(upbeat music) >> Instructor: From around the globe. It's theCUBE covering Google Cloud Next OnAir 20. >> Welcome to theCUBE's coverage, virtual coverage of Google Next OnAir. I'm John for host theCUBE, We're here in Palo Alto California, for our remote interviews, part of our quarantine crew, getting all the stories that matter, Google Next OnAir, continuous event through the summer. We're calling it the summer of cloud. We've got two great guests here. Sunil Potti general manager and vice president of cloud security at Google Cloud. and Orion Hindawi co founder and CEO of Tanium. Gentlemen, thank you for coming on today, appreciate it. Great event you guys have on the continue. I'll call it the summer cloud. It's a lot of events that Google's having, So you guys and your team are doing a great job, but there's some hard news. You guys are announcing an expanded partnership together. Sunil tell us what is the news today. >> John, first of all, great to see you again, love being on theCUBE any time, and it's my honor to actually share the stage this time around with Orion and the Tanium team. So essentially what we're announcing today, is the fact that, as most of you know, especially in the new normal with a distributed workforce, and potentially it being the safer normal, down the road it presents, an unprecedented opportunity, I think in our opinion, that we can use this to accelerate potentially safer posture that otherwise would have taken years to build into the enterprise ecosystem that we could now bring forward, in a potentially, you know, in the year 2020 or 2021. So the primary announcement, is based on the fact that, Tanium's, you know, core enterprise offering and Google clouds, chronicle offering are coming together, to build a full stack offering for endpoint detection and response so that customers can have an end to end offering. That's both powerful, and you know, easy to use. All the way from the detection, response, remediation and analytics, all built together into one seamless, easy to consume offering for the global enterprise and being delivered in such a way that it can take into account organizations of thousands of employees or hundreds of thousands of employees. All by the same cloud native solution. >> All right how about why you're excited about this deal. What's different about it. Obviously there's a relationship here, what's so exciting about this story. >> Yeah, I think, you know, Orion to comment as well, but look, I think the key thing that we sort of partnered on initially was a customer driven, you know, technology centric integrations, where, you know, we went deep from a chronical perspective, to ensure native integration, between Tanium products to send signals, out of the box, as well as curated, enhanced, enriched, so that they could be actionable responses taken by Tanium solutions as well on behalf of security analysts, as part of our journey, to kind of reinvent the SOC of the future. Right? And so essentially, it's been a deliberate effort by both teams to not provide incremental integrations, but something that offers a reimagined safety posture, especially that's enhanced, I would say amplified, in a world where pretty much every employee, is essentially a tech director now. But otherwise was not the case, when they were working in a normal enterprise office. >> All right, what's your take on this? I'll say what's different I'll say big news. >> Sure, yeah. I mean, if you look at why we decided that Google would have been the perfect partner for us, we have very large enterprises. We work with about 70 of the fortune 100, the USOD, a lot of these very large environments, and many of them were coming to us and telling us two things. The first one was the amount of data, that they were generating, that they needed to be able to process and analyze and be able to find insight from, was going exponentially up. And the second one was, in the new kind of post COVID world, the amount of work from home risks that they were seeing, and the kind of perfection they needed to achieve, on finding threats quickly and neutralizing them was actually also going up. And so between those two things, we started really looking for a partner, that we could accelerate with, to provide our customers with true world-class data analytics, retention, being able to visualize that data and then being able to act on that data through Tanium. And I think that the partnership that we've struck with Google and the work we've done with them, to make this seamless for our customers, to make it scale really well, even for the largest managed networks, is something we're really proud of. >> What's the history between Chronicle and Tanium. What's the, how far back does it go, and how would you guys categorize this time and point in time in terms of evolution of that partnership? >> So maybe I'll take a stab Sunil, then you can take one as well, you know. We've been working with Chronicle now for over a year. And we've got customers, who kind of pointed us in this direction, which is how we love to start partnerships. We had some customers who had a lot of faith, that Google was going to be able to crack this nut. And honestly many of our customers had been really struggling with this, with their current vendors at the time, for years. And we're really looking for Google, because Google was the company, that they saw as having the most credibility with massive, massive data sets. What we got surprised by actually, was that there were a bunch of different legs of the stool, that we could work with Google on. So not only data retention of Chronicle, but things like zero trust, which I think many people know Google actually invented the concept of. When we start thinking about thin client management. So we actually found that, there's a really expansive partnership here. And what we're doing with Chronicle, I think is the first kind of instantiation of that. But we expect that over the next even years, we've got a lot of room to run with Google, to really secure and help our customers. >> Sunil talk about the wave that you're riding on right now. 'Cause obviously the reality is, I won't use the term new normal, but the new reality is, COVID has forced everyone to look at basically an unexpected disruption that no one saw coming. Yeah, we can prepare for disasters and floods and hurricanes and whatnot, but this is unforeseen everybody working at home. I mean, I can imagine all the VPN vendors, freaking out who even needs a VPN. So, you know, the access methods is everything, it's mobile, home, home is the new office. It's not just, you know, connect to an access point, my son's gaming, my daughter is watching Netflix. I'm trying to do some video conferencing and it's a mix of consumer business all happening. This is a complex environment now. What does this mean? This relation, how does this connect the dots? Can you, can you expand on that. >> Yeah, I mean I think I hinted on this a little bit at the beginning John, is that, we think, you know, this is an, you know, an unprecedented opportunity to help accelerate digital transformation, that otherwise would have taken a few years for many enterprises to get to. That can now be done potentially in months and for some customers maybe even in weeks. And some examples of that, that we've seen are that, look, if you just took, if you just take Google as an company, to Orion's point, look, we invested many years worth of technology and IP that now we're slowly bringing out in the form of BeyondCorp product sets. But essentially of the fact that look, we should treat every employee as if they were a remote worker. We don't trust the network, we basically break transitive properties, which was one of the foundational issues with security in the enterprise, where I trust a network and the network is trusted by a desktop. And then if you penetrate one, you can penetrate everything else in the chain. And so when COVID hit, we went from essentially pretty much, a hundred thousand plus employees, working in distributed headquarters, but within the Google environment, to working from home within a week later, but retained the same sort of like, not productive the levels just, but actually the same safety levels that were much stronger. And so in many cases, what we are announcing, is that even though enterprises have come forward and said, look, yeah, we have some PaaS work solutions, just because this is a major change for us. Now that we are in it, for not just three months or six months, but potentially a longer period of time. Why not take the opportunity to replatform our security environments, so that we can actually be in a better state, when we actually exit out of this. We might actually never go back full time, but it can actually be a hybrid environment. So that's part of the reason, why I think we are so jazzed about the partnership, is that these are two examples, of products coming together to help replatform, at least one sets of, you know, traditional, if I can call it weaklings in the security ecosystem, that can now be sort of like replatformed. >> I was doing an interview actually last week, and I was kind of riffing on this idea. This is one big IoT experiment. I mean, people are devices here and everyone's connected, but it's all remote. It's changed the patterns of work and traffic and all kinds of paradigms. But this brings up the issue of the customer challenge. Everyone's going to look up their environment saying, look at, we now know the benefit of cloud it's clear. But I got to rethink the projects that are on the table, and get rid of the ones, that aren't going to be relevant, to where the world has shifted. It's not even a question of digital transfer. It's like, okay, what am I doubling down on. And what am I going to eliminate from the picture. So I've got to ask you guys, if you guys can comment, if I'm a customer that's what's going through my head, I got to survive, reinvent the foundation, and come out with a growth strategy, with a workforce, workplace, workloads, and workflows that are completely different. What's in it for me. What does this mean to me. This partnership, so how do you help me. What's in it for me. >> So I might take a stab at that, you know, I think that a lot of our customers, if we look at where they were at the beginning of the year, they'd been building on a pretty creaky foundation and just adding more and more layers to it. So, you know, in the security side, many of our customers have 20 or 30 or 50 different tools. And many of them are there, because they were there yesterday. They're not actually, if you were going to zero base budget, the way you were going to do security, they wouldn't be the tools you'd choose. And the interesting thing about this whole work from home transition, it is effectively a zero based budget for security, because a lot of the tools just basically don't work. So you think about a lot of the network tools, and when everybody's working from home, you don't own the network. You think about a lot of even the endpoint tools, that assumed that devices would be behind that network perimeter, and now just don't work over the internet. And so when we look at our customers, they're realizing they have to replatform, their security model, anyway. And what they're doing is they're now picking again. And what they get to do is they get to pick the platforms that they now trust in 2020, with the work from home environment as it is. And I think what it gives you as a customer, is a huge simplification of your environment. I mean, we talk to people every day, who were used to operating those 20 or 30, 50 tools, and they were spending 90% of their energy just operating those tools, not actually improving security and they were falling behind. If you look at what they're able to do now, they actually can go back to a starting point, where they think about what is the real threat I'm facing. What are the real platforms, I should be choosing today. And we're actually seeing huge increases, in our customer kind of adoption of our platform because that resistance to change, has been removed. People can't resist change anymore, change has come, and as a result of that, they get to choose what they would like now. >> That's a huge point, I want to just double down on that and redirect, and then we'll go to Sunil and his commentary, but I think you just hit the nail on the head. We're seeing the same kind of commentary. You said it really eloquently, but the thing is that, okay, let's just, if you believe what you just said, which I do going into zero base budgeting decisions, fresh look and everything. The problem is people are looking at the decisions and comparing what the bells and whistles were from the tools. So how do you advise customers to rethink like, okay, if it's a fresh look, it's a fresh look. It's not like, okay, the way we did it before, so a lot of times when you were evaluating products, a group gets to say, it doesn't have this bell or this whistle, 'cause that's the way we did it before. So you got to kind of separate out, this idea of you're got to go that direction. It's a full, fresh look. So how are customers doing that, 'cause that's really difficult. >> It's a super relevant question for today's world, because I think you're absolutely right. If you talk to the person who operated the compliance tool in a big bank, and you ask them, what do you need from that tool? They very quickly get the things, that if you just take the question, which is, I need to do compliance for the bank, what do I need to do compliance effectively? And you look at the answer that they give you, which is I need this check box here. I need this button here. I need this kind of minutiae that I'm used to, to be consistent with what I've been used to, for the last 10 years. Those two things are not the same. And what we've really been encouraging our customers to do is take a look back at your requirements. So you are processing credit cards, you need to be PCI regulated. You need to be able to answer to your vendors, how many copies of their software you're using. You need to be able to find an attacker, who's moving around your environment, and do that as quickly as possible. And then let's build from there what capabilities you need. And let's forget about whether the color scheme, of the logo at the top of the report is the same. Let's talk about the core capabilities. And it's a very freeing conversation actually, because what a lot of people start realizing, is they've been maintaining the status quo, for reasons that actually have nothing to do with efficacy, they have to do with comfort. And the curse and the beauty of the last six months, is no one's comfortable. So I don't care how comfortable you are with your tools. No one I know is comfortable today. And what it's giving us, is an opportunity to look past the old school comfort and think about how do we transition to the future. And I think it's actually going to galvanize a lot of positive change. You know, I was saying this before we went on air, but I don't think anybody wished, that COVID was the way, that we would end up in a position, where people have the appetite for change. But if there's a silver lining in the situation, that's it. And I really think that the CIOs and CEOs and CFOs and CSOs, really across the board, need to take advantage of the fact, that there's a discontinuity here, that allows us to throw out the old, and bring in things that are much more effective. >> Sunil that's some great tea up for you, because what he's saying basically saying is if you don't focus on the check boxes, because it was reasons why, and they'll give you, there's a long list, probably RFPs are the same way, we check in the boxes, okay, throw that out. And then you can, by the way, you can innovate on those check boxes differently, but still achieve the same outcome. I get that. But for Google Cloud, you guys have a great network. It's well known in the industry. Google's got a phenomenal network, hence powering Android and all the servers. We know that, with a cloud player, this is a great opportunity for you guys to be a fresh candidate for this kind of change. How are you guys talking about this internally? Because this really is, the goalposts have been moved and in favor of who can deliver. >> I think as both of you have been talking about, I think, look, I think the way I will, you know, maybe color this is, you know, when consumers got to a safer posture with the advent of iPhone, right? Even though it was much more productive, delightful, and there's a bunch of other things, ultimately though, if anything, things became safer, when you actually did computing on a phone. Just because it was an opinionated stack. Ultimately we believe, whether you come to cloud completely or you consume some stacks, the more opinionated they are, that's ultimately the only way, to reduce these moving parts that expose us to security issues. And that principle applied by the way in reliability too, right? I mean, you have to simplify stuff for things to actually work at six nines and so forth. So same things, apply in security. So imagine a world, where every employee now is sitting at home, maybe two years from now, they come back, they work in the Starbucks, but we had a virtual Chromebook experience, because a physical Chromebook of course, it's a goal to kind of get that out there, because on one hand we have the cloud, which is a full stack opinionated offering, but there's various elements of computing, still dispersed in the environment. And you were talking about IoT. Eventually we will get there, but just look at the employee's laptop, but productivity station and imagine the construct of a virtual Chromebook off, and that's an opinionated stack. And that's essentially a variant of what the joint offering between the two companies is essentially, you know, sort of aspiring to, is to provide that level of, you know, clarity and opinionation, that actually genuinely solves for some foundational security issues. And in doing so, you now have, an opinionated stack close to the user, the enterprise user is an opinion stack via mobile phones, close to the consumer user. And for all enterprises from a computing side, there's an opinion stack, whether it be Google or some of the other public clouds, right? And ultimately I think the world will move, into these few sets of these opinionated stacks at various points of control. And at least this particular partnership, is around making the first step towards, potentially one of those opinionated stacks, virtual Chromebook like experience, for the enterprise use. >> And I think this is the beginning, of the wave of the reality, that the edge of the network, whatever you want to call it. And you see this with end point detection, right I mean, everything's an endpoint now. I mean, I still think every, this is one big IoT device, and everything is just moving around. So zero trust is a big part of it, Google cloud, and this relationship kind of brings that to the next level. How does zero trust, attaining a mission intersect here. Because I mean, I see some obvious ones, we just talked about it, but what's the connection. >> Yeah, I think we'll hopefully, you know, talk more about it later in the year, as well as we can to come out with more integrations. But at the high level, I think the way to think about this would be, imagine that device as you were talking about, having an ability to actually send a strong set of signals, not just for detection and response, but for actually enforcing, you know, authentication and authorization as well, because ultimately identity needs to intersect, with the current stack, that we currently have between the two companies. And so when identity of the user, identity of the device, identity of you know, the context in which, you know, someone actually allows a user to access an application, these are all net new things, that need to be brought into the solution. We cannot then provide both the, you know, not just a safe way to kind of provide an, you know, an endpoint detection and response kind of opinion stack, but also essentially meet that part of an uber zero trust offering, that a customer can consume to ensure that look, you know, ultimately look, it doesn't really matter whether the employees at home they're using their own laptop. They're at Starbucks. They can come back to work, but ultimately they have this virtualized, sort of security ring, that protects and always constantly authorizes authenticates and provides a bunch of this security operations capabilities. So anyway, the simple answer is, you know, once we intersect identity, and a slew of BeyondCorp capabilities, into the current offering, that's how the next step towards, a more formidable zero trust offering force. >> Okay, Orion I'd love to get your thoughts, but if you both can answer question, that'd be great. I'd love to get your thoughts, a little gamification here. If you had to put the headline out on this news. Not the one on the press release, that's like perfectly written, like, I mean, bumper sticker. what is the real meaning, of this relationship in this news? If you had to put a headline out there, I think Washington, think New York post style maybe, or you know, something that can describe the news. >> I mean, I will admit, I am not known for being good at soundbites, so, I'll give you the one sentence, and you can help me pare it down. But I mean, really what it is, is I think Tanium got, the highest fidelity and point visibility and control out there. And I think Google's got the best data storage analytics retention cross-referencing we've ever seen. And when you combine those two things, it's incredibly powerful, for our enterprise users, and we've already seen customers, where it's been transformative. >> So you need a headline, that's good though , that's fine. You know, point projection solid. >> I think it's a much more descriptive nature, frankly, but I think my logical tagline, that I just keep, you know, sort of like the sound, but soundbite that I keep referring to is. Looking out the world needs a virtual Chromebook, to really feel safe at an end point level. And this is sort of like the first instantiation, of that core stack, that can at least get enterprise to start on that journey. >> You know, I think you guys run something really big here. And one of my personal observations, is one is the complexity of the telemetry coming, and I can see how you would go in there and connecting the dots between Google's backend, and your stuff coming together. You need to have that high powered energy, from the resource, but also there's a human element. People are working at home, whether you're a teacher, you're getting fished their spear fish, to targeted social engineering. So as people come home, and there's now multiple access points, there's more surface area. So every single endpoint needs to be protected. And I think people are kind of in the normal world, or outside of the tech industry saying, Oh, I get it now. We're not really protected. And this is not just sensor networks, or, you know, OT technology, you know, OT, it's really humans. And this is really where it's going. Isn't it guys? >> Okay. >> You should take it there, look, I think we do have a foundational principle here, which says, look as demonstrated in a postcode world, but your point John, or whether it be IoT, just distributed computing in general continues to expand. We should just assume, that the surface area for security issues only expense, right? And rather than trying to kind, of do a vacuum all of the surface area, what if you could take a foundational approach, that actually breaks the relationship, between expanded surface area means expanded exposure to PaaS. And so essentially the same approach that we took, with zero trust, which is, look, we just know we're going to get broken into. So just don't assume that your network is not safe, but still have a secure posture. Right? How did that come to be? I think if we can just apply that, more generally into this construct of a distributed enterprise, which says, look, the surface area is going to keep going, but let's break that correlation between surface area. Let's buy a more foundational construct, that says, look, it doesn't matter, if today, as you said this your device, tomorrow, it could be, you know, your son's laptop, that you use to actually log into your network and so forth. But ultimately though, it doesn't matter who you are, where you're accessing it from, what device you're using, or what network you're using, or which location, the safety posture is still very strong. >> That's awesome. >> Yeah. I will just add you're absolutely right. I mean, if you look at a customer, I'm thinking about today and I just heard this from their CIO, a couple of days ago, but they have one and a half million things, they're protecting today. They expect to have over 150 million in five years. And so you look at containerization, cloud mobility, all the work from home stuff. It's just going to make this a more and more complex, highly variant problem. We need to expect that. And I think a lot of people are very frustrated, that at the time, that expansion is happening, the network essentially did become a control point. You couldn't trust anymore. So the thesis that Google had around zero trust, actually became our entire world for most enterprises. When you look at that, we do owe our customers quantum jumps in capability, or they're just not going to catch up. And I think that the theoretical approach that we're taking here between Google and Tanium, lets our customers take one of those quantum jumps, where they're going to be seeing a lot more, they're going to be able to trust it a lot more. They're going to be able to allow devices, to have access to things, based on their current state and based on believing that we can extrapolate, whether their security on that device accurately. And that's something that I think a lot of customers have just never been able to do before. And frankly, I think it takes companies like this, to pair up and really invest in joining their technologies to be able to get that fabric that will get our customers materially forward. And you know, I'll just say one other thing, many of our customers have to literally like, you know, three or four months ago, we're in a position, where they were spending 60 or 70% of their security budgets on network. There's nowhere to spend that money today. That's actually productive. It gives them the ability to refactor what they're doing and the obligation to do it, because if they don't do it, I think is, you know, I was describing with the amount of increased assets, the amount of complexity, the lack of network control. If they don't do it, looking at the amount, of threat our customers are facing today, they're going to be under water really quickly. And so, you know, I'm proud that we get to get together here and give them a big step forward. And you know, I think there's an obligation on our industry, not to try and rewarm the same stuff, we've been doing for the last 20 years, and try and serve it to our customers again, but to really rethink the approach because it is a different world. >> Sunil you've been involved in a very, a lot of entrepreneurial ventures. You've been on these waves, that were misunderstood and then became understood. This is what we're getting at here. And what he's saying, essentially new expectations. We're going to drive that experience and then ultimately drive the demand, and people will either be out of business or in business. If you're a supplier, I'll give you the final word, you guys are in good positions. >> Especially in security John, more so than maybe any other infrastructure space, that I've been involved in. Most products have been built to solve problems with other products. And Orion just pointed out, I think this opportunity gives enterprises, clarity and vendors, clarity that look, you really have to take, you know, foundationally original approach, to solve problems, that can get customers to, if I can call it a function change, in their current safety posture. Right? And so that's really the core essence of the partnership is to sort of, rather than worrying about solving problems, with other products and so forth, is to use this opportunity, like I said, you have an opinionated view, to fundamentally change, the security posture of the endpoint once and for all. >> Well gentlemen, congratulations, on a great partnership, expanded partnership. Again, the world has changed. I love this fresh look. I think that's totally right on the money. New reality we're here. Thanks for you taking the time, to remote in from Seattle and the Bay area. Great to see you again at Google cloud. Thanks for coming in or a nice to meet you, and good luck with everything. >> Thank you. >> Thank you. >> Okay, this is theCUBE coverage, CUBE virtual coverage of Google OnAir next 2020. It's all virtual, virtualization has come in, and don't trust the network. You know, you got to watch those end points. Here with Google and Tanium great partnership news. I'm John for your host of theCUBE. Thanks for watching. (upbeat music)

>> Narrator: From theCUBE Studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is theCUBE conversation. >> Over welcome to theCUBE's virtual coverage of Google Next on air. I'm John Furrier host of theCUBE. We're here in Palo Alto, California for our remote interviews, part of our quarantine crew, getting all the stories that matter, Google Next OnAir, continues event through the summer. We're calling it the summer of Cloud. We got two great guests here, Sunil Potti, General Manager and Vice President of Cloud security at Google Cloud. And Orion Hindawi, Co founder and CEO of Tanium. Gentlemen, thank you for coming on today. Appreciate it. Great event you guys have on the container. I call the summer of Cloud. It's a lot of events that Google's having. So you guys and your team are doing a great job. But there's some hard news, you guys are announcing an expanded partnership together. Sunil, tell us what is the news today? >> Hey, John, first of all, great to see you again. Love being on theCUBE anytime and it's my honor to actually share the state system around with Orion and the Tatium team. So essentially, what we are announcing today is the fact that, as most of you know, especially in the new normal, with a distributed workforce, and potentially it being the safer normal down the road, it presents an unprecedented opportunity. I think, in our opinion that we can use this to accelerate potentially safer posture that otherwise would have taken years to build into the enterprise ecosystem that we could now bring forward in a potentially in the year 2020 or 2021. So the primary announcement is based on the fact that Tanium's core enterprise offering and Google Clouds conical offering are coming together to build a full stack offering for endpoint detection and response so that customers can have an end to end offering that's both powerful, and easy to use. All the way from the detection, response, remediation, and analytics all built together into one seamless, easy to consume offering for the global enterprise. And being delivered in such a way that it can take into account organizations of thousands of employees or hundreds of thousands of employees, all by the same Cloud native solution. >> All right, how about why you're excited about this deal? What's different about it? Obviously, there's a relationship here. What's so exciting about this story? >> Yeah, I think, Orion should comment as well. But look, I think the key thing that we partnered on initially was a customer driven technology centric integrations, where we went deep from a chronical perspective to ensure native integration between any MS products to send signals out of the box, as well as curated, enhanced, enriched so that they could be actionable responses taken by Tanium's solutions as well on behalf of security analysts, as part of our journey to reinvent soccer the future, right. And so essentially, it's been a deliberate effort by both teams to not provide incremental integrations, but something that offers a re-imagined safety posture, especially that's enhanced, I would say or amplified in a world where pretty much every employee is essentially a threat vector now, but otherwise was not the case when they were working in a normal enterprise off. >> All right, what's your take on this? I see what's different. I see new big news. >> Sure, yeah. I mean, if you look at why we decided that Google would have been the perfect partner for us. We have very large enterprises. We work with about 70 of the Fortune 100, the US DOD, a lot of these very large environments, and many of them were coming to us and telling us two things. The first one was the amount of data that they were generating that they needed to be able to process and analyze and be able to find insight from was growing exponentially. And the second one was in the new kind of post COVID world, the amount of work from home risk that they were seeing and the perfection they needed to achieve on finding threats quickly and neutralizing them was actually also going up. And so between those two things, we started really looking for a partner that we could accelerate with to provide our customers with true world class, data analytics, retention, being able to visualize that data and then being able to act on that data through Tanium. And I think that the partnership that we've struck with Google and the work we've done with them to make this seamless for our customers, to make it scale really well, even for the largest managed networks, is something we're really proud of. >> What's the history between Chronicle and Tanium? How far back does it go? And how would you guys categorize this time and point in time in terms of evolution of that partnership? >> So maybe I'll take a stab Sunil. And then you can take one as well. We've been working with Chronicle now for over a year. And we've got customers who pointed us in this direction, which is how we love to start partnerships. We had some customers who had a lot of faith that Google was going to be able to crack this nut. And honestly, many of our customers had been really struggling with this with their current vendors at the time for years. And we're really looking for Google, because Google was the company that they saw as having the most credibility with massive, massive datasets. What we got surprised by actually was that there were a bunch of different legs of the stool that we could work with Google on. So not only data retention of Chronicle, but things like zero trust, which I think many people know Google actually invented the concept of. When we start thinking about Thin Client Management. So we actually found that there's a really expensive partnership here. And what we're doing with Chronicle, I think, is the first instantiation of that. But we expect that over the next even years, we've got a lot of room to run with Google to really secure and help our customers. >> Sunil talk about the way that you're riding on right now because obviously, the reality is and I won't use the term new normal, but the new reality is COVID has forced everyone to look at basically an unexpected disruption that no one saw coming. Yeah, we could we can prepare for disasters and floods and hurricanes and whatnot. But this is unforeseen. Everybody working at home. I mean, I can imagine all the VPN vendors freaking out who even needs a VPN? So the access methods is everything. It's mobile, home, home is new office. It's not just connect to an access point. My son's gaming, my daughter's watching Netflix, I'm trying to do some video conferencing. It's a mix of consumer business all happening. This is a complex environment now. What does this mean, this relation? How does this connect the dots? Can you expand on that? >> Yeah, I mean, I think I hinted on this a little bit at the beginning, is that we think this is an unprecedented opportunity to help accelerate digital transformation that otherwise would have taken a few years for many enterprises to get to, that can now be done, potentially, in months. And for some customers, maybe even in weeks. And some examples of that, that we've seen are that look, if you just take Google as a company, to Orion's point, look we invested many years worth of technology and IP that now we're slowly bringing out in the form of beyond Corp, product sets, but essentially of the fact that look, we should treat every employee as if they were a remote worker. We don't trust the network, we basically break transitive properties, which was one of the foundational issues with security in the enterprise, where I trust network and the network is trusted by a desktop. And then if you penetrate one, you can penetrate everything else in the chain. And so when COVID hit, we went from, essentially pretty much 100,000 plus employees working in distributor headquarters, but within the Google environment to working from home within a week later, but retained the same sort of, not productivity levels just, but actually the same safety levels that were much stronger. And so in many cases, what we are now seeing is that even though enterprises have come forward and said, "Look, yeah, we have some patchwork solutions "just because this is a major change for us. "Now that we are in it "for not just three months or six months, "but potentially a longer period of time, "why not take the opportunity "to replatform our security environments "so that we can actually be in a better state, "when we actually exit out of this environment. "Where we might actually never go back full time, "but it can actually be a hybrid run." So that's part of the reason why I think we're so jazzed about the partnership is that these are two examples of products coming together to help replatform at least one sets of traditional, if I can call it weak links in the security ecosystem that can now be sort of repacked. >> I was doing an interview actually, last week, and I was kind of riffing on this idea. This is one big IoT experiment. I mean, people are devices here, everyone's connected, but it's all remote, it's change the patterns of work and traffic and all kind of paradigms. But this brings up the issue of the customer challenge. Everyone's going to look at their environment saying, "Look, we now know the benefit of Cloud, it's clear, "but I got to rethink the projects that are on the table "and get rid of the ones that aren't going to be relevant "to where the world has shifted." It's not even a question of Digital Trends. It's like, okay, what am I doubling down on and what am I going to eliminate from the picture. So I got to ask you guys, if you guys can comment if I'm a customer, that's what's going through my head I got to survive, reinvent the foundation and come out with a growth strategy with a workforce, workplace, workloads, and workflows that are completely different. What's in it for me? What does this mean to me this partnership? So how do you help me what's in it for me? >> So I might take a stab at that. I think that a lot of our customers, if we look at where they were at the beginning of the year, they'd been building on a pretty creaky foundation and just adding more and more layers to it. So in the security side, many of our customers have 20, or 30, or 50, different tools, and many of them are there, because they were there yesterday. They're not actually, if you were going to zero based budget the way you were going to do security, they wouldn't be the tools you'd choose. And the interesting thing about this whole work from home transition, is it