>> From theCUBE Studios in Palo Alto and Boston bringing you data driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> After a two year hiatus, AWS re:Inforce is back on as an in-person event in Boston next week. Like the All-Star break in baseball, re:Inforce gives us an opportunity to evaluate the cyber security market overall, the state of cloud security and cross cloud security and more specifically what AWS is up to in the sector. Welcome to this week's Wikibon cube insights powered by ETR. In this Breaking Analysis we'll share our view of what's changed since our last cyber update in May. We'll look at the macro environment, how it's impacting cyber security plays in the market, what the ETR data tells us and what to expect at next week's AWS re:Inforce. We start this week with a checkpoint from Breaking Analysis contributor and stock trader Chip Simonton. We asked for his assessment of the market generally in cyber stocks specifically. So we'll summarize right here. We've kind of moved on from a narrative of the sky is falling to one where the glass is half empty you know, and before today's big selloff it was looking more and more like glass half full. The SNAP miss has dragged down many of the big names that comprise the major indices. You know, earning season as always brings heightened interest and this time we're seeing many cross currents. It starts as usual with the banks and the money centers. With the exception of JP Morgan the numbers were pretty good according to Simonton. Investment banks were not so great with Morgan and Goldman missing estimates but in general, pretty positive outlooks. But the market also shrugged off IBM's growth. And of course, social media because of SNAP is getting hammered today. The question is no longer recession or not but rather how deep the recession will be. And today's PMI data was the weakest since the start of the pandemic. Bond yields continue to weaken and there's a growing consensus that Fed tightening may be over after September as commodity prices weaken. Now gas prices of course are still high but they've come down. Tesla, Nokia and AT&T all indicated that supply issues were getting better which is also going to help with inflation. So it's no shock that the NASDAQ has done pretty well as beaten down as tech stocks started to look oversold you know, despite today's sell off. But AT&T and Verizon, they blamed their misses in part on people not paying their bills on time. SNAP's huge miss even after guiding lower and then refusing to offer future guidance took that stock down nearly 40% today and other social media stocks are off on sympathy. Meta and Google were off, you know, over 7% at midday. I think at one point hit 14% down and Google, Meta and Twitter have all said they're freezing new hires. So we're starting to see according to Simonton for the first time in a long time, the lower income, younger generation really feeling the pinch of inflation. Along of course with struggling families that have to choose food and shelter over discretionary spend. Now back to the NASDAQ for a moment. As we've been reporting back in mid-June and NASDAQ was off nearly 33% year to date and has since rallied. It's now down about 25% year to date as of midday today. But as I say, it had been, you know much deeper back in early June. But it's broken that downward trend that we talked about where the highs are actually lower and the lows are lower. That's started to change for now anyway. We'll see if it holds. But chip stocks, software stocks, and of course the cyber names have broken those down trends and have been trading above their 50 day moving averages for the first time in around four months. And again, according to Simonton, we'll see if that holds. If it does, that's a positive sign. Now remember on June 24th, we recorded a Breaking Analysis and talked about Qualcomm trading at a 12 X multiple with an implied 15% growth rate. On that day the stock was 124 and it surpassed 155 earlier this month. That was a really good call by Simonton. So looking at some of the cyber players here SailPoint is of course the anomaly with the Thoma Bravo 7 billion acquisition of the company holding that stock up. But the Bug ETF of basket of cyber stocks has definitely improved. When we last reported on cyber in May, CrowdStrike was off 23% year to date. It's now off 4%. Palo Alto has held steadily. Okta is still underperforming its peers as it works through the fallout from the breach and the ingestion of its Auth0 acquisition. Meanwhile, Zscaler and SentinelOne, those high flyers are still well off year to date, with Ping Identity and CyberArk not getting hit as hard as their valuations hadn't run up as much. But virtually all these tech stocks generally in cyber issues specifically, they've been breaking their down trend. So it will now come down to earnings guidance in the coming months. But the SNAP reaction is quite stunning. I mean, the environment is slowing, we know that. Ad spending gets cut in that type of market, we know that too. So it shouldn't be a huge surprise to anyone but as Chip Simonton says, this shows that sellers are still in control here. So it's going to take a little while to work through that despite the positive signs that we're seeing. Okay. We also turned to our friend Eric Bradley from ETR who follows these markets quite closely. He frequently interviews CISOs on his program, on his round tables. So we asked to get his take and here's what ETR is saying. Again, as we've reported while CIOs and IT buyers have tempered spending expectations since December and early January when they called for an 8% plus spending growth, they're still expecting a six to seven percent uptick in spend this year. So that's pretty good. Security remains the number one priority and also is the highest ranked sector in the ETR data set when you measure in terms of pervasiveness in the study. Within security endpoint detection and extended detection and response along with identity and privileged account management are the