETR survey that demonstrate both a large presence, that's that X-axis that we showed you, and elevated spending momentum. Now in this chart, we filter the N's. Has to be greater than 100. And we isolate on those companies. So more than 100 responses in the survey. On the left-hand side of the chart, we sort by net score or spending velocity. On the right-hand side, we sort by shared N's or presence in the dataset. We show the top 20 for each of the categories. And the red line shows the top 10 cutoffs. Companies that show up in the top 10 for both spending momentum and presence in the data set earn four stars. If they show up in one, and make the top 10 in one, and make the top 20 in the other, they get two stars. And we've added a one-star category as honorable mention for those companies that make the top 20 in both categories. Microsoft, Palo Alto Networks, CrowdStrike, and Okta make the four-star grade. Okta makes it even without Auth0, which has the number one net score in this data set with 115 shared N to boot. So you can add that to Okta. The weighted average would pull Okta's net score to just above Cyberark's into fourth place. And its shared N would bump Okta up to third place on the right-hand side of the chart Cisco, Splunk, Proofpoint, KnowBe4, Zscaler, and Cyberark get two stars. And then you can see the honorable mentions with one star. Now thinking about a Cisco, Splunk combination. You'd get an entity with a net score in the mid-20s. Yeah, not too bad, definitely respectable. But they'd be number one on the right-hand side of this chart, with the largest market presence in the survey by far. Okay, let's wrap. The trends around hybrid work, cloud migration and the attacker escalation that continue to drive cybersecurity momentum and they're going to do so indefinitely. And we've got some bullet points here that you're seeing private companies, (laughs) they're picking up gobs of money, which really speaks to the fact that there's no silver bullet in this market. It's complex, chaotic, and cash-rich. This idea of MSSPs on the rise is going to continue, we think. About half the mid-size and large organization in the US don't have a SecOps, a security operation center, and outsourcing to one that can be tapped on a consumption basis, cloud-like, as a service just makes sense to us. We see the momentum that companies that we've highlighted over the many quarters of Breaking Analysis are forming. They're forming a strong base in the market. They're going for market share and footprint, and they're focusing on growth, at bringing in new talent. They have good balance sheets and strong management teams and we think they'll be leading companies in the future, Zscaler, CrowdStrike, Okta, SentinelOne, Cyberark, SalePoint, over time, joining the ranks of billion dollar cyber firms, when I say billion dollar, billion dollar revenue like Palo Alto Networks, Fortinet, and Splunk, if it doesn't get acquired. These independent firms that really focus on security. Which underscores the pressure and consolidation and M&A in the whole space. It's almost assured with the fragmentation of companies and so many new entrants fighting for escape velocity that this market is going to continue with robust M&A and consolidation. Okay, that's it for today. Thanks to my colleague, Stephanie Chan, who helped research this week's topics, and Alex Myerson on the production team. He also manages the Breaking Analysis podcast. Kristen Martin and Cheryl Knight, who get the word out. Thank you to all. Remember these episodes are all available as podcasts wherever you listen. All you do is search Breaking Analysis podcast. Check out ETR's website at etr.ai. We also publish a full report every week on wikibon.com and siliconangle.com. You can email me at david.vellante@siliconangle.com. @dvellante is my DM. Comment on our LinkedIn posts. This is Dave Vellante for theCUBE Insights powered by ETR. Have a great week. Be safe, be well, and we'll see you next time. (upbeat music)

>> From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is "Breaking Analysis" with Dave Vellante. >> When Facebook changed its name to Meta last fall, it catalyzed a chain reaction throughout the tech industry. Software firms, gaming companies, chip makers, device manufacturers, and others have joined in hype machine. Now, it's easy to dismiss the metaverse as futuristic hyperbole, but do we really believe that tapping on a smartphone, or staring at a screen, or two-dimensional Zoom meetings are the future of how we work, play, and communicate? As the internet itself proved to be larger than we ever imagined, it's very possible, and even quite likely that the combination of massive processing power, cheap storage, AI, blockchains, crypto, sensors, AR, VR, brain interfaces, and other emerging technologies will combine to create new and unimaginable consumer experiences, and massive wealth for creators of the metaverse. Hello, and welcome to this week's Wiki Bond Cube Insights, powered by ETR. In this "Breaking Analysis" we welcome in cyber expert, hacker gamer, NFT expert, and founder of ORE System, Nick Donarski. Nick, welcome, thanks so much for coming on theCUBE. >> Thank you, sir, glad to be here. >> Yeah, okay, so today we're going to traverse two parallel paths, one that took Nick from security expert and PenTester to NFTs, tokens, and the metaverse. And we'll simultaneously explore the complicated world of cybersecurity in the enterprise, and how the blockchain, crypto, and NFTs will provide key underpinnings for digital ownership in the metaverse. We're going to talk a little bit about blockchain, and crypto, and get things started there, and some of the realities and misconceptions, and how innovations in those worlds have led to the NFT craze. We'll look at what's really going on in NFTs and why they're important as both a technology and societal trend. Then, we're going to dig into the tech and try to explain why and how blockchain and NFTs are going to lay the foundation for the metaverse. And, finally, who's going to build the metaverse. And how long is it going to take? All right, Nick, let's start with you. Tell us a little bit about your background, your career. You started as a hacker at a really, really young age, and then got deep into cyber as a PenTester. You did some pretty crazy stuff. You have some great stories about sneaking into buildings. You weren't just doing it all remote. Tell us about yourself. >> Yeah, so I mean, really, I started a long time ago. My dad was really the foray into technology. I wrote my first program on an Apple IIe in BASIC in 1989. So, I like to say I was born on the internet, if you will. But, yeah, in high school at 16, I incorporated my first company, did just tech support for parents and teachers. And then in 2000 I transitioned really into security and focused there ever since. I joined Rapid7 and after they picked up Medis boy, I joined HP. I was one of their founding members of Shadowlabs and really have been part of the information security and the cyber community all throughout, whether it's training at various different conferences or talking. My biggest thing and my most awesome moments as various things of being broken into, is really when I get to actually work with somebody that's coming up in the industry and who's new and actually has that light bulb moment of really kind of understanding of technology, understanding an idea, or getting it when it comes to that kind of stuff. >> Yeah, and when you think about what's going on in crypto and NFTs and okay, now the metaverse it's you get to see some of the most innovative people. Now I want to first share a little bit of data on enterprise security and maybe Nick get you to comment. We've reported over the past several years on the complexity in the security business and the numerous vendor choices that SecOps Pros face. And this chart really tells that story in the cybersecurity space. It's an X,Y graph. We've shown it many times from the ETR surveys where the vertical axis, it's a measure of spending momentum called net score. And the horizontal axis is market share, which represents each company's presence in the data set, and a couple of points stand out. First, it's really crowded. In that red dotted line that you see there, that's 40%, above that line on the net score axis, marks highly elevated spending momentum. Now, let's just zoom in a bit and I've cut the data by those companies that have more than a hundred responses in the survey. And you can see here on this next chart, it's still very crowded, but a few call-outs are noteworthy. First companies like SentinelOne, Elastic, Tanium, Datadog, Netskope and Darktrace. They were all above that 40% line in the previous chart, but they've fallen off. They still have actually a decent presence in the survey over 60 responses, but under that hundred. And you can see Auth0 now Okta, big $7 billion acquisition. They got the highest net score CrowdStrike's up there, Okta classic they're kind of enterprise business, and Zscaler and others above that line. You see Palo Alto Networks and Microsoft very impressive because they're both big and they're above that elevated spending velocity. So Nick, kind of a long-winded intro, but it was a little bit off topic, but I wanted to start here because this is the life of a SecOps pro. They lack the talent in a capacity to keep bad guys fully at bay. And so they have to keep throwing tooling at the problem, which adds to the complexity and as a PenTester and hacker, this chaos and complexity means cash for the bad guys. Doesn't it? >> Absolutely. You know, the more systems that these organizations find to integrate into the systems, means that there's more components, more dollars and cents as far as the amount of time and the engineers that need to actually be responsible for these tools. There's a lot of reasons that, the more, I guess, hands in the cookie jar, if you will, when it comes to the security architecture, the more links that are, or avenues for attack built into the system. And