is effectively a zero based budget for security because a lot of the tools just basically don't work. So you think about a lot of the network tools and when everybody's working from home, you don't own the network. You think about a lot of even the end point tools that assumed that devices would be behind that network perimeter and now just don't work over the internet. And so when we look at our customers, they're realizing they have to re-platform their security model, anyway. And what they're doing is they're now picking again. And what they get to do is they get to pick the platforms that they now trust in 2020, with the work from home environment as it is. And I think what it gives you as a customer is a huge simplification of your environment. I mean, we talk to people every day, who were used to operating those 20 or 30, 50 tools, and they were spending 90% of their energy, just operating those tools, not actually improving security, and they were falling behind. >> That's a great-- >> If look at what they're able to do now. They actually can go back to a starting point where they think about what is the real threat I'm facing? What are the real platforms I should be choosing today? And we're actually seeing huge increases in our customer adoption of our platform. Because that resistance to change has been removed. People can't resist change anymore. Change has come. And as a result of that, they get to choose what they would like now. >> That's a huge point, I want to just double down on that redirect. And then we'll go to Sunil and his commentary. But I think you just hit the nail on the head. We are seeing the same commentary. You said it really eloquently, but the thing is, is that okay, if you believe what you just said, which I do, going into zero based budgeting decisions, fresh look at everything. The problem is people are looking at the decisions and comparing what the bells and whistles were from the tools. So how do you advise customers to rethink like, "Okay, if it's a fresh look, it's a fresh look." It's not like, okay, with the way we did it before. So a lot of times when you're evaluating products, a group gets together and say, "It doesn't have this bell or this whistle, "because that's the way we did it before." So you get to separate out this idea if you're going to go with that. It's a full fresh look. So how are customers doing that? Cause that's really difficult. >> It's a super relevant question for today's world, because I think you're absolutely right. If you talk to the person who operated the compliance tool in a big bank, and you ask them, "What do you need from that tool?" They very quickly get the things that if you just take the question, which is I need to do compliance for the bank, what do I need to do compliance effectively? And you look at the answer that they give you, which is I need this checkbox here, I need this button here, I need this minutia that I'm used to, to be consistent with what I've been used to for the last 10 years, those two things are not the same. And what we've really been encouraging our customers to do is take a look back at your requirements. So you are processing credit cards, you need to be PCI regulated. You need to be able to answer to your vendors, how many copies of their software you're using. You need to be able to find an attacker who's moving around your environment and do that as quickly as possible. And then let's build from there, what capabilities you need. And let's forget about whether the color scheme of the logo at the top of the report is the same. Let's talk about the core capabilities. And it's a very freeing conversation, actually, because what a lot of people start realizing is they've been maintaining the status quo, for reasons that actually have nothing to do with efficacy. They have to do with comfort, and the curse, and the beauty of the last six months is, no one's comfortable. So I don't care how comfortable you are with your tools, no one I know is comfortable today. And what it's giving us is an opportunity to look past the old school comfort and think about how do we transition to the future. And I think it's actually going to galvanize a lot of positive change. I was saying this before we went on air, but I don't think anybody wished that COVID was the way, that we would end up in a position where people have the appetite for change, but if there's a silver lining in the situation, that's it. And I really think that CIOs and CEOs and CFOs and CSOs, really across the board need to take advantage of the fact that there's a discontinuity here that allows us to throw out the old and bring in things that are much more effective. >> Sunil, that's a great tip for you. Because what he's basically saying is, if you don't focus on the check boxes, because there was reasons why, there's a long list probably RFPs are the same way, but we check in the boxes, okay, throw that out. By the way, you can innovate on those check boxes differently, but still achieve the same outcome, I get that. But for Google Cloud, you guys have a great network. It's well known in the industry, Google's got a phenomenal network, hence powering Android, and all the servers. We know that. With a Cloud player, this is a great opportunity for you guys to be a fresh candidate for this change. How are you guys talking about this internally, because this really is the goalposts have been moved in favor of who can deliver. >> Yeah, I think as both of you have been talking about it, look, I think the way I will maybe color this is, when consumers got to a safer posture with the advent of iPhone, right? Even though it was much more productive, delightful, and there's a bunch of other things. Ultimately, though, if anything, things became safer when you actually did computing on a phone, just because it was an opinionated stack. Ultimately, we believe whether you come to Cloud completely, or you consume some stacks, the more opinionated they are, that's ultimately the only way to reduce these moving parts that expose us to security issues. And that principles apply, by the way in reliability too, right? I mean, you have to simplify stuff for things to actually work at six nines and so forth. So same things apply in security. So imagine a world where every employee now is sitting at home. Maybe two years from now they come back they work in the Starbucks, but we had a virtual Chromebook experience. Because a physical Chromebook, of course, it's our goal to get that out there. Because on one hand, we have the Cloud, which is a full stack opinionated offering, but there's various elements of computing still dispersed in the environment. And you're talking about IoT, eventually, we'll get there, but just look at the employee's laptop or productivity station and imagine the construct of a virtual Chromebook off. And that's an opinionated stack. And that's essentially a variant of what the joint offering between the two companies is essentially aspiring to, is to provide that level of clarity and opinionation that actually genuinely solves for some foundational security issues. And in doing so, you now have a, essentially a opinionated stack close to the user. The enterprise user is a opinion stack via mobile phones close to the consumer user. And for all enterprises from a computing side, there's an opinion stack, whether it be Google or some of the other public Clouds, right. And ultimately, I think the world will move into these few sets of these opinion stacks at various points of control. And at least this particular partnership is around making the first step towards potentially one of those opinionated stacks. Allow virtual Chromebooks like experience for the enterprise users. >> And I think this is the beginning of the wave of the reality that the edge of the network, whatever you want to call it, and you see this with endpoint detection, right? I mean, everything's an endpoint now. I mean, I still think this is one big IoT device and everything's just moving around. So zero trust is a big part of it, Google Cloud, and this relationship brings that to the next level. How does zero trust and Tanium mission intersect here? Because I see some obvious ones we just talked about, but what's the connection? >> Yeah, I think and we'll hopefully talk more about it later in the year as well as we can and come up with more integrations. But at the high level, I think the way to think about this would be, imagine that device as you were talking about having an ability to actually send a strong set of signals, not just for detection and response, but for actually enforcing authentication and authorization as well. Because ultimately, identity needs to intersect with the current stack that we currently have between the two companies. And so when identity of the user, identity of the device, identity of... The context in which someone actually allows a user to access an application, these are all net new things that need to be brought into the solution to then provide both not just a safe way to provide an endpoint detection and response opinionated stack, but to also essentially make that part of an Uber zero trust offering, that a customer can consume, to ensure that, ultimately look, it doesn't really matter whether the employee is at home, they're using their own laptop, they're at Starbucks, they can come back to work, but ultimately they have this virtualized security ring that protects and always constantly authorizes, authenticates, and provides a bunch of this security operations capabilities beyond. >> So anyway-- >> The simple answer is, once we intersect identity and a slew of beyond Corp capabilities into the current offering, that's how the next step towards a more formidable zero trust offering falls. >> Okay, Orion, I'd love to get your thoughts, but if you both can answer this question, that'd be great. I'd love to get your thoughts little gamification here. If you had to put the headline out on this news, not the one on the press release that's like perfectly written. I mean bumper sticker. What is the real meaning of this relationship in this news? If you get to put a headline out there, Think New York Post style maybe or something that's can describe the news. >> I mean, I will admit, I'm not known for being good at sound bites. So I'll give you the one sentence and you can help me pair it down. But I mean, really what it is, is I think Tanium has got the highest fidelity and visibility and control out there. And I think Google's got the best data storage analytics, retention, cross referencing we've ever seen. And when you combine those two things, it's incredibly powerful for our enterprise users. And we've already seen customers where it's been transformative. >> Sunil headline-- (both talking) No, that's fine, protection solid. >> I think it's a much more descriptive nature, frankly, but I think my logical tagline that I just keep sort of the soundbite that I keep referring to is, look, you know, the world needs a virtual Chromebook to really feel safe at an endpoint level. And this is the first instantiation of that core stack that can at least get enterprise to start on that journey. >> I think you guys run something really big here. And one of my personal observations is, one is the complexity of the telemetry coming back and I can see how you would go in there and connecting the dots between Google's back end and your stuff coming together. You need to have that high powered energy from the resource. But also there's a human element, people are working at home, whether you're a teacher, they're getting you getting fished, they're spear fished, they're targeted social engineering. So as people come home, and there's now multiple access points, there's more surface area. So every single endpoint needs to be protected. And I think people in the normal world or outside of the tech industry saying, "Oh, I get it now. "We're not really protected." And this is not just sensor networks or OT technology, OT it's really humans. This is really where it's going, isn't it, guys? >> I chime in and then maybe Orion you should take it there. Cause look, I think we do have a foundational principle here, which says look, as demonstrated in a post code world. But your point, John, whether it be IoT, just to distributed computing in general continues to expand, we should just assume that the surface area for security issues on the expense, right. And rather than trying to do a rakamole of the surface area, what if you could take a foundational approach that actually breaks that relationship between expanded surface area means, expanded exposure to that. And so essentially, the same approach that we took with zero trust, which is, look, we just know we're going to get broken into. So just don't assume that your network is not safe, but still have a secure posture, right? How did that come to be? I think if you can just apply that, more generally into this construct of a distributed enterprise, which says, "Look, the surface area is going to keep going, "but let's break that correlation "between surface area to rates "buy a more foundational construct." That says, "Look, doesn't matter if today it's your, "as you said, this is your device. "Tomorrow, it could be your son's laptop "that you use to actually log into your network "and so forth." But ultimately, though, doesn't matter who you are, where you're accessing it from, what device you're using, or what network you're using, which location, the safety posture is still very strong. >> That's awesome. >> Yeah, I will just add, you're absolutely right. I mean, if you look at a customer I'm thinking about today, and I just heard this from their CIO a couple days ago, but they have one and a half million things they're protecting today, they expect to have over 150 million in five years. And so you look at containerization, cloud mobility, all the work from home stuff, it's just going to make this a more and more complex, highly variant problem, we need to expect that. And I think a lot of people are very frustrated that at the time that expansion is happening, the network essentially did become a control point you couldn't trust anymore. So the thesis that Google had around zero trust, actually became our entire world for most enterprises. When you look at that we do owe customers Quantum Jumps in capability, or they're just not going to catch up. And I think that the theoretical approach that we're taking here, between Google and Tanium lets our customers take one of those Quantum Jumps, where they're going to be seeing a lot more, they're going to be able to trust it a lot more. They're going to be able to allow devices to have access to things based on their current state and based on believing that we can extrapolate whether there's security on that device accurately. And that's something that I think a lot of customers have just never been able to do before. And frankly, I think it takes companies like this to pair up and really invest in joining their technologies to be able to get that fabric that will get our customers materially forward. And I'll just say one other thing. Many of our customers up to literally, three or four months ago, we're in a position where they were spending 60 or 70% of their security budgets on network. There's nowhere to spend that money today that's actually productive. It gives them the ability to refactor what they're doing, and the obligation to do it. Because if they don't do it, I think as, I was describing with the amount of increased assets, the amount of complexity, the lack of network control, if they don't do it, looking at the amount of threat our customers are facing today, they're going to be underwater really quickly. And so I'm proud that we get to get together here and give them a big step forward. And I really, I think there's an obligation on our industry, not to try and re-warm the same stuff we've been doing for the last 20 years and try and serve it to our customers again, but to really rethink the approach because it is a different world. >> Sunil you've been involved in a lot of entrepreneurial ventures, you've been on these waves that were misunderstood and then became understood. This is what we're getting out here and we saying essentially new expectations, we're going to drive that experience, and then ultimately drive the domain. And people will either be out of business or in business. If you're a supplier, I'll give you the final word. you guys are in good position. >> Yeah, I say that, especially in security gone, more so than maybe any other infrastructure space that I've been enrolled in. Most products have been built to solve problems with other products. And as Orion just rightfully pointed out, I think this opportunity gives enterprises clarity and vendors clarity, that look, you really have to take a foundationally, original approach to solve problems that can get customers to, if I can call it a staff function change in their current safety posture, right? And so that's really the core essence of the partnership is to, rather than worrying about solving problems with other products and so forth, is to use this opportunity, like I said, to have an opinionated view, to fundamentally change the security posture of the endpoint once and for all. >> Well, gentlemen, congratulations on a great partnership, expanded partnership. Again, the world is changing. I love this fresh look. I think that's totally right on the money. The new reality, we're here. Thanks for you taking the time to remote in from Seattle and the Bay Area. Sunil great to see you again at Google Cloud. Thanks for coming in. Orion, nice to meet you and good luck with everything. >> Thank you. >> Thank you. >> Okay, this is theCUBE's virtual coverage of Google OnAir next 2020. It's all virtual, virtualization is come in. And don't trust the network. You got to watch those endpoints. Here with Google and Tanium great partnership news. I'm John Furrier host of theCube. Thanks for watching. (upbeat music)

(upbeat music) >> From theCube Studios in Palo Alto in Boston, bringing you data driven insights from theCube and ETR. This is Breaking Analysis with Dave Vellante. >> While by no means a safe haven, the cybersecurity sector has outpaced the broader tech market by a meaningful margin, that is up until very recently. Cybersecurity remains the number one technology priority for the C-suite, but as we've previously reported the CISO's budget has constraints just like other technology investments. Recent trends show that economic headwinds have elongated sales cycles, pushed deals into future quarters, and just like other tech initiatives, are pacing cybersecurity investments and breaking them into smaller chunks. Hello and welcome to this week's Wikibon Cube Insights powered by ETR. In this Breaking Analysis we explain how cybersecurity trends are reverting to the mean and tracking more closely with other technology investments. We'll make a couple of valuation comparisons to show the magnitude of the challenge and which cyber firms are feeling the heat, which aren't. There are some exceptions. We'll then show the latest survey data from ETR to quantify the contraction in spending momentum and close with a glimpse of the landscape of emerging cybersecurity companies, the private companies that could be ripe for acquisition, consolidation, or disruptive to the broader market. First, let's take a look at the recent patterns for cyber stocks relative to the broader tech market as a benchmark, as an indicator. Here's a year to date comparison of the bug ETF, which comprises a basket of cyber security names, and we compare that with the tech heavy NASDAQ composite. Notice that on April 13th of this year the cyber ETF was actually in positive territory while the NAS was down nearly 14%. Now by August 16th, the green turned red for cyber stocks but they still meaningfully outpaced the broader tech market by more than 950 basis points as of December 2nd that Delta had contracted. As you can see, the cyber ETF is now down nearly 25%, year to date, while the NASDAQ is down 27% and change. Now take a look at just how far a few of the high profile cybersecurity names have fallen. Here are six security firms that we've been tracking closely since before the pandemic. We've been, you know, tracking dozens but let's just take a look at this data and the subset. We show for comparison the S&P 500 and the NASDAQ, again, just for reference, they're both up since right before the pandemic. They're up relative to right before the pandemic, and then during the pandemic the S&P shot up more than 40%, relative to its pre pandemic level, around February is what we're using for the pre pandemic level, and the NASDAQ peaked at around 65% higher than that February level. They're now down 85% and 71% of their previous. So they're at 85% and 71% respectively from their pandemic highs. You compare that to these six companies, Splunk, which was and still is working through a transition is well below its pre pandemic market value and 44, it's 44% of its pre pandemic high as of last Friday. Palo Alto Networks is the most interesting here, in that it had been facing challenges prior to the pandemic related to a pivot to the Cloud which we reported on at the time. But as we said at that time we believe the company would sort out its Cloud transition, and its go to market challenges, and sales compensation issues, which it did as you can see. And its valuation jumped from 24 billion prior to Covid to 56 billion, and it's holding 93% of its peak value. Its revenue run rate is now over 6 billion with a healthy growth rate of 24% expected for the next quarter. Similarly, Fortinet has done relatively well holding 71% of its peak Covid value, with a healthy 34% revenue guide for the coming quarter. Now, Okta has been the biggest disappointment, a darling of the pandemic Okta's communication snafu, with what was actually a pretty benign hack combined with difficulty absorbing its 7 billion off zero acquisition, knocked the company off track. Its valuation has dropped by 35 billion since its peak during the pandemic, and that's after a nice beat and bounce back quarter just announced by Okta. Now, in our view Okta remains a viable long-term leader in identity. However, its recent fiscal 24 revenue guide was exceedingly conservative at around 16% growth. So either the company is sandbagging, or has such poor visibility that it wants to be like super cautious or maybe it's actually seeing a dramatic slowdown in its business momentum. After all, this is a company that not long ago was putting up 50% plus revenue growth rates. So it's one that bears close watching. CrowdStrike is another big name that we've been talking about on Breaking Analysis for quite some time. It like Okta has led the industry in a key ETR performance indicator that measures customer spending momentum. Just last week, CrowdStrike announced revenue increased more than 50% but new ARR was soft and the company guided conservatively. Not surprisingly, the stock got absolutely crushed as CrowdStrike blamed tepid demand from smaller and midsize firms. Many analysts believe that competition from Microsoft was one factor along with cautious spending amongst those midsize and smaller customers. Notably, large customers remain active. So we'll see if this is a longer term trend or an anomaly. Zscaler is another company in the space that we've reported having great customer spending momentum from the ETR data. But even though the company beat expectations for its recent quarter, like other companies its Outlook was conservative. So other than Palo Alto, and to a lesser extent Fortinet, these companies and others that we're not showing here are feeling the economic pinch and it shows in the compression of value. CrowdStrike, for example, had a 70 billion valuation at one point during the pandemic Zscaler top 50 billion, Okta 45 billion. Now, having said that Palo Alto Networks, Fortinet, CrowdStrike, and Zscaler are all still trading well above their pre pandemic levels that we tracked back in February of 2020. All right, let's go now back to ETR'S January survey and take a look at how much things have changed since the beginning of the year. Remember, this is obviously pre Ukraine, and pre all the concerns about the economic headwinds but here's an X Y graph that shows a net score, or spending momentum on the y-axis, and market presence on the x-axis. The red dotted line at 40% on the vertical indicates a highly elevated net score. Anything above that we think is, you know, super elevated. Now, we filtered the data here to show only those companies with more than 50 responses in the ETR survey. Still really crowded. Note that there were around 20 companies above that red 40% mark, which is a very, you know, high number. It's a, it's a crowded market, but lots of companies with, you know, positive momentum. Now let's jump ahead to the most recent October survey and take a look at what, what's happening. Same graphic plotting, spending momentum, and market presence, and look at the number of companies above that red line and how it's been squashed. It's really compressing, it's still a crowded market, it's still, you know, plenty of green, but the number of companies above 40% that, that key mark has gone from around 20 firms down to about five or six. And it speaks to that compression and IT spending, and of course the elongated sales cycles pushing deals out, taking them in smaller chunks. I can't tell you how many conversations with customers I had, at last week at Reinvent underscoring this exact same trend. The buyers are getting pressure from their CFOs to slow things down, do more with less and, and, and prioritize projects to those that absolutely are critical to driving revenue or cutting costs. And that's rippling through all sectors, including cyber. Now, let's do a bit more playing around with the ETR data and take a look at those companies with more than a hundred citations in the survey this quarter. So N, greater than or equal to a hundred. Now remember the followers of Breaking Analysis know that each quarter we take a look at those, what we call four star security firms. That is, those are the, that are in, that hit the top 10 for both spending momentum, net score, and the N, the mentions in the survey, the presence, the pervasiveness in the survey, and that's what we show here. The left most chart is sorted by spending momentum or net score, and the right hand chart by shared N, or the number of mentions in the survey, that pervasiveness metric. that solid red line denotes the cutoff point at the top 10. And you'll note we've actually cut it off at 11 to account for Auth 0, which is now part of Okta, and is going through a go to market transition, you know, with the company, they're kind of restructuring sales so they can take advantage of that. So starting on the left with spending momentum, again, net score, Microsoft leads all vendors, typical Microsoft, very prominent, although it hadn't always done so, it, for a while, CrowdStrike and Okta were, were taking the top spot, now it's Microsoft. CrowdStrike, still always near the top, but note that CyberArk and Cloudflare have cracked the top five in Okta, which as I just said was consistently at the top, has dropped well off its previous highs. You'll notice that Palo Alto Network Palo Alto Networks with a 38% net score, just below that magic 40% number, is healthy, especially as you look over to the right hand chart. Take a look at Palo Alto with an N of 395. It is the largest of the independent pure play security firms, and has a very healthy net score, although one caution is that net score has dropped considerably since the beginning of the year, which is the case for most of the top 10 names. The only exception is Fortinet, they're the only ones that saw an increase since January in spending momentum as ETR measures it. Now this brings us to the four star security firms, that is those that hit the top 10 in both net score on the left hand side and market presence on the right hand side. So it's Microsoft, Palo Alto, CrowdStrike, Okta, still there even not accounting for a Auth 0, just Okta on its own. If you put in Auth 0, it's, it's even stronger. Adding then in Fortinet and Zscaler. So Microsoft, Palo Alto, CrowdStrike, Okta, Fortinet, and Zscaler. And as we've mentioned since January, only Fortinet has shown an increase in net score since, since that time, again, since the January survey. Now again, this talks to the compression in spending. Now one of the big themes we hear constantly in cybersecurity is the market is overcrowded. Everybody talks about that, me included. The implication there, is there's a lot of room for consolidation and that consolidation can come in the form of M&A, or it can come in the form of people consolidating onto a single platform, and retiring some other vendors, and getting rid of duplicate vendors. We're hearing that as a big theme as well. Now, as we saw in the previous, previous chart, this is a very crowded market and we've seen lots of consolidation in 2022, in the form of M&A. Literally hundreds of M&A deals, with some of the largest companies going private. SailPoint, KnowBe4, Barracuda, Mandiant, Fedora, these are multi billion dollar acquisitions, or at least billion dollars and up, and many of them multi-billion, for these companies, and hundreds more acquisitions in the cyberspace, now less you think the pond is overfished, here's a chart from ETR of emerging tech companies in the cyber security industry. This data comes from ETR's Emerging Technologies Survey, ETS, which is this diamond in a rough that I found a couple quarters ago, and it's ripe with companies that are candidates for M&A. Many would've liked, many of these companies would've liked to, gotten to the public markets during the pandemic, but they, you know, couldn't get there. They weren't ready. So the graph, you know, similar to the previous one, but different, it shows net sentiment on the vertical axis and that's a measurement of, of, of intent to adopt against a mind share on the X axis, which measures, measures the awareness of the vendor in the community. So this is specifically a survey that ETR goes out and, and, and fields only to track those emerging tech companies that are private companies. Now, some of the standouts in Mindshare, are OneTrust, BeyondTrust, Tanium and Endpoint, Net Scope, which we've talked about in previous Breaking Analysis. 1Password, which has been acquisitive on its own. In identity, the managed security service provider, Arctic Wolf Network, a company we've also covered, we've had their CEO on. We've talked about MSSPs as a real trend, particularly in small and medium sized business, we'll come back to that, Sneek, you know, kind of high flyer in both app security and containers, and you can just see the number of companies in the space this huge and it just keeps growing. Now, just to make it a bit easier on the eyes we filtered the data on these companies with with those, and isolated on those with more than a hundred responses only within the survey. And that's what we show here. Some of the names that we just mentioned are a bit easier to see, but these are the ones that really stand out in ERT, ETS, survey of private companies, OneTrust, BeyondTrust, Taniam, Netscope, which is in Cloud, 1Password, Arctic Wolf, Sneek, BitSight, SecurityScorecard, HackerOne, Code42, and Exabeam, and Sim. All of these hit the ETS survey with more than a hundred responses by, by the IT practitioners. Okay, so these firms, you know, maybe they do some M&A on their own. We've seen that with Sneek, as I said, with 1Password has been inquisitive, as have others. Now these companies with the larger footprint, these private companies, will likely be candidate for both buying companies and eventually going public when the markets settle down a bit. So again, no shortage of players to affect consolidation, both buyers and sellers. Okay, so let's finish with some key questions that we're watching. CrowdStrike in particular on its earnings calls cited softness from smaller buyers. Is that because these smaller buyers have stopped adopting? If so, are they more at risk, or are they tactically moving toward the easy button, aka, Microsoft's good enough approach. What does that mean for the market if smaller company cohorts continue to soften? How about MSSPs? Will companies continue to outsource, or pause on on that, as well as try to free up, to try to free up some budget? Adam Celiski at Reinvent last week said, "If you want to save money the Cloud's the best place to do it." Is the cloud the best place to save money in cyber? Well, it would seem that way from the standpoint of controlling budgets with lots of, lots of optionality. You could dial up and dial down services, you know, or does the Cloud add another layer of complexity that has to be understood and managed by Devs, for example? Now, consolidation should favor the likes of Palo Alto and CrowdStrike, cause they're platform players, and some of the larger players as well, like Cisco, how about IBM and of course Microsoft. Will that happen? And how will economic uncertainty impact the risk equation, a particular concern is increase of tax on vulnerable sectors of the population, like the elderly. How will companies and governments protect them from scams? And finally, how many cybersecurity companies can actually remain independent in the slingshot economy? In so many ways the market is still strong, it's just that expectations got ahead of themselves, and now as earnings forecast come, come, come down and come down to earth, it's going to basically come down to who can execute, generate cash, and keep enough runway to get through the knothole. And the one certainty is nobody really knows how tight that knothole really is. All right, let's call it a wrap. Next week we dive deeper into Palo Alto Networks, and take a look at how and why that company has held up so well and what to expect at Ignite, Palo Alto's big user conference coming up later this month in Las Vegas. We'll be there with theCube. Okay, many thanks to Alex Myerson on production and manages the podcast, Ken Schiffman as well, as our newest edition to our Boston studio. Great to have you Ken. Kristin Martin and Cheryl Knight help get the word out on social media and in our newsletters. And Rob Hof is our EIC over at Silicon Angle. He does some great editing for us. Thank you to all. Remember these episodes are all available as podcasts. Wherever you listen, just search Breaking Analysis podcast. I publish each week on wikibond.com and siliconangle.com, or you can email me directly David.vellante@siliconangle.com or DM me @DVellante, or comment on our LinkedIn posts. Please do checkout etr.ai, they got the best survey data in the enterprise tech business. This is Dave Vellante for theCube Insights powered by ETR. Thanks for watching, and we'll see you next time on Breaking Analysis. (upbeat music)