sub-sectors with the most spending velocity. And when you exclude Microsoft which is just dominant across the board in so many sectors, CrowdStrike has taken over the number one spot in terms of spending momentum in ETR surveys with CyberArk and Tanium showing very strong as well. Okta has seen a big dropoff in net score from 54% last survey to 45% in July as customers maybe put a pause on new Okta adoptions. That clearly shows in the survey. We'll talk about that in a moment. Look Okta still elevated in terms of spending momentum, but it doesn't have the dominant leadership position it once held in spend velocity. Year on year, according to ETR, Tenable and Elastic are seeing the biggest jumps in spending momentum, with SailPoint, Tanium, Veronis, CrowdStrike and Zscaler seeing the biggest jump in new adoptions since the last survey. Now on the downside, SonicWall, Symantec, Trellic which is McAfee, Barracuda and TrendMicro are seeing the highest percentage of defections and replacements. Let's take a deeper look at what the ETR data tells us about the cybersecurity space. This is a popular view that we like to share with net score or spending momentum on the Y axis and overlap or pervasiveness in the data on the X axis. It's a measure of presence in the data set we used to call it market share. With the data, the dot positions, you see that little inserted table, that's how the dots are plotted. And it's important to note that this data is filtered for firms with at least 100 Ns in the survey. That's why some of the other ones that we mentioned might have dropped off. The red dotted line at 40% that indicates highly elevated spending momentum and there are several firms above that mark including of course, Microsoft, which is literally off the charts in both dimensions in the upper right. It's quite incredible actually. But for the rest of the pack, CrowdStrike has now taken back its number one net score position in the ETR survey. And CyberArk and Okta and Zscaler, CloudFlare and Auth0 now Okta through the acquisition, are all above the 40% mark. You can stare at the data at your leisure but I'll just point out, make three quick points. First Palo Alto continues to impress and as steady as she goes. Two, it's a very crowded market still and it's complicated space. And three there's lots of spending in different pockets. This market has too many tools and will continue to consolidate. Now I'd like to drill into a couple of firms net scores and pick out some of the pure plays that are leading the way. This series of charts shows the net score or spending velocity or granularity for Okta, CrowdStrike, Zscaler and CyberArk. Four of the top pure plays in the ETR survey that also have over a hundred responses. Now the colors represent the following. Bright red is defections. We're leaving the platform. The pink is we're spending less, meaning we're spending 6% or worse. The gray is flat spend plus or minus 5%. The forest green is spending more, i.e, 6% or more and the lime green is we're adding the platform new. That red dotted line at the 40% net score mark is the same elevated level that we like to talk about. All four are above that target. Now that blue line you see there is net score. The yellow line is pervasiveness in the data. The data shown in each bar goes back 10 surveys all the way back to January 2020. First I want to call out that all four again are seeing down trends in spending momentum with the whole market. That's that blue line. They're seeing that this quarter, again, the market is off overall. Everybody is kind of seeing that down trend for the most part. Very few exceptions. Okta is being hurt by fewer new additions which is why we highlighted in red, that red dotted area, that square that we put there in the upper right of that Okta bar. That lime green, new ads are off as well. And the gray for Okta, flat spending is noticeably up. So it feels like people are pausing a bit and taking a breather for Okta. And as we said earlier, perhaps with the breach earlier this year and the ingestion of Auth0 acquisition the company is seeing some friction in its business. Now, having said that, you can see Okta's yellow line or presence in the data set, continues to grow. So it's a good proxy from market presence. So Okta remains a leader in identity. So again, I'll let you stare at the data if you want at your leisure, but despite some concerns on declining momentum, notice this very little red at these companies when it comes to the ETR survey data. Now one more data slide which brings us to our four star cyber firms. We started a tradition a few years ago where we sorted the ETR data by net score. That's the left hand side of this graphic. And we sorted by shared end or presence in the data set. That's the right hand side. And again, we filtered by companies with at least 100 N and oh, by the way we've excluded Microsoft just to level the playing field. The red dotted line signifies the top 10. If a company cracks the top 10 in both spending momentum and presence, we give them four stars. So Palo Alto, CrowdStrike, Okta, Fortinet and Zscaler all made the cut this time. Now, as we pointed out in May if you combined Auth0 with Okta, they jumped to the number two on the right hand chart in terms of presence. And they would lead the pure plays there although it would bring down Okta's net score somewhat, as you can see, Auth0's net score is lower than Okta's. So when you combine them it would drag that down a little bit but it would give them bigger presence in the data set. Now, the other point we'll make is that Proofpoint and Splunk both dropped off the four star list this time as they both saw marked declines in net score or spending velocity. They both got four stars last quarter. Okay. We're going to close on what to expect at re:Inforce this coming week. Re:Inforce, if you don't know, is AWS's security event. They first held it in Boston back in 2019. It's dedicated to cloud security. The past two years has been virtual and they announced that reinvent that it