really one of the biggest things that organizations face is being able to have engineers that are qualified and technical enough to be able to support that architecture as well, 'cause buying it from a vendor and deploying it, putting it onto a shelf is good, but if it's not tuned properly, or if it's not connected properly, that security tool can just hold up more avenues of attack for you. >> Right, okay, thank you. Now, let's get into the meat of the discussion for today and talk a little bit about blockchain and crypto for a bit. I saw sub stack post the other day, and it was ripping Matt Damon for pedaling crypto on TV ads and how crypto is just this big pyramid scheme. And it's all about allowing criminals to be anonymous and it's ransomware and drug trafficking. And yes, there are definitely scams and you got to be careful and lots of dangers out there, but these are common criticisms in the mainstream press, that overlooked the fact by the way that IPO's and specs are just as much of a pyramid scheme. Now, I'm not saying there shouldn't be more regulation, there should, but Bitcoin was born out of the 2008 financial crisis, cryptocurrency, and you think about, it's really the confluence of software engineering, cryptography and game theory. And there's some really powerful innovation being created by the blockchain community. Crypto and blockchain are really at the heart of a new decentralized platform being built out. And where today, you got a few, large internet companies. They control the protocols and the platform. Now the aspiration of people like yourself, is to create new value opportunities. And there are many more chances for the little guys and girls to get in on the ground floor and blockchain technology underpins all this. So Nick, what's your take, what are some of the biggest misconceptions around blockchain and crypto? And do you even pair those two in the same context? What are your thoughts? >> So, I mean, really, we like to separate ourselves and say that we are a blockchain company, as opposed to necessarily saying(indistinct) anything like that. We leverage those tools. We leverage cryptocurrencies, we leverage NFTs and those types of things within there, but blockchain is a technology, which is the underlying piece, is something that can be used and utilized in a very large number of different organizations out there. So, cryptocurrency and a lot of that negative context comes with a fear of something new, without having that regulation in place, without having the rules in place. And we were a big proponent of, we want the regulation, right? We want to do right. We want to do it by the rules. We want to do it under the context of, this is what should be done. And we also want to help write those rules as well, because a lot of the lawmakers, a lot of the lobbyists and things, they have a certain aspect or a certain goal of when they're trying to get these things. Our goal is simplicity. We want the ability for the normal average person to be able to interact with crypto, interact with NFTs, interact with the blockchain. And basically by saying, blockchain in quotes, it's very ambiguous 'cause there's many different things that blockchain can be, the easiest way, right? The easiest way to understand blockchain is simply a distributed database. That's really the core of what blockchain is. It's a record keeping mechanism that allows you to reference that. And the beauty of it, is that it's quote unquote immutable. You can't edit that data. So, especially when we're talking about blockchain, being underlying for technologies in the future, things like security, where you have logging, you have keeping, whether you're talking about sales, where you may have to have multiple different locations (indistinct) users from different locations around the globe. It creates a central repository that provides distribution and security in the way that you're ensuring your data, ensuring the validation of where that data exists when it was created. Those types of things that blockchain really is. If you go to the historical, right, the very early on Bitcoin absolutely was made to have a way of not having to deal with the fed. That was the core functionality of the initial crypto. And then you had a lot of the illicit trades, those black markets that jumped onto it because of what it could do. The maturity of the technology though, of where we are now versus say back in 97 is a much different world of blockchain, and there's a much different world of cryptocurrency. You still have to be careful because with any fed, you're still going to have that FUD that goes out there and sells that fear, uncertainty and doubt, which spurs a lot of those types of scams, and a lot of those things that target end users that we face as security professionals today. You still get mailers that go out, looking for people to give their social security number over during tax time. Snail mail is considered a very ancient technology, but it still works. You still get a portion of the population that falls for those tricks, fishing, whatever it might be. It's all about trying to make sure that you have fear about what is that change. And I think that as we move forward, and move into the future, the simpler and the more comfortable these types of technologies become, the easier it is to utilize and indoctrinate normal users, to be able to use these things. >> You know, I want to ask you about that, Nick, because you mentioned immutability, there's a lot of misconceptions about that. I had somebody tell me one time, "Blockchain's Bs," and they say, "Well, oh, hold on a second. They say, oh, they say it's a mutable, but you can hack Coinbase, whatever it is." So I guess a couple of things, one is that the killer app for blockchain became money. And so we learned a lot through that. And you had Bitcoin and it really wasn't programmable through its interface. And then Ethereum comes out. I know, you know a lot about Ether and you have solidity, which is a lot simpler, but it ain't JavaScript, which is ubiquitous. And so now you have a lot of potential for the initial ICO's and probably still the ones today, the white papers, a lot of security flaws in there. I'm sure you can talk to that, but maybe you can help square that circle about immutability and security. I've mentioned game theory before, it's harder to hack Bitcoin and the Bitcoin blockchain than it is to mine. So that's why people mine, but maybe you could add some context to that. >> Yeah, you know it goes to just about any technology out there. Now, when you're talking about blockchain specifically, the majority of the attacks happen with the applications and the smart contracts that are actually running on the blockchain, as opposed to necessarily the blockchain itself. And like you said, the impact for whether that's loss of revenue or loss of tokens or whatever it is, in most cases that results from something that was a phishing attack, you gave up your credentials, somebody said, paste your private key in here, and you win a cookie or whatever it might be, but those are still the fundamental pieces. When you're talking about various different networks out there, depending on the blockchain, depends on how much the overall security really is. The more distributed it is, and the more stable it is as the network goes, the better or the more stable any of the code is going to be. The underlying architecture of any system is the key to success when it comes to the overall security. So the blockchain itself is immutable, in the case that the owner are ones have to be trusted. If you look at distributed networks, something like Ethereum or Bitcoin, where you have those proof of work systems, that disperses that information at a much more remote location, So the more disperse that information is, the less likely it is to be able to be impacted by one small instance. If you look at like the DAO Hack, or if you look at a lot of the other vulnerabilities that exist on the blockchain, it's more about the code. And like you said, solidity being as new as it is, it's not JavaScript. The industry is very early and very infantile, as far as the developers that are skilled in doing this. And with that just comes the inexperience and the lack of information that you don't learn until JavaScript is 10 or 12 years old. >> And the last thing I'll say about this topic, and we'll move on to NFTs, but NFTs relate is that, again, I said earlier that the big internet giants have pretty much co-opted the platform. You know, if you wanted to invest in Linux in the early days, there was no way to do that. You maybe have to wait until red hat came up with its IPO and there's your pyramid scheme folks. But with crypto it, which is again, as Nick was explaining underpinning is the blockchain, you can actually participate in early projects. Now you got to be careful 'cause there are a lot of scams and many of them are going to blow out if not most of them, but there are some, gems out there, because as Nick was describing, you've got this decentralized platform that causes scaling issues or performance issues, and people are solving those problems, essentially building out a new internet. But I want to get into NFTs, because it's sort of the next big thing here before we get into the metaverse, what Nick, why should people pay attention to NFTs? Why do they matter? Are they really an important trend? And what are the societal and technological impacts that you see in this space? >> Yeah, I mean, NFTs are a very new technology and ultimately it's just another entry on the blockchain. It's just another piece of data in the database. But how it's leveraged in the grand scheme of how we, as users see it, it can be the classic idea of an NFT is just the art, or as good as the poster on your wall. But in the case of some of the new applications, is where are you actually get that utility function. Now, in the case of say video games, video games and gamers in general, already utilize digital items. They already utilize digital