>> From theCUBE studios in Palo Alto in Boston bringing you data driven insights from theCUBE and ETR. This is "Breaking Analysis" with Dave Vellante. >> In just over 10 years, CrowdStrike has become a leading independent security firm with more than 2 billion in annual recurring revenue, nearly 60% ARR growth, and approximate $40 billion market capitalization, very high retention rates, low churn, and a path to 5 billion in revenue by mid decade. The company has joined Palo Alto Networks as a gold standard pure play cyber security firm. It has achieved this lofty status with an architecture that goes beyond a point product. With outstanding go to market and financial execution, some sharp acquisitions and an ever increasing total available market. Hello, and welcome to this week's Wikibon Cube Insights powered by ETR. In this "Breaking Analysis" and ahead of Falcon, Fal.Con, CrowdStrike's user conference, we take a deeper look into CrowdStrike, its performance, its platform, and survey data from our partner ETR. Now, the general consensus is that spending on Cyber is non-discretionary and is held up better than other technology sectors. While this is generally true, as this data shows, it's nuanced. Let's explore this a bit. First, this is a year-to-date chart of the stock performance of CrowdStrike relative to Palo Alto, the BUG ETF, which is a Cyber index, the NASDAQ and SentinelOne, a relatively new entrant to the IPO public markets. Now, as you can see the security sector as evidenced by the orange line, that Cyber ETF, is holding up better than the overall NASDAQ which is off 28% year-to-date. Palo Alto has held up incredibly well, the best, being off only around 4% year-to-date. Whereas CrowdStrike is off in the double digits this year. But up as we talked about in one of our last "Breaking Analysis" on Cyber, up from its lows this past May. Now, CrowdStrike had a very nice beat and raise on August 30th. But the stop didn't respond well initially. We asked "Breaking Analysis" contributor, Chip Simonton for his technical take and he stated that CrowdStrike has bounced around for the last three months in its current range. He said that Cyber stocks have held up better than the rest of the market, as we're showing. And now might be a good time to take a shot but he is cautious. FedEx had a warning today of a global recession and that's obvious case for a concern. You know, maybe some of these quality Cyber stocks like Palo Alto and CrowdStrike and Zscaler will outperform in a recession, but that play is not for the faint of heart. In fact, it's feeling like a longer, more drawn out tech lash than many had hoped. Perhaps as much as 12 to 18 months of bouncing around with sellers still in control, is generally the sentiment from Simonton. So in terms of Cyber spending being non-discretionary, we'd say it's less discretionary than other it sectors but the CISO still does not have an open wallet, as we've reported before. We've seen that spending momentum has decelerated in all sectors throughout the year. This is an across the board trend. Now, independent of the stock price, George Kurtz, CEO of CrowdStrike, he's running a marathon, not a sprint. And this company is running at a nice pace despite tough macro headwinds. The company is free cash flow positive and is in the black, or a non-GAAP operating profit basis and yet it's growing ARR at nearly 60%. Frank Slootman uses the term inherent profitability, meaning that the company could drive more profits if it wanted to dial down expenses especially in go to market costs. But that would be a mistake for a company like CrowdStrike, in our opinion. While it has an impressive nearly 20,000 customers, there are hundreds of thousands of customers that CrowdStrike could penetrate. So like Snowflake and Slootman, Kurtz is not taking its foot off the gas. Now, the fundamental strength of CrowdStrike and its secret sauce is its architecture and platform, in our view, so let's take a deeper look. CrowdStrike believes that the unstoppable breach is a myth. Now, CISOs don't agree with that because they assume they're going to get breached, but that's CrowdStrike's point of view, so lofty vision. CrowdStrike's mission is to consolidate the patchwork of solutions by introducing modules that go beyond point products. CrowdStrike has more than 20 modules, I think 22, that span a range of capabilities as shown in this table. Now, there are a few critical aspects of the CrowdStrike architecture that bear mentioning. First is the lightweight agent, that is fundamental. You know, we're used to thinking that agentless is good and agent is bad, but in this case, a powerful but small, slim and easy to install but unobtrusive agent has its advantages because it supports multiple CrowdStrike modules. The second point is CrowdStrike from the beginning has been dogmatic about getting all the telemetry data into the cloud. It sort of shunned doing bespoke on prem so that all the data could be analyzed. So the more agents that CrowdStrike installs around the world, the more data it has access to and the better its intelligence. Few companies have access to more data, perhaps Microsoft given it scale and size is an exception in that endpoint space. CrowdStrike has developed a purpose-built threat graph and analytics platform that allows it to quickly ingest in near real time key telemetry data and detect not only known malware, that's pretty straightforward, pretty much anybody could do that. But using machine intelligence, it can also detect unknown malware and other potentially malicious behavior using indicators of attack, IOC, or IOAs. Humio is shown here as a company that CrowdStrike bought for around 400 million in early 2020, early 2021. It's the company's Splunk killer and will serve as an observability platform. It's really starting to take off, that's a great market for them to go after. CrowdStrike, to try to put it into sort of a summary, uses a three pronged approach. First is it's next generation anti-virus, meaning it's SaaS base. SAS based solution that can do fast lookups to telemetry data and that data lives in the cloud. And this leverages cloud strikes proprietary threat graph. Now, the second is endpoint detection and response. CrowdStrike sends all endpoint activity to the cloud and can process the data in real time. CrowdStrike EDR allows you to search data history and its partners with threat intelligent platforms who push the data into CrowdStrike, the CrowdStrike cloud. This increases CloudStrike's observation space. It also has containment capabilities in EDR to fence off compromised system. Now, the third leg of the stool is CrowdStrike's world class manage hunting approach. Like many firms, CrowdStrike has a crack team of experts that is looking at the data, but CrowdStrike's advantage is the amount of data, that observation space that we just talked about, and near real time capabilities of the architecture thanks to that proprietary database that they've developed. And all this is built in the cloud and so it enables global scale. And of course, agility. Now, let's dig into some of the survey data and take a look at what ETR respondents are saying about the spending momentum for CrowdStrike in context with its peers. Here's a very recent dataset, the October preliminary data from the October dataset in ETR's survey. Eric Bradley shared with us, ETR's head of strategy, and he runs the round tables, he's a frequent "Breaking Analysis" contributor. This is an XY graph with Netcore or spending momentum on the vertical axis and the overlap or pervasiveness in the survey on the horizontal axis. That dotted red line at 40% indicates an elevated level of spending velocity. Anything above that, we consider really impressive. Note the CrowdStrike progression since the pandemic started. The two notable points are one, that CrowdStrike has remained consistently above that 40% mark and two, it has made notable progress to the right. You can see that sort of squiggly line consistently increasing its share with one little anomaly there in the early days of over a two-year period. The other call out here is Microsoft in the upper-right. We circled Microsoft as usual. Microsoft messes up the data because it's such a dominant player and has referenced earlier as a massive scale and very quality telemetry from its endpoints. Unlike AWS, Microsoft is a direct competitor of CrowdStrike's. Nonetheless, the sector remains very strong with lots of players. Cyber is a large and expanding TAM with too many point tools that CrowdStrike is well positioned to consolidate, in our view. Now, here's a more narrow view of that same XY graph. What it does is it takes out Microsoft to kind of normalize the data a bit and it compares a number of firms that specialize in endpoint, along with CrowdStrike such as Tanium which also has a lightweight agent, by the way, and appears to be doing pretty well. SentinelOne did a relatively recent IPO, took off, stock hasn't done as well since, as you saw earlier. Carbon Black which VMware bought for around $2 billion and Cylance which is the Blackberry pivot. Now, we've also for context included Palo Alto and Cisco because they are major players with the big presence in security and they've got solutions that compete with CrowdStrike. But you can see how CrowdStrike looms large with a higher net score than these others. Although Palo Alto is very impressive, as is Cisco, steady. But Palo Alto also, sorry, CrowdStrike also has a very steady posture instead of just looming on that X axis. Let's now take a look at XDR, extended detection and response. XDR is kind of this bit of a buzzword but CrowdStrike seems to be taking the mantle and trying to sort of own the category and define it, in our view. It's a natural evolution of endpoint detection and response, EDR. In a recent ETR Roundtable hosted by our colleague, Eric Bradley, the sentiment among several CIOs is that existing SIEM, security information and event management platforms are inadequate and some see XDR as a replacement for, or at least a strong compliment to SIEM. CISOs want a single view of their data. Hmm, you haven't heard that before. They want help prioritizing potentially high impact breaches and they want to automate the low level stuff because the problem is sometimes too much information becomes information overload and you can't prioritize. So they want to consolidate platforms. They want better co consistency. They have too many dashboards, too many stove pipes. They have difficulty scaling and they have inconsistent telemetry data. As one CISO said, it's a call out here. "If the regulatory requirement isn't there, I absolutely would get rid of my SIEM." So CrowdStrike, we feel, is in a good position to continue to gain, share and disrupt this space. And that's what Dave Nicholson and I will be looking for next week when theCUBE is at Fal.Con, CrowdStrike's user conference. We'll be there for two days at the area in Vegas. In addition to CrowdStrike CEO, we'll hear from government cyber experts. We always hear that at security conferences and the CEO of Mandiant. Google just the other day closed its $5 billion plus acquisition of Mandiant, which is a threat intelligence expert and MSSP. I'm going to hear a lot about MSSPs by the way. CrowdStrike is a growing MSSP base. We think that's a really interesting sector because many companies don't have a SOC. As many as 50% of companies in the United States don't have a security operations center. So they need help, that's where MSPs come in. At the conference, there'll be a real focus on the Falcon platform. And we expect CrowdStrike to educate the audience on its multiple modules and how to take advantage of the capabilities beyond endpoint. And we'll also be watching for the ecosystem conversations. We saw this at reinforced, for example, where CrowdStrike and Okta were presenting together to show how these companies products compliment each other in the marketplace. Sometimes it gets confusing when you hear that CrowdStrike has an identity product. Okta, of course, is the identity specialist. So we'll be helping extract that signal from the noise. Because a generational company must have a strong ecosystem. CrowdStrike is evolving and our belief is that it has some work to do to create a stronger partner flywheel, and we're eager to dig into that next week. So if you're at the event, please do stop by theCUBE, say hello to Dave Nicholson and myself. Okay, we're going to leave it there today. Many thanks to Chip Simonton and Eric Bradley for their input and contributions to today's episode. Thanks to Alex Myerson, who does production, he also manages our podcast, Ken Schiffman as well, in our Boston studios, Kristen Martin and Cheryl Knight help get the word out on social media and our newsletters, and Rob Hof is our editor in chief over at siliconangle.com. He does some wonderful editing and I really appreciate that. Remember, all these episodes are available as podcasts wherever you listen, just search "Breaking Analysis" Podcast. I publish each week on wikibon.com and siliconangle.com and you can email me at david.vellante@siliconangle.com or DM me @DVellante or comment on our LinkedIn post. And please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching, and we'll see you next time on "Breaking Analysis". (upbeat music)

>> From The Cube Studios in Palo Alto and Boston, bringing you data driven insights from The Cube at ETR. This is "Breaking Analysis" with Dave Vellante. >> The reverse momentum in tech stocks caused by rising interest rates, less attractive discounted cash flow models, and more tepid forward guidance, can be easily measured by public market valuations. And while there's lots of discussion about the impact on private companies and cash runway and 409A valuations, measuring the performance of non-public companies isn't as easy. IPOs have dried up and public statements by private companies, of course, they accentuate the good and they kind of hide the bad. Real data, unless you're an insider, is hard to find. Hello and welcome to this week's "Wikibon Cube Insights" powered by ETR. In this "Breaking Analysis", we unlock some of the secrets that non-public, emerging tech companies may or may not be sharing. And we do this by introducing you to a capability from ETR that we've not exposed you to over the past couple of years, it's called the Emerging Technologies Survey, and it is packed with sentiment data and performance data based on surveys of more than a thousand CIOs and IT buyers covering more than 400 companies. And we've invited back our colleague, Erik Bradley of ETR to help explain the survey and the data that we're going to cover today. Erik, this survey is something that I've not personally spent much time on, but I'm blown away at the data. It's really unique and detailed. First of all, welcome. Good to see you again. >> Great to see you too, Dave, and I'm really happy to be talking about the ETS or the Emerging Technology Survey. Even our own clients of constituents probably don't spend as much time in here as they should. >> Yeah, because there's so much in the mainstream, but let's pull up a slide to bring out the survey composition. Tell us about the study. How often do you run it? What's the background and the methodology? >> Yeah, you were just spot on the way you were talking about the private tech companies out there. So what we did is we decided to take all the vendors that we track that are not yet public and move 'em over to the ETS. And there isn't a lot of information out there. If you're not in Silicon (indistinct), you're not going to get this stuff. So PitchBook and Tech Crunch are two out there that gives some data on these guys. But what we really wanted to do was go out to our community. We have 6,000, ITDMs in our community. We wanted to ask them, "Are you aware of these companies? And if so, are you allocating any resources to them? Are you planning to evaluate them," and really just kind of figure out what we can do. So this particular survey, as you can see, 1000 plus responses, over 450 vendors that we track. And essentially what we're trying to do here is talk about your evaluation and awareness of these companies and also your utilization. And also if you're not utilizing 'em, then we can also figure out your sales conversion or churn. So this is interesting, not only for the ITDMs themselves to figure out what their peers are evaluating and what they should put in POCs against the big guys when contracts come up. But it's also really interesting for the tech vendors themselves to see how they're performing. >> And you can see 2/3 of the respondents are director level of above. You got 28% is C-suite. There is of course a North America bias, 70, 75% is North America. But these smaller companies, you know, that's when they start doing business. So, okay. We're going to do a couple of things here today. First, we're going to give you the big picture across the sectors that ETR covers within the ETS survey. And then we're going to look at the high and low sentiment for the larger private companies. And then we're going to do the same for the smaller private companies, the ones that don't have as much mindshare. And then I'm going to put those two groups together and we're going to look at two dimensions, actually three dimensions, which companies are being evaluated the most. Second, companies are getting the most usage and adoption of their offerings. And then third, which companies are seeing the highest churn rates, which of course is a silent killer of companies. And then finally, we're going to look at the sentiment and mindshare for two key areas that we like to cover often here on "Breaking Analysis", security and data. And data comprises database, including data warehousing, and then big data analytics is the second part of data. And then machine learning and AI is the third section within data that we're going to look at. Now, one other thing before we get into it, ETR very often will include open source offerings in the mix, even though they're not companies like TensorFlow or Kubernetes, for example. And we'll call that out during this discussion. The reason this is done is for context, because everyone is using open source. It is the heart of innovation and many business models are super glued to an open source offering, like take MariaDB, for example. There's the foundation and then there's with the open source code and then there, of course, the company that sells services around the offering. Okay, so let's first look at the highest and lowest sentiment among these private firms, the ones that have the highest mindshare. So they're naturally going to be somewhat larger. And we do this on two dimensions, sentiment on the vertical axis and mindshare on the horizontal axis and note the open source tool, see Kubernetes, Postgres, Kafka, TensorFlow, Jenkins, Grafana, et cetera. So Erik, please explain what we're looking at here, how it's derived and what the data tells us. >> Certainly, so there is a lot here, so we're going to break it down first of all by explaining just what mindshare and net sentiment is. You explain the axis. We have so many evaluation metrics, but we need to aggregate them into one so that way we can rank against each other. Net sentiment is really the aggregation of all the positive and subtracting out the negative. So the net sentiment is a very quick way of looking at where these companies stand versus their peers in their sectors and sub sectors. Mindshare is basically the awareness of them, which is good for very early stage companies. And you'll see some names on here that are obviously been around for a very long time. And they're clearly be the bigger on the axis on the outside. Kubernetes, for instance, as you mentioned, is open source. This de facto standard for all container orchestration, and it should be that far up into the right, because that's what everyone's using. In fact, the open source leaders are so prevalent in the emerging technology survey that we break them out later in our analysis, 'cause it's really not fair to include them and compare them to the actual companies that are providing the support and the security around that open source technology. But no survey, no analysis, no research would be complete without including these open source tech. So what we're looking at here, if I can just get away from the open source names, we see other things like Databricks and OneTrust . They're repeating as top net sentiment performers here. And then also the design vendors. People don't spend a lot of time on 'em, but Miro and Figma. This is their third survey in a row where they're just dominating that sentiment overall. And Adobe should probably take note of that because they're really coming after them. But Databricks, we all know probably would've been a public company by now if the market hadn't turned, but you can see just how dominant they are in a survey of nothing but private companies. And we'll see that again when we talk about the database later. >> And I'll just add, so you see automation anywhere on there, the big UiPath competitor company that was not able to get to the public markets. They've been trying. Snyk, Peter McKay's company, they've raised a bunch of money, big security player. They're doing some really interesting things in developer security, helping developers secure the data flow, H2O.ai, Dataiku AI company. We saw them at the Snowflake Summit. Redis Labs, Netskope and security. So a lot of names that we know that ultimately we think are probably going to be hitting the public market. Okay, here's the same view for private companies with less mindshare, Erik. Take us through this one. >> On the previous slide too real quickly, I wanted to pull that security scorecard and we'll get back into it. But this is a newcomer, that I couldn't believe how strong their data was, but we'll bring that up in a second. Now, when we go to the ones of lower mindshare, it's interesting to talk about open source, right? Kubernetes was all the way on the top right. Everyone uses containers. Here we see Istio up there. Not everyone is using service mesh as much. And that's why Istio is in the smaller breakout. But still when you talk about net sentiment, it's about the leader, it's the highest one there is. So really interesting to point out. Then we see other names like Collibra in the data side really performing well. And again, as always security, very well represented here. We have Aqua, Wiz, Armis, which is a standout in this survey this time around. They do IoT security. I hadn't even heard of them until I started digging into the data here. And I couldn't believe how well they were doing. And then of course you have AnyScale, which is doing a second best in this and the best name in the survey Hugging Face, which is a machine learning AI tool. Also doing really well on a net sentiment, but they're not as far along on that access of mindshare just yet. So these are again, emerging companies that might not be as well represented in the enterprise as they will be in a couple of years. >> Hugging Face sounds like something you do with your two year old. Like you said, you see high performers, AnyScale do machine learning and you mentioned them. They came out of Berkeley. Collibra Governance, InfluxData is on there. InfluxDB's a time series database. And yeah, of course, Alex, if you bring that back up, you get a big group of red dots, right? That's the bad zone, I guess, which Sisense does vis, Yellowbrick Data is a NPP database. How should we interpret the red dots, Erik? I mean, is it necessarily a bad thing? Could it be misinterpreted? What's your take on that? >> Sure, well, let me just explain the definition of it first from a data science perspective, right? We're a data company first. So the gray dots that you're seeing that aren't named, that's the mean that's the average. So in order for you to be on this chart, you have to be at least one standard deviation above or below that average. So that gray is where we're saying, "Hey, this is where the lump of average comes in. This is where everyone normally stands." So you either have to be an outperformer or an underperformer to even show up in this analysis. So by definition, yes, the red dots are bad. You're at least one standard deviation below the average of your peers. It's not where you want to be. And if you're on the lower left, not only are you not performing well from a utilization or an actual usage rate, but people don't even know who you are. So that's a problem, obviously. And the VCs and the PEs out there that are backing these companies, they're the ones who mostly are interested in this data. >> Yeah. Oh, that's great explanation. Thank you for that. No, nice benchmarking there and yeah, you don't want to be in the red. All right, let's get into the next segment here. Here going to look at evaluation rates, adoption and the all important churn. First new evaluations. Let's bring up that slide. And Erik, take us through this. >> So essentially I just want to explain what evaluation means is that people will cite that they either plan to evaluate the company or they're currently evaluating. So that means we're aware of 'em and we are choosing to do a POC of them. And then we'll see later how that turns into utilization, which is what a company wants to see, awareness, evaluation, and then actually utilizing them. That's sort of the life cycle for these emerging companies. So what we're seeing here, again, with very high evaluation rates. H2O, we mentioned. SecurityScorecard jumped up again. Chargebee, Snyk, Salt Security, Armis. A lot of security names are up here, Aqua, Netskope, which God has been around forever. I still can't believe it's in an Emerging Technology Survey But so many of these names fall in data and security again, which is why we decided to pick those out Dave. And on the lower side, Vena, Acton, those unfortunately took the dubious award of the lowest evaluations in our survey, but I prefer to focus on the positive. So SecurityScorecard, again, real standout in this one, they're in a security assessment space, basically. They'll come in and assess for you how your security hygiene is. And it's an area of a real interest right now amongst our ITDM community. >> Yeah, I mean, I think those, and then Arctic Wolf is up there too. They're doing managed services. You had mentioned Netskope. Yeah, okay. All right, let's look at now adoption. These are the companies whose offerings are being used the most and are above that standard deviation in the green. Take us through this, Erik. >> Sure, yet again, what we're looking at is, okay, we went from awareness, we went to evaluation. Now it's about utilization, which means a survey respondent's going to state "Yes, we evaluated and we plan to utilize it" or "It's already in our enterprise and we're actually allocating further resources to it." Not surprising, again, a lot of open source, the reason why, it's free. So it's really easy to grow your utilization on something that's free. But as you and I both know, as Red Hat proved, there's a lot of money to be made once the open source is adopted, right? You need the governance, you need the security, you need the support wrapped around it. So here we're seeing Kubernetes, Postgres, Apache Kafka, Jenkins, Grafana. These are all open source based names. But if we're looking at names that are non open source, we're going to see Databricks, Automation Anywhere, Rubrik all have the highest mindshare. So these are the names, not surprisingly, all names that probably should have been public by now. Everyone's expecting an IPO imminently. These are the names that have the highest mindshare. If we talk about the highest utilization rates, again, Miro and Figma pop up, and I know they're not household names, but they are just dominant in this survey. These are applications that are meant for design software and, again, they're going after an Autodesk or a CAD or Adobe type of thing. It is just dominant how high the utilization rates are here, which again is something Adobe should be paying attention to. And then you'll see a little bit lower, but also interesting, we see Collibra again, we see Hugging Face again. And these are names that are obviously in the data governance, ML, AI side. So we're seeing a ton of data, a ton of security and Rubrik was interesting in this one, too, high utilization and high mindshare. We know how pervasive they are in the enterprise already. >> Erik, Alex, keep that up for a second, if you would. So yeah, you mentioned Rubrik. Cohesity's not on there. They're sort of the big one. We're going to talk about them in a moment. Puppet is interesting to me because you remember the early days of that sort of space, you had Puppet and Chef and then you had Ansible. Red Hat bought Ansible and then Ansible really took off. So it's interesting to see Puppet on there as well. Okay. So now let's look at the churn because this one is where you don't want to be. It's, of course, all red 'cause churn is bad. Take us through this, Erik. >> Yeah, definitely don't want to be here and I don't love to dwell on the negative. So we won't spend as much time. But to your point, there's one thing I want to point out that think it's important. So you see Rubrik in the same spot, but Rubrik has so many citations in our survey that it actually would make sense that they're both being high utilization and churn just because they're so well represented. They have such a high overall representation in our survey. And the reason I call that out is Cohesity. Cohesity has an extremely high churn rate here about 17% and unlike Rubrik, they were not on the utilization side. So Rubrik is seeing both, Cohesity is not. It's not being utilized, but it's seeing a high churn. So that's the way you can look at this data and say, "Hm." Same thing with Puppet. You noticed that it was on the other slide. It's also on this one. So basically what it means is a lot of people are giving Puppet a shot, but it's starting to churn, which means it's not as sticky as we would like. One that was surprising on here for me was Tanium. It's kind of jumbled in there. It's hard to see in the middle, but Tanium, I was very surprised to see as high of a churn because what I do hear from our end user community is that people that use it, like it. It really kind of spreads into not only vulnerability management, but also that endpoint detection and response side. So I was surprised by that one, mostly to see Tanium in here. Mural, again, was another one of those application design softwares that's seeing a very high churn as well. >> So you're saying if you're in both... Alex, bring that back up if you would. So if you're in both like MariaDB is for example, I think, yeah, they're in both. They're both green in the previous one and red here, that's not as bad. You mentioned Rubrik is going to be in both. Cohesity is a bit of a concern. Cohesity just brought on Sanjay Poonen. So this could be a go to market issue, right? I mean, 'cause Cohesity has got a great product and they got really happy customers. So they're just maybe having to figure out, okay, what's the right ideal customer profile and Sanjay Poonen, I guarantee, is going to have that company cranking. I mean they had been doing very well on the surveys and had fallen off of a bit. The other interesting things wondering the previous survey I saw Cvent, which is an event platform. My only reason I pay attention to that is 'cause we actually have an event platform. We don't sell it separately. We bundle it as part of our offerings. And you see Hopin on here. Hopin raised a billion dollars during the pandemic. And we were like, "Wow, that's going to blow up." And so you see Hopin on the churn and you didn't see 'em in the previous chart, but that's sort of interesting. Like you said, let's not kind of dwell on the negative, but you really don't. You know, churn is a real big concern. Okay, now we're going to drill down into two sectors, security and data. Where data comprises three areas, database and data warehousing, machine learning and AI and big data analytics. So first let's take a look at the security sector. Now this is interesting because not only is it a sector drill down, but also gives an indicator of how much money the firm has raised, which is the size of that bubble. And to tell us if a company is punching above its weight and efficiently using its venture capital. Erik, take us through this slide. Explain the dots, the size of the dots. Set this up please. >> Yeah. So again, the axis is still the same, net sentiment and mindshare, but what we've done this time is we've taken publicly available information on how much capital company is raised and that'll be the size of the circle you see around the name. And then whether it's green or red is basically saying relative to the amount of money they've raised, how are they doing in our data? So when you see a Netskope, which has been around forever, raised a lot of money, that's why you're going to see them more leading towards red, 'cause it's just been around forever and kind of would expect it. Versus a name like SecurityScorecard, which is only raised a little bit of money and it's actually performing just as well, if not better than a name, like a Netskope. OneTrust doing absolutely incredible right now. BeyondTrust. We've seen the issues with Okta, right. So those are two names that play in that space that obviously are probably getting some looks about what's going on right now. Wiz, we've all heard about right? So raised a ton of money. It's doing well on net sentiment, but the mindshare isn't as well as you'd want, which is why you're going to see a little bit of that red versus a name like Aqua, which is doing container and application security. And hasn't raised as much money, but is really neck and neck with a name like Wiz. So that is why on a relative basis, you'll see that more green. As we all know, information security is never going away. But as we'll get to later in the program, Dave, I'm not sure in this current market environment, if people are as willing to do POCs and switch away from their security provider, right. There's a little bit of tepidness out there, a little trepidation. So right now we're seeing overall a slight pause, a slight cooling in overall evaluations on the security side versus historical levels a year ago. >> Now let's stay on here for a second. So a couple things I want to point out. So it's interesting. Now Snyk has raised over, I think $800 million but you can see them, they're high on the vertical and the horizontal, but now compare that to Lacework. It's hard to see, but they're kind of buried in the middle there. That's the biggest dot in this whole thing. I think I'm interpreting this correctly. They've raised over a billion dollars. It's a Mike Speiser company. He was the founding investor in Snowflake. So people watch that very closely, but that's an example of where they're not punching above their weight. They recently had a layoff and they got to fine tune things, but I'm still confident they they're going to do well. 'Cause they're approaching security as a data problem, which is probably people having trouble getting their arms around that. And then again, I see Arctic Wolf. They're not red, they're not green, but they've raised fair amount of money, but it's showing up to the right and decent level there. And a couple of the other ones that you mentioned, Netskope. Yeah, they've raised a lot of money, but they're actually performing where you want. What you don't want is where Lacework is, right. They've got some work to do to really take advantage of the money that they raised last November and prior to that. >> Yeah, if you're seeing that more neutral color, like you're calling out with an Arctic Wolf, like that means relative to their peers, this is where they should be. It's when you're seeing that red on a Lacework where we all know, wow, you raised a ton of money and your mindshare isn't where it should be. Your net sentiment is not where it should be comparatively. And then you see these great standouts, like Salt Security and SecurityScorecard and Abnormal. You know they haven't raised that much money yet, but their net sentiment's higher and their mindshare's doing well. So those basically in a nutshell, if you're a PE or a VC and you see a small green circle, then you're doing well, then it means you made a good investment. >> Some of these guys, I don't know, but you see these small green circles. Those are the ones you want to start digging into and maybe help them catch a wave. Okay, let's get into the data discussion. And again, three areas, database slash data warehousing, big data analytics and ML AI. First, we're going to look at the database sector. So Alex, thank you for bringing that up. Alright, take us through this, Erik. Actually, let me just say Postgres SQL. I got to ask you about this. It shows some funding, but that actually could be a mix of EDB, the company that commercializes Postgres and Postgres the open source database, which is a transaction system and kind of an open source Oracle. You see MariaDB is a database, but open source database. But the companies they've raised over $200 million and they filed an S-4. So Erik looks like this might be a little bit of mashup of companies and open source products. Help us understand this. >> Yeah, it's tough when you start dealing with the open source side and I'll be honest with you, there is a little bit of a mashup here. There are certain names here that are a hundred percent for profit companies. And then there are others that are obviously open source based like Redis is open source, but Redis Labs is the one trying to monetize the support around it. So you're a hundred percent accurate on this slide. I think one of the things here that's important to note though, is just how important open source is to data. If you're going to be going to any of these areas, it's going to be open source based to begin with. And Neo4j is one I want to call out here. It's not one everyone's familiar with, but it's basically geographical charting database, which is a name that we're seeing on a net sentiment side actually really, really high. When you think about it's the third overall net sentiment for a niche database play. It's not as big on the mindshare 'cause it's use cases aren't as often, but third biggest play on net sentiment. I found really interesting on this slide. >> And again, so MariaDB, as I said, they filed an S-4 I think $50 million in revenue, that might even be ARR. So they're not huge, but they're getting there. And by the way, MariaDB, if you don't know, was the company that was formed the day that Oracle bought Sun in which they got MySQL and MariaDB has done a really good job of replacing a lot of MySQL instances. Oracle has responded with MySQL HeatWave, which was kind of the Oracle version of MySQL. So there's some interesting battles going on there. If you think about the LAMP stack, the M in the LAMP stack was MySQL. And so now it's all MariaDB replacing that MySQL for a large part. And then you see again, the red, you know, you got to have some concerns about there. Aerospike's been around for a long time. SingleStore changed their name a couple years ago, last year. Yellowbrick Data, Fire Bolt was kind of going after Snowflake for a while, but yeah, you want to get out of that red zone. So they got some work to do. >> And Dave, real quick for the people that aren't aware, I just want to let them know that we can cut this data with the public company data as well. So we can cross over this with that because some of these names are competing with the larger public company names as well. So we can go ahead and cross reference like a MariaDB with a Mongo, for instance, or of something of that nature. So it's not in this slide, but at another point we can certainly explain on a relative basis how these private names are doing compared to the other ones as well. >> All right, let's take a quick look at analytics. Alex, bring that up if you would. Go ahead, Erik. >> Yeah, I mean, essentially here, I can't see it on my screen, my apologies. I just kind of went to blank on that. So gimme one second to catch up. >> So I could set it up while you're doing that. You got Grafana up and to the right. I mean, this is huge right. >> Got it thank you. I lost my screen there for a second. Yep. Again, open source name Grafana, absolutely up and to the right. But as we know, Grafana Labs is actually picking up a lot of speed based on Grafana, of course. And I think we might actually hear some noise from them coming this year. The names that are actually a little bit more disappointing than I want to call out are names like ThoughtSpot. It's been around forever. Their mindshare of course is second best here but based on the amount of time they've been around and the amount of money they've raised, it's not actually outperforming the way it should be. We're seeing Moogsoft obviously make some waves. That's very high net sentiment for that company. It's, you know, what, third, fourth position overall in this entire area, Another name like Fivetran, Matillion is doing well. Fivetran, even though it's got a high net sentiment, again, it's raised so much money that we would've expected a little bit more at this point. I know you know this space extremely well, but basically what we're looking at here and to the bottom left, you're going to see some names with a lot of red, large circles that really just aren't performing that well. InfluxData, however, second highest net sentiment. And it's really pretty early on in this stage and the feedback we're getting on this name is the use cases are great, the efficacy's great. And I think it's one to watch out for. >> InfluxData, time series database. The other interesting things I just noticed here, you got Tamer on here, which is that little small green. Those are the ones we were saying before, look for those guys. They might be some of the interesting companies out there and then observe Jeremy Burton's company. They do observability on top of Snowflake, not green, but kind of in that gray. So that's kind of cool. Monte Carlo is another one, they're sort of slightly green. They are doing some really interesting things in data and data mesh. So yeah, okay. So I can spend all day on this stuff, Erik, phenomenal data. I got to get back and really dig in. Let's end with machine learning and AI. Now this chart it's similar in its dimensions, of course, except for the money raised. We're not showing that size of the bubble, but AI is so hot. We wanted to cover that here, Erik, explain this please. Why TensorFlow is highlighted and walk us through this chart. >> Yeah, it's funny yet again, right? Another open source name, TensorFlow being up there. And I just want to explain, we do break out machine learning, AI is its own sector. A lot of this of course really is intertwined with the data side, but it is on its own area. And one of the things I think that's most important here to break out is Databricks. We started to cover Databricks in machine learning, AI. That company has grown into much, much more than that. So I do want to state to you Dave, and also the audience out there that moving forward, we're going to be moving Databricks out of only the MA/AI into other sectors. So we can kind of value them against their peers a little bit better. But in this instance, you could just see how dominant they are in this area. And one thing that's not here, but I do want to point out is that we have the ability to break this down by industry vertical, organization size. And when I break this down into Fortune 500 and Fortune 1000, both Databricks and Tensorflow are even better than you see here. So it's quite interesting to see that the names that are succeeding are also succeeding with the largest organizations in the world. And as we know, large organizations means large budgets. So this is one area that I just thought was really interesting to point out that as we break it down, the data by vertical, these two names still are the outstanding players. >> I just also want to call it H2O.ai. They're getting a lot of buzz in the marketplace and I'm seeing them a lot more. Anaconda, another one. Dataiku consistently popping up. DataRobot is also interesting because all the kerfuffle that's going on there. The Cube guy, Cube alum, Chris Lynch stepped down as executive chairman. All this stuff came out about how the executives were taking money off the table and didn't allow the employees to participate in that money raising deal. So that's pissed a lot of people off. And so they're now going through some kind of uncomfortable things, which is unfortunate because DataRobot, I noticed, we haven't covered them that much in "Breaking Analysis", but I've noticed them oftentimes, Erik, in the surveys doing really well. So you would think that company has a lot of potential. But yeah, it's an important space that we're going to continue to watch. Let me ask you Erik, can you contextualize this from a time series standpoint? I mean, how is this changed over time? >> Yeah, again, not show here, but in the data. I'm sorry, go ahead. >> No, I'm sorry. What I meant, I should have interjected. In other words, you would think in a downturn that these emerging companies would be less interesting to buyers 'cause they're more risky. What have you seen? >> Yeah, and it was interesting before we went live, you and I were having this conversation about "Is the downturn stopping people from evaluating these private companies or not," right. In a larger sense, that's really what we're doing here. How are these private companies doing when it comes down to the actual practitioners? The people with the budget, the people with the decision making. And so what I did is, we have historical data as you know, I went back to the Emerging Technology Survey we did in November of 21, right at the crest right before the market started to really fall and everything kind of started to fall apart there. And what I noticed is on the security side, very much so, we're seeing less evaluations than we were in November 21. So I broke it down. On cloud security, net sentiment went from 21% to 16% from November '21. That's a pretty big drop. And again, that sentiment is our one aggregate metric for overall positivity, meaning utilization and actual evaluation of the name. Again in database, we saw it drop a little bit from 19% to 13%. However, in analytics we actually saw it stay steady. So it's pretty interesting that yes, cloud security and security in general is always going to be important. But right now we're seeing less overall net sentiment in that space. But within analytics, we're seeing steady with growing mindshare. And also to your point earlier in machine learning, AI, we're seeing steady net sentiment and mindshare has grown a whopping 25% to 30%. So despite the downturn, we're seeing more awareness of these companies in analytics and machine learning and a steady, actual utilization of them. I can't say the same in security and database. They're actually shrinking a little bit since the end of last year. >> You know it's interesting, we were on a round table, Erik does these round tables with CISOs and CIOs, and I remember one time you had asked the question, "How do you think about some of these emerging tech companies?" And one of the executives said, "I always include somebody in the bottom left of the Gartner Magic Quadrant in my RFPs. I think he said, "That's how I found," I don't know, it was Zscaler or something like that years before anybody ever knew of them "Because they're going to help me get to the next level." So it's interesting to see Erik in these sectors, how they're holding up in many cases. >> Yeah. It's a very important part for the actual IT practitioners themselves. There's always contracts coming up and you always have to worry about your next round of negotiations. And that's one of the roles these guys play. You have to do a POC when contracts come up, but it's also their job to stay on top of the new technology. You can't fall behind. Like everyone's a software company. Now everyone's a tech company, no matter what you're doing. So these guys have to stay in on top of it. And that's what this ETS can do. You can go in here and look and say, "All right, I'm going to evaluate their technology," and it could be twofold. It might be that you're ready to upgrade your technology and they're actually pushing the envelope or it simply might be I'm using them as a negotiation ploy. So when I go back to the big guy who I have full intentions of writing that contract to, at least I have some negotiation leverage. >> Erik, we got to leave it there. I could spend all day. I'm going to definitely dig into this on my own time. Thank you for introducing this, really appreciate your time today. >> I always enjoy it, Dave and I hope everyone out there has a great holiday weekend. Enjoy the rest of the summer. And, you know, I love to talk data. So anytime you want, just point the camera on me and I'll start talking data. >> You got it. I also want to thank the team at ETR, not only Erik, but Darren Bramen who's a data scientist, really helped prepare this data, the entire team over at ETR. I cannot tell you how much additional data there is. We are just scratching the surface in this "Breaking Analysis". So great job guys. I want to thank Alex Myerson. Who's on production and he manages the podcast. Ken Shifman as well, who's just coming back from VMware Explore. Kristen Martin and Cheryl Knight help get the word out on social media and in our newsletters. And Rob Hof is our editor in chief over at SiliconANGLE. Does some great editing for us. Thank you. All of you guys. Remember these episodes, they're all available as podcast, wherever you listen. All you got to do is just search "Breaking Analysis" podcast. I publish each week on wikibon.com and siliconangle.com. Or you can email me to get in touch david.vellante@siliconangle.com. You can DM me at dvellante or comment on my LinkedIn posts and please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for Erik Bradley and The Cube Insights powered by ETR. Thanks for watching. Be well. And we'll see you next time on "Breaking Analysis". (upbeat music)