would take place in Houston in June, which everybody said, that's crazy. Who wants to go to Houston in June and turns out nobody did so they postponed the event, thankfully. And so now they're back in Boston, starting on Monday. Not that it's going to be much cooler in Boston. Anyway, Steven Schmidt had been the face of AWS security at all these previous events as the Chief Information Security Officer. Now he's dropped the I from his title and is now the Chief Security Officer at Amazon. So he went with Jesse to the mothership. Presumably he dropped the I because he deals with physical security now too, like at the warehouses. Not that he didn't have to worry about physical security at the AWS data centers. I don't know. Anyway, he and CJ Moses who is now the new CISO at AWS will be keynoting along with some others including MongoDB's Chief Information Security Officer. So that should be interesting. Now, if you've been following AWS you'll know they like to break things down into, you know, a couple of security categories. Identity, detection and response, data protection slash privacy slash GRC which is governance, risk and compliance, and we would expect a lot more talk this year on container security. So you're going to hear also product updates and they like to talk about how they're adding value to services and try to help, they try to help customers understand how to apply services. Things like GuardDuty, which is their threat detection that has machine learning in it. They'll talk about Security Hub, which centralizes views and alerts and automates security checks. They have a service called Detective which does root cause analysis, and they have tools to mitigate denial of service attacks. And they'll talk about security in Nitro which isolates a lot of the hardware resources. This whole idea of, you know, confidential computing which is, you know, AWS will point out it's kind of become a buzzword. They take it really seriously. I think others do as well, like Arm. We've talked about that on previous Breaking Analysis. And again, you're going to hear something on container security because it's the hottest thing going right now and because AWS really still serves developers and really that's what they're trying to do. They're trying to enable developers to design security in but you're also going to hear a lot of best practice advice from AWS i.e, they'll share the AWS dogfooding playbooks with you for their own security practices. AWS like all good security practitioners, understand that the keys to a successful security strategy and implementation don't start with the technology, rather they're about the methods and practices that you apply to solve security threats and a top to bottom cultural approach to security awareness, designing security into systems, that's really where the developers come in, and training for continuous improvements. So you're going to get heavy doses of really strong best practices and guidance and you know, some good preaching. You're also going to hear and see a lot of partners. They'll be very visible at re:Inforce. AWS is all about ecosystem enablement and AWS is going to host close to a hundred security partners at the event. This is key because AWS doesn't do it all. Interestingly, they don't even show up in the ETR security taxonomy, right? They just sort of imply that it's built in there even though they have a lot of security tooling. So they have to apply the shared responsibility model not only with customers but partners as well. They need an ecosystem to fill gaps and provide deeper problem solving with more mature and deeper security tooling. And you're going to hear a lot of positivity around how great cloud security is and how it can be done well. But the truth is this stuff is still incredibly complicated and challenging for CISOs and practitioners who are understaffed when it comes to top talent. Now, finally, theCUBE will be at re:Inforce in force. John Furry and I will be hosting two days of broadcast so please do stop by if you're in Boston and say hello. We'll have a little chat, we'll share some data and we'll share our overall impressions of the event, the market, what we're seeing, what we're learning, what we're worried about in this dynamic space. Okay. That's it for today. Thanks for watching. Thanks to Alex Myerson, who is on production and manages the podcast. Kristin Martin and Cheryl Knight, they helped get the word out on social and in our newsletters and Rob Hoff is our Editor in Chief over at siliconangle.com. You did some great editing. Thank you all. Remember all these episodes they're available, this podcast. Wherever you listen, all you do is search Breaking Analysis podcast. I publish each week on wikibon.com and siliconangle.com. You can get in touch with me by emailing avid.vellante@siliconangle.com or DM me @dvellante, or comment on my LinkedIn post and please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching and we'll see you in Boston next week if you're there or next time on Breaking Analysis (soft music)

>> Live from Las Vegas, it's theCUBE covering VMworld 2018. Brought to you by VMware and it's ecosystem partners. >> Hey, welcome back everyone, we are live here in the broadcast booth presented by theCUBE. I'm John Furrier co-host with Dave Vellante. VMworld 2018, day three of three days of wall-to-wall coverage. Our 9th year covering VMworld and the VMware ecosystem. It's great to have on theCUBE Tom Corn, who's the Senior Vice President, General Manager of the Security Products from VMware. Welcome to theCUBE, good to see you. >> Thank you! >> We were just bantering before we came on that you are part of building AppDefense, one-year-old product. >> Yes, yeah. >> You're in the nerd nation, if you will. >> (chuckles) Yes. (laughter) >> We say that with all due respect, Tom. >> I take it. >> I had to stay for Stanford since the football opening day is Friday, so we'll be tailgating at Stanford, but Palo Alto VMware, tons of technology in VMware, we covered the radio event, which