points. As in the case of like Call of Duty points, those are just different versions of digital currencies. You know, World of Warcraft Gold, I like to affectionately say, was the very first cryptocurrency. There was a Harvard course taught on the economy of WOW, there was a black market where you could trade your end game gold for Fiat currencies. And there's even places around the world that you can purchase real world items and stay at hotels for World of Warcraft Gold. So the adoption of blockchain just simply gives a more stable and a more diverse technology for those same types of systems. You're going to see that carry over into shipping and logistics, where you need to have data that is single repository for being able to have multiple locations, multiple shippers from multiple global efforts out there that need to have access to that data. But in the current context, it's either sitting on a shipping log, it's sitting on somebody's desk. All of those types of paper transactions can be leveraged as NFTs on the blockchain. It's just simply that representation. And once you break the idea of this is just a piece of art, or this is a cryptocurrency, you get into a world where you can apply that NFT technology to a lot more things than I think most people think of today. >> Yeah, and of course you mentioned art a couple of times when people sold as digital art for whatever, it was 60, 65 million, 69 million, that caught a lot of people's attention, but you're seeing, I mean, there's virtually infinite number of applications for this. One of the Washington wizards, tokenized portions of his contract, maybe he was creating a new bond, that's really interesting use cases and opportunities, and that kind of segues into the latest, hot topic, which is the metaverse. And you've said yourself that blockchain and NFTs are the foundation of the metaverse, they're foundational elements. So first, what is the metaverse to you and where do blockchain and NFTs, fit in? >> Sure, so, I mean, I affectionately refer to the metaverse just a VR and essentially, we've been playing virtual reality games and all the rest for a long time. And VR has really kind of been out there for a long time. So most people's interpretation or idea of what the metaverse is, is a virtual reality version of yourself and this right, that idea of once it becomes yourself, is where things like NFT items, where blockchain and digital currencies are going to come in, because if you have a manufacturer, so you take on an organization like Nike, and they want to put their shoes into the metaverse because we, as humans, want to individualize ourselves. We go out and we want to have that one of one shoe or that, t-shirt or whatever it is, we're going to want to represent that same type of individuality in our virtual self. So NFTs, crypto and all of those digital currencies, like I was saying that we've known as gamers are going to play that very similar role inside of the metaverse. >> Yeah. Okay. So basically you're going to take your physical world into the metaverse. You're going to be able to, as you just mentioned, acquire things- I loved your WOW example. And so let's stay on this for a bit, if we may, of course, Facebook spawned a lot of speculation and discussion about the concept of the metaverse and really, as you pointed out, it's not new. You talked about why second life, really started in 2003, and it's still around today. It's small, I read recently, it's creators coming back into the company and books were written in the early 90s that used the term metaverse. But Nick, talk about how you see this evolving, what role you hope to play with your company and your community in the future, and who builds the metaverse, when is it going to be here? >> Yeah, so, I mean, right now, and we actually just got back from CES last week. And the Metaverse is a very big buzzword. You're going to see a lot of integration of what people are calling, quote unquote, the metaverse. And there was organizations that were showing virtual office space, virtual malls, virtual concerts, and those types of experiences. And the one thing right now that I don't think that a lot of organizations have grasp is how to make one metaverse. There's no real player one, if you will always this yet, There's a lot of organizations that are creating their version of the metaverse, which then again, just like every other software and game vendor out there has their version of cryptocurrency and their version of NFTs. You're going to see it start to pop up, especially as Oculus is going to come down in price, especially as you get new technologies, like some of the VR glasses that look more augmented reality and look more like regular glasses that you're wearing, things like that, the easier that those technologies become as in adopting into our normal lifestyle, as far as like looks and feels, the faster that stuff's going to actually come out to the world. But when it comes to like, what we're doing is we believe that the metaverse should actually span multiple different blockchains, multiple different segments, if you will. So what ORE system is doing, is we're actually building the underlying architecture and technologies for developers to bring their metaverse too. You can leverage the ORE Systems NFTs, where we like to call our utility NFTs as an in-game item in one game, or you can take it over and it could be a t-shirt in another game. The ability for having that cross support within the ecosystem is what really no one has grasp on yet. Most of the organizations out there are using a very classic business model. Get the user in the game, make them spend their money in the game, make all their game stuff as only good in their game. And that's where the developer has you, they have you in their bubble. Our goal, and what we like to affectionately say is, we want to bring white collar tools and technology to blue collar folks, We want to make it simple. We want to make it off the shelf, and we want to make it a less cost prohibitive, faster, and cheaper to actually get out to all the users. We do it by supporting the technology. That's our angle. If you support the technology and you support the platform, you can build a community that will build all of the metaverse around them. >> Well, and so this is interesting because, if you think about some of the big names, we've Microsoft is talking about it, obviously we mentioned Facebook. They have essentially walled gardens. Now, yeah, okay, I could take Tik Tok and pump it into Instagram is fine, but they're really siloed off. And what you're saying is in the metaverse, you should be able to buy a pair of sneakers in one location and then bring it to another one. >> Absolutely, that's exactly it. >> And so my original kind of investment in attractiveness, if you will, to crypto, was that, the little guy can get an early, but I worry that some of these walled gardens, these big internet giants are going to try to co-op this. So I think what you're doing is right on, and I think it's aligned with the objectives of consumers and the users who don't want to be forced in to a pen. They want to be able to live freely. And that's really what you're trying to do. >> That's exactly it. You know, when you buy an item, say a Skin in Fortnite or Skin in Call of Duty, it's only good in that game. And not even in the franchise, it's only good in that version of the game. In the case of what we want to do is, you can not only have that carry over and your character. So say you buy a really cool shirt, and you've got that in your Call of Duty or in our case, we're really Osiris Protocol, which is our proof of concept video game to show that this all thing actually works, but you can actually go in and you can get a gun in Osiris Protocol. And if we release, Osiris Protocol two, you'll be able to take that to Osiris Protocol two. Now the benefit of that is, is you're going to be the only one in the next version with that item, if you haven't sold it or traded it or whatever else. So we don't lock you into a game. We don't lock you into a specific application. You own that, you can trade that freely with other users. You can sell that on the open market. We're embracing what used to be considered the black market. I don't understand why a lot of video games, we're always against the skins and mods and all the rest. For me as a gamer and coming up, through the many, many years of various different Call of Duties and everything in my time, I wish I could still have some this year. I still have a World of Warcraft account. I wasn't on, Vanilla, Burning Crusade was my foray, but I still have a character. If you look at it that way, if I had that wild character and that gear was NFTs, in theory, I could actually pass that onto my kid who could carry on that character. And it would actually increase in value because they're NFT back then. And then if needed, you could trade those on the open market and all the rest. It just makes gaming a much different thing. >> I love it. All right, Nick, hey, we're out of time, but I got to say, Nick Donarski, thanks so much for coming on the program today, sharing your insights and really good luck to you and building out your technology platform and your community. >> Thank you, sir, it's been an absolute pleasure. >> And thank you for watching. Remember, all these episodes are available as podcasts, just search "Breaking Analysis Podcast", and you'll find them. I publish pretty much every week on siliconangle.com and wikibond.com. And you can reach me @dvellante on Twitter or comment on my LinkedIn posts. You can always email me david.vellante@siliconangle.com. And don't forget, check out etr.plus for all the survey data. This is Dave Vellante for theCUBE Insights, powered by ETR, happy 2022 be well, and we'll see you next time. (upbeat music)