>> From theCUBE Studios in Palo Alto and Boston bringing you data driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> After a two year hiatus, AWS re:Inforce is back on as an in-person event in Boston next week. Like the All-Star break in baseball, re:Inforce gives us an opportunity to evaluate the cyber security market overall, the state of cloud security and cross cloud security and more specifically what AWS is up to in the sector. Welcome to this week's Wikibon cube insights powered by ETR. In this Breaking Analysis we'll share our view of what's changed since our last cyber update in May. We'll look at the macro environment, how it's impacting cyber security plays in the market, what the ETR data tells us and what to expect at next week's AWS re:Inforce. We start this week with a checkpoint from Breaking Analysis contributor and stock trader Chip Simonton. We asked for his assessment of the market generally in cyber stocks specifically. So we'll summarize right here. We've kind of moved on from a narrative of the sky is falling to one where the glass is half empty you know, and before today's big selloff it was looking more and more like glass half full. The SNAP miss has dragged down many of the big names that comprise the major indices. You know, earning season as always brings heightened interest and this time we're seeing many cross currents. It starts as usual with the banks and the money centers. With the exception of JP Morgan the numbers were pretty good according to Simonton. Investment banks were not so great with Morgan and Goldman missing estimates but in general, pretty positive outlooks. But the market also shrugged off IBM's growth. And of course, social media because of SNAP is getting hammered today. The question is no longer recession or not but rather how deep the recession will be. And today's PMI data was the weakest since the start of the pandemic. Bond yields continue to weaken and there's a growing consensus that Fed tightening may be over after September as commodity prices weaken. Now gas prices of course are still high but they've come down. Tesla, Nokia and AT&T all indicated that supply issues were getting better which is also going to help with inflation. So it's no shock that the NASDAQ has done pretty well as beaten down as tech stocks started to look oversold you know, despite today's sell off. But AT&T and Verizon, they blamed their misses in part on people not paying their bills on time. SNAP's huge miss even after guiding lower and then refusing to offer future guidance took that stock down nearly 40% today and other social media stocks are off on sympathy. Meta and Google were off, you know, over 7% at midday. I think at one point hit 14% down and Google, Meta and Twitter have all said they're freezing new hires. So we're starting to see according to Simonton for the first time in a long time, the lower income, younger generation really feeling the pinch of inflation. Along of course with struggling families that have to choose food and shelter over discretionary spend. Now back to the NASDAQ for a moment. As we've been reporting back in mid-June and NASDAQ was off nearly 33% year to date and has since rallied. It's now down about 25% year to date as of midday today. But as I say, it had been, you know much deeper back in early June. But it's broken that downward trend that we talked about where the highs are actually lower and the lows are lower. That's started to change for now anyway. We'll see if it holds. But chip stocks, software stocks, and of course the cyber names have broken those down trends and have been trading above their 50 day moving averages for the first time in around four months. And again, according to Simonton, we'll see if that holds. If it does, that's a positive sign. Now remember on June 24th, we recorded a Breaking Analysis and talked about Qualcomm trading at a 12 X multiple with an implied 15% growth rate. On that day the stock was 124 and it surpassed 155 earlier this month. That was a really good call by Simonton. So looking at some of the cyber players here SailPoint is of course the anomaly with the Thoma Bravo 7 billion acquisition of the company holding that stock up. But the Bug ETF of basket of cyber stocks has definitely improved. When we last reported on cyber in May, CrowdStrike was off 23% year to date. It's now off 4%. Palo Alto has held steadily. Okta is still underperforming its peers as it works through the fallout from the breach and the ingestion of its Auth0 acquisition. Meanwhile, Zscaler and SentinelOne, those high flyers are still well off year to date, with Ping Identity and CyberArk not getting hit as hard as their valuations hadn't run up as much. But virtually all these tech stocks generally in cyber issues specifically, they've been breaking their down trend. So it will now come down to earnings guidance in the coming months. But the SNAP reaction is quite stunning. I mean, the environment is slowing, we know that. Ad spending gets cut in that type of market, we know that too. So it shouldn't be a huge surprise to anyone but as Chip Simonton says, this shows that sellers are still in control here. So it's going to take a little while to work through that despite the positive signs that we're seeing. Okay. We also turned to our friend Eric Bradley from ETR who follows these markets quite closely. He frequently interviews CISOs on his program, on his round tables. So we asked to get his take and here's what ETR is saying. Again, as we've reported while CIOs and IT buyers have tempered spending expectations since December and early January when they called for an 8% plus spending growth, they're still expecting a six to seven percent uptick in spend this year. So that's pretty good. Security remains the number one priority and also is the highest ranked sector in the ETR data set when you measure in terms of pervasiveness in the study. Within security endpoint detection and extended detection and response along with identity and privileged account management are the sub-sectors with the most spending velocity. And when you exclude Microsoft which is just dominant across the board in so many sectors, CrowdStrike has taken over the number one spot in terms of spending momentum in ETR surveys with CyberArk and Tanium showing very strong as well. Okta has seen a big dropoff in net score from 54% last survey to 45% in July as customers maybe put a pause on new Okta adoptions. That clearly shows in the survey. We'll talk about that in a moment. Look Okta still elevated in terms of spending momentum, but it doesn't have the dominant leadership position it once held in spend velocity. Year on year, according to ETR, Tenable and Elastic are seeing the biggest jumps in spending momentum, with SailPoint, Tanium, Veronis, CrowdStrike and Zscaler seeing the biggest jump in new adoptions since the last survey. Now on the downside, SonicWall, Symantec, Trellic which is McAfee, Barracuda and TrendMicro are seeing the highest percentage of defections and replacements. Let's take a deeper look at what the ETR data tells us about the cybersecurity space. This is a popular view that we like to share with net score or spending momentum on the Y axis and overlap or pervasiveness in the data on the X axis. It's a measure of presence in the data set we used to call it market share. With the data, the dot positions, you see that little inserted table, that's how the dots are plotted. And it's important to note that this data is filtered for firms with at least 100 Ns in the survey. That's why some of the other ones that we mentioned might have dropped off. The red dotted line at 40% that indicates highly elevated spending momentum and there are several firms above that mark including of course, Microsoft, which is literally off the charts in both dimensions in the upper right. It's quite incredible actually. But for the rest of the pack, CrowdStrike has now taken back its number one net score position in the ETR survey. And CyberArk and Okta and Zscaler, CloudFlare and Auth0 now Okta through the acquisition, are all above the 40% mark. You can stare at the data at your leisure but I'll just point out, make three quick points. First Palo Alto continues to impress and as steady as she goes. Two, it's a very crowded market still and it's complicated space. And three there's lots of spending in different pockets. This market has too many tools and will continue to consolidate. Now I'd like to drill into a couple of firms net scores and pick out some of the pure plays that are leading the way. This series of charts shows the net score or spending velocity or granularity for Okta, CrowdStrike, Zscaler and CyberArk. Four of the top pure plays in the ETR survey that also have over a hundred responses. Now the colors represent the following. Bright red is defections. We're leaving the platform. The pink is we're spending less, meaning we're spending 6% or worse. The gray is flat spend plus or minus 5%. The forest green is spending more, i.e, 6% or more and the lime green is we're adding the platform new. That red dotted line at the 40% net score mark is the same elevated level that we like to talk about. All four are above that target. Now that blue line you see there is net score. The yellow line is pervasiveness in the data. The data shown in each bar goes back 10 surveys all the way back to January 2020. First I want to call out that all four again are seeing down trends in spending momentum with the whole market. That's that blue line. They're seeing that this quarter, again, the market is off overall. Everybody is kind of seeing that down trend for the most part. Very few exceptions. Okta is being hurt by fewer new additions which is why we highlighted in red, that red dotted area, that square that we put there in the upper right of that Okta bar. That lime green, new ads are off as well. And the gray for Okta, flat spending is noticeably up. So it feels like people are pausing a bit and taking a breather for Okta. And as we said earlier, perhaps with the breach earlier this year and the ingestion of Auth0 acquisition the company is seeing some friction in its business. Now, having said that, you can see Okta's yellow line or presence in the data set, continues to grow. So it's a good proxy from market presence. So Okta remains a leader in identity. So again, I'll let you stare at the data if you want at your leisure, but despite some concerns on declining momentum, notice this very little red at these companies when it comes to the ETR survey data. Now one more data slide which brings us to our four star cyber firms. We started a tradition a few years ago where we sorted the ETR data by net score. That's the left hand side of this graphic. And we sorted by shared end or presence in the data set. That's the right hand side. And again, we filtered by companies with at least 100 N and oh, by the way we've excluded Microsoft just to level the playing field. The red dotted line signifies the top 10. If a company cracks the top 10 in both spending momentum and presence, we give them four stars. So Palo Alto, CrowdStrike, Okta, Fortinet and Zscaler all made the cut this time. Now, as we pointed out in May if you combined Auth0 with Okta, they jumped to the number two on the right hand chart in terms of presence. And they would lead the pure plays there although it would bring down Okta's net score somewhat, as you can see, Auth0's net score is lower than Okta's. So when you combine them it would drag that down a little bit but it would give them bigger presence in the data set. Now, the other point we'll make is that Proofpoint and Splunk both dropped off the four star list this time as they both saw marked declines in net score or spending velocity. They both got four stars last quarter. Okay. We're going to close on what to expect at re:Inforce this coming week. Re:Inforce, if you don't know, is AWS's security event. They first held it in Boston back in 2019. It's dedicated to cloud security. The past two years has been virtual and they announced that reinvent that it would take place in Houston in June, which everybody said, that's crazy. Who wants to go to Houston in June and turns out nobody did so they postponed the event, thankfully. And so now they're back in Boston, starting on Monday. Not that it's going to be much cooler in Boston. Anyway, Steven Schmidt had been the face of AWS security at all these previous events as the Chief Information Security Officer. Now he's dropped the I from his title and is now the Chief Security Officer at Amazon. So he went with Jesse to the mothership. Presumably he dropped the I because he deals with physical security now too, like at the warehouses. Not that he didn't have to worry about physical security at the AWS data centers. I don't know. Anyway, he and CJ Moses who is now the new CISO at AWS will be keynoting along with some others including MongoDB's Chief Information Security Officer. So that should be interesting. Now, if you've been following AWS you'll know they like to break things down into, you know, a couple of security categories. Identity, detection and response, data protection slash privacy slash GRC which is governance, risk and compliance, and we would expect a lot more talk this year on container security. So you're going to hear also product updates and they like to talk about how they're adding value to services and try to help, they try to help customers understand how to apply services. Things like GuardDuty, which is their threat detection that has machine learning in it. They'll talk about Security Hub, which centralizes views and alerts and automates security checks. They have a service called Detective which does root cause analysis, and they have tools to mitigate denial of service attacks. And they'll talk about security in Nitro which isolates a lot of the hardware resources. This whole idea of, you know, confidential computing which is, you know, AWS will point out it's kind of become a buzzword. They take it really seriously. I think others do as well, like Arm. We've talked about that on previous Breaking Analysis. And again, you're going to hear something on container security because it's the hottest thing going right now and because AWS really still serves developers and really that's what they're trying to do. They're trying to enable developers to design security in but you're also going to hear a lot of best practice advice from AWS i.e, they'll share the AWS dogfooding playbooks with you for their own security practices. AWS like all good security practitioners, understand that the keys to a successful security strategy and implementation don't start with the technology, rather they're about the methods and practices that you apply to solve security threats and a top to bottom cultural approach to security awareness, designing security into systems, that's really where the developers come in, and training for continuous improvements. So you're going to get heavy doses of really strong best practices and guidance and you know, some good preaching. You're also going to hear and see a lot of partners. They'll be very visible at re:Inforce. AWS is all about ecosystem enablement and AWS is going to host close to a hundred security partners at the event. This is key because AWS doesn't do it all. Interestingly, they don't even show up in the ETR security taxonomy, right? They just sort of imply that it's built in there even though they have a lot of security tooling. So they have to apply the shared responsibility model not only with customers but partners as well. They need an ecosystem to fill gaps and provide deeper problem solving with more mature and deeper security tooling. And you're going to hear a lot of positivity around how great cloud security is and how it can be done well. But the truth is this stuff is still incredibly complicated and challenging for CISOs and practitioners who are understaffed when it comes to top talent. Now, finally, theCUBE will be at re:Inforce in force. John Furry and I will be hosting two days of broadcast so please do stop by if you're in Boston and say hello. We'll have a little chat, we'll share some data and we'll share our overall impressions of the event, the market, what we're seeing, what we're learning, what we're worried about in this dynamic space. Okay. That's it for today. Thanks for watching. Thanks to Alex Myerson, who is on production and manages the podcast. Kristin Martin and Cheryl Knight, they helped get the word out on social and in our newsletters and Rob Hoff is our Editor in Chief over at siliconangle.com. You did some great editing. Thank you all. Remember all these episodes they're available, this podcast. Wherever you listen, all you do is search Breaking Analysis podcast. I publish each week on wikibon.com and siliconangle.com. You can get in touch with me by emailing avid.vellante@siliconangle.com or DM me @dvellante, or comment on my LinkedIn post and please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching and we'll see you in Boston next week if you're there or next time on Breaking Analysis (soft music)

>> From theCUBE studios in Palo Alto and Boston, bringing you data-driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> The pandemic precipitated what is shaping up to be a permanent shift in cybersecurity spending patterns. As a direct result of hybrid work, CSOs have vested heavily in endpoint security, identity access management, cloud security, and further hardening the network beyond the headquarters. We've reported on this extensively in this Breaking Analysis series. Moreover, the need to build security into applications from the start rather than bolting protection on as an afterthought has led to vastly high heightened awareness around DevSecOps. Finally, attacking security as a data problem with automation and AI is fueling new innovations in cyber products and services and startups. Hello and welcome to this week's Wikibon CUBE Insights powered by ETR. In this Breaking Analysis, we present our quarterly findings in the security industry, and share the latest ETR survey data on the spending momentum and market movers. Let's start with the most recent news in cybersecurity. Nary a week goes by without more concerning news. The latest focus in the headlines is, of course, Russia's relentless cyber attacks on critical infrastructure in the Ukraine, including banking, government websites, weaponizing information. The hacker group, BlackByte, put a double whammy on the San Francisco 49ers, meaning they exfiltrated data and they encrypted the organization's files as part of its ransomware attack. Then there's the best Super Bowl ad last Sunday, the Coinbase floating QR code. Did you catch that? As people rushed to scan the code and participate in the Coinbase Bitcoin giveaway, it highlights yet another exposure, meaning we're always told not to click on links that we don't trust or we've never seen, but so many people activated this random QR code on their smartphones that it crashed Coinbase's website. What does that tell you? In other news, Securonix raised a billion dollars. They did this raise on top of Lacework's massive $1.3 billion raise last November. Both of these companies are attacking security with data automation and APIs that can engage machine intelligence. Securonix, specifically in the announcement, mentioned the uptake from MSSPs, managed security service providers, something we've talked about in this series. And that's a trend that we see as increasingly gaining traction as customers are just drawing in and drowning in security incidents. Peter McKay's company, Snyk, acquired Fugue, a company focused on making sure security policies are consistent throughout the software development life cycle. It's a really an example of a developer-defined security approach where policy can be checked at the dev, deployment, and production phases to ensure the same policies are in place at all stages, including monitoring at runtime. Fugue, according to Crunchbase, had raised $85 million to date. In some other company news, Cisco was rumored to be acquiring Splunk for not much more than Splunk is worth today. And the talks reportedly broke down. This would be a major move in security by Cisco and underscores the pressure to consolidate. Cisco would get an extremely strong customer base and through efficiencies could improve Splunk's profitability, but it seems like the premium Cisco was willing to pay was not enough to entice board to act. Splunk board, that is. Datadog blew away its earnings, and the stock was up 12%. It's pulled back now, thanks to Putin, but it's one of those companies that is disrupting Splunk. Datadog is less than half the size of Splunk, revenue-wise, but its valuation is more than 2 1/2 times greater. Finally, Elastic, another Splunk disruptor, settled its trademark dispute with AWS, and now AWS will now stop using the name Elasticsearch. All right, let's take a high level look at how cyber companies have performed in the stock market over time. Here's a graph of the Cyber ETF, and you can see the March 1st crosshairs of 2020 signifying the start of the lockdown. The trajectory of cybersecurity stocks is shown by the orange and blue lines, and it surely has steepened post March of 2020. And, of course, it's been down with the market lately, but the run up, as you can see, was substantial and eclipsed the trajectory of the previous cycles over the last couple of years, owing much of the momentum to the spending dynamics that we talked about at our open. Let's now drill into some of the names that we've been following over the last few years and take a look at the firm level. This chart shows some data that we've been tracking since before the pandemic. The top rows show the S&P 500 and the NASDAQ prices, and the bottom rows show specific stocks. The first column is the index price or the market cap of the company just before the pandemic, then the same data one year later. Then the next column shows the peak value during the pandemic, and then the current value. Then it shows in the next column where it is today, in percentage terms, i.e., how far has it pulled back from the peak, then the delta from pre-pandemic, in other words, how much did the issue earn or lose during the pandemic for investors? We then compare the pre-pandemic revenue multiple using a trailing 12-month revenue metric. Sorry, that's what we used. It's easy to get. (laughs) And that's the revenue multiple compared to the August in 2020, when multiples were really high, and where they are today, and then a recent quarterly growth rate guide based on the last earnings report. That's the last column. Okay, so I'm throwing a lot of data at you here, but what does it tell us? First, the S&P and the NAS are well up from pre-pandemic levels, yet they're off 9% and 15%, respectively, from their peaks today. That was earlier on Friday morning. Now let's look at the names more closely. Splunk has been struggling. It definitely had a tailwind from the pandemic as all boats seem to rise, but its execution has been lacking. It's now 30% off from its pre-pandemic levels. (groans) And it's multiple is compressing, and perhaps Cisco thought it could pick up the company for a discount. Now let's talk about Palo Alto Networks. We had reported on some of the challenges the company faced moving into a cloud-friendly model. that was before the pandemic. And we talked about the divergence between Palo Alto's stock price and the valuations relative to Fortinet, and we said at the time, we fully expected Palo Alto to rebound, and that's exactly what happened. It rode the tailwinds of the last two years. It's up over 100% from its pre-COVID levels, and its revenue multiple is expanding, owing to the nice growth rates. Now Fortinet had been doing well coming into the pandemic. In fact, we said it was executing on a cloud strategy better than Palo Alto Networks, hence that divergence in valuations at the time. So it didn't get as much of a boost from the pandemic. Didn't get that momentum at first, but the company's been executing very well. And as you can see, with 155% increase in valuation since just before the pandemic, it's going more than okay for Fortinet. Now, Okta is a name that we've really followed closely, the identity access management specialist that rocketed. But since it's Auth0 acquisition, it's pulled back. Investors are concerned about its guidance and its profitability. And several analyst have downgraded their price targets on Okta. We still really like the company. The Auth0 acquisition gives Okta a developer vector, and we think the company is going hard after market presence and is willing to sacrifice short-term profitability. We actually like that posture. It's very Frank Slupin-like. This company spends a lot of money on R&D and go-to-market. The question is, does Okta have inherent profitability? The company, as they say, spends a ton in some really key areas but it looks to us like it's going to establish a footprint. It's guiding revenue CAGR in the mid-30s over the mid to long-term and near term should beat that benchmark handily. But you can see the red highlights on Okta. And even though Okta is up 59% from its pre-pandemic levels, it's far behind its peers shown in the chart, especially CrowdStrike and Zscaler, the latter being somewhat less impacted by the pullback in stocks recently, of course, due to the fears of inflation and interest rates, and, of course, Russian invasion escalation. But these high flyers, they were bound to pull back. The question is can they maintain their category leadership? And for the most part, we think they can. All right, let's get into some of the ETR data. Here's our favorite XY view with net score, or spending momentum on the Y-axis, and market share or pervasiveness in the data center on the horizontal axis. That red 40% line, that indicates a highly elevated spending level. And the chart inserts to the right, that shows how the data is plotted with net score and shared N in each of the columns by each company. Okay, so this is an eye chart, but there really are three main takeaways. One is that it's a crowded market. And this shows only the companies ETR captures in its survey. We filtered on those that had more than 50 mentions. So there's others in the ETR survey that we're not showing here, and there are many more out there which don't get reported in the spending data in the ETR survey. Secondly, there are a lot of companies above the 40% mark, and plenty with respectable net scores just below. Third, check out SentinelOne, Elastic, Tanium, Datadog, Netskope, and Darktrace. Each has under 100 N's but we're watching these companies closely. They're popping up in the survey, and they're catching our attention, especially SentinelOne, post-IPO. So we wanted to pare this back a bit and filter the data some more. So let's look at companies with more than 100 mentions in the same chart. It gets a little cleaner this picture, but it's still crowded. Auth0 leads everyone in net score. Okta is also up there, so that's very positive sign since they had just acquired Auth0. CrowdStrike SalePoint, Cyberark, CloudFlare, and Zscaler are all right up there as well. And then there's the bigger security companies. Palo Alto Network, very impressive because it's well above the 40% mark, and it has a big presence in the survey, and, of course, in the market. And Microsoft as well. They're such a big whale. They skew the data for everybody else to kind of mess up these charts. And the position of Cisco and Splunk make for an interesting combination. They get both decent net scores, not above the 40% line but they got a good presence in the survey as well. Thinking about the acquisition, Al Shugart was the CEO of of Seagate, and founder. Brilliant Silicon valley icon and engineer. Great business person. I was asking him one time, hey, you thinking about buying this company or that company? And of course, he's not going to tell me who he's thinking about buying or acquiring. He said, let me just tell you this. If you want to know what I'm thinking, ask yourself if it were free, would you take it? And he said the answer's not always obviously yes, because acquisitions can be messy and disruptive. In the case of Cisco and Splunk, I think the answer would be a definitive yes It would expand Cisco's portfolio and make it the leader in security, with an opportunity to bring greater operating leverage to Splunk. Cisco's just got to pay more if it wants that asset. It's got to pay more than the supposed $20 billion offer that it made. It's going to have to get kind of probably north of 23 billion. I pinged my ETR colleague, Erik Bradley, on this, and he generally agreed. He's very close to the security space. He said, Splunk isn't growing the customer base but the customers are sticky. I totally agree. Cisco could roll Splunk into its security suite. Splunk is the leader in that space, security information and event management, and Cisco really is missing that piece of the pie. All right, let's filter the data even more and look at some of the companies that have moved in the survey over the past year and a half. We'll go back here to July 2020. Same two-dimensional chart. And we're isolating here Auth0, Okta, SalePoint CrowdStrike, Zscaler, Cyberark, Fortinet, and Cisco. No Microsoft. That cleans up the chart. Okay, why these firms? Because they've made some major moves to the right, and some even up since last July. And that's what this next chart shows. Here's the data from the January 2022 survey. The arrow start points show the position that we just showed you earlier in July 2020, and all these players have made major moves to the right. How come? Well, it's likely a combination of strong execution, and the fact that security is on the radar of every CEO, CIO, of course, CSOs, business heads, boards of directors. Everyone is thinking about security. The market momentum is there, especially for the leaders. And it's quite tremendous. All right, let's now look at what's become a bit of a tradition with Breaking Analysis, and look at the firms that have earned four stars. Four-star firms are leaders in the ETR survey that demonstrate both a large presence, that's that X-axis that we showed you, and elevated spending momentum. Now in this chart, we filter the N's. Has to be greater than 100. And we isolate on those companies. So more than 100 responses in the survey. On the left-hand side of the chart, we sort by net score or spending velocity. On the right-hand side, we sort by shared N's or presence in the dataset. We show the top 20 for each of the categories. And the red line shows the top 10 cutoffs. Companies that show up in the top 10 for both spending momentum and presence in the data set earn four stars. If they show up in one, and make the top 10 in one, and make the top 20 in the other, they get two stars. And we've added a one-star category as honorable mention for those companies that make the top 20 in both categories. Microsoft, Palo Alto Networks, CrowdStrike, and Okta make the four-star grade. Okta makes it even without Auth0, which has the number one net score in this data set with 115 shared N to boot. So you can add that to Okta. The weighted average would pull Okta's net score to just above Cyberark's into fourth place. And its shared N would bump Okta up to third place on the right-hand side of the chart Cisco, Splunk, Proofpoint, KnowBe4, Zscaler, and Cyberark get two stars. And then you can see the honorable mentions with one star. Now thinking about a Cisco, Splunk combination. You'd get an entity with a net score in the mid-20s. Yeah, not too bad, definitely respectable. But they'd be number one on the right-hand side of this chart, with the largest market presence in the survey by far. Okay, let's wrap. The trends around hybrid work, cloud migration and the attacker escalation that continue to drive cybersecurity momentum and they're going to do so indefinitely. And we've got some bullet points here that you're seeing private companies, (laughs) they're picking up gobs of money, which really speaks to the fact that there's no silver bullet in this market. It's complex, chaotic, and cash-rich. This idea of MSSPs on the rise is going to continue, we think. About half the mid-size and large organization in the US don't have a SecOps, a security operation center, and outsourcing to one that can be tapped on a consumption basis, cloud-like, as a service just makes sense to us. We see the momentum that companies that we've highlighted over the many quarters of Breaking Analysis are forming. They're forming a strong base in the market. They're going for market share and footprint, and they're focusing on growth, at bringing in new talent. They have good balance sheets and strong management teams and we think they'll be leading companies in the future, Zscaler, CrowdStrike, Okta, SentinelOne, Cyberark, SalePoint, over time, joining the ranks of billion dollar cyber firms, when I say billion dollar, billion dollar revenue like Palo Alto Networks, Fortinet, and Splunk, if it doesn't get acquired. These independent firms that really focus on security. Which underscores the pressure and consolidation and M&A in the whole space. It's almost assured with the fragmentation of companies and so many new entrants fighting for escape velocity that this market is going to continue with robust M&A and consolidation. Okay, that's it for today. Thanks to my colleague, Stephanie Chan, who helped research this week's topics, and Alex Myerson on the production team. He also manages the Breaking Analysis podcast. Kristen Martin and Cheryl Knight, who get the word out. Thank you to all. Remember these episodes are all available as podcasts wherever you listen. All you do is search Breaking Analysis podcast. Check out ETR's website at etr.ai. We also publish a full report every week on wikibon.com and siliconangle.com. You can email me at david.vellante@siliconangle.com. @dvellante is my DM. Comment on our LinkedIn posts. This is Dave Vellante for theCUBE Insights powered by ETR. Have a great week. Be safe, be well, and we'll see you next time. (upbeat music)

>> From theCUBE Studios in Palo Alto and Boston, bringing you data-driven insights from theCUBE and ETR, this is Breaking Analysis with Dave Vellante. >> The pandemic has changed the way we think about and predict the future. As we enter the third year of a global pandemic, we see the significant impact that it's had on technology strategy, spending patterns, and company fortunes Much has changed. And while many of these changes were forced reactions to a new abnormal, the trends that we've seen over the past 24 months have become more entrenched, and point to the way that's coming ahead in the technology business. Hello and welcome to this week's Wikibon CUBE Insights powered by ETR. In this Breaking Analysis, we welcome our partner and colleague and business friend, Erik Porter Bradley, as we deliver what's becoming an annual tradition for Erik and me, our predictions for Enterprise Technology in 2022 and beyond Erik, welcome. Thanks for taking some time out. >> Thank you, Dave. Luckily we did pretty well last year, so we were able to do this again. So hopefully we can keep that momentum going. >> Yeah, you know, I want to mention that, you know, we get a lot of inbound predictions from companies and PR firms that help shape our thinking. But one of the main objectives that we have is we try to make predictions that can be measured. That's why we use a lot of data. Now not all will necessarily fit that parameter, but if you've seen the grading of our 2021 predictions that Erik and I did, you'll see we do a pretty good job of trying to put forth prognostications that can be declared correct or not, you know, as black and white as possible. Now let's get right into it. Our first prediction, we're going to go run into spending, something that ETR surveys for quarterly. And we've reported extensively on this. We're calling for tech spending to increase somewhere around 8% in 2022, we can see there on the slide, Erik, we predicted spending last year would increase by 4% IDC. Last check was came in at five and a half percent. Gardner was somewhat higher, but in general, you know, not too bad, but looking ahead, we're seeing an acceleration from the ETR September surveys, as you can see in the yellow versus the blue bar in this chart, many of the SMBs that were hard hit by the pandemic are picking up spending again. And the ETR data is showing acceleration above the mean for industries like energy, utilities, retail, and services, and also, notably, in the Forbes largest 225 private companies. These are companies like Mars or Koch industries. They're predicting well above average spending for 2022. So Erik, please weigh in here. >> Yeah, a lot to bring up on this one, I'm going to be quick. So 1200 respondents on this, over a third of which were at the C-suite level. So really good data that we brought in, the usual bucket of, you know, fortune 500, global 2000 make up the meat of that median, but it's 8.3% and rising with momentum as we see. What's really interesting right now is that energy and utilities. This is usually like, you know, an orphan stock dividend type of play. You don't see them at the highest point of tech spending. And the reason why right now is really because this state of tech infrastructure in our energy infrastructure needs help. And it's obvious, remember the Florida municipality break reach last year? When they took over the water systems or they had the ability to? And this is a real issue, you know, there's bad nation state actors out there, and I'm no alarmist, but the energy and utility has to spend this money to keep up. It's really important. And then you also hit on the retail consumer. Obviously what's happened, the work from home shift created a shop from home shift, and the trends that are happening right now in retail. If you don't spend and keep up, you're not going to be around much longer. So I think the really two interesting things here to call out are energy utilities, usually a laggard in IT spend and it's leading, and also retail consumer, a lot of changes happening. >> Yeah. Great stuff. I mean, I recall when we entered the pandemic, really ETR was the first to emphasize the impact that work from home was going to have, so I really put a lot of weight on this data. Okay. Our next prediction is we're going to get into security, it's one of our favorite topics. And that is that the number one priority that needs to be addressed by organizations in 2022 is security and you can see, in this slide, the degree to which security is top of mind, relative to some other pretty important areas like cloud, productivity, data, and automation, and some others. Now people may say, "Oh, this is obvious." But I'm going to add some context here, Erik, and then bring you in. First, organizations, they don't have unlimited budgets. And there are a lot of competing priorities for dollars, especially with the digital transformation mandate. And depending on the size of the company, this data will vary. For example, while security is still number one at the largest public companies, and those are of course of the biggest spenders, it's not nearly as pronounced as it is on average, or in, for example, mid-sized companies and government agencies. And this is because midsized companies or smaller companies, they don't have the resources that larger companies do. Larger companies have done a better job of securing their infrastructure. So these mid-size firms are playing catch up and the data suggests cyber is even a bigger priority there, gaps that they have to fill, you know, going forward. And that's why we think there's going to be more demand for MSSPs, managed security service providers. And we may even see some IPO action there. And then of course, Erik, you and I have talked about events like the SolarWinds Hack, there's more ransomware attacks, other vulnerabilities. Just recently, like Log4j in December. All of this has heightened concerns. Now I want to talk a little bit more about how we measure this, you know, relatively, okay, it's an obvious prediction, but let's stick our necks out a little bit. And so in addition to the rise of managed security services, we're calling for M&A and/or IPOs, we've specified some names here on this chart, and we're also pointing to the digital supply chain as an area of emphasis. Again, Log4j really shone that under a light. And this is going to help the likes of Auth0, which is now Okta, SailPoint, which is called out on this chart, and some others. We're calling some winners in end point security. Erik, you're going to talk about sort of that lifecycle, that transformation that we're seeing, that migration to new endpoint technologies that are going to benefit from this reset refresh cycle. So Erik, weigh in here, let's talk about some of the elements of this prediction and some of the names on that chart. >> Yeah, certainly. I'm going to start right with Log4j top of mind. And the reason why is because we're seeing a real paradigm shift here where things are no longer being attacked at the network layer, they're being attacked at the application layer, and in the application stack itself. And that is a huge shift left. And that's taking in DevSecOps now as a real priority in 2022. That's a real paradigm shift over the last 20 years. That's not where attacks used to come from. And this is going to have a lot of changes. You called out a bunch of names in there that are, they're either going to work. I would add to that list Wiz. I would add Orca Security. Two names in our emerging technology study, in addition to the ones you added that are involved in cloud security and container security. These names are either going to get gobbled up. So the traditional legacy names are going to have to start writing checks and, you know, legacy is not fair, but they're in the data center, right? They're, on-prem, they're not cloud native. So these are the names that money is going to be flowing to. So they're either going to get gobbled up, or we're going to see some IPO's. And on the other thing I want to talk about too, is what you mentioned. We have CrowdStrike on that list, We have SentinalOne on the list. Everyone knows them. Our data was so strong on Tanium that we actually went positive for the first time just today, just this morning, where that was released. The trifecta of these are so important because of what you mentioned, under resourcing. We can't have security just tell us when something happens, it has to automate, and it has to respond. So in this next generation of EDR and XDR, an automated response has to happen because people are under-resourced, salaries are really high, there's a skill shortage out there. Security has to become responsive. It can't just monitor anymore. >> Yeah. Great. And we should call out too. So we named some names, Snyk, Aqua, Arctic Wolf, Lacework, Netskope, Illumio. These are all sort of IPO, or possibly even M&A candidates. All right. Our next prediction goes right to the way we work. Again, something that ETR has been on for awhile. We're calling for a major rethink in remote work for 2022. We had predicted last year that by the end of 2021, there'd be a larger return to the office with the norm being around a third of workers permanently remote. And of course the variants changed that equation and, you know, gave more time for people to think about this idea of hybrid work and that's really come in to focus. So we're predicting that is going to overtake fully remote as the dominant work model with only about a third of the workers back in the office full-time. And Erik, we expect a somewhat lower percentage to be fully remote. It's now sort of dipped under 30%, at around 29%, but it's still significantly higher than the historical average of around 15 to 16%. So still a major change, but this idea of hybrid and getting hybrid right, has really come into focus. Hasn't it? >> Yeah. It's here to stay. There's no doubt about it. We started this in March of 2020, as soon as the virus hit. This is the 10th iteration of the survey. No one, no one ever thought we'd see a number where only 34% of people were going to be in office permanently. That's a permanent number. They're expecting only a third of the workers to ever come back fully in office. And against that, there's 63% that are saying their permanent workforce is going to be either fully remote or hybrid. And this, I can't really explain how big of a paradigm shift this is. Since the start of the industrial revolution, people leave their house and go to work. Now they're saying that's not going to happen. The economic impact here is so broad, on so many different areas And, you know, the reason is like, why not? Right? The productivity increase is real. We're seeing the productivity increase. Enterprises are spending on collaboration tools, productivity tools, We're seeing an increased perception in productivity of their workforce. And the CFOs can cut down an expense item. I just don't see a reason why this would end, you know, I think it's going to continue. And I also want to point out these results, as high as they are, were before the Omicron wave hit us. I can only imagine what these results would have been if we had sent the survey out just two or three weeks later. >> Yeah. That's a great point. Okay. Next prediction, we're going to look at the supply chain, specifically in how it's affecting some of the hardware spending and cloud strategies in the future. So in this chart, ETRS buyers, have you experienced problems procuring hardware as a result of supply chain issues? And, you know, despite the fact that some companies are, you know, I would call out Dell, for example, doing really well in terms of delivering, you can see that in the numbers, it's pretty clear, there's been an impact. And that's not not an across the board, you know, thing where vendors are able to deliver, especially acute in PCs, but also pronounced in networking, also in firewall servers and storage. And what's interesting is how companies are responding and reacting. So first, you know, I'm going to call the laptop and PC demand staying well above pre-COVID norms. It had peaked in 2012. Pre-pandemic it kept dropping and dropping and dropping, in terms of, you know, unit volume, where the market was contracting. And we think can continue to grow this year in double digits in 2022. But what's interesting, Erik, is when you survey customers, is despite the difficulty they're having in procuring network hardware, there's as much of a migration away from existing networks to the cloud. You could probably comment on that. Their networks are more fossilized, but when it comes to firewalls and servers and storage, there's a much higher propensity to move to the cloud. 30% of customers that ETR surveyed will replace security appliances with cloud services and 41% and 34% respectively will move to cloud compute and storage in 2022. So cloud's relentless march on traditional on-prem models continues. Erik, what do you make of this data? Please weigh in on this prediction. >> As if we needed another reason to go to the cloud. Right here, here it is yet again. So this was added to the survey by client demand. They were asking about the procurement difficulties, the supply chain issues, and how it was impacting our community. So this is the first time we ran it. And it really was interesting to see, you know, the move there. And storage particularly I found interesting because it correlated with a huge jump that we saw on one of our vendor names, which was Rubrik, had the highest net score that it's ever had. So clearly we're seeing some correlation with some of these names that are there, you know, really well positioned to take storage, to take data into the cloud. So again, you didn't need another reason to, you know, hasten this digital transformation, but here we are, we have it yet again, and I don't see it slowing down anytime soon. >> You know, that's a really good point. I mean, it's not necessarily bad news for the... I mean, obviously you wish that it had no change, would be great, but things, you know, always going to change. So we'll talk about this a little bit later when we get into the Supercloud conversation, but this is an opportunity for people who embrace the cloud. So we'll come back to that. And I want to hang on cloud a bit and share some recent projections that we've made. The next prediction is the big four cloud players are going to surpass 167 billion, an IaaS and PaaS revenue in 2022. We track this. Observers of this program know that we try to create an apples to apples comparison between AWS, Azure, GCP and Alibaba in IaaS and PaaS. So we're calling for 38% revenue growth in 2022, which is astounding for such a massive market. You know, AWS is probably not going to hit a hundred billion dollar run rate, but they're going to be close this year. And we're going to get there by 2023, you know they're going to surpass that. Azure continues to close the gap. Now they're about two thirds of the size of AWS and Google, we think is going to surpass Alibaba and take the number three spot. Erik, anything you'd like to add here? >> Yeah, first of all, just on a sector level, we saw our sector, new survey net score on cloud jumped another 10%. It was already really high at 48. Went up to 53. This train is not slowing down anytime soon. And we even added an edge compute type of player, like CloudFlare into our cloud bucket this year. And it debuted with a net score of almost 60. So this is really an area that's expanding, not just the big three, but everywhere. We even saw Oracle and IBM jump up. So even they're having success, taking some of their on-prem customers and then selling them to their cloud services. This is a massive opportunity and it's not changing anytime soon, it's going to continue. >> And I think the operative word there is opportunity. So, you know, the next prediction is something that we've been having fun with and that's this Supercloud becomes a thing. Now, the reason I say we've been having fun is we put this concept of Supercloud out and it's become a bit of a controversy. First, you know, what the heck's the Supercloud right? It's sort of a buzz-wordy term, but there really is, we believe, a thing here. We think there needs to be a rethinking or at least an evolution of the term multi-cloud. And what we mean is that in our view, you know, multicloud from a vendor perspective was really cloud compatibility. It wasn't marketed that way, but that's what it was. Either a vendor would containerize its legacy stack, shove it into the cloud, or a company, you know, they'd do the work, they'd build a cloud native service on one of the big clouds and they did do it for AWS, and then Azure, and then Google. But there really wasn't much, if any, leverage across clouds. Now from a buyer perspective, we've always said multicloud was a symptom of multi-vendor, meaning I got different workloads, running in different clouds, or I bought a company and they run on Azure, and I do a lot of work on AWS, but generally it wasn't necessarily a prescribed strategy to build value on top of hyperscale infrastructure. There certainly was somewhat of a, you know, reducing lock-in and hedging the risk. But we're talking about something more here. We're talking about building value on top of the hyperscale gift of hundreds of billions of dollars in CapEx. So in addition, we're not just talking about transforming IT, which is what the last 10 years of cloud have been like. And, you know, doing work in the cloud because it's cheaper or simpler or more agile, all of those things. So that's beginning to change. And this chart shows some of the technology vendors that are leaning toward this Supercloud vision, in our view, building on top of the hyperscalers that are highlighted in red. Now, Jerry Chan at Greylock, they wrote a piece called Castles in the Cloud. It got our thinking going, and he and the team at Greylock, they're building out a database of all the cloud services and all the sub-markets in cloud. And that got us thinking that there's a higher level of abstraction coalescing in the market, where there's tight integration of services across clouds, but the underlying complexity is hidden, and there's an identical experience across clouds, and even, in my dreams, on-prem for some platforms, so what's new or new-ish and evolving are things like location independence, you've got to include the edge on that, metadata services to optimize locality of reference and data source awareness, governance, privacy, you know, application independent and dependent, actually, recovery across clouds. So we're seeing this evolve. And in our view, the two biggest things that are new are the technology is evolving, where you're seeing services truly integrate cross-cloud. And the other big change is digital transformation, where there's this new innovation curve developing, and it's not just about making your IT better. It's about SaaS-ifying and automating your entire company workflows. So Supercloud, it's not just a vendor thing to us. It's the evolution of, you know, the, the Marc Andreessen quote, "Every company will be a SaaS company." Every company will deliver capabilities that can be consumed as cloud services. So Erik, the chart shows spending momentum on the y-axis and net score, or presence in the ETR data center, or market share on the x-axis. We've talked about snowflake as the poster child for this concept where the vision is you're in their cloud and sharing data in that safe place. Maybe you could make some comments, you know, what do you think of this Supercloud concept and this change that we're sensing in the market? >> Well, I think you did a great job describing the concept. So maybe I'll support it a little bit on the vendor level and then kind of give examples of the ones that are doing it. You stole the lead there with Snowflake, right? There is no better example than what we've seen with what Snowflake can do. Cross-portability in the cloud, the ability to be able to be, you know, completely agnostic, but then build those services on top. They're better than anything they could offer. And it's not just there. I mean, you mentioned edge compute, that's a whole nother layer where this is coming in. And CloudFlare, the momentum there is out of control. I mean, this is a company that started off just doing CDN and trying to compete with Okta Mite. And now they're giving you a full soup to nuts with security and actual edge compute layer, but it's a fantastic company. What they're doing, it's another great example of what you're seeing here. I'm going to call out HashiCorp as well. They're more of an infrastructure services, a little bit more of an open-source freemium model, but what they're doing as well is completely cloud agnostic. It's dynamic. It doesn't care if you're in a container, it doesn't matter where you are. They recently IPO'd and they're down 25%, but their data looks so good across both of our emerging technology and TISA survey. It's certainly another name that's playing on this. And another one that we mentioned as well is Rubrik. If you need storage, compute, and in the cloud layer and you need to be agnostic to it, they're another one that's really playing in this space. So I think it's a great concept you're bringing up. I think it's one that's here to stay and there's certainly a lot of vendors that fit into what you're describing. >> Excellent. Thank you. All right, let's shift to data. The next prediction, it might be a little tough to measure. Before I said we're trying to be a little black and white here, but it relates to Data Mesh, which is, the ideas behind that term were created by Zhamak Dehghani of ThoughtWorks. And we see Data Mesh is really gaining momentum in 2022, but it's largely going to be, we think, confined to a more narrow scope. Now, the impetus for change in data architecture in many companies really stems from the fact that their Hadoop infrastructure really didn't solve their data problems and they struggle to get more value out of their data investments. Data Mesh prescribes a shift to a decentralized architecture in domain ownership of data and a shift to data product thinking, beyond data for analytics, but data products and services that can be monetized. Now this a very powerful in our view, but they're difficult for organizations to get their heads around and further decentralization creates the need for a self-service platform and federated data governance that can be automated. And not a lot of standards around this. So it's going to take some time. At our power panel a couple of weeks ago on data management, Tony Baer predicted a backlash on Data Mesh. And I don't think it's going to be so much of a backlash, but rather the adoption will be more limited. Most implementations we think are going to use a starting point of AWS and they'll enable domains to access and control their own data lakes. And while that is a very small slice of the Data Mesh vision, I think it's going to be a starting point. And the last thing I'll say is, this is going to take a decade to evolve, but I think it's the right direction. And whether it's a data lake or a data warehouse or a data hub or an S3 bucket, these are really, the concept is, they'll eventually just become nodes on the data mesh that are discoverable and access is governed. And so the idea is that the stranglehold that the data pipeline and process and hyper-specialized roles that they have on data agility is going to evolve. And decentralized architectures and the democratization of data will eventually become a norm for a lot of different use cases. And Erik, I wonder if you'd add anything to this. >> Yeah. There's a lot to add there. The first thing that jumped out to me was that that mention of the word backlash you said, and you said it's not really a backlash, but what it could be is these are new words trying to solve an old problem. And I do think sometimes the industry will notice that right away and maybe that'll be a little pushback. And the problems are what you already mentioned, right? We're trying to get to an area where we can have more assets in our data site, more deliverable, and more usable and relevant to the business. And you mentioned that as self-service with governance laid on top. And that's really what we're trying to get to. Now, there's a lot of ways you can get there. Data fabric is really the technical aspect and data mesh is really more about the people, the process, and the governance, but the two of those need to meet, in order to make that happen. And as far as tools, you know, there's even cataloging names like Informatica that play in this, right? Istio plays in this, Snowflake plays in this. So there's a lot of different tools that will support it. But I think you're right in calling out AWS, right? They have AWS Lake, they have AWS Glue. They have so much that's trying to drive this. But I think the really important thing to keep here is what you said. It's going to be a decade long journey. And by the way, we're on the shoulders of giants a decade ago that have even gotten us to this point to talk about these new words because this has been an ongoing type of issue, but ultimately, no matter which vendors you use, this is going to come down to your data governance plan and the data literacy in your business. This is really about workflows and people as much as it is tools. So, you know, the new term of data mesh is wonderful, but you still have to have the people and the governance and the processes in place to get there. >> Great, thank you for that, Erik. Some great points. All right, for the next prediction, we're going to shine the spotlight on two of our favorite topics, Snowflake and Databricks, and the prediction here is that, of course, Databricks is going to IPO this year, as expected. Everybody sort of expects that. And while, but the prediction really is, well, while these two companies are facing off already in the market, they're also going to compete with each other for M&A, especially as Databricks, you know, after the IPO, you're going to have, you know, more prominence and a war chest. So first, these companies, they're both looking pretty good, the same XY graph with spending velocity and presence and market share on the horizontal axis. And both Snowflake and Databricks are well above that magic 40% red dotted line, the elevated line, to us. And for context, we've included a few other firms. So you can see kind of what a good position these two companies are really in, especially, I mean, Snowflake, wow, it just keeps moving to the right on this horizontal picture, but maintaining the next net score in the Y axis. Amazing. So, but here's the thing, Databricks is using the term Lakehouse implying that it has the best of data lakes and data warehouses. And Snowflake has the vision of the data cloud and data sharing. And Snowflake, they've nailed analytics, and now they're moving into data science in the domain of Databricks. Databricks, on the other hand, has nailed data science and is moving into the domain of Snowflake, in the data warehouse and analytics space. But to really make this seamless, there has to be a semantic layer between these two worlds and they're either going to build it or buy it or both. And there are other areas like data clean rooms and privacy and data prep and governance and machine learning tooling and AI, all that stuff. So the prediction is they'll not only compete in the market, but they'll step up and in their competition for M&A, especially after the Databricks IPO. We've listed some target names here, like Atscale, you know, Iguazio, Infosum, Habu, Immuta, and I'm sure there are many, many others. Erik, you care to comment? >> Yeah. I remember a year ago when we were talking Snowflake when they first came out and you, and I said, "I'm shocked if they don't use this war chest of money" "and start going after more" "because we know Slootman, we have so much respect for him." "We've seen his playbook." And I'm actually a little bit surprised that here we are, at 12 months later, and he hasn't spent that money yet. So I think this prediction's just spot on. To talk a little bit about the data side, Snowflake is in rarefied air. It's all by itself. It is the number one net score in our entire TISA universe. It is absolutely incredible. There's almost no negative intentions. Global 2000 organizations are increasing their spend on it. We maintain our positive outlook. It's really just, you know, stands alone. Databricks, however, also has one of the highest overall net sentiments in the entire universe, not just its area. And this is the first time we're coming up positive on this name as well. It looks like it's not slowing down. Really interesting comment you made though that we normally hear from our end-user commentary in our panels and our interviews. Databricks is really more used for the data science side. The MLAI is where it's best positioned in our survey. So it might still have some catching up to do to really have that caliber of usability that you know Snowflake is seeing right now. That's snowflake having its own marketplace. There's just a lot more to Snowflake right now than there is Databricks. But I do think you're right. These two massive vendors are sort of heading towards a collision course, and it'll be very interesting to see how they deploy their cash. I think Snowflake, with their incredible management and leadership, probably will make the first move. >> Well, I think you're right on that. And by the way, I'll just add, you know, Databricks has basically said, hey, it's going to be easier for us to come from data lakes into data warehouse. I'm not sure I buy that. I think, again, that semantic layer is a missing ingredient. So it's going to be really interesting to see how this plays out. And to your point, you know, Snowflake's got the war chest, they got the momentum, they've got the public presence now since November, 2020. And so, you know, they're probably going to start making some aggressive moves. Anyway, next prediction is something, Erik, that you and I have talked about many, many times, and that is observability. I know it's one of your favorite topics. And we see this world screaming for more consolidation it's going all in on cloud native. These legacy stacks, they're fighting to stay relevant, but the direction is pretty clear. And the same XY graph lays out the players in the field, with some of the new entrants that we've also highlighted, like Observe and Honeycomb and ChaosSearch that we've talked about. Erik, we put a big red target around Splunk because everyone wants their gold. So please give us your thoughts. >> Oh man, I feel like I've been saying negative things about Splunk for too long. I've got a bad rap on this name. The Splunk shareholders come after me all the time. Listen, it really comes down to this. They're a fantastic company that was designed to do logging and monitoring and had some great tool sets around what you could do with it. But they were designed for the data center. They were designed for prem. The world we're in now is so dynamic. Everything I hear from our end user community is that all net new workloads will be going to cloud native players. It's that simple. So Splunk has entrenched. It's going to continue doing what it's doing and it does it really, really well. But if you're doing something new, the new workloads are going to be in a dynamic environment and that's going to go to the cloud native players. And in our data, it is extremely clear that that means Datadog and Elastic. They are by far number one and two in net score, increase rates, adoption rates. It's not even close. Even New Relic actually is starting to, you know, entrench itself really well. We saw New Relic's adoption's going up, which is super important because they went to that freemium model, you know, to try to get their little bit of an entrenched customer base and that's working as well. And then you made a great list here, of all the new entrants, but it goes beyond this. There's so many more. In our emerging technology survey, we're seeing Century, Catchpoint, Securonix, Lucid Works. There are so many options in this space. And let's not forget, the biggest data that we're seeing is with Grafana. And Grafana labs as yet to turn on their enterprise. Elastic did it, why can't Grafana labs do it? They have an enterprise stack. So when you look at how crowded this space is, there has to be consolidation. I recently hosted a panel and every single guy on that panel said, "Please give me a consolidation." Because they're the end users trying to actually deploy these and it's getting a little bit confusing. >> Great. Thank you for that. Okay. Last prediction. Erik, might be a little out of your wheelhouse, but you know, you might have some thoughts on it. And that's a hybrid events become the new digital model and a new category in 2022. You got these pure play digital or virtual events. They're going to take a back seat to in-person hybrids. The virtual experience will eventually give way to metaverse experiences and that's going to take some time, but the physical hybrid is going to drive it. And metaverse is ultimately going to define the virtual experience because the virtual experience today is not great. Nobody likes virtual. And hybrid is going to become the business model. Today's pure virtual experience has to evolve, you know, theCUBE first delivered hybrid mid last decade, but nobody really wanted it. We did Mobile World Congress last summer in Barcelona in an amazing hybrid model, which we're showing in some of the pictures here. Alex, if you don't mind bringing that back up. And every physical event that we're we're doing now has a hybrid and virtual component, including the pre-records. You can see in our studios, you see that the green screen. I don't know. Erik, what do you think about, you know, the Zoom fatigue and all this. I know you host regular events with your round tables, but what are your thoughts? >> Well, first of all, I think you and your company here have just done an amazing job on this. So that's really your expertise. I spent 20 years of my career hosting intimate wall street idea dinners. So I'm better at navigating a wine list than I am navigating a conference floor. But I will say that, you know, the trend just goes along with what we saw. If 35% are going to be fully remote. If 70% are going to be hybrid, then our events are going to be as well. I used to host round table dinners on, you know, one or two nights a week. Now those have gone virtual. They're now panels. They're now one-on-one interviews. You know, we do chats. We do submitted questions. We do what we can, but there's no reason that this is going to change anytime soon. I think you're spot on here. >> Yeah. Great. All right. So there you have it, Erik and I, Listen, we always love the feedback. Love to know what you think. Thank you, Erik, for your partnership, your collaboration, and love doing these predictions with you. >> Yeah. I always enjoy them too. And I'm actually happy. Last year you made us do a baker's dozen, so thanks for keeping it to 10 this year. >> (laughs) We've got a lot to say. I know, you know, we cut out. We didn't do much on crypto. We didn't really talk about SaaS. I mean, I got some thoughts there. We didn't really do much on containers and AI. >> You want to keep going? I've got another 10 for you. >> RPA...All right, we'll have you back and then let's do that. All right. All right. Don't forget, these episodes are all available as podcasts, wherever you listen, all you can do is search Breaking Analysis podcast. Check out ETR's website at etr.plus, they've got a new website out. It's the best data in the industry, and we publish a full report every week on wikibon.com and siliconangle.com. You can always reach out on email, David.Vellante@siliconangle.com I'm @DVellante on Twitter. Comment on our LinkedIn posts. This is Dave Vellante for the Cube Insights powered by ETR. Have a great week, stay safe, be well. And we'll see you next time. (mellow music)