>> From theCUBE studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE in ETR. This is Breaking Analysis with Dave Vellante. >> Despite the more than $100 billion spent each year fighting Cyber-crime. When we do an end-of-the year look back and ask "How did we do?" The answer is invariably the same, "Worse than last year." Pre pandemic, the picture was disheartening, but since March of 2020 the situation has only worsened as cyber-criminals have become increasingly sophisticated, better funded and more brazen. SecOps pros continue to fight, but unlike conventional wars, this one has no end. Now the flip side of course, is that markets continue to value cybersecurity firms at significant premiums. Because this huge market will continue to grow by double digits for the foreseeable future. Hello and welcome to this week's Wikibon theCUBE Insights powered by ETR. In this Breaking Analysis, we look at the state of cybersecurity in 2021 and beyond. We'll update you with the latest survey data from enterprise technology research and share the fundamentals that have investors piling into the security space like never before. Let's start with the customer view. Cybersecurity remains the number one priority for CIOs and CSOs. This latest ETR survey, once again asked IT buyers to rank their top priorities for the next 12 months. Now the last three polling period dating back to last March. Cybersecurity has outranked every top spending category, including cloud, data analytics, productivity software, networking, AI, and automation or RPA. Now this shouldn't surprise anybody, but it underscores the challenges that organizations face. Not only are they in the midst of a non-optional digital transformation, but they have to also fund a cyber war that has no ceasefires, no truces, and no exit path. Now there's much more going on in cybersecurity than ransomware, but certainly that has the attention of executives. And it's becoming more and more lucrative for attackers. Here's a snapshot of some of the more well-documented attacks this decade many which have occurred in very recent months. CNA Financial, they got hit earlier this year and paid a $40 million ransom. The Ireland Health Service also got hit this year and refused to pay the ransom, but it's estimated that the cost to recover and the damage to the organization exceeded half a billion dollars. The request was for a $20 million ransom. The JBS meat company hack, they paid $11 million. CWT travel paid $5 million. The disruption from the Colonial Pipeline company, was widely reported they paid more than $4 million, as the Brenntag, the chemical company. The NBA got hit. Computer makers, Quanta and Acer also. More than 2,000 random attacks were reported to the FBI in the first seven months of 2021. Up more than 60% from 2020. Now, as I've said many times, you don't have to be a genius to be a ransomware as today. Anyone can go on the dark web, tap into ransomware as a service. Attackers, they have insidious names like darkside, evil, the cobalt, crime gang, wizard spider, the Lazarus gang, and numerous others. Criminals they have negotiation services is most typically the attackers, they'll demand a specific amount of money but they're willing to compromise in an exchange of cryptocurrency for decryption keys. And as mentioned, it's not just ransomware supply chain attacks like the solar winds hack hit organizations within the U.S government and companies like Mimecast this year. Now, while these attacks often do end up in a ransom situation. The attackers sometimes find it more lucrative to live off the land and stealth fashion and ex filtrates sensitive data that can be sold or in the case of many financial institution attacks they'll steal information from say a chief investment officer that signals an upcoming trading strategy and then the attackers will front run that trade in the stock market. Now, of course phishing, remains one of the most prominent threats. Only escalated by the work from home trend as users bring their own devices and of course home networks are less secure. So it's bad, worse than ever before. But you know, if there's a problem, entrepreneurs and investors, they're going to be there to solve it. So here's a LinkedIn post from one of the top investors in the business, Mike Speiser. He was a founding investor in Snowflake. He helped get pure storage to escape velocity and many, many other successes. This hit my LinkedIn feed the other day, his company Sutter Hill Ventures is co-leading a 1.3 Series D on an $8.3 billion valuation. They're putting in over $200 million. Now Lacework is a threat detection software company that looks at security as a data problem and they monitor exposures across clouds. So very timely. So watch that company. They're going to soar. Now the right hand chart shows venture investments in cybersecurity over the past several years. You can see it exploded in 2019 to $7.6 billion. And people thought the market was peaking at that time, if you recall. But then investments rose a little bit to $7.8 billion in 2020 right in the middle of lockdown. And then the hybrid work, the cloud, the new normal thesis kicked in big time. It's in full gear this year. You can see nearly $12 billion invested in cybersecurity in the first half of 2021 alone. So the money keeps coming in as the problem gets worse and the market gets more crowded. Now we'd like to show this slide from Optiv, it's their security taxonomy. It'll make your eyes cross. It's so packed with companies in different sectors. We'll put a link in our posts, so you can stare at this. We've used this truck before. It's pretty good. It's comprehensive and it's worth spending some time to see what that landscape looks like. But now let's reduce this down a bit and bring in some of the ETR data. This is survey data from October that shows net score or spending momentum on the vertical axis and market share or pervasiveness in the dataset on the horizontal axis. That's a measure of mentioned share if you will. Now this is just isolated on the information security sector within the ETR taxonomies. No filters in terms of the number of responses. So it's every company that ETR picks up in cybersecurity from its buyer surveys. Now companies above that red line, we consider them to have a highly elevated spending momentum for their products and services. And you can see, there are a lot of companies that are in this map first of all, and several above that magic mark. So you can see the momentum of Microsoft and Palo Alto. That's most impressive because of their size, their pervasiveness in the study, Cisco and Splunk are also quite prominent. They don't have as much spending momentum, but they're pretty respectable. And you can see the companies that have been real movers in this market that we've been reporting on for a while. Okta, CrowdStrike, Zscaler, CyberArk, SailPoint, Authzero, all companies that we've extensively covered in previous breaking analysis episodes as the up and comers. And isn't it interesting that Datadog is now showing up in the vertical axis. You see that in the left-hand side up high, they're becoming more and more competitive to Splunk in this space as an alternative and lines are blurring between observability, log analytics, security, and as we previously reported even backup and recovery. But now let's simplify this picture a bit more and filter down a little bit further. This chart shows the same X, Y view. Same data construct and framework, but we required more than a hundred responses to hit the chart. So the companies, they have to have a notable market presence in the ETR survey. It's perhaps a bit less crowded, but still very packed. Isn't it? You can see firms that are less prominent in the space like Datadog fell off. The big companies we mentioned, obviously still prominent Microsoft, Palo Alto, Cisco and Splunk and then those with real momentum, they stand out a little bit. There's somewhat smaller, but they're gaining traction in the market. As we felt they would Okta and Auth zero, which Okta acquired as we reported on earlier this year, both showing strength as our CrowdStrike, Zscaler, CyberArk, which does identity and competition with Okta and SentinelOne, which went public mid this year. The company SentinelOne uses AI to do threat detection and has been doing quite well. SalePoint and Proofpoint are right on that red elevated line and then there's a big pack in the middle. Look, this is not an easy market to track. It's virtually every company plays in security. Look, AWS says some of the most advanced security in the business but they're not in the chart specifically, but you see Microsoft is. Because much of AWS security is built into services. Amazon customers heavily rely on the Amazon ecosystem which is in the Amazon marketplace for security products. And often they associate their security spend with those partners and not necessarily Amazon. And you'll see networking companies you see right there, like Juniper and the bottom there and in the ETR data set and the players like VMware in the middle of the pack. They've been really acquisitive for example, with carbon black. And the, of course, you've got a lot of legacy players like McAfee and RSA and IBM. Look, virtually every company has a security story and that will only become more common in the coming years. Now here's another look at the ETR data it's in the raw form, but it'll give you a sense of two things; One is how the data from the previous chart is plotted. And two, it gives you a time series of the data. So the data lists the top companies in the ETR data sets sorted by the October net score in the right most column. Again, that measures spending momentum. So to make the cut here, you had to have more than a hundred mentions which is shown on the left-hand side of the chart that shared N, IE that's shared accounts in the dataset. And you can track the data from last October, July of this year and the most recent October, 2021 survey. So we, drew that red line just about at the 40% net score market coincidentally, there are 10 companies that are over that figure over that bar. We sometimes call out the four star companies. We give four stars to those companies that both are in the top 10 and spending momentum