>> From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is "Breaking Analysis" with Dave Vellante. >> When Facebook changed its name to Meta last fall, it catalyzed a chain reaction throughout the tech industry. Software firms, gaming companies, chip makers, device manufacturers, and others have joined in hype machine. Now, it's easy to dismiss the metaverse as futuristic hyperbole, but do we really believe that tapping on a smartphone, or staring at a screen, or two-dimensional Zoom meetings are the future of how we work, play, and communicate? As the internet itself proved to be larger than we ever imagined, it's very possible, and even quite likely that the combination of massive processing power, cheap storage, AI, blockchains, crypto, sensors, AR, VR, brain interfaces, and other emerging technologies will combine to create new and unimaginable consumer experiences, and massive wealth for creators of the metaverse. Hello, and welcome to this week's Wiki Bond Cube Insights, powered by ETR. In this "Breaking Analysis" we welcome in cyber expert, hacker gamer, NFT expert, and founder of ORE System, Nick Donarski. Nick, welcome, thanks so much for coming on theCUBE. >> Thank you, sir, glad to be here. >> Yeah, okay, so today we're going to traverse two parallel paths, one that took Nick from security expert and PenTester to NFTs, tokens, and the metaverse. And we'll simultaneously explore the complicated world of cybersecurity in the enterprise, and how the blockchain, crypto, and NFTs will provide key underpinnings for digital ownership in the metaverse. We're going to talk a little bit about blockchain, and crypto, and get things started there, and some of the realities and misconceptions, and how innovations in those worlds have led to the NFT craze. We'll look at what's really going on in NFTs and why they're important as both a technology and societal trend. Then, we're going to dig into the tech and try to explain why and how blockchain and NFTs are going to lay the foundation for the metaverse. And, finally, who's going to build the metaverse. And how long is it going to take? All right, Nick, let's start with you. Tell us a little bit about your background, your career. You started as a hacker at a really, really young age, and then got deep into cyber as a PenTester. You did some pretty crazy stuff. You have some great stories about sneaking into buildings. You weren't just doing it all remote. Tell us about yourself. >> Yeah, so I mean, really, I started a long time ago. My dad was really the foray into technology. I wrote my first program on an Apple IIe in BASIC in 1989. So, I like to say I was born on the internet, if you will. But, yeah, in high school at 16, I incorporated my first company, did just tech support for parents and teachers. And then in 2000 I transitioned really into security and focused there ever since. I joined Rapid7 and after they picked up Medis boy, I joined HP. I was one of their founding members of Shadowlabs and really have been part of the information security and the cyber community all throughout, whether it's training at various different conferences or talking. My biggest thing and my most awesome moments as various things of being broken into, is really when I get to actually work with somebody that's coming up in the industry and who's new and actually has that light bulb moment of really kind of understanding of technology, understanding an idea, or getting it when it comes to that kind of stuff. >> Yeah, and when you think about what's going on in crypto and NFTs and okay, now the metaverse it's you get to see some of the most innovative people. Now I want to first share a little bit of data on enterprise security and maybe Nick get you to comment. We've reported over the past several years on the complexity in the security business and the numerous vendor choices that SecOps Pros face. And this chart really tells that story in the cybersecurity space. It's an X,Y graph. We've shown it many times from the ETR surveys where the vertical axis, it's a measure of spending momentum called net score. And the horizontal axis is market share, which represents each company's presence in the data set, and a couple of points stand out. First, it's really crowded. In that red dotted line that you see there, that's 40%, above that line on the net score axis, marks highly elevated spending momentum. Now, let's just zoom in a bit and I've cut the data by those companies that have more than a hundred responses in the survey. And you can see here on this next chart, it's still very crowded, but a few call-outs are noteworthy. First companies like SentinelOne, Elastic, Tanium, Datadog, Netskope and Darktrace. They were all above that 40% line in the previous chart, but they've fallen off. They still have actually a decent presence in the survey over 60 responses, but under that hundred. And you can see Auth0 now Okta, big $7 billion acquisition. They got the highest net score CrowdStrike's up there, Okta classic they're kind of enterprise business, and Zscaler and others above that line. You see Palo Alto Networks and Microsoft very impressive because they're both big and they're above that elevated spending velocity. So Nick, kind of a long-winded intro, but it was a little bit off topic, but I wanted to start here because this is the life of a SecOps pro. They lack the talent in a capacity to keep bad guys fully at bay. And so they have to keep throwing tooling at the problem, which adds to the complexity and as a PenTester and hacker, this chaos and complexity means cash for the bad guys. Doesn't it? >> Absolutely. You know, the more systems that these organizations find to integrate into the systems, means that there's more components, more dollars and cents as far as the amount of time and the engineers that need to actually be responsible for these tools. There's a lot of reasons that, the more, I guess, hands in the cookie jar, if you will, when it comes to the security architecture, the more links that are, or avenues for attack built into the system. And really one of the biggest things that organizations face is being able to have engineers that are qualified and technical enough to be able to support that architecture as well, 'cause buying it from a vendor and deploying it, putting it onto a shelf is good, but if it's not tuned properly, or if it's not connected properly, that security tool can just hold up more avenues of attack for you. >> Right, okay, thank you. Now, let's get into the meat of the discussion for today and talk a little bit about blockchain and crypto for a bit. I saw sub stack post the other day, and it was ripping Matt Damon for pedaling crypto on TV ads and how crypto is just this big pyramid scheme. And it's all about allowing criminals to be anonymous and it's ransomware and drug trafficking. And yes, there are definitely scams and you got to be careful and lots of dangers out there, but these are common criticisms in the mainstream press, that overlooked the fact by the way that IPO's and specs are just as much of a pyramid scheme. Now, I'm not saying there shouldn't be more regulation, there should, but Bitcoin was born out of the 2008 financial crisis, cryptocurrency, and you think about, it's really the confluence of software engineering, cryptography and game theory. And there's some really powerful innovation being created by the blockchain community. Crypto and blockchain are really at the heart of a new decentralized platform being built out. And where today, you got a few, large internet companies. They control the protocols and the platform. Now the aspiration of people like yourself, is to create new value opportunities. And there are many more chances for the little guys and girls to get in on the ground floor and blockchain technology underpins all this. So Nick, what's your take, what are some of the biggest misconceptions around blockchain and crypto? And do you even pair those two in the same context? What are your thoughts? >> So, I mean, really, we like to separate ourselves and say that we are a blockchain company, as opposed to necessarily saying(indistinct) anything like that. We leverage those tools. We leverage cryptocurrencies, we leverage NFTs and those types of things within there, but blockchain is a technology, which is the underlying piece, is something that can be used and utilized in a very large number of different organizations out there. So, cryptocurrency and a lot of that negative context comes with a fear of something new, without having that regulation in place, without having the rules in place. And we were a big proponent of, we want the regulation, right? We want to do right. We want to do it by the rules. We want to do it under the context of, this is what should be done. And we also want to help write those rules as well, because a lot of the lawmakers, a lot of the lobbyists and things, they have a certain aspect or a certain goal of when they're trying to get these things. Our goal is simplicity. We want the ability for the normal average person to be able to interact with crypto, interact with NFTs, interact with the blockchain. And basically by saying, blockchain in quotes, it's very ambiguous 'cause there's many different things that blockchain can be, the easiest way, right? The easiest way to understand blockchain is simply a distributed database. That's really the core of what blockchain is. It's a record keeping mechanism that allows you to reference that. And the beauty of it, is that it's quote unquote immutable. You can't edit that data. So, especially when we're talking about blockchain, being underlying for technologies in the future, things like security, where you have logging, you have keeping, whether you're talking about sales, where you may have to have multiple different locations (indistinct) users from different locations around the globe. It creates a central repository that provides distribution and security in the way that you're ensuring your data, ensuring the validation of where that data exists when it was created. Those types of things that blockchain really is. If you go to the historical, right, the very early on Bitcoin absolutely was made to have a way of not having to deal with the fed. That was the core functionality of the initial crypto. And then you had a lot of the illicit trades, those black markets that jumped onto it because of what it could do. The maturity of the technology though, of where we are now versus say back in 97 is a much different world of blockchain, and there's a much different world of cryptocurrency. You still have to be careful because with any fed, you're still going to have that FUD that goes out there and sells that fear, uncertainty and doubt, which spurs a lot of those types of scams, and a lot of those things that target end users that we face as security professionals today. You still get mailers that go out, looking for people to give their social security number over during tax time. Snail mail is considered a very ancient technology, but it still works. You still get a portion of the population that falls for those tricks, fishing, whatever it might be. It's all about trying to make sure that you have fear about what is that change. And I think that as we move forward, and move into the future, the simpler and the more comfortable these types of technologies become, the easier it is to utilize and indoctrinate normal users, to be able to use these things. >> You know, I want to ask you about that, Nick, because you mentioned immutability, there's a lot of misconceptions about that. I had somebody tell me one time, "Blockchain's Bs," and they say, "Well, oh, hold on a second. They say, oh, they say it's a mutable, but you can hack Coinbase, whatever it is." So I guess a couple of things, one is that the killer app for blockchain became money. And so we learned a lot through that. And you had Bitcoin and it really wasn't programmable through its interface. And then Ethereum comes out. I know, you know a lot about Ether and you have solidity, which is a lot simpler, but it ain't JavaScript, which is ubiquitous. And so now you have a lot of potential for the initial ICO's and probably still the ones today, the white papers, a lot of security flaws in there. I'm sure you can talk to that, but maybe you can help square that circle about immutability and security. I've mentioned game theory before, it's harder to hack Bitcoin and the Bitcoin blockchain than it is to mine. So that's why people mine, but maybe you could add some context to that. >> Yeah, you know it goes to just about any technology out there. Now, when you're talking about blockchain specifically, the majority of the attacks happen with the applications and the smart contracts that are actually running on the blockchain, as opposed to necessarily the blockchain itself. And like you said, the impact for whether that's loss of revenue or loss of tokens or whatever it is, in most cases that results from something that was a phishing attack, you gave up your credentials, somebody said, paste your private key in here, and you win a cookie or whatever it might be, but those are still the fundamental pieces. When you're talking about various different networks out there, depending on the blockchain, depends on how much the overall security really is. The more distributed it is, and the more stable it is as the network goes, the better or the more stable any of the code is going to be. The underlying architecture of any system is the key to success when it comes to the overall security. So the blockchain itself is immutable, in the case that the owner are ones have to be trusted. If you look at distributed networks, something like Ethereum or Bitcoin, where you have those proof of work systems, that disperses that information at a much more remote location, So the more disperse that information is, the less likely it is to be able to be impacted by one small instance. If you look at like the DAO Hack, or if you look at a lot of the other vulnerabilities that exist on the blockchain, it's more about the code. And like you said, solidity being as new as it is, it's not JavaScript. The industry is very early and very infantile, as far as the developers that are skilled in doing this. And with that just comes the inexperience and the lack of information that you don't learn until JavaScript is 10 or 12 years old. >> And the last thing I'll say about this topic, and we'll move on to NFTs, but NFTs relate is that, again, I said earlier that the big internet giants have pretty much co-opted the platform. You know, if you wanted to invest in Linux in the early days, there was no way to do that. You maybe have to wait until red hat came up with its IPO and there's your pyramid scheme folks. But with crypto it, which is again, as Nick was explaining underpinning is the blockchain, you can actually participate in early projects. Now you got to be careful 'cause there are a lot of scams and many of them are going to blow out if not most of them, but there are some, gems out there, because as Nick was describing, you've got this decentralized platform that causes scaling issues or performance issues, and people are solving those problems, essentially building out a new internet. But I want to get into NFTs, because it's sort of the next big thing here before we get into the metaverse, what Nick, why should people pay attention to NFTs? Why do they matter? Are they really an important trend? And what are the societal and technological impacts that you see in this space? >> Yeah, I mean, NFTs are a very new technology and ultimately it's just another entry on the blockchain. It's just another piece of data in the database. But how it's leveraged in the grand scheme of how we, as users see it, it can be the classic idea of an NFT is just the art, or as good as the poster on your wall. But in the case of some of the new applications, is where are you actually get that utility function. Now, in the case of say video games, video games and gamers in general, already utilize digital items. They already utilize digital points. As in the case of like Call of Duty points, those are just different versions of digital currencies. You know, World of Warcraft Gold, I like to affectionately say, was the very first cryptocurrency. There was a Harvard course taught on the economy of WOW, there was a black market where you could trade your end game gold for Fiat currencies. And there's even places around the world that you can purchase real world items and stay at hotels for World of Warcraft Gold. So the adoption of blockchain just simply gives a more stable and a more diverse technology for those same types of systems. You're going to see that carry over into shipping and logistics, where you need to have data that is single repository for being able to have multiple locations, multiple shippers from multiple global efforts out there that need to have access to that data. But in the current context, it's either sitting on a shipping log, it's sitting on somebody's desk. All of those types of paper transactions can be leveraged as NFTs on the blockchain. It's just simply that representation. And once you break the idea of this is just a piece of art, or this is a cryptocurrency, you get into a world where you can apply that NFT technology to a lot more things than I think most people think of today. >> Yeah, and of course you mentioned art a couple of times when people sold as digital art for whatever, it was 60, 65 million, 69 million, that caught a lot of people's attention, but you're seeing, I mean, there's virtually infinite number of applications for this. One of the Washington wizards, tokenized portions of his contract, maybe he was creating a new bond, that's really interesting use cases and opportunities, and that kind of segues into the latest, hot topic, which is the metaverse. And you've said yourself that blockchain and NFTs are the foundation of the metaverse, they're foundational elements. So first, what is the metaverse to you and where do blockchain and NFTs, fit in? >> Sure, so, I mean, I affectionately refer to the metaverse just a VR and essentially, we've been playing virtual reality games and all the rest for a long time. And VR has really kind of been out there for a long time. So most people's interpretation or idea of what the metaverse is, is a virtual reality version of yourself and this right, that idea of once it becomes yourself, is where things like NFT items, where blockchain and digital currencies are going to come in, because if you have a manufacturer, so you take on an organization like Nike, and they want to put their shoes into the metaverse because we, as humans, want to individualize ourselves. We go out and we want to have that one of one shoe or that, t-shirt or whatever it is, we're going to want to represent that same type of individuality in our virtual self. So NFTs, crypto and all of those digital currencies, like I was saying that we've known as gamers are going to play that very similar role inside of the metaverse. >> Yeah. Okay. So basically you're going to take your physical world into the metaverse. You're going to be able to, as you just mentioned, acquire things- I loved your WOW example. And so let's stay on this for a bit, if we may, of course, Facebook spawned a lot of speculation and discussion about the concept of the metaverse and really, as you pointed out, it's not new. You talked about why second life, really started in 2003, and it's still around today. It's small, I read recently, it's creators coming back into the company and books were written in the early 90s that used the term metaverse. But Nick, talk about how you see this evolving, what role you hope to play with your company and your community in the future, and who builds the metaverse, when is it going to be here? >> Yeah, so, I mean, right now, and we actually just got back from CES last week. And the Metaverse is a very big buzzword. You're going to see a lot of integration of what people are calling, quote unquote, the metaverse. And there was organizations that were showing virtual office space, virtual malls, virtual concerts, and those types of experiences. And the one thing right now that I don't think that a lot of organizations have grasp is how to make one metaverse. There's no real player one, if you will always this yet, There's a lot of organizations that are creating their version of the metaverse, which then again, just like every other software and game vendor out there has their version of cryptocurrency and their version of NFTs. You're going to see it start to pop up, especially as Oculus is going to come down in price, especially as you get new technologies, like some of the VR glasses that look more augmented reality and look more like regular glasses that you're wearing, things like that, the easier that those technologies become as in adopting into our normal lifestyle, as far as like looks and feels, the faster that stuff's going to actually come out to the world. But when it comes to like, what we're doing is we believe that the metaverse should actually span multiple different blockchains, multiple different segments, if you will. So what ORE system is doing, is we're actually building the underlying architecture and technologies for developers to bring their metaverse too. You can leverage the ORE Systems NFTs, where we like to call our utility NFTs as an in-game item in one game, or you can take it over and it could be a t-shirt in another game. The ability for having that cross support within the ecosystem is what really no one has grasp on yet. Most of the organizations out there are using a very classic business model. Get the user in the game, make them spend their money in the game, make all their game stuff as only good in their game. And that's where the developer has you, they have you in their bubble. Our goal, and what we like to affectionately say is, we want to bring white collar tools and technology to blue collar folks, We want to make it simple. We want to make it off the shelf, and we want to make it a less cost prohibitive, faster, and cheaper to actually get out to all the users. We do it by supporting the technology. That's our angle. If you support the technology and you support the platform, you can build a community that will build all of the metaverse around them. >> Well, and so this is interesting because, if you think about some of the big names, we've Microsoft is talking about it, obviously we mentioned Facebook. They have essentially walled gardens. Now, yeah, okay, I could take Tik Tok and pump it into Instagram is fine, but they're really siloed off. And what you're saying is in the metaverse, you should be able to buy a pair of sneakers in one location and then bring it to another one. >> Absolutely, that's exactly it. >> And so my original kind of investment in attractiveness, if you will, to crypto, was that, the little guy can get an early, but I worry that some of these walled gardens, these big internet giants are going to try to co-op this. So I think what you're doing is right on, and I think it's aligned with the objectives of consumers and the users who don't want to be forced in to a pen. They want to be able to live freely. And that's really what you're trying to do. >> That's exactly it. You know, when you buy an item, say a Skin in Fortnite or Skin in Call of Duty, it's only good in that game. And not even in the franchise, it's only good in that version of the game. In the case of what we want to do is, you can not only have that carry over and your character. So say you buy a really cool shirt, and you've got that in your Call of Duty or in our case, we're really Osiris Protocol, which is our proof of concept video game to show that this all thing actually works, but you can actually go in and you can get a gun in Osiris Protocol. And if we release, Osiris Protocol two, you'll be able to take that to Osiris Protocol two. Now the benefit of that is, is you're going to be the only one in the next version with that item, if you haven't sold it or traded it or whatever else. So we don't lock you into a game. We don't lock you into a specific application. You own that, you can trade that freely with other users. You can sell that on the open market. We're embracing what used to be considered the black market. I don't understand why a lot of video games, we're always against the skins and mods and all the rest. For me as a gamer and coming up, through the many, many years of various different Call of Duties and everything in my time, I wish I could still have some this year. I still have a World of Warcraft account. I wasn't on, Vanilla, Burning Crusade was my foray, but I still have a character. If you look at it that way, if I had that wild character and that gear was NFTs, in theory, I could actually pass that onto my kid who could carry on that character. And it would actually increase in value because they're NFT back then. And then if needed, you could trade those on the open market and all the rest. It just makes gaming a much different thing. >> I love it. All right, Nick, hey, we're out of time, but I got to say, Nick Donarski, thanks so much for coming on the program today, sharing your insights and really good luck to you and building out your technology platform and your community. >> Thank you, sir, it's been an absolute pleasure. >> And thank you for watching. Remember, all these episodes are available as podcasts, just search "Breaking Analysis Podcast", and you'll find them. I publish pretty much every week on siliconangle.com and wikibond.com. And you can reach me @dvellante on Twitter or comment on my LinkedIn posts. You can always email me david.vellante@siliconangle.com. And don't forget, check out etr.plus for all the survey data. This is Dave Vellante for theCUBE Insights, powered by ETR, happy 2022 be well, and we'll see you next time. (upbeat music)

>>From around the globe. It's the cube with digital coverage of AWS reinvent 2020 sponsored by Intel, AWS, and our community partners. >>Hi everyone. Welcome back to the cubes. Virtual coverage of AWS reinvent 2020 virtual. We are the cube virtual I'm John ferry, your host with my coach, Dave Alante for keynote analysis from Swami's machine learning, all things, data huge. Instead of announcements, the first ever machine learning keynote at a re-invent Dave. Great to see you. Thanks Johnny. And from Boston, I'm here in Palo Alto. We're doing the cube remote cube virtual. Great to see you. >>Yeah, good to be here, John, as always. Wall-to-wall love it. So, so, John, um, how about I give you my, my key highlights from the, uh, from the keynote today, I had, I had four kind of curated takeaways. So the first is that AWS is, is really trying to simplify machine learning and use machine intelligence into all applications. And if you think about it, it's good news for organizations because they're not the become machine learning experts have invent machine learning. They can buy it from Amazon. I think the second is they're trying to simplify the data pipeline. The data pipeline today is characterized by a series of hyper specialized individuals. It engineers, data scientists, quality engineers, analysts, developers. These are folks that are largely live in their own swim lane. Uh, and while they collaborate, uh, there's still a fairly linear and complicated data pipeline, uh, that, that a business person or a data product builder has to go through Amazon making some moves to the front of simplify that they're expanding data access to the line of business. I think that's a key point. Is there, there increasingly as people build data products and data services that can monetize, you know, for their business, either cut costs or generate revenue, they can expand that into line of business where there's there's domain context. And I think the last thing is this theme that we talked about the other day, John of extending Amazon, AWS to the edge that we saw that as well in a number of machine learning tools that, uh, Swami talked about. >>Yeah, it was great by the way, we're live here, uh, in Palo Alto in Boston covering the analysis, tons of content on the cube, check out the cube.net and also check out at reinvent. There's a cube section as there's some links to so on demand videos with all the content we've had. Dave, I got to say one of the things that's apparent to me, and this came out of my one-on-one with Andy Jassy and Andy Jassy talked about in his keynote is he kind of teased out this idea of training versus a more value add machine learning. And you saw that today in today's announcement. To me, the big revelation was that the training aspect of machine learning, um, is what can be automated away. And it's under a lot of controversy around it. Recently, a Google paper came out and the person was essentially kind of, kind of let go for this. >>But the idea of doing these training algorithms, some are saying is causes more harm to the environment than it does good because of all the compute power it takes. So you start to see the positioning of training, which can be automated away and served up with, you know, high powered ships and that's, they consider that undifferentiated heavy lifting. In my opinion, they didn't say that, but that's clearly what I see coming out of this announcement. The other thing that I saw Dave that's notable is you saw them clearly taking a three lane approach to this machine, learning the advanced builders, the advanced coders and the developers, and then database and data analysts, three swim lanes of personas of target audience. Clearly that is in line with SageMaker and the embedded stuff. So two big revelations, more horsepower required to process training and modeling. Okay. And to the expansion of the personas that are going to be using machine learning. So clearly this is a, to me, a big trend wave that we're seeing that validates some of the startups and I'll see their SageMaker and some of their products. >>Well, as I was saying at the top, I think Amazon's really trying, working hard on simplifying the whole process. And you mentioned training and, and a lot of times people are starting from scratch when they have to train models and retrain models. And so what they're doing is they're trying to create reusable components, uh, and allow people to, as you pointed out to automate and streamline some of that heavy lifting, uh, and as well, they talked a lot about, uh, doing, doing AI inferencing at the edge. And you're seeing, you know, they, they, uh, Swami talked about several foundational premises and the first being a foundation of frameworks. And you think about that at the, at the lowest level of their S their ML stack. They've got, you know, GPU's different processors, inferential, all these alternative processes, processors, not just the, the Xav six. And so these are very expensive resources and Swami talked a lot about, uh, and his colleagues talked a lot about, well, a lot of times the alternative processor is sitting there, you know, waiting, waiting, waiting. And so they're really trying to drive efficiency and speed. They talked a lot about compressing the time that it takes to, to run these, these models, uh, from, from sometimes weeks down to days, sometimes days down to hours and minutes. >>Yeah. Let's, let's unpack these four areas. Let's stay on the firm foundation because that's their core competency infrastructure as a service. Clearly they're laying that down. You put the processors, but what's interesting is the TensorFlow 92% of tensor flows on Amazon. The other thing is that pie torch surprisingly is back up there, um, with massive adoption and the numbers on pie torch literally is on fire. I was coming in and joke on Twitter. Um, we, a PI torch is telling because that means that TensorFlow is originally part of Google is getting, is getting a little bit diluted with other frameworks, and then you've got MX net, some other things out there. So the fact that you've got PI torch 91% and then TensorFlow 92% on 80 bucks is a huge validation. That means that the majority of most machine learning development and deep learning is happening on AWS. Um, >>Yeah, cloud-based, by the way, just to clarify, that's the 90% of cloud-based cloud, uh, TensorFlow runs on and 91% of cloud-based PI torch runs on ADM is amazingly massive numbers. >>Yeah. And I think that the, the processor has to show that it's not trivial to do the machine learning, but, you know, that's where the infrared internship came in. That's kind of where they want to go lay down that foundation. And they had Tanium, they had trainee, um, they had, um, infrared chow was the chip. And then, you know, just true, you know, distributed training training on SageMaker. So you got the chip and then you've got Sage makers, the middleware games, almost like a machine learning stack. That's what they're putting out there >>And how bad a Gowdy, which was, which is, which is a patrol also for training, which is an Intel based chip. Uh, so that was kind of interesting. So a lot of new chips and, and specialized just, we've been talking about this for awhile, particularly as you get to the edge and do AI inferencing, you need, uh, you know, a different approach than we're used to with the general purpose microbes. >>So what gets your take on tenant? Number two? So tenant number one, clearly infrastructure, a lot of announcements we'll go through those, review them at the end, but tenant number two, that Swami put out there was creating the shortest path to success for builders or machine learning builders. And I think here you lays out the complexity, Dave butts, mostly around methodology, and, you know, the value activities required to execute. And again, this points to the complexity problem that they have. What's your take on this? >>Yeah. Well you think about, again, I'm talking about the pipeline, you collect data, you just data, you prepare that data, you analyze that data. You, you, you make sure that it's it's high quality and then you start the training and then you're iterating. And so they really trying to automate as much as possible and simplify as much as possible. What I really liked about that segment of foundation, number two, if you will, is the example, the customer example of the speaker from the NFL, you know, talked about, uh, you know, the AWS stats that we see in the commercials, uh, next gen stats. Uh, and, and she talked about the ways in which they've, well, we all know they've, they've rearchitected helmets. Uh, they've been, it's really a very much database. It was interesting to see they had the spectrum of the helmets that were, you know, the safest, most safe to the least safe and how they've migrated everybody in the NFL to those that they, she started a 24%. >>It was interesting how she wanted a 24% reduction in reported concussions. You know, you got to give the benefit of the doubt and assume some of that's through, through the data. But you know, some of that could be like, you know, Julian Edelman popping up off the ground. When, you know, we had a concussion, he doesn't want to come out of the game with the new protocol, but no doubt, they're collecting more data on this stuff, and it's not just head injuries. And she talked about ankle injuries, knee injuries. So all this comes from training models and reducing the time it takes to actually go from raw data to insights. >>Yeah. I mean, I think the NFL is a great example. You and I both know how hard it is to get the NFL to come on and do an interview. They're very coy. They don't really put their name on anything much because of the value of the NFL, this a meaningful partnership. You had the, the person onstage virtually really going into some real detail around the depth of the partnership. So to me, it's real, first of all, I love stat cast 11, anything to do with what they do with the stats is phenomenal at this point. So the real world example, Dave, that you starting to see sports as one metaphor, healthcare, and others are going to see those coming in to me, totally a tale sign that Amazon's continued to lead. The thing that got my attention was is that it is an IOT problem, and there's no reason why they shouldn't get to it. I mean, some say that, Oh, concussion, NFL is just covering their butt. They don't have to, this is actually really working. So you got the tech, why not use it? And they are. So that, to me, that's impressive. And I think that's, again, a digital transformation sign that, that, you know, in the NFL is doing it. It's real. Um, because it's just easier. >>I think, look, I think, I think it's easy to criticize the NFL, but the re the reality is, is there anything old days? It was like, Hey, you get your bell rung and get back out there. That's just the way it was a football players, you know, but Ted Johnson was one of the first and, you know, bill Bellacheck was, was, you know, the guy who sent him back out there with a concussion, but, but he was very much outspoken. You've got to give the NFL credit. Uh, it didn't just ignore the problem. Yeah. Maybe it, it took a little while, but you know, these things take some time because, you know, it's generally was generally accepted, you know, back in the day that, okay, Hey, you'd get right back out there, but, but the NFL has made big investments there. And you can say, you got to give him, give him props for that. And especially given that they're collecting all this data. That to me is the most interesting angle here is letting the data inform the actions. >>And next step, after the NFL, they had this data prep data Wrangler news, that they're now integrating snowflakes, Databricks, Mongo DB, into SageMaker, which is a theme there of Redshift S3 and Lake formation into not the other way around. So again, you've been following this pretty closely, uh, specifically the snowflake recent IPO and their success. Um, this is an ecosystem play for Amazon. What does it mean? >>Well, a couple of things, as we, as you well know, John, when you first called me up, I was in Dallas and I flew into New York and an ice storm to get to the one of the early Duke worlds. You know, and back then it was all batch. The big data was this big batch job. And today you want to combine that batch. There's still a lot of need for batch, but when people want real time inferencing and AWS is bringing that together and they're bringing in multiple data sources, you mentioned Databricks and snowflake Mongo. These are three platforms that are doing very well in the market and holding a lot of data in AWS and saying, okay, Hey, we want to be the brain in the middle. You can import data from any of those sources. And I'm sure they're going to add more over time. Uh, and so they talked about 300 pre-configured data transformations, uh, that now come with stage maker of SageMaker studio with essentially, I've talked about this a lot. It's essentially abstracting away the, it complexity, the whole it operations piece. I mean, it's the same old theme that AWS is just pointing. It's its platform and its cloud at non undifferentiated, heavy lifting. And it's moving it up the stack now into the data life cycle and data pipeline, which is one of the biggest blockers to monetizing data. >>Expand on that more. What does that actually mean? I'm an it person translate that into it. Speak. Yeah. >>So today, if you're, if you're a business person and you want, you want the answers, right, and you want say to adjust a new data source, so let's say you want to build a new, new product. Um, let me give an example. Let's say you're like a Spotify, make it up. And, and you do music today, but let's say you want to add, you know, movies, or you want to add podcasts and you want to start monetizing that you want to, you want to identify, who's watching what you want to create new metadata. Well, you need new data sources. So what you do as a business person that wants to create that new data product, let's say for podcasts, you have to knock on the door, get to the front of the data pipeline line and say, okay, Hey, can you please add this data source? >>And then everybody else down the line has to get in line and Hey, this becomes a new data source. And it's this linear process where very specialized individuals have to do their part. And then at the other end, you know, it comes to self-serve capability that somebody can use to either build dashboards or build a data product. In a lot of that middle part is our operational details around deploying infrastructure, deploying, you know, training machine learning models that a lot of Python coding. Yeah. There's SQL queries that have to be done. So a lot of very highly specialized activities, what Amazon is doing, my takeaway is they're really streamlining a lot of those activities, removing what they always call the non undifferentiated, heavy lifting abstracting away that it complexity to me, this is a real positive sign, because it's all about the technology serving the business, as opposed to historically, it's the business begging the technology department to please help me. The technology department obviously evolving from, you know, the, the glass house, if you will, to this new data, data pipeline data, life cycle. >>Yeah. I mean, it's classic agility to take down those. I mean, it's undifferentiated, I guess, but if it actually works, just create a differentiated product. So, but it's just log it's that it's, you can debate that kind of aspect of it, but I hear what you're saying, just get rid of it and make it simpler. Um, the impact of machine learning is Dave is one came out clear on this, uh, SageMaker clarify announcement, which is a bias decision algorithm. They had an expert, uh, nationally CFUs presented essentially how they're dealing with the, the, the bias piece of it. I thought that was very interesting. What'd you think? >>Well, so humans are biased and so humans build models or models are inherently biased. And so I thought it was, you know, this is a huge problem to big problems in artificial intelligence. One is the inherent bias in the models. And the second is the lack of transparency that, you know, they call it the black box problem, like, okay, I know there was an answer there, but how did it get to that answer and how do I trace it back? Uh, and so Amazon is really trying to attack those, uh, with, with, with clarify. I wasn't sure if it was clarity or clarified, I think it's clarity clarify, um, a lot of entirely certain how it works. So we really have to dig more into that, but it's essentially identifying situations where there is bias flagging those, and then, you know, I believe making recommendations as to how it can be stamped. >>Nope. Yeah. And also some other news deep profiling for debugger. So you could make a debugger, which is a deep profile on neural network training, um, which is very cool again on that same theme of profiling. The other thing that I found >>That remind me, John, if I may interrupt there reminded me of like grammar corrections and, you know, when you're typing, it's like, you know, bug code corrections and automated debugging, try this. >>It wasn't like a better debugger come on. We, first of all, it should be bug free code, but, um, you know, there's always biases of the data is critical. Um, the other news I thought was interesting and then Amazon's claiming this is the first SageMaker pipelines for purpose-built CIC D uh, for machine learning, bringing machine learning into a developer construct. And I think this started bringing in this idea of the edge manager where you have, you know, and they call it the about machine, uh, uh, SageMaker store storing your functions of this idea of managing and monitoring machine learning modules effectively is on the edge. And, and through the development process is interesting and really targeting that developer, Dave, >>Yeah, applying CIC D to the machine learning and machine intelligence has always been very challenging because again, there's so many piece parts. And so, you know, I said it the other day, it's like a lot of the innovations that Amazon comes out with are things that have problems that have come up given the pace of innovation that they're putting forth. And, and it's like the customers drinking from a fire hose. We've talked about this at previous reinvents and the, and the customers keep up with the pace of Amazon. So I see this as Amazon trying to reduce friction, you know, across its entire stack. Most, for example, >>Let me lay it out. A slide ahead, build machine learning, gurus developers, and then database and data analysts, clearly database developers and data analysts are on their radar. This is not the first time we've heard that. But we, as the kind of it is the first time we're starting to see products materialized where you have machine learning for databases, data warehouse, and data lakes, and then BI tools. So again, three different segments, the databases, the data warehouse and data lakes, and then the BI tools, three areas of machine learning, innovation, where you're seeing some product news, your, your take on this natural evolution. >>Well, well, it's what I'm saying up front is that the good news for, for, for our customers is you don't have to be a Google or Amazon or Facebook to be a super expert at AI. Uh, companies like Amazon are going to be providing products that you can then apply to your business. And, and it's allowed you to infuse AI across your entire application portfolio. Amazon Redshift ML was another, um, example of them, abstracting complexity. They're taking, they're taking S3 Redshift and SageMaker complexity and abstracting that and presenting it to the data analysts. So that, that, that individual can worry about, you know, again, getting to the insights, it's injecting ML into the database much in the same way, frankly, the big query has done that. And so that's a huge, huge positive. When you talk to customers, they, they love the fact that when, when ML can be embedded into the, into the database and it simplifies, uh, that, that all that, uh, uh, uh, complexity, they absolutely love it because they can focus on more important things. >>Clearly I'm this tenant, and this is part of the keynote. They were laying out all their announcements, quick excitement and ML insights out of the box, quick, quick site cue available in preview all the announcements. And then they moved on to the next, the fourth tenant day solving real problems end to end, kind of reminds me of the theme we heard at Dell technology worlds last year end to end it. So we are starting to see the, the, the land grab my opinion, Amazon really going after, beyond I, as in pass, they talked about contact content, contact centers, Kendra, uh, lookout for metrics, and that'll maintain men. Then Matt would came on, talk about all the massive disruption on the, in the industries. And he said, literally machine learning will disrupt every industry. They spent a lot of time on that and they went into the computer vision at the edge, which I'm a big fan of. I just loved that product. Clearly, every innovation, I mean, every vertical Dave is up for grabs. That's the key. Dr. Matt would message. >>Yeah. I mean, I totally agree. I mean, I see that machine intelligence as a top layer of, you know, the S the stack. And as I said, it's going to be infused into all areas. It's not some kind of separate thing, you know, like, Coobernetti's, we think it's some separate thing. It's not, it's going to be embedded everywhere. And I really like Amazon's edge strategy. It's this, you, you are the first to sort of write about it and your keynote preview, Andy Jassy said, we see, we see, we want to bring AWS to the edge. And we see data center as just another edge node. And so what they're doing is they're bringing SDKs. They've got a package of sensors. They're bringing appliances. I've said many, many times the developers are going to be, you know, the linchpin to the edge. And so Amazon is bringing its entire, you know, data plane is control plane, it's API APIs to the edge and giving builders or slash developers, the ability to innovate. And I really liked the strategy versus, Hey, here's a box it's, it's got an x86 processor inside on a, throw it over the edge, give it a cool name that has edge in it. And here you go, >>That sounds call it hyper edge. You know, I mean, the thing that's true is the data aspect at the edge. I mean, everything's got a database data warehouse and data lakes are involved in everything. And then, and some sort of BI or tools to get the data and work with the data or the data analyst, data feeds, machine learning, critical piece to all this, Dave, I mean, this is like databases used to be boring, like boring field. Like, you know, if you were a database, I have a degree in a database design, one of my degrees who do science degrees back then no one really cared. If you were a database person. Now it's like, man data, everything. This is a whole new field. This is an opportunity. But also, I mean, are there enough people out there to do all this? >>Well, it's a great point. And I think this is why Amazon is trying to extract some of the abstract. Some of the complexity I sat in on a private session around databases today and listened to a number of customers. And I will say this, you know, some of it I think was NDA. So I can't, I can't say too much, but I will say this Amazon's philosophy of the database. And you address this in your conversation with Andy Jassy across its entire portfolio is to have really, really fine grain access to the deep level API APIs across all their services. And he said, he said this to you. We don't necessarily want to be the abstraction layer per se, because when the market changes, that's harder for us to change. We want to have that fine-grained access. And so you're seeing that with database, whether it's, you know, no sequel, sequel, you know, the, the Aurora the different flavors of Aurora dynamo, DV, uh, red shift, uh, you know, already S on and on and on. There's just a number of data stores. And you're seeing, for instance, Oracle take a completely different approach. Yes, they have my SQL cause they know got that with the sun acquisition. But, but this is they're really about put, is putting as much capability into a single database as possible. Oh, you only need one database only different philosophy. >>Yeah. And then obviously a health Lake. And then that was pretty much the end of the, the announcements big impact to health care. Again, the theme of horizontal data, vertical specialization with data science and software playing out in real time. >>Yeah. Well, so I have asked this question many times in the cube, when is it that machines will be able to make better diagnoses than doctors and you know, that day is coming. If it's not here, uh, you know, I think helped like is really interesting. I've got an interview later on with one of the practitioners in that space. And so, you know, healthcare is something that is an industry that's ripe for disruption. It really hasn't been disruption disrupted. It's a very high, high risk obviously industry. Uh, but look at healthcare as we all know, it's too expensive. It's too slow. It's too cumbersome. It's too long sometimes to get to a diagnosis or be seen, Amazon's trying to attack with its partners, all of those problems. >>Well, Dave, let's, let's summarize our take on Amazon keynote with machine learning, I'll say pretty historic in the sense that there was so much content in first keynote last year with Andy Jassy, he spent like 75 minutes. He told me on machine learning, they had to kind of create their own category Swami, who we interviewed many times on the cube was awesome. But a lot of still a lot more stuff, more, 215 announcements this year, machine learning more capabilities than ever before. Um, moving faster, solving real problems, targeting the builders, um, fraud platform set of things is the Amazon cadence. What's your analysis of the keynote? >>Well, so I think a couple of things, one is, you know, we've said for a while now that the new innovation cocktail is cloud plus data, plus AI, it's really data machine intelligence or AI applied to that data. And the scale at cloud Amazon Naylor obviously has nailed the cloud infrastructure. It's got the data. That's why database is so important and it's gotta be a leader in machine intelligence. And you're seeing this in the, in the spending data, you know, with our partner ETR, you see that, uh, that AI and ML in terms of spending momentum is, is at the highest or, or at the highest, along with automation, uh, and containers. And so in. Why is that? It's because everybody is trying to infuse AI into their application portfolios. They're trying to automate as much as possible. They're trying to get insights that, that the systems can take action on. >>And, and, and actually it's really augmented intelligence in a big way, but, but really driving insights, speeding that time to insight and Amazon, they have to be a leader there that it's Amazon it's, it's, it's Google, it's the Facebook's, it's obviously Microsoft, you know, IBM's Tron trying to get in there. They were kind of first with, with Watson, but with they're far behind, I think, uh, the, the hyper hyper scale guys. Uh, but, but I guess like the key point is you're going to be buying this. Most companies are going to be buying this, not building it. And that's good news for organizations. >>Yeah. I mean, you get 80% there with the product. Why not go that way? The alternative is try to find some machine learning people to build it. They're hard to find. Um, so the seeing the scale of kind of replicating machine learning expertise with SageMaker, then ultimately into databases and tools, and then ultimately built into applications. I think, you know, this is the thing that I think they, my opinion is that Amazon continues to move up the stack, uh, with their capabilities. And I think machine learning is interesting because it's a whole new set of it's kind of its own little monster building block. That's just not one thing it's going to be super important. I think it's going to have an impact on the startup scene and innovation is going, gonna have an impact on incumbent companies that are currently leaders that are under threat from new entrance entering the business. >>So I think it's going to be a very entrepreneurial opportunity. And I think it's going to be interesting to see is how machine learning plays that role. Is it a defining feature that's core to the intellectual property, or is it enabling new intellectual property? So to me, I just don't see how that's going to fall yet. I would bet that today intellectual property will be built on top of Amazon's machine learning, where the new algorithms and the new things will be built separately. If you compete head to head with that scale, you could be on the wrong side of history. Again, this is a bet that the startups and the venture capitals will have to make is who's going to end up being on the right wave here. Because if you make the wrong design choice, you can have a very complex environment with IOT or whatever your app serving. If you can narrow it down and get a wedge in the marketplace, if you're a company, um, I think that's going to be an advantage. This could be great just to see how the impact of the ecosystem this will be. >>Well, I think something you said just now it gives a clue. You talked about, you know, the, the difficulty of finding the skills. And I think that's a big part of what Amazon and others who were innovating in machine learning are trying to do is the gap between those that are qualified to actually do this stuff. The data scientists, the quality engineers, the data engineers, et cetera. And so companies, you know, the last 10 years went out and tried to hire these people. They couldn't find them, they tried to train them. So it's taking too long. And now that I think they're looking toward machine intelligence to really solve that problem, because that scales, as we, as we know, outsourcing to services companies and just, you know, hardcore heavy lifting, does it doesn't scale that well, >>Well, you know what, give me some machine learning, give it to me faster. I want to take the 80% there and allow us to build certainly on the media cloud and the cube virtual that we're doing. Again, every vertical is going to impact a Dave. Great to see you, uh, great stuff. So far week two. So, you know, we're cube live, we're live covering the keynotes tomorrow. We'll be covering the keynotes for the public sector day. That should be chock-full action. That environment is going to impact the most by COVID a lot of innovation, a lot of coverage. I'm John Ferrari. And with Dave Alante, thanks for watching.

(upbeat music) >> Welcome to this special Cube conversation here in Palo Alto, California. I'm John Furrier, host of theCUBE, we have two special guests, Karim Toubba, CEO of Kenna Security, and Caroline Japic, CMO, Kenna Security. Great to see you guys, thanks for coming on, appreciate you taking the time, appreciate it. >> Thanks for having us. >> So RSA is coming up, big show, security's at the top of the list of all companies. You guys have a very interesting company. Risk based vulnerability management is like the core secret sauce, but there's a lot going on. Take a minute to talk about your company. What do you guys do? Why do you exist? >> Yeah, sure. Thanks for having us. Some, the security landscape as you very well know, pretty crowded space, a lot of different vendors, a lot of technologies that enterprises and organisations have to deal with. What we do has a lot of complexity behind it, but in an app practicality for enterprises is actually quite simple. They have many, many data sources that are finding problems for them, mapping to their attack surface, what are misconfigurations? Where are there vulnerabilities in your network or your host, where there vulnerabilities in your applications, we taking all of that data, specifically from 48 different data sources, we map it to what attackers are doing in the wild, run it through a lens of risk, and then enable the collaboration between I.T. and security, on what to focus on at the tip of the spear with a high degree of fidelity and efficacy so that they know that they can't fix everything, but prioritize the things that matter and are going to move the meter the most. >> So you guys have emerged as one of those kind of new models, the new guard of security, it's interesting, it's been around for 10 years, but yet a lot's changed in 10 years but a lot of evolving. Risk based vulnerability management is the buzzword, R-B- >> V-M >> Okay, really comes from the founder of the company. Why is this becoming an important theme? Because you got endpoints, you got all kinds of predictive stuff with data, you got surface area is growing, but what specifically about this approach makes it unique and popular? >> Yeah, I think what's happening is if you, to really answer that question, you have to look at two different ends of the spectrum in terms of the business, the security side and the IT DevOps and application development side. And at the core of that is what was largely traditional tension. If you think about security teams, operations teams, incident response teams, and if you sit down with them and understand what they do on a day to day basis, beyond the incident response and reaction side, they have a myriad of tools and technologies that discover problems, typically millions of issues. Then you go to the IT side, and the application and DevOps side, and they care about building the next application, making sure the systems are up and running. And what happens is they, we've gotten to the point where they can't possibly fix everything security is asking them to fix, and that's created a lot of tension, people have woken up, started to realize that that tension has to give way to collaboration. And the only way you can do that is enable security to detect all the problems, but then very quickly focus and prioritize on the things that matter, and then go to IT and then tell them specifically what to fix so that they have a high degree of precision and understanding, that the needle will be moved relative to what they're asking them to do. >> So is it the timing of the marketplace and the evolution of the business where it used to be IT that handled it, and now security has gotten broader in its scope, that there's now too many cooks in the kitchen, so to speak? >> Yeah, it's gotten broader in its scope, and there's also been a realization that if you think about the security problem statement, they find all the problems, but if you if you peel back the layers, you quickly realize, they own very little the remediation path. Who fixes-- >> John: They being IT? >> They being security. >> John: Okay. >> Yeah, so it's actually quite fascinating. If you think about who fixes a vulnerability on an operating system like Windows or Linux, it's the IT team. If you think about who fixes or upgrades a Java library or rewrites an application it's DevOps or the application developers, but security's finding all the problems. So they're realizing, as they deploy more tools, find more issues, and increase the amount of data, they've got to get very precise and really enable an entirely new way of collaborating with IT so that they can get them to focus on the things that matter the most. >> Karim, I want to dig into some of the complexity, but first want to get the Caroline on the brand, and the marketing challenge because it's almost an easy job in the sense, because there's a lot of security problems out there to solve, but it's also hard on the other side, is that, where's the differentiation? There's so many vendors out, there's a lot of noise. How are you looking at the marketplace? Because you guys are emerging in with nice, lift on the value proposition, you won some recent awards. How do you view the marketplace? RSA is going to be packed with vendors, it's going to be wall to wall, we get put in the corner, we are going to have small space for theCUBE, but there's a lot there and customers are being bombarded. How are you marketing the value proposition? >> You are right. There's so much noise out there, but we are very clear and precise on the value we bring to our customers, we also let our customers tell the story. So whether it's HSBC, or SunTrust, or Levi, we work with them very closely with those CSOs, with their head of IT to understand their challenges, and then to bring those stories to life so we can help other companies because our biggest challenge is that people just don't know that there's a better solution to this problem. This problem's been around a long time, it's getting worse every day, we're reading about the vulnerabilities that are happening on a regular basis, and we're here to let people know we can fix it, and we can do it in a pretty quick and painless way. >> You had mentioned before we came on camera that when you you're getting known, as the brand gets out there, but when you're in the deals, you win. Could you guys share some commentary on why that's the case? Why are you winning? >> Yeah, by the way, just to piggyback off that a little bit, there is a really interesting paradigm happening within the security space, if you look at the latest publications, I don't know, there are 1400 of us all buzzing around with the same words? I think what Caroline and the team have done an exceptional job on, particularly in relative to the positioning is, we don't want to scare people into looking at Kenna. We want to be more ethereal than that and make them understand that we're ushering in a new way away from tension to an era of collaboration with IT, DevOps and application teams. That's very different than telling somebody in your messaging, Hey, did you hear the latest attack that happened at XYZ? >> Yeah. >> That sort of fear and marketing through FUD, is creating a lot of challenges for organizations, and candidly, is making CISOs and other people in security close the door. >> I've definitely heard that, do you think that's happening a lot? >> I think that's happening a lot. I think we're sort of, I like to think that Caroline and the team are sort of at the forefront of leading that initiative, and you can, and we're doing it in every way possible to really sort of tell a much more positive story about how security can be smarter and spin in a positive light, and in fact, the technology is enabling that, so it's consistent. >> We live in dark times. Unfortunately, a lot of people like, if it bleeds, it leads, and that's a really kind of bad way to look at it. But back to your point about tension and collaborations, I think that's an interesting thread. There's a ton of tension out there, that's real, from the CISO's perspective. Because there's too many teams, I mean, you got, Blue Team, Red Team, IT, governance, compliance, full stack developers, app. So you have now too many teams, too many tools that have been bought and it's like, people have all these platforms, they're drowning in this. How do you guys solve that problem? >> Yeah, it's back to that point of collaboration, and what we've really found that's been interesting in solving that problem, because what we're doing if you step back, is, we're bringing in all these data sources, and where that tension comes in, if you unpack it a little bit, is from different people coming in with different data sources. So IT comes to the table about what to fix, with their own point of view, security comes with their own point of view, application teams come with their own point of view, governance and compliance comes with their point of view. What we do is we come in and even though we're technology, we're really aligning people in process. We're saying, "Look, we're going to to amass all that data, "we're going to very quickly use machine learning "and a bunch of algorithms to sift through "millions of pieces of data "and divine what actually matters." It's empirical, it's evidence based, and we align all the organizations around that filter through risks so that there's agreement on how to measure that, what to prioritize, what to action and what the results look like. And when it turns out that when you get a bunch of people across an organization, to get aligned around data that they all agree with as the source of truth, it gets much easier to get them to really focus on the things that ultimately matter. >> It's a single version of the truth, right? It's a single version that they all can work from. Security isn't telling IT, "This should be your priority today," when they say, "You don't know what my priorities are," is actually the data that's telling them what their priorities are by role, and that's really important and really gets past all the, the friction and the fighting in between the teams. >> Yeah, that's great point, back to my other question when I get back to you Caroline, is what is the success formula look like for you guys? Why are you winning? What are the feedback you're hearing from your customers? Because at the end of the day, references are important, but also, success is a tell sign. So what's the reasons behind the success? >> Yeah, I'll let Karim talk about being face to face with customers, because he does that all the time. But what we're saying is that, the customers are resonating with the story that we're telling, they understand they have the problem we're laying out in a very simple way for, to be able to solve their solution, and that's working. We've redone our positioning, our messaging, we've trained our sales team, people understand the value we can bring, and that's what we're communicating, and that's what's working. >> Karim, please add on that, I want to get more into this. >> Yeah, and on the customer side, what we see and I'll give you a pretty classic example for us with a very large bank that's a customer of ours. We actually started on the security side, right? We sold to their deputy CISO to deploy, and then eventually, they doubled down and then deployed globally across 64 countries. And that happened sponsored by the CIO. Now we're a security company, so you ask the question, well, why did that get driven in that structure? And why did that deal go down ultimately in that way? And what was the real value? The value to the security person was clear, I want to aggregate 10 to 12 different data sources, I want to prioritize, I want to collaborate with IT. The value to the CIO was the CIO happens to own all the application developers and all the IT people and the security people on a global basis. And so what they wanted to do, is they wanted to understand what the risk was for each of the lines of businesses they had within organization so that they can hold the business users accountable to paying a small tax for security, not just developing the next billion dollar high net worth application, which is extremely important to those businesses, but at the same time, ensuring that they're secure. And so that leverage when you start with security, and then branch out in other organizations, especially in large, multinational organizations, is really where the the real value comes into the platform. >> So if I hear you correctly, you come in for security, okay, we can get rid of the noise, help you out, check, win, and then the rest of the organization doesn't have security teams per se, >> Karim: Correct. >> Needs security to be built in from day one. >> Karim: Correct. >> You're providing a cross connect of value to the other teams? >> That's right. >> It's almost like, security is code, if you will. >> Karim: That's right. And nowhere is that more evident in our utilization statistics. So we're a SaaS platform, so of course we, like many other SaaS companies do a bunch of analytics on utilization of our customers, more often than not, in our large scale enterprises, we actually have more IT and non security users logging into Kenna, in a self service model, because they're the ones, back to the point you made earlier, that are actually driving the remediation path. >> Take us through how that works. So say I'm interested, okay, you sold me on it, great, I need the pain relief on the security side, I need the enablement and empowerment on the collaboration side, what do I do? Do I just plug my databases into you? Is it API driven? Are you on Amazon? Are you on Azure? What's cloud? What am I dealing with? Take me through the engagement. >> Yeah, so we're 100% cloud based platform. Multi cloud, so we can deploy in AWS, we can deploy in Google et cetera. And then what we do is we effectively through a bunch of API's called connectors that are transparent to the customers, we enable them to bring in their data. So this is everything from traditional scanning data like Qualys, Rapid7, Tenable, more, newer data like CrowdStrike, Tanium, DaaS SaaS, software composition analysis tools, WhiteHat, Veracode, Black Duck, Sonatype, you name it. The list goes on, specifically, there's about 48 of them. All of that is basically helps us understand what the totality of the attack surface is. That's very useful for security because they're using multiple tools. We then overlay what we call exploit and tell, this is the data that tells us about what attackers are doing in the wild. Specifically, we have 5 billion pieces of data that tell us about what vulnerabilities are being popped, what's the rate of change, what malware are they being embedded in? That use, that information is used through machine learning to help us prioritize and risk score each of the findings we get from the customer tools. And then where it pivots over to IT, is we then allow them to take all of that data and that metadata and asset criticality into what we call risk meters. So they're basically aligned with where, how IT operates. So for example, if you own all the Linux infrastructure in the cloud, you log in, you'll only see the risk across the infrastructure you own. Whereas if Caroline owns all the endpoint real estate across Windows, she logs in and understands what her risk is across Windows. And then we of course, integrate in the ticketing systems to drive the remediation and report up to executives and then over to security, about what the workflow you-- >> So you guys really focusing not so much on the security knock or the sock, it's more on indexing, if you will, for lack of a better description, the surface area, >> Karim: Correct. >> And getting that prepared from a visibility standpoint to acquire the data. >> Karim: That's right. >> And then leveraging that across-- >> Across the organizations, yeah. >> Did I get that, right? >> It's exactly right. And if you ask, if you again, double click deeper on that, what's fascinating to watch, so we have a an annual, or bi annual report that we do called prioritization or prediction, or P2P. And this is all of our customer data completely anonymized in a warehouse, and then we run a bunch of reports, and lot of the analytics we ran initially were around security. Now we're starting to pivot in IT. If you look at our latest report, one of the most interesting things I found in my time here is that the average large scale enterprise has actually no more than 10% remediation capacity, right? So what does that tell you? That tells you that 90% of the problems are going to go unsolved, which pinpoints why it's even more important to have specific prioritization on the things that matter. >> They solve the right 10%. >> At the right time too, >> At the right time. >> 10% capacity, operating capacity, assuming some automation that might take care of some of the low hanging fruit >> Exactly. >> Through DevOps or automation. You can focus on those 10% at the right time, which by the way, if you use that capacity for the wrong problems at the wrong time, it's wasted capacity. >> Karim: That's right. >> That's what you guys are trying to get at, right? >> Karim: That's exactly right, work smarter, not harder. >> So Kenna security, what's the vision? What's the next step? Why should someone care about working with you guys? Why is it important to engage you guys? What's the big deal? Is it the risk based vulnerability, kind of origination invention, which is the core or the DNA, or is it something bigger? What's the vision? What's the why? Yeah, well look for us, we started, our company was actually founded by a gentleman by the name Ed Bellis, who's the ex chief security officer at Orbitz, and he founded the company out of a need. We started very early in the traditional pure vulnerability space. This was like calling Classic Qualys, Rapid7, Tenable. We then expanded into the application world. So this is starting to take in, moving up stack if you will full stack, as the environment moves to cloud, as the environment moves to containers, as the environment moves to configuration management as the environment moves to a much more ephemeral state, that will drive an entirely new set of data sources that will drive an entirely different new set of priorities all aligned with the same model of risk. So our view of the future is that we are the platform that enables the organization to understand the totality of the attack surface, that enables collaboration across all the groups that deal with technology within enterprises, and allows them to really prioritize and understand risk in a way that not only fosters the collaboration, but gives you that return on investment that candidly ultimately CIOs are looking for. >> Caroline the story from a marketing perspective, what's the story you're trying to tell? >> We started this space, our founder Ed Bellis is the father of risk based vulnerability management and he loves it when I say that, but it's 100% true. We are continuing down this path, I mean, there are so many companies that have this problem that don't know that there's a better way to solve it. And so for now, our mission is to make sure that we're educating those people, they understand what's possible to do today, and then continuing from there, so. >> Well, I really appreciate you guys coming in and introducing and sharing more about Kenna Security, we've been seeing successes. I'm going to ask you about what you guys think about RSA, I'd love to get both you guys to weigh in. But before we get to the RSA kind of what's coming, take a quick minute to plug the company. What do you guys looking to do? You hiring? You just got some funding? Give the quick pitches. >> Yeah, sure, we did. We just closed $48 million series D round. We had all of our investors and a new investor, Sorenson Ventures come in. We also had two strategic investors, Citi and HSBC, because we do quite well, that very good validation. And we're also quite prominent in the financial services vertical, it helps that. And so for us, it's really about scaling, right? Scaling people, scaling the technology, scaling capabilities-- >> John: Across the board. >> Across the board. >> Engineering, obviously. >> Engineering, sales, geographies, it's really about getting the word out there and then being able to follow that up with the feed on the street that matter. >> We're definitely hiring, but we're also growing through OEMs. So we have a relationship with VMware, they're embedding us into their app defense products, and so if you buy app defense from VMware, you are buying Kenna whether you know it or not. >> So you're going to be an ingredient in other products. >> That's right. >> And or direct or indirect, probably some channel ecosystem opportunities? >> That's right. >> So we're growing on the technology partner OEM front, definitely interested in talking to companies that are interested on that front. >> We should do a whole segment on my fascination with what I call tier two or tier 1B clouds, specialty clouds, security clouds. So maybe do that another time. Okay, final question for you guys. RSA is coming this year 2020, and then a series of other events. Cloud Security has been a hot topic since re:Inforce last year was launched, we were there, kicking off theCUBE in security. What do you guys expect this year at RSA? What do you think the big themes are going to be? The hype? The meat on the bone? What's the real deal? What's the hype? What do you guys think is going to happen? >> Karim: I'll let you start. >> Yeah, I can tell you our theme is the right fight club. Because we are focused on the right fight that you need to have every day inside your enterprise. It's not focused on all the vulnerabilities that are hitting you because they're hundreds of thousands of them, millions of them, and there's going to be more every single day, it's about fighting the right fight. So if you come by our booth, you'll see that, it's going to be very exciting-- >> And of course, don't talk about the Fight Club vulnerabilities. (Karim laughs) >> You know the rules of the fight club. >> The first rule is to talk to Kenna about the right fight club. That is the first rule. >> That's cool. >> Yeah, I mean, it's interesting. Every, as you very well know, every year when people walk away from RSA, there's a few blogs that are written about what was the theme this year, I suspect this year's in security specifically, is going to be about AI driven security. We've been starting to see that for a while, it started to bleed into last year's event. I think for us in particular, we have a very particular point of view, and our book point of view is that doesn't matter if it's ML, if it's AI, or what type of algorithms you're running, the question is, what's the value? What is the value when you have 1400 people all screaming to get in the door of an organization? Everybody really has to begin to answer that question fundamentally. And I think the people that have that position in the market are the people that are going to be able to stand out. It's interesting, as always the hype with AI, but it's interesting, I was just trying to figure out when the term there is no perimeter was kind of first coined in theCUBE, I'm thinking probably about five years ago, it really became a narrative and then more recently, with the cloud, the perimeter is dead. Edge is out there. >> Karim: Right. >> So this is, what's the gestation period of real scalable security post perimeter is dead. It's interesting, is it years, is it seems to be hitting this year. It seems to be the point where, okay, I tried everything, now I've got to be data driven or figure out a way to map the surface area. >> That's right. >> End to end. Well, thanks to Kenna Security coming in, a solution for figuring out the vulnerabilities with a real invention. We're going to be covering security at RSA with Kenna Security and others. Thanks for watching, this is theCUBE. (upbeat music)