and the top in prominence are shared N in the dataset. So some of these 10 would fit into that profile by that methodology, specifically, Microsoft, Okta, CrowdStrike, and Palo Alto networks. They would be the four star companies. Now a couple of other things to point out here, DDoS attacks, they're still relevant, and they're real threat. So a company like CloudFlare which is just above that red line they play in that space. Now we've also shaded the companies in the fat middle. A lot of these companies like Cisco and Splunk for example, they're major players in the security space with very strong offerings and customer affinity. We sometimes give them two stars. So this is what makes this market so interesting. It's not like the high end discourage market where literally every vendor in the Gartner magic quadrant is up in the right, okay. And there's only five or four or five, six vendors there. This market is diverse with many, many segments and sub segments, and it's such a vital space. And there's so many holes to fill with an ever changing threat landscape as we've seen in the last two years. So this is in part which makes it such a good market for investors. There's a lot of room for growth and not just from stealing market share. That's certainly an opportunity there, but things like cloud, multi-cloud, shifting end points, the edge ,and so forth make this space really ripe for investments. And to underscore this, we put together this little chart of some of the pure play security firms to see how their stock performance has done recently. So you can see that here, you know, it's a little hard to read, but it's not hard to see that Okta, CrowdStrike, Zscaler on the left have been big movers. These charts where possible all show a cross here, starting at the lockdown last year. The only exception is SentinelOne which IPO mid this year. So that's the point March, 2020 when the whole world changed and security priorities really started to shift to accommodate the work from home. But it's quite obvious that since the pandemic, these six companies have been on a tear for the fundamental reason that hybrid work has created a shift in spending priorities for CSOs. No longer are organizations just spending on hardening a perimeter, that perimeter has been blown away. The network is flattening. Work is what you do, it's no longer a place. As such threats are on the rise and cloud, endpoint security, identity access tools there become increasingly vital and the vendors who provide them are on the rise. So it's no surprise that the players that we've listed here which play quite prominently in those markets are all on fire. So now in summary, I want to stress that while the picture is sometimes discouraging. The entire world is becoming more and more tuned in to the cyber threat. And that's a good thing. Money is pouring in. Look, technology got us into this problem and technology is a defensive weapon that will help us continue this fight. But it's going to take more than technology. And I want to share something. We get dozens and dozens of in bounds this time of the year because we do an annual predictions posts. So folks and they want to help us out. So now most of the in bounds and the predictions that we get, they're just kind of observations or frankly, non predictions that can't really be measured as like where you right, or where you're wrong. So for the most part I like predictions that are binary. For example, last December we predicted their IT spending in 2021 would rebound and grow at 4% relative to 2020. Well, it did rebound but that prediction really wasn't as accurate as I'd like. It was frankly wrong. We think it's actually the market's going to actually grow. Spending's going to grow more like 7% this year. Not to worry plenty of our predictions came true, but we'll leave that for another day. Anyway, I got an email from Dean Fisk of Fisk partners. It's a PR firm representing an individual named Lyndon Brown chief of strategy officer of Pondurance. Pondurance is a security consultancy. And the email had the standard, Hey, in case you're working on a predictions post this year end, blah, blah, blah. But instead of sharing with me, a bunch of non predictions, the notes said here's some trends in cybersecurity that might be worth thinking about. And there were a few predictions sprinkled in there, but I wanted to call it a couple of the comments from Linden Brown, whom I don't know, I never met the guy, but I really thought his trends were spot on. The first was a stat I'll share that the United Nations report cyber crime is up 600% due to the pandemic. If as if I couldn't feel worse already. His first point though was that the hybrid workplace will be the new frontier for cyber. Yes, we totally agree. There are permanent shifts taking place. And we actually predicted that last year, but he further cited that many companies went from zero to full digital transformation overnight and many are still on that journey. And his point is that hybrid work is going to require a complete overhaul of how we think about security. We think this is very true. Now the other point that stood out is that governments are going to crack down on this behavior. And we've seen this where criminals have had their critical infrastructure dismantled by governments. No doubt the U.S government has the capabilities to do so. And it is very much focused on this issue. But it's tricky as Robert Gates, who was the former defense secretary, told me a few years back in theCUBE. He said, well, we have the best offense. We also have the most to lose. So we have to be very careful, but Linden's key point was you are going to see a much more forward and aggressive public policy and new laws that give crime fighters more latitude . Again, it's tricky kind of like the Patriot act was tricky but it's coming. Now, another call-out from Linden shares his assertion that natural disasters will bring increased cyber risk. And I thought this was a really astute point because natural disasters they're on the rise. And when there's chaos, there's cash opportunities for criminals. And I'll add to this that the supply chain risk is far from over. This is going to be continuing theme this coming year and beyond. And one of the things that Linden Brown said in his note to me is essentially you can't take humans out of the equation. Automation alone can't solve the problem, but some companies operate as though they can. Just as bad human behavior, can tramp good security, Good human education and behavior is going to be a key weapon in this endless war. Now the last point is we're going to see continued escalation government crackdowns are going to bring retaliation and to Gates' point. The U.S has a lot at stake. So expect insurance premiums are going to go through the roof. That's assuming you can even get cyber insurance. And so we got to hope for the best, but for sure, we have to plan for the worst because it's coming. Deploy technology aggressively but people in process will ultimately be the other ingredients that allow us to live to battle for another day. Okay. That's a wrap for today. Remember these episodes they're all available as podcasts, wherever you listen just search "breaking analysis" podcast. Check out ETR his website at ETR.plus. We also publish a full report every week on Wikibond.com and siliconangle.com. You can get in touch. Email me @david.volante@tsiliconangle.com or you can DM me @dvellante. Comment on our LinkedIn posts. This is Dave Vellante for theCUBE insights powered by ETR. Have a great week. everybody stay safe, be well. And we'll see you next time. (techno music)

>> From the SiliconANGLE Media Office in Boston, Massachusetts, it's theCUBE. Now, here's your host, Dave Vellante. >> Hello everyone and welcome to this week's episode of theCUBE Insights, powered by ETR. In this Breaking Analysis I want to lay out my 2020 predictions using insights gleaned from theCUBE blended with ETR spending data. You know, 2019 marked our 10th year of doing theCUBE. Over that time we've had the pleasure of covering nearly 1000 events and milestones, including the exit from the great softness of 2008 and 2009. You know theCUBE has extensively tracked a 10 year bull market. We've covered the era of data. We saw the rise and profitless prosperity of the big data and opensource Hadoop movement, where we predicted the practitioners, not vendors, would benefit the most from big data. We've covered many dozens of acquisitions including the 60 billion dollar chess move made by Michael Dell acquiring EMC, and a launch of hundreds of startups in flash, hyper-converged, big data, AI, blockchain, crypto, security and SaaS. There'll be other days to talk about theCUBE and review that, today's all about predicting the future, using spending data and insights from the thousands of interviews we've done on theCUBE. So let's get right into the ETR data and start with the high-level spending. Remember in October, ETR released its survey results and stated that we're coming out of a multiyear investment cycle in digital transformation. Enterprise IT buyers have learned what works, and on which technologies they're going to double down. They're now narrowing their investments on emerging technologies, picking those winners for the next gen tech, and at the same time, they're cutting redundancies from legacy players that they were keeping on as a hedge. Buyers are picking bundled suites from a handful of mega vendors, and solidifying their investments. We're seeing a multi-generational dynamic repeat itself, where buyers are creating a balance between the convenience of packaged offerings, i.e. bundles, and leveraging best of breed technologies to drive innovation. So on balance, the ETR data shows that a contraction in spending and tepid CIO sentiment is impacting both emerging vendors as well as traditional players, and these trends are most pronounced in the very largest organizations, which have always been the best bellwether in ETR's data sets. Let me share with you what one IT executive said recently that I think really sums up the situation quite well. He said, "ETR's findings mirror what we're doing today, "in that we spend most of 2018 bringing in "a lot of the new, core technology. "I believe what you're seeing now is not a lull in spend, "but an operationalization of what we've already purchased. "We're not spending on what's next yet, "because we're still rolling out what we just bought." This is from a VP of global IT at a large public manufacturing company, I said he, it could be a she as well. I think that she's summing it up correctly, and it reflects many of what customers on theCUBE tell us. Now, let's take a look at the macroeconomy. GDP growth is going to come in at about 2.3% this year, give or take. It's not going to hit the Trump administration's goal of 3% plus, but consumers are clearly powering steady growth. At least for now. IT spending should grow at about a point or two above GDP, so let's put that at, say, 4%. We're right in the middle of a Santa Claus rally, and the S&P is above 3200 today. Tech has been a powerful tailwind for stocks, and I think stocks, tech stock's going to take a breath in early 2020, but I expect continued strong growth in the economy and tech spending after a Q1 pause. I could see the S&P flirting with 3700 or even higher in 2020, and I think the tech sector will be a benefactor of that momentum, providing an impetus for continued growth. Here's my thinking on that. So much of 2020 is going to be about the election, and to me the election is going to be really about the economy. And I predict the economy is going to remain steady. And as the IT leader I quoted earlier said, customers will be operationalizing what's been previously purchased. Here's what's different in 2020. Tech projects have historically been very risky investments, and have required higher internal rates of return, IRRs, to get approved by CFOs. But the cloud has altered two factors. One, is that it's allowed more experimentation for way less money. The second is cloud, by shifting CAPEX to OPEX, allows for much more incremental, lower risk investments. So I think you'll see continued steady growth, powered by the cloud, which allows experimentation, and importantly higher hit rates of success. These successful projects will throw off cash for companies, and CFOs are getting on board because they realize it's driving innovation. They also realize that IT does matter, maybe not in the form that Nick Carr envisioned, but a new generation of IT that creates competitive advantage. This brings me to my first main prediction, which is the growth of cloud computing is going to moderate, but the cloud will continue to steal significant share from on-prem spending. Now the narrative that the pendulum is swinging back in my view, is a false narrative. Rather, the pendulum has swung, and the cloud is the underpinning of innovation. Now having said that, I do think we're seeing a bit of an equilibrium in spending, where buyers have identified those workloads that are going to remain on-prem, which is why you see, for example, AWS, Azure, and Google making moves in hybrid. Hybrid slash on-prem offerings. What this chart here shows from ETR, so from 2010 through October '19 survey on cloud spending, I had to block out the 2020 survey as it's currently in the field, I'm not allowed to show that data. The yellow line is market share, which in ETR parlance, as you remember, is pervasiveness, or mentions in their survey. The blue line is spending momentum, measured as net score, which essentially subtracts the percent of customers spending less from those spending more. The long, steady march of cloud, as you can see, continues, and there's no indication that it's going to abate. That said, the penetration of cloud has become much more meaningful, so share gains will be more hard-fought for the cloud guys. Now, you may see this as a non-prediction, or a hedge. It's not, let me be clear. Cloud will continue to steal share from on-prem, but share gains for the cloud vendors will be more difficult. Which brings me to part B of this prediction. What I'm showing in this chart is market share from ETR's January 2016 survey through October '19. And I'm showing spending for three on-prem vendors within AWS, Azure, and Google Cloud accounts. And I'm picking on Oracle, IBM, and Dell EMC as three prominent on-prem proxies, and you can see the steady decline in market share for these companies. And even though there's a bit of an uptick in October, I don't see this as a reversal. What's going to happen is that traditional on-prem vendors are going to step up their cloud strategies. Specifically with multicloud management. This is going to be the case with Dell, who's going to leverage VMware, and in the case of IBM, they'll try to take advantage of Red Hat in that multicloud game. Now both IBM and Oracle, who each have public clouds are going to dig their heels in, they're going to get customers in a headlock, and provide big financial incentives for them to use their captive clouds. All right, so with the high-level spending comments that I made earlier, and that cloud discussion that we just had as a backdrop, the question is, which companies will do well in the coming year? I'm going to call out five companies, that I want to highlight where the ETR data intersects what we're seeing on theCUBE. The prediction is these five players will do well in 2020, they're going to power through any downturn in spending, and they're going to thrive in the face of the cloud share shift. So the chart here shows data from the ETR October 2019 survey, and it lays out net score or spending momentum for these companies, that I am predicting will be winners in 2020 and beyond. And the five companies are UIPath, Snowflake, Databricks, HashiCorp, and Rubrik. Let me start with UIPath. They are the leader in robotic process automation. I think RPA is going to do well even in a downturn, because more companies will be looking to automate and save money, even in a softer climate. Automation Anywhere is another player in this space, they're doing pretty well, and I predict that UIPath will come out on top of this space, but both UIPath and Automation Anywhere can thrive. Next company is Snowflake, they are changing the analytic database market, and I've covered them before in previous Breaking Analysis segments. They are going to continue to grow nicely in my view. They are 100% cloud-based, and they participate in all popular cloud platforms. Now ironically, they compete with AWS RedShift, who continues to copy some of the innovations that Snowflake has popularized. But AWS and Snowflake are strong partners, so there's room for both companies to thrive. Snowflake especially, as they play in clouds other than just AWS. Which brings me to Databricks. We're seeing a new type of workload emerge in the cloud for modern analytic databases, where organizations are taking all this data that they have, lots of it in the cloud, and they're structuring it within a Snowflake database, or RedShift, and they're bringing Databricks tooling to the equation to be able to query and visualize the data in near real time. Now of course, as I say, AWS plays here with RedShift, and they're selling a lot of EC2, so they love Snowflake. All major cloud players are seeing this type of workload enter the mix, and it's going to be a strong area of growth in 2020 and beyond. Next thing I want to talk about is HashiCorp. HashiCorp is capitalizing on this trend toward cloud-native computing. The company provides opensource tooling for developers, and is all about simplifying application deployment independent of the underlying platform, whether it's virtual, container, or cloud. Five years ago, the players in the space that got all the attention on theCUBE were Chef, Puppet, Ansible and Salt, and today, especially again on theCUBE, you hear the most about Hashi and Ansible, and in fact we were at AnsibleFest with theCUBE, and we heard lots about HashiCorp, so they both complement and compete with the older players. To me, this reminds me of Spark within the Hadoop ecosystem. Hashi has raised about 174 million in VC, and as you can see they have very strong spending momentum in the ETR dataset, with a net score, as shown, of 63%. Now finally, I want to talk about Rubrik, which has been a consistent performer in the ETR dataset. They're trying to transform backup into data management as a discipline. They compete with established players in the data protection space, guys like Veritas, Dell EMC, IBM and CommVault. Now Rubrik is not the only new or newish player here, that's doing very well, Cohesity, who's relatively new, Veeam, which has been around for a decade, both doing very well and showing up strong in ETR surveys, especially Veeam, but Rubrik has been a consistently strong performer and has been outpacing the others, so I want to call them out. Look for these five to do very well in 2020, and into the next decade. So that brings me to my next prediction, I want to talk about Kubernetes. This prediction is twofold. Kubernetes is going to continue its strong showing as this data from ETR shows. This is Kubernetes' market share in the October 2019 survey, so Kubernetes spend had a 76% net score. So very very strong. But the other part of the prediction is that Kubernetes will become embedded into virtually every platform, and people will stop thinking about it as a separate market. Already today, there's little discussion of the idea of a Kubernetes distro, I mean Anthos is an example of a Kubernetes stack, but it can be run in the cloud, it can be run on-prem, anywhere. VMware Tanzu, Microsoft Azure Arc are other examples, they're really not stacks, but they're management platforms that can manage anyone's Kubernetes instances. I like to think of this as kind of like flash. You remember when everyone looked at flash storage as a separate market, well today it's just embedded everywhere. And that's kind of what's happening with Kubernetes. So spending momentum is going to continue to