>> Narrator: Live from Orlando, Florida, it's the Cube, covering ServiceNow, Knowledge 17. Brought to you by ServiceNow. >> Welcome back to Orlando, everybody, my name is Dave Vellante and I'm here with my co-host, Jeff Frick. This is day two of ServiceNow, Knowledge, and this is the Cube, the leader in live tech coverage. Bart Murphy is here, he's the CTO of York Risk Services, and he's the CIO and CTO of CareWorks, Cube alum. Bart, good to see you again. >> Great to see you guys. So we were talking off camera, Mark came over, we're talking about the CIO Decisions, you participated in that last year as well. What have you been doing at the conference? What are you seeing that's interesting? >> Well I've been attending the sessions and you just mentioned the CIO Decisions, that was my day yesterday. Great opportunity to get you know, great speakers, we mentioned a few of them that spoke yesterday, but also there were some customer round tables that allowed you to collaborate with your peers over a few areas, and sort of discuss what's working for them, what's not. You know, what their road map looks like, how they're selling that to the board, those type of things. It was a very productive day. >> So, since we last talked, what have you been working on? We had a great discussion last year on security, I'm sure things have changed there, they keep evolving. What kind of things you've been working on, what are some of the initiatives that are new? >> Yeah, so last year we did talk about that and my desire, I was somewhat excited when I started to see the new play into SecOps with ServiceNow. So we've now gone live with SecOps. We're continuing to mature our security posture as a company, and I think that's, when you look at a road map or you're looking at things, what we want to see is continual capability maturity in our security space. One, we need to be there, right? As an organization, we're a services organization. We also want to just make sure that we're continuing to get better and automate. So we saw SecOps as a real opportunity for that. So we've now gone live, we've deployed that. We did it and integrated that with certain tools that we have, Tanium, LogRhythm, Symantec, some of our scanning tools. What that's allowing us to do is look at a wide range of log information, parse through that in order to automate certain types of work flows and cases. So whether it be as simple as finding an end point that say has an outdated Symantec update and having that automatically update, or create a case because it can't push the automation, those type of things we're trying to do now to try to raise the level of our security and start weeding through all the noise that's out there, that's provided with all the tools that we have. >> How did you find the integration? >> Well, we did the integration ourselves, and we found the integration, compared to some other products that we've done in the past, to be much smoother. You know, I think this is a later product that they've built into their platform. I think they've taken into account implementation, so some of the integrations were out of the box like the Tanium, others, we built those integrations. So, and we also, I think I may have mentioned this, not sure if I did, when I looked at my incident security response plan and the way I developed that, I developed it very closely to what was coming out of the box with ServiceNow. I wanted to make sure that our policies, procedures, process for that really just met out-of-the-box functionality, so we didn't have to do a lot of customization and configuration there, and we could focus on the technical integrations that really provide some of the power of the automation with the CMBB. >> Speaking of sort of custom work, you talk about M and A, you mention you get a mulligan coming. >> Bart: Yeah. >> Talk about that a little bit, kind of unwinding some of the custom mods. >> Yeah, so we have multiple instances of ServiceNow, and over the last year we've been building our newest instance with York Risk Services Group, that's our total company. And I'm in the process now of taking what we built for CareWorks, you know, we have been a customer since 2010, and really learning what we did well there and what we didn't do well. In addition to the fact that a lot of customization that we did on that platform is no longer really required, that's how much the platform has matured with ServiceNow. >> Which one was it, which release, do you remember? >> Oh gosh, Berlin, probably. >> Berlin, right, right. >> Early, early on if I'm accurate, from the very beginning. And you know GRC was an example where we did a lot of customization because that product just is night and day compared from where it is today. >> Jeff: Right >> So now we get a new opportunity to look at our process to see, say, is this something that we really need to keep the customization, or can we leverage the platform better, and by the way, even if we do have to do customization, can we do it a better way? So it is a little bit of a mulligan, from that standpoint, we get a sort of fresh start on a platform that we understand even better now, and we're doing it at a larger scale, so we're trying to really look at those automation opportunities so we can gain the efficiencies that we need. >> So I wonder if you can talk about the sort of business impact that you've seen over the years. You've been a long-time ServiceNow customer, and it just feels like this whole ecosystem is on the steep part of the s-curve now. Maybe describe the sort of business impact in whatever terms make sense. >> Well, I think partly supporting consolidated shared services, whether it's in IT or other areas of the business, and even finding areas of the business that aren't doing a good job of tracking their work today. And it still exists, in I think every organization. I was mentioning, you know, another area that we're looking at that we'll most likely deploy this year or early next year, I would assume this year, is the HR Case Management. >> Dave: Mmm hmm. >> That's an area very similar to IT, very similar to other areas that we've built use cases within ServiceNow, where things are done primarily through email. It's very inefficient, they don't have very good metrics to understand how much support they're providing the organization. They're pressured just as I am from an SG&A perspective, to do more with less. And the only way we're going to be able to continue to do more with less is to provide some level of automation and stay consistent with it. So when I started looking at ServiceNow, and yes, we're probably on that s-curve too. We've done some really good work on the automation side, but now with the platform, with what they're doing with some of the analytics, what they're, you know, I know what they're going to do with machine learning, what we can do with some of the predictive stuff. How can we take a security instance, for example, have it remediate itself and then inform us on what it did? Those are the type of things that I think's going to bring us way sharp up on that curve. I mean we've done a good job, we're very technical, we've done a good job automating, I'm not, but for what we can do I think over the next three to four years with this platform and the automation, is going to be a game changer for us and we're going to need that. 'Cause you know our SG&A can't grow at the same rate. You want to have that margin improvement, and this is one of the areas that we can use a platform to do that. >> It's interesting, you're, always a lot of talk about automation when we're here. >> Yeah. >> Different automated processes and make them easier. But you mentioned before we went on air, you just mentioned it again, that the desire to get measurement on the process as the primary driving factor, 'cause you just can't measure that which is in email and all these disparate systems, and now you can actually use the motivation of measurement so then you can get improvement as a primary driver to implement it. >> Yeah, I mean one of our core values is to be a data-driven decision making company. And you can't improve what you can't measure. And there's still to this day a lot of these processes that we take for granted. You know, SecOps, HR, operation service center, claim setup. We think we're doing a good job managing it and understanding the productivity of it, but we don't have really good tools in place or they're very disparate. So if we can get that into one CMDB, we can start to leverage automation. Once we start to measure it, we truly can start to see that business value, 'cause we can see those measurements go down. So whether we're using out-of-the-box performance analytics now, you know we started originally, performance analytics was a separate product. On the new York one, again, that's another benefit, we just turn it on, right? And there's already really good, rich data that it's giving us to stay, and we can compare that against our previous performance, whether it's incidents, closing rate, you know all these type of things out of the box. So I can start to show improvement. It's not to say that we don't have areas to improve, we do. There are things outside of ServiceNow that we need to do to improve our overall capability. So whether you're talking leveraging orchestration within ServiceNow but then I need a deployment tool to actually go and do that work. So that's where Tanium comes into play, so there's other strategies we're deploying to say where can we get the full life-cycle of that automation? And that's where engineering discipline and bringing that to your supply chain of activities is key. >> The other thing that you mentioned that kind of flipped it on its head, is you talked about your incidents response plan and trying to make it pretty much as out of the box from ServiceNow as possible. Was that because you just kind of went with the custom, or now are they delivering more best practices in the way that configuration comes out of the box that you don't really have to think about it. >> Yeah, I mean absolutely. >> You can presume best practices, because that's how it's preconfigured out of the box. >> Yeah, and I don't think they tout that, and I understand why, but they're getting feedback from a ton of customers on how to build a process in the most efficient way. I don't think they're doing it in a vanilla way. I think they're doing it in an efficient, robust way. So I think they are at that point where there's a lot of things that come out of the box that people really need to pay attention to. Like I understand that we may have done it this way, but this way is more than sufficient. And if it means that I don't have to customize and I can make my upgrades even easier than they are today, 'cause they aren't that painful at all, on the ServiceNow front, then why not? And then we can benefit from their maturity on the platform, because they're going to continue to add in releases and add in functionality just like we saw over the last two days. >> Back to the sort of s-curve, it sounds like you're getting in the position now to get real operating leverage almost like Metcalf's Law. The first one you get some benefit, but the nth one, boy that's when it really kicks in. >> I hope so. That's what I'm, I think right now we've spent a lot of time and energy getting onto one platform, right? Whether it's from all the acquisitions, whether it's from an older instance to a newer instance. I think once we get critical mass on that platform, yes, the automation stuff will make a marketable difference. We've done some great things for our business but I think once we get everybody on one platform and we get that true understanding of how we want to do our enterprise process and we have some other uplift in our areas and systems. You know, Tanium's a new product that we have. We're looking potentially HRIS, there's other things at play that will play in the ecosystem. And as we mature those and really understand what our end game's going to be, I think that's where we have that power. >> One of the speakers at CIO Decisions this week was author Daniel Pink. We had him on the Cube, talk about selling is human. When you run a business case, you talked about the HR, moving into HR, do you go sell, do you make the business case, are they coming to you, is it push/pull, how does it work? >> A little bit of both. As a CTO and as any executive, I listen to Daniel as well and I'm a firm believer that we're all in sales. All of us are part of some type of revenue-generating company, okay, and if we don't take that to heart, and we just think that we're some cog in a wheel in somebody else's problem, shame on you. No company's going to grow without a full company of great sales people. They're either advocates for their brand, they understand the mission, they understand what they're doing for the mission. So from a sales perspective, certainly I'm going around trying to tell people about the capability of ServiceNow. I saw the CEO speak yesterday too and one thing that struck me that I think a lot of people need to do, is he's spent a lot of time over the last 49 days trying to understand the vernacular of IT. You know, he was the CEO at some large companies, they all had IT, now he's at an IT company. And so he's trying to really understand the speak and some of the capabilities that you have to understand. He's got a better appreciation of it. It's my job, really, to be able to do that type of evangelism within our company to say here are some of the platforms that we have and here are some of the capabilities and at least start the conversation. I will tell you that other times I have people come to me because they've either heard from someone else that they're using it at their company and their HR team loves it, or what's it about? But I need to go around and say I see you guys doing this and we have a platform that's totally made for that. It's why it was built. Let's have a demo or let's start looking at how you think that would improve your guys' productivity. You're stretched for resources, I'm stretched for resources, and just come at it from a common problem statement perspective. Then we build the business case from there. >> I see. So we hear a lot of the announcements this morning, Jacarta, another release. What do you, and so there's a lot of things they did in there, performance improvements, UI improvements and things like that, bringing in intelligent automation, a lot of really good, cool things in there. What's, from your mind, on their to-do list? What kinds of things, I mean, are they doing the types of things that you want them to do, is there something big that could really make a difference to your business? >> Yeah, I wish I was like the ServiceNow product visionary. (laughing) But I'm not, I got to commend 'em. I think they're doing some pretty darn good things. When you start to look at SecOps and its play into GRC and the way that you really start to automate some of your controls, which are a huge component of, I'm not going to say waste within your organization, but they take a lot of time, and they bring value, don't get me wrong, but they aren't bringing...they're not bringing in revenue, they're a lot of compliance and they're good practices, so the more we can automate some of those they're high value but you want your team working on other innovation type of stuff, I think the better. When they start looking at what they're doing with the data now, everybody's becoming a data company, everybody's talking about machine learning. Everybody's talking about AI. I think that is the next place that they got to get to. If they can start to generate, again, some of that low value work, whether it's automating an entire incident end to end. I mean, there's insurance companies out there that are doing that, right, trying to automate a claim end to end. So I think the more they can look at their domain and determine ways to automate an entire workflow, which they are well on their path. They've been doing that from a workflow automation perspective for years. Now take it into AI to do it, I think they're going to be in a good position, a better position than I am in, probably if I was to develop that myself. >> Right. >> So I think that will help me scale from a user support perspective and just workflow in general, service management perspective. >> So you might not be the product guru going forward, but the thing you know probably better than a lot of people under the 15,000 is how to get people to adopt a platform. I wonder if you can share some of your tips and tricks to fellow practitioners to convince the people to don't pick up the phone, you know, put it in the platform? >> Yeah, it's evangelism. You got to get out and educate people on what the platform's about. As a procurer of the platform, you know and ServiceNow is not a cheap solution, and nor should it be. I think you need to go and justify, I'm getting this platform and it's up to me to make sure that we're going to leverage those dollars as much as possible. So anything I buy I want to make sure we're leveraging it as much as we can within the organization. I'm also a firm believer, I understand that reality hits and it's not going to happen overnight. So how do you build a backlog and start really working through that? We do an agile process, we're doing releases every two weeks. We're trying to, I may take an opportunity in IT but then the next one I want to do is going to be in the business. Or it's going to be with security or it's going to be with HR. Trying to get winds across the spectrum instead of trying to take big projects. Big projects take time, you know, there's a lot of little things that I can do to whet their appetite, on boarding, off boarding, transfers, HR started to get familiar with ServiceNow and what it could o just in that space. That whet their appetite, then, to have a more serious discussion about case management, right, which we're still having. So I think trying to figure out how you can handle a backlog of smaller hit items to get winds, will allow you to get a little bit more credibility if you start looking at a more wholesale change to their entire business, which this would be, a wholesale change to their business. >> You have kind of this dual role of CTO and CIO. Over the last several years, so much has changed in information technology, cloud, infrastructures, code and now you're seeing containers explode, the whole sassification of softwares eating the world, obviously service management is playing a big part there. Now AI, the whole big data meme. How has the CIO role evolved and changed and how has that affected you? Particularly the CIO piece, and you know, the CTO piece as well, I guess. Technology's always there, the CTO has got to be following that. But the CIO role seems to be changing quite dramatically. >> I think each organization's a little different. The way I look at it is, and some organizations, and maybe it's just me, some people see a CIO as an operational guy or girl, and some of them see their CTO as going out and looking at new technology. The way I, and why I sort of have the title of the CTO is I never want to have a build and run type of organization. I don't want to have a marginalized CIO that's basically just keeping the lights running, maybe keeping enterprise systems up. We need to be innovative as an entire team and those assets that we build, the same people need to support them, because, man, they build much better assets if they have to support them, let me tell you. (laughing) I think the role is changing whether you use the term CTO, CIO, you know, who is that person that's going to help ensure that you're not only looking at new platforms but not, I don't want to just spend all my time looking at new platforms or looking at new innovations. And certainly want to be aware of the trends. What's the right time to look at that for your organization? Some would say you always need to be on top of all of that, and I don't need to be on top of every AI vendor or data analytics company. What I need to understand is within the context of our organization, our financial structure, where we are as a maturity as an organization, where are the tools right now that can really make a major lift? And sometimes those aren't the most recent platforms. Sometimes they aren't the gold-standard platforms, sometimes they're just grunt and hard work. So I think the role, I hope the role evolves into where somebody takes ownership of all that and it's not carved up. Now, I think there are, even in our organization, there's a place. We have a Chief Innovation Officer, who is staying on top of some of the front-end stuff dealing with our industry. And that's a fine model as well. But I don't like breaking up between operations and development work and innovation. I like to make sure that those are all in sync. I think that's where you don't get a lot of rogue IT, a lot of shadow IT, because ultimately somebody's got to support it, and we want to make sure that that support cost is as lean as possible. >> That's a great answer, steeped in accountability, Bart. It's always great having you on the Cube. Thanks so much for coming on. >> Thank you guys, it's a pleasure to see you. >> All right, good to see you. All right, keep it right there everybody, we'll be back with our next guest, this is the Cube live from Knowledge 17. Be right back. (upbeat music)

>> Voiceover: Live from the Mandalay Bay Convention Center in Las Vegas, it's theCUBE covering VMworld 2016, brought to you by VMware and its ecosystem sponsors. Now here's your host, John Furrier. >> Welcome back everyone. We're here live at VMworld 2016 here in Las Vegas. This is the seventh year of coverage for SiliconANGLE Media's theCUBE, it's our flagship program, we go out to the events and extract the signal from the noise. I'm John Furrier. My co-host John Troyer with TechReckoning. Our next guest is CUBE alumn, one of our favorite guests, Sanjay Poonen who runs the end user computing, he's the General Manager, End User Computing Division of VMware, and also Head of Global Marketing now. Congratulations. New job role to oversee all of marketing, to bring that unified view across the company. Good to see you again, welcome back. >> Thank you John, and the John and John Show. I'm happy, I always love being on your show. >> Yeah, we have another John Walls on the other set over there, so it's three Johns hosting here in theCUBE. >> My middle name is John, let me tell you that, so I fit in the community. >> So Sanjay I want to get right into it. So you're giving us a preview here, folks, for tomorrow, the Keynote, you're the main act kicking off the Keynote tomorrow. A lot of big announcements, a couple super secret announcements that you can't share but you've got some new stuff going on in terms of new announcements, in terms of enhancements and new technologies. So can you share a little bit about tomorrow's announcements and what we'd expect at the Keynote. >> Yeah, thank you. So for everybody watching, make sure you dial in at nine o'clock tomorrow. I mean, the reality is, a key part of this client server to mobile cloud transformation is preparing people for a public cloud, digitally transforming the datacenters and preparing for public cloud, that's what you heard today. And the second piece of that, it's almost like two halves of the egg shell, the bottom part being the datacenter, the top part is preparing end users for an increasingly mobile world. And there we have this concept of a digital workspace, Workspace ONE that we introduced, and we're going to announced some new innovations there which really allow you to bring three things together. >> New products or new enhancements? >> In today's day and age when you're going cloud first, we're moving so fast so we don't do things in one big whole. I mean, for example, with AirWatch, we're doing probably like one incremental big feature every five, ten days. So we are doing things a lot more in the pace of cloud type company. So we don't really bundle everything to one big release. But nonetheless, we really focus our efforts around three gears, we're going to hear about tomorrow, one is the entire basis of how people work is driven now by identity management, and access to apps and identity. So you're going to see that tomorrow. And identity management becomes the important piece of the puzzle that's a control point for people's access to apps. Secondly you're going to hear about unified endpoint management and the worlds of desktop and mobile coming together. A good example of that is Windows 10. I'm going to talk about that more tomorrow. And third is a very important area of management and security, and how we think about endpoint management and endpoint security 'coz security is becoming one of the key missing linchpins that we think we can actually bring together in this digital workspace. So Workspace ONE with key focuses on areas like management and security. >> So you've been kind of, we've been interviewing you now three years. Congratulations, now at VMware, came from SAP as an executive there, now three years in. We've been watching your career, the end user computing evolve. The big bold movement down the field was the AirWatch acquisition. We've then seen a variety of different integration points in there. Give us an update on where it's come from and where, now we see where it's going, you just laid that out, but what are some of the specifics on how it's evolving because now with the cloud decision for the company, to say, okay, public cloud is in our equation with that Pat's announcement today, you've been kind of waiting for that engine, you've been kind of like, hurry up and wait for that to happen. So that's now, it's happening. Take us through how AirWatch in this piece evolved. >> Yeah, when we acquired AirWatch, part of it was our fundamental recognition that without a mobile strategy, you could end user computing. That's the name of our group is end user computing. You could end it 'coz we really needed something. So we looked at the space and we wanted something that was cloud first. They were, I would say, a close number, two or three, Mobile Line, I think was technical lead or maybe Good was, but they had a cloud architecture. We liked that about them. And was about a hundred million-dollar business. We disclosed at the end of last year that business was over 370 million in all in bookings. So you could see how rapidly we've taken them, they're almost 4X in two years. And the overall end user computing business was about a half billion when I joined. We announced at the end of last year, was a 1.2 billion all in bookings run rate company. When I joined it was about 30,000 customers. We're now about 65,000 customers. So reality is, we're now one of the top major businesses within the company. There's a lot of momentum. And that's been, I think, one of the better software acquisitions anybody's done the last two or three years. >> And strategically speaking, the digital transformation framework is essentially around this digital workspace area. >> It came out of that mobile space. And the part that we are now starting to see with clearer lenses in the course of the last six to 12 months is that identity management becomes an important piece to add to VDI mobile management. So we've added a third pillar of focus. And we feel like CIOs shouldn't have to buy VDI from one set of vendors, mobile device management, mobile management from a second, and then identity management from a third. These are coalescing into a digital workspace. So a big focus there. And allows us to also expand into new areas, for example, Iot, we can talk about it this time, and areas like endpoint security. >> It seems like, talking about identity management, that to you is right out of your security story. It seems like identity then has to become the fundamental pillar of security of end users in today's enterprise. How does your security story play into-- >> Yeah that's a very good point John. And I would say you're absolutely right. When we are increasingly selling our end user computing solutions, we're finding a key influencing buyer is the CISO. 40% of people have come to our mobile connect conferences are important to the CISO. Identity is a security topic too. So if you pull up for a second, the VMware security story now is very simple. It's in three parts. Number one, we can protect the datacenter. NSX now, one of the key propositions is micro-segmentation. That's a security seller. Number two, we can protect the endpoint with solutions like AirWatch and TrustPoint, we can get to TrustPoint this time. And number three, we can protect the middle, the user. So protect the datacenter, protect the endpoint, and protect the middle, the user. And all of those make us a very strong story appealing to the CISO. And then we take a bevy of partners with us that have even stronger brands and security. For example, one of our lead partners is Palo Alto. We're working very closely with them in NSX. We're working very closely with them in AirWatch. We're working very closely with them in identity. Another example of partners, F5. So we picked the group of partners that have very strong brands and security. And we found things that we do well. We partner with them in things that they do well. It's a really good story to both the CIO and the CISO. >> So much of the cloud story, as well as the end user story, is also about timing. We've been waiting on public cloud. Pundits talk about the death of private cloud but they don't say what year really. And so a lot of the end user story kind of we had to wait on, VDI, we had to wait on the devices. How do you as a leader of this company look at timing and when the market is ready for something? >> Well, I mean John, I think you have to really look at trends. And I had a fundamental premise coming in that the two Cs, and I'll talk about this more on tomorrow's Keynote, that we really needed to attack with venom was cost and complexity in the VDI market. And part of the reason as I talked to customers that many VDI projects failed, were cost and complexity. So we took a chainsaw to cost and complexity. And it turns out with a lot of what we've invented in the software-defined datacenter, software-defined storage that we were among the first to drive, hyper converged infrastructure, NSX for micro-segmentation, the fundamental premise of this sphere and all that you can do in areas like 3D graphics, we could engineer a solution that was 30 to 40% cheaper than the competition from VDI and app promoting. Complexity. We decided that VDI and app promoting needed to be one platform as opposed to sort of a competition that had like a, two separate products for VDI and app promoting. So these all were things that lowered the total cost of ownership and made that easy. Similarly with mobile, the two S's we attack there was simplicity and security. And we've had some core, I would say, these are the type of things, as a leader, you have to keep telling your teams, is your north pole. We're attacking cost and complexity. Another example of cost and complexity is moving stuff to the cloud. Three years ago we were the first to announce desktop as a service. What was one of the messages this morning, IBM, now embracing that desktop as a service in their cloud, working with us both in IBM cloud and IBM GTS. It's come a long way in three years. >> So I got to ask you about the aspect of unification. We're hearing that tomorrow you're announcing a huge shift in how customers buy and that it ultimately will change the equation on their cost side which is eliminating these point solutions out there. This unification endpoint, I don't know what you're calling it, can you share, give a little bit of leg, as Dave Vellante would say, on this morning tomorrow on this announcement, this consolidation or unification. How should we think about this? >> I mean, I think, and hopefully it's not a surprise 'coz we've been building up this momentum as opposed to one big mega announcement. Workspace ONE is really the coming together of three core areas. VDI and everything related to the way in which we manage desktops and apps, mobile management, and identity management. And in each of those spaces, if you don't look at us, there are point vendors doing each of those. And our differentiation is one, it's unified, second, it's a cloud first solution, many cases the folks have not yet moved to the cloud, and then we extend the capabilities of things like Workspace ONE, optimized for our datacenter where it needs to, into new areas like, for example, security. So we think as you lay this out and then build a partnership ecosystem, with not just security vendors but apps vendors, we're going to have a very large apps vendor on stage with me tomorrow, for the first time on stage, so I'm not going to tell you who it is, but come tomorrow you'll hear that. >> Microsoft, SAP, Salesforce? >> You've got some obvious candidates but it's one of those folks. >> It is one of those folks? >> How many big ones left, right? Some of them have been buying everybody. >> We've got some scoop this year on theCUBE. >> But that's an example of where VMware is taking the lead at embracing an apps ecosystem. >> So I got to ask you, you're a student of history and text, so back in the old days, back in the 90s, when dial-up in internet, Office Connections, Radioservers was a buzzword, you'd have to dial up into a facility, and you have to be authenticated. Pretty straightforward back in the day. But now the authentication, if you will, is coming from endpoints that are, like, anything. Uber could be inside the enterprise and app. So this notion of endpoints is interesting. It's also complicated. So there's not only a security surface area, there's also a cost area to deploy these solutions. Is that the kind of what Workspace ONE does? I mean am I getting it right? Am I thinking it right as an access method? >> I think you've got one piece of it right and I think you're exactly right. In the world of mobile, my fingerprint now becomes, police know that that's unique usually-- >> So does Apple. >> Right. And my retina scan becomes it. So you've got very sophisticated phones, it doesn't have to be complicated ones, that can give you either the fingerprint or the retina scan. You'd have to physically cut my thumb off and pluck my eye. I dare you to do both of those to replicate me. So you can move away from a very-- >> That's two-factor authentication right there. >> Yes, multi-factor, right? So you can move away from tokens becoming your only avenue of multi-factor authentication. You can do things smoothly. But it doesn't end there. Endpoints security has to be re-thought to really work at speed and at scale, so that's why we partnered with this hot security company, you're going to see them also on display tomorrow, Tanium. And with them we built a product called TrustPoint. And we use it internally at VMware. In fact one of the things you're going to see in the demos I do tomorrow, there's going to be lots of demos in 25 minutes, of day of the life of how VMware uses technology both in Workspace ONE and endpoint security. Tanium's one of the hottest products that we internally use and we combine some of our IP with theirs, and created a product called TrustPoint in a Google-like interface. I can search to find all endpoints in the enterprise, what potential apps are running on them, what potential malware's on them, quarantine it and maybe even take action on them with some of the technologies we have from AirWatch. So we've combined the best of Tanium and VMware's technology and this is going to be a real hot solution for areas like Windows 10. >> And what's the uptake you're taking on traction given where you're business is going? You've got some good performance now. What's your expectation on uptake on some of these, this Workspace ONE and the end space? >> If you look at our success so far, I told them, when I joined the company, the business was about a half a billion. We announced the end of last year, it's on a 1.2 billion run rate. So we've effectively more than doubled the business, doubled the customer count. And I think that on our path from 1.2 to two billion over multiple number of years, these solutions are going to become very critical to our growth. Horizon in the desktop portfolio, AirWatch in the mobile portfolio, identity management, and TrustPoint. And when I talk to our sales guys, I say, "Listen, there's enough there to feed "a lot of potential customers," and when I look at our customer count, 65,000 customers, we're still about 9, 10% penetrated inside the overall VMware base. If we can double, triple our customer base, there's no reason why this couldn't be a multi-billion dollar business. >> Alright, so for CXOs whether that's CIOs, chief data officers, chief revenue officers, any CXO, chief security officers, CISOs, all that stuff, for they're watching out there and tomorrow's Keynote, how would you summarize if you have to boil out your point of view and your theme for tomorrow, and some of the key takeaways? >> Four words, consumer-simple, enterprise-secure. There's an element of simplicity that gives you all the productivity that you need with Workspace ONE and your end user world. And then there's a message of security that the IT wants. The users benefit from simplicity, IT benefits from security. Users benefit from choice, IT benefits from control. And you'll hear that very, hopefully, fairly clearly tomorrow. >> Sanjay, final question, your team, VMware, you've amassed quite a team, the performance have been great, when you go back to the ranch inside Palo Alto headquarters and throughout the world, what's your marching orders to the team? What's the guiding principle that you put forth with respect to keeping the pace of innovation to match up the cadence of what's expected, not only by potentially your customers, but also your potential partners and competitors? >> First off, I'm a big believer in serve and leadership. So you have to lead by values that replicate, there's no success without successors, so I'm a hound for talent, I'm always looking for ways by which, just like the warriors, we create the best end user computing team bar none, and I think we've been very fortunate to create that team in every area. There's more talent that we should be hiring. I hear about them and we go recruit them. But once we've got a good team, we keep them focused on the mission. I mean obviously we have a revenue growth goal, and at the core of it, beyond just selling things, we want to make the customers successful. So we keep customer as our north pole. Customer satisfaction for VMware has been the highest of any IT vendor. When you look at many of these, Temkin research does a survey of customer satisfaction, we're among the top five, almost consistently the last few years. And then we make sure that in the products that we build, customer first, serve and leadership at the top, customer-focused, and we are building products, I mean we're an engineering-centric company so we want to build the best products that have a leap factor over the competition. >> So the warriors have a style of play-outs. You have Steph Curry who's just, lights up. But they're not afraid to shoot the three. They're good on transition, great speed. What is your differentiation as an organization? What's that x factor? What's the one thing you can point to? >> I mean, I think, listen, we were probably a little bit lethargic in end user computing. John was joking about this before we just had the show. We want to build great factors and we're a little bit edgy. I mean I've been called everything on Twitter from the Nostradamus of EUC to all kinds of, but we're aggressive, but I will tell you that if people watch me in Twitter, it's never, in the words of The Godfather, it's never personal. It's strictly business. So we have fun. We're a little edgy out there. We're in your face, we want to compete, we want to win every deal but it's never personal. I mean it's just like Steph Curry. You're going to compete hard on the court, but after the game, you go and have a drink with Kobe Bryant or Lebron James or whoever-have-you. >> Well final question, I didn't get this 'coz it's such a good product conversation and organization with your group, now you're heading up marketing, as the VMware, a very community-driven, very data-driven company, thoughts on marketing, you have it on social media, do you see social as being a part of marketing? Do you look at that? Do you look at certain ideas that you see that you put forth? >> First off I think Robin Matlock, our CMO has been doing an amazing job, so I told her this as I took over marketing and communications. Oliver Roll, our Chief Communications Officer is also doing great. Listen, I'm just going to throw more wood in the fire. Things are going good. Let's just get them from good to great. This show is one of the most cultistic shows on the planet because of the way in which she and her team have built this thing. It just gets better and better. But there's a few things I think you're going to see us do more. Customer-based marketing, having customers become our spokespeople. I dream of a day where every ad that we have is the biggest companies in the world or the smallest companies using our technology to either make their business more efficient or save lives. And then increasingly over time, we're going to be also doing vertical-based marketing in certain industries. And social media is a great way of getting that work across. >> We'll you've been on theCUBE as an SAP executive, now three years at VMware, certainly this is seven years you've been with CUBE and you guys do it right, so Robin and team and now you. Thanks for your support, appreciate everything. >> Thank you John and John. >> Sanjay Poonen, the General Manager, End Use Computing, and Global Head of Marketing for VMware here inside theCUBE. I'm John Furrier with John Troyer. You're watching theCUBE. (upbeat music)