be strong, but by 2023, Kubernetes will be ubiquitous, and not really thought of as a separate entity. All right, for my next prediction, I want to talk about cybersecurity. I did a Breaking Analysis earlier this year on security, and I showed this slide. And as you can see, I've added a little something in the red stars for my prediction. So what this chart shows is two views of net score, the left-hand side shows the ranking by net score, and you can see CrowdStrike, Okta, Shape Security, which was just, by the way, bought by F5, that was an announcement. Twistlock, which is now Palo Alto Networks, and you can see the others down that list. On the right-hand side is net score, but it's ranked by shared N, which is a measure of pervasiveness in the ETR dataset. What I've added is the four star companies, that is those companies that have both spending momentum and are pervasive in the ETR survey. So the prediction is 2020 we'll see the four star companies maintain their position and gain strength in 2020. These include established players with portfolios where they can bundle like Microsoft, Cisco, Palo Alto Networks, Splunk, Proofpoint, Fortinet, and CyberArk Software. And then the newer companies like Okta and CrowdStrike are going to continue to gain share faster than the larger players. Now you also may see companies like SailPoint, Illumio, and SentinelOne emerge as four star companies over the next 24 months. Now the one company that's not on this list that is a major player in security is AWS. AWS is the cloud security leader, and is in a category all by itself in many ways. As I said in my security segment earlier this year, the market is incredibly fragmented, and it's going to stay that way. Each year we look back and say "Did we spend more on security?" and "Are we more safe?" And every year the answer is yes, and no. And 2020 will be no different. Now if you look at the various data sources, we spend approximately 120 billion dollars annually on cybersecurity. The worldwide economy is about 85 trillion in dollar terms, so on balance, we spend about .14% on securing our economy, so we're barely scratching the surface. The market is going to remain highly fragmented, the rich will get richer if they have four stars, new players will continue to enter the space, and M&A will continue to be robust. Now if you exclude my long shot that the S&P will break through 3700 next year, that makes nine predictions. For my 10th and final prediction, I don't have hard data from ETR, but I have a strong opinion on this, and that is that the edge will be won by developers, you've heard me talk about this before. Specifically, platforms like Outposts, which are essentially programmable infrastructure which bring a cloud development platform to the edge, is how that space will evolve. It won't be won by shoving traditional servers and storage boxes out to the edge. Rather, it will grow by coders being able to build new applications and workloads on top of infrastructure as code. Okay, that wraps up my 2020 predictions. I'd very much like to hear your opinion, so you can leave your thoughts or your own predictions in the comments sections of this video, or go to my LinkedIn posts. You can reach me @DVellante on Twitter, love to hear your thoughts. And don't forget, this series is available on iTunes, Spotify, and other podcast platforms for your listening pleasure. I'd like to wish everyone a safe and restful holiday season and a prosperous, healthy 2020. Enjoy your families, enjoy this time, this is Dave Vellante, signing out from the latest episode of theCUBE Insights powered by ETR, thanks for watching, everybody. We'll see you next time. (techno music)

(upbeat music) >> Live from Las Vegas, it's theCUBE. Covering Fortinet Accelerate 18. Brought to you by Fortinet. >> Welcome back to theCUBEs continuing coverage of Fortinet Accelerate 2018. I'm Lisa Martin here in Las Vegas with my co-host Peter Burris and we're excited to welcome a Cuba alumni back to theCUBE, please welcome Eric Kohl, the VP of Advanced Solutions from Ingram Micro. Welcome back! >> Thank you, thanks for having me back. Excited to be here. >> Yes, we're very excited. So tell us, what's new? We talked to you last year at this event, what's new and Ingram? Tell us about your role there and the things that are all exciting Ingram Micro. >> Yeah, brand-new for me. I'm in my 20th year at Ingram Micro. I lead our security practice for Ingram Micro U.S. and I have responsibility for sales, vendor management, strategy and execution on behalf of our manufacturer partners. It's a ever evolving space. It's such a great space to be in, I love watching the news every day. You know there's going to be some big logo but just as much fun as I have watching those, that's some of these small breaches that you don't hear about and it's just fascinating. So much more exciting than virtualization. (laughs) >> Some might argue with that. So tell us about the partnership that you guys have with Fortinet. How has that evolved over your time there? >> Yeah so been at Ingram for 10 and I've been working with Fortinet for, I'm sorry I've been at Ingram for 20 and been with Fortinet for over 10, back to when we signed the contract together. Just a very great partnership. They're our security partner of the year, last year. Good friends, excited to see John Bove back leading channels back to Fortinet and you know, we both invest in each other's success and so I think that's pretty unique. Huge investment for them here, having an event like this. Not every company does it but to bring everybody together where you can have security conversations get on the same page, it's extremely valuable, huge investment, and we're proud to be a sponsor. >> I'd love to chat about a little bit of the evolution that you've seen at Fortinet in the last 10 years as we look at, you mentioned breaches. I mean, there were some very notable things that happened in 2017. How have you seen the evolution from them on a security transformation standpoint as it relates to your customers and digital transformation. >> Yeah, so I mean it's something that we see every day from you know, as you know we sell to and through partners but you know, one thing obviously is their breath of solutions has expanded. But you know, also things that partners are asking us today is how is this technology being consumed? And in the face of digital transformation, that's a huge value point because ultimately we want to help our partners to architect, recommend the right technology to solve that business problem and then how do you want to consume it? How does your want to your client want to consume that? So I think that's one of the biggest kind of trends that we're seeing right now. >> So as you think about where you've come from to where you are and we'll talk a little bit about where you think might go, what were the stories you told about security 10 years ago? And how are they different from the stories you're telling about security today? >> I would say it's changed from my perspective because at Ingram, we have never ever been a services company like we are today. And so what I mean by that is, we wrap our services, partner services around the Fortinet solution to make it stronger. 10 years ago I would say we are living more in the traditional distribution role of hey, how do we get a box from here to there? Certainly channel enablement, we've been doing that for a long time but our offering of services to help drive demand is incredibly strong. You know, we work with Fortinet for example, on their threat assessment program and we have an engineer that can go and help. Our partners understand to do that, it's a huge partner ecosystem and so we've got to help them with all those channel enablement efforts. >> What are some of the biggest security challenges that you're hearing, say in the last year or so through the channel, that your partnership with Fortinet can help address? >> You know, it's all around complexity and that as you have likely heard that the shortage of folks that can get out and do some of these services have limitations. There's incredibly high demand for services, you know we're serving a channel ecosystem of roughly 12,000 companies that are buying security technology from us, all with varying degrees of capability and so we've really got to help them understand, hey, how can we help you deploy these services, etc. >> So as you imagine then the steps associated with helping the customer, the roles and relationships between Fortinet, Ingram, and your partners also must be evolving. So how is, as a person responsible for ensuring that that stays bound together in a coherent way for customers, how are you seeing that changing? >> Well you know, look it's a three-legged stool. (laughs) It's us, it's Fortinet and that's our partner community and we're reliant on each other to go and be successful in the market. Look, we couldn't be as great as we are working with our Fortinet channel ecosystem if we didn't have the support of Fortinet, the investments they make, the team that they have wrapped around our business, the team we've put in place wrapped around their business so that's kind of what I'm seeing there. >> They shared a lot of momentum not only in the keynotes this morning but also a number of the guests that we've had on the show today in terms of what Fortinet achieved last year. 1.8 billion in billing, nearly 18 thousand new customers acquired, a lot of momentum, a lot of numbers, I love that theme of the event today. So if we look at some of the things that were shared by Kenzie this morning for example, like I mentioned that the customer numbers and even talking about what they're doing to protect 90% of customers in the global S&P 100 and showed some some big brands there. Tell us a little bit about the partnership and how you're leveraging the momentum of what Fortinet is able to do in terms of capturing customers. How does that momentum translate and really kind of maybe fuel Ingram and what you're able to do? >> Well look, I mean there's incredible demand in security today. There was a slide that they showed this morning and I think it was the perfect storm. I like to call the security space a beautiful disaster. It's a mess, it's complicated, it's scary, the threat attacks are you know new and different and they're never going to stop but it again comes back to hey, how do we work together to kind of harness this? How do we go and there's a great partner community here, lots of our friends are here but they can't all be here. So we want to be able to help take that message out to our channel partners that were not here. Things like that. >> What are some of, oh sorry, go ahead Peter. >> I was going to say so Ingram, Ingram itself has changed. You said you've now, are now introducing security or you're introducing more services. So how is that.. How is security leading that charge to move from a more of a product and a distributor to now services? Is security one of the reasons why Ingram is going in that direction? >> It's one of them. I joked on virtualization but there's a lot of services that we can wrap around and I think, obviously there's a high demand of services and we will lead with Fortinet services and solutions where we can. We want our partners to lead with theirs but really we've hired people to go out do assessments. We have a partner ecosystem where, hey I can't get down to New Mexico to do an install. We have a partner network where they can tap into that and make sure that everything is installed correctly, all the features are turned on. You think about all these breaches that happen in the news, it's not that they didn't have the technology, they missed an alert or they didn't have it all deployed. We want to be able to help our partners solve for that. >> Along the partnership front, what are some of the things that excite you about the Fabric-Ready Partner Program and the announcements they've made today? >> Yeah, love it. Look Fortinet has built comprehensive end-to-end solutions within their Fortinet, I'm sorry, for their Fabric ecosystem but they've also recognized that they can't do it all alone and so they've introduced a lot of partners into that. And so what's exciting for me, leading our security category is, hey how do we bring new partners into our ecosystem too? Because it is a differentiator for Ingram to be able to provide multi-vendor solutions. To have somebody you can go to to say, how does SentinelOne work with for Fortinet Fabric? Those types of things, those conversations are happening all the time. >> Another thing that was announced today was what they're doing with with AI. Tell us a little bit about that and how are you seeing what they're going to be able to do with AI as an advantage for your partners and customers. >> Again the artificial intelligence, machine learning, it all goes back to making the technology easier to use. I still think, you think intelligence and I think back to the human factor. Some of these big breaches, look the threat actors are going to get in but how you recover from a breach, I think if we could inject some artificial intelligence into some of these companies that haven't figured out how to successfully pivot. You know paying your hacker a hundred thousand dollars to keep quiet is not the answer but I think that some of these machine learning things are going to make it easier. It's going to be easier to manage the alerts that are happening every day. So anything that helps eliminate, as they said today, the enemy of security is complexity. Things that help to discover these threats and remediate against them, all good stuff for our partners. >> On the enablement side, when we were talking with the channel chief, John Bove, earlier today and talking about sort of this long history of partner focused culture at Fortinet. Tell us about that in terms of the enablement that you're able to glean from them and then pass on to your channels in terms of selling strategies, marketing to, marketing through. What are some of the things that-- >> Look, we have an amazing team. John Bove, Curt Stratton, the folks that really spent so much time working with Ingram and then we've built an amazing team. I think we have 12 people from our company here at this event to make sure we're making the most out of it but you know. If you heard, we're at The Cosmo. They have Secret Pizza, have you been there? Have you heard about it? >> Lisa: No, Secret Pizza? >> Yeah, it's amazing, it's pretty good, okay. (laughs) >> You didn't bring any, I noticed that but continue. >> I didn't but it's secret not-so-secret pizza but we have some secret not so secret weapons. Jenna Tombolesi an NSE 7. She's one of the highest certified engineers on the planet and she works for Ingram Micro helping to technically enable some of our partners. We've got a guy by the name of Will The Thrill Sharland and The Thrill is out talking to partners every single day, helping them to be more profitable, trusted security advisors helping them through anything you can imagine from a channel enablement perspective. And then just huge teams of people that we go to serve this big market together. >> Are you seeing any vertical specificities? When Ken was sharing some slides this morning, they were talking about, they showed some verticals from a kind of market share perspective but I'm curious some of the verticals that kind of come to mind where security is concerned that maybe are a little bit more elevated than some of the others in terms of risk or health care education and financial services. Maybe Fed, SLED, are you seeing any verticals in particular, maybe those that are really going to be kind of having to be leading-edge, where security transformation is concerned? >> They have to be. Think about health care and when they're big ransomware attack hit last year. There's guys on CNN saying, they had to postpone my surgery because ransomware head. I mean that's life-and-death stuff there but I don't think there's any vertical that's immune to what's going on today. So I think you know regardless of your vertical, you have to be prepared, you have to choose the right technology, and choose the right partner to help you implement it. >> If you imagine where Ingram's going to go with this relationship, what kinds of things are you looking to be able to do as a consequence of great strong partnership with Fortinet. >> Look, the way that companies want to consume technology is changing in the space of digital transformation. Once we work with Fortinet and the partner to recommend the right technology and I mentioned this, like how do you want to consume it? Is it public cloud, is it AWS, or Azure? We have an answer for that today is that hey, it's on premise but I need some creative financing to help close this deal to solve a budget constraint. We have an answer for that. There's several variations of that but however that technology wants to be consumed, we have an answer together. So I think that's a testament to the strength of our relationship. >> And I think one of the words that I saw in, at least one of the press releases, was adaptability. Adaptability of some of the technologies and even John Madison was kind of talking about how customers can go, I've got 20-plus security products, how do I start this Fabric? And that word adaptability kind of jumped out at me as how do you enable adaptability when your customers, through the channel, have so many technologies in place and how does Fortinet help that adaptation? >> I would say they're placing bets like we are on top partners that are going to lead with that technology. They've got to go be the experts in that field and really start driving that. Events like this help get everybody on the same page, understand the new offerings. I mentioned Jenna, she was locked in a room all day yesterday all excited about all these things. She's been running around all day but look we've just got to help the channel understand what the new technologies are, what are the new offerings, and hey, how do we go solve that customer problem together. >> So are there any particular new approaches or tactics or techniques that you're using to get the channels to understand better? >> I don't think that there's anything necessarily new. We're all driving towards the same common goal. Having a security conversation today is easier than ever before so you know, I think we're we're going to continue doing what we've been doing. It's been very successful for us but that's, you know. >> What are some of the things, kind of wrapping up here, that you're looking forward to throughout the rest of 2018? We're kind of still in the first quarter calendar, some big announcements from your partner here today. What are some of the things that excite you at Ingram about the year of 2018? >> Look, it's a market that's that's really ripe right now and I think that when you talk about their new technologies, when you talk about the machine learning, there's a lot of these things happening out there. It's just look, we've got a huge market. The potential is unlimited and I think one area where we're really going to drill down this year is down market, down SMB in mid market because they need enterprise grade technology and Fortinet delivers that and has a history of delivering that. So I think we're going to double click down there together this year and John and his team have been great around putting some programs together for us to go and tackle that together. >> Excellent, well we thank you so much Eric for stopping by theCUBE again. >> Yes and I'll bring pizza next time. >> Please do. >> All right. >> Yes and maybe some beverages so we don't have dry throats. >> Of course, yes. >> So we wish you and Ingram the best of luck in this next year and we look forward to talking to you next year, if not sooner. >> Sounds good. Great, thank you. >> We want to thank you for watching theCUBE's continuing coverage of Fortinet Accelerate 2018. For Peter Burris, I'm Lisa Martin, after the short break we'll be right back. (upbeat music)