was first opened to the press this year, we were there. Security's number one. Pat Gelsinger has said on theCUBE so many times, even four years ago, he said security's a do-over. But it's more than a do-over, it's central to how the Cloud and on-premises are working. >> Yes. >> Hybrid Cloud validated by Andy Jassy this week. >> Yes. >> With RDS on VMware on premises, pretty major industry milestone there. You're in the middle of the security leading the team. What's the update for VMware, still pumping on all cylinders? >> Uh, I think this is actually, we're making some of the biggest strides forward in security right now. I think there is such a huge opportunity to not make the mistakes we made in the past, and start with a clean slate, do security the way it really, ultimately, makes sense. At the end of the day, we're really not trying to protect servers or networks, we're trying to protect data and applications. And being able to see things through, look at the infrastructure through the lens of the application, the lens of the data, and align security to that, is a huge opportunity to fundamentally make Cloud more secure than a traditional, sort of physical environment. >> So, we, I got a stat from TrendMicro, just came by theCUBE today on the briefing, they said one in six dollars are being spent outside the organization and buying other SAAS platforms. Cloud certainly, with Shadow IT has caused that. Whether it's DropBox, ADS-Bih instances, just stuff flying up there opening up, potential vulnerabilities. Virtual networking is clearly a part of the architecture with virtual machines. So security is really under a lot of pressure, and Micro Segmentation seems to be a hot topic. This is driving a lot of new value as the architecture shifts to Hybrid Cloud, which is such a Cloud Operations. >> Yeah. >> Infosec teams, Net Ops, are all working together now, but it seems more confusing than ever. Can you clarify how companies are organizing around the Cloud, Hybrid Cloud operating model in Multi-Cloud with security? >> Yeah, so, first it's important to understand the central idea behind micro-segmentation is to provide a mechanism to compartmentalize all the elements that compose an application, a regulatory scope, so that if one thing falls, everything doesn't fall, right? The reality is a perimeter of a data center is so porous in so many dimensions that you cannot, your security strategy can't be predicated on anything inside my data center is just fundamentally secure. I think we live in a state of compromise. Deal with it, right? And so, the notion of compartmentalizing an application allows for a limited lateral movement of attacks. It also provides a policy boundary to say, you know, I can place controls on the boundaries of an application and that boundary may not exist in the physical world, but it does in the virtual world. You know, the best analogy I came up with for this is imagine you had an entire company in a skyscraper, now all the employees were in that skyscraper. You could put guards in the front door of that building, and the instructions for them on who gets in and who gets out, or what looks weird in the lobby, pretty straightforward, okay? Now take the employees and spread them out into parts of floors of different buildings all over the city, fill the building that you had with employees from lots of different companies, now there's a bank, a TGI Friday's, a bowling alley, and the FBI. Now tell those guards what looks weird in the lobby. Like, now tell those guards who should get in. Now, suddenly, it gets really confusing, and the ability to say I want to create a virtual skyscraper that will put all the employees in one place, that's the idea behind micro-segmentation. >> Tom, you talked about the Cloud, the potential for the Cloud to be more secure than the traditional environment. In June, John and I were at the public sector summit, and we heard the CEO of the CIA say Cloud, on our worst day, from a security standpoint, is better than my client server. 'Cos the first time I'd heard client server in about ten years, but nonetheless, >> (laughs) That's the government. >> So, (laughs) my question for you is, in terms of, so his implication was, it's already there. What has to be done to bring that level of security to that hybrid world? >> Yeah. First, I would be careful with that statement. I think we are probably right for the average company, the way a Cloud provider would secure the infrastructure on down, is actually very solid. The application's your problem. The data that's running on it is your problem. And that's not quite the same thing, there's a different set of things about what can get access, how that's isolated for other things. So-- >> Let me make sure I understand that. So you're saying, the infrastructure check, but that's not the story. >> And what's above the operating system, my applications, and how data's flowing on that, and there's no good excuse that oh, it was running on such and such infrastructures or service, it's not my problem. It's still the company's problem, right? >> Right. >> So a lot of the basic things of access control, alignment of controls, policy, those are still, ultimately, in the hands of the customer. Now, I do agree that the opportunity is to make the simpler, less misalignment, less misconfigurations, those are tremendous opportunities of the Cloud. >> But there's some conventional wisdom in the industry that says, you know what, it's a fait accompli you're going to get hacked, so it's all about how you respond. I'm inferring from you that no, that's not the case, that you could actually protect the data if you take an application view. >> Yeah. >> Of course, response is important. >> Yeah, but I feel like there's no perfect solution. I guess maybe the best way to think of security is as a risk management exercise. You're going to spend whatever you're going to spend. The question is, are you spreading that like peanut butter on a bunch of stuff, or are you investing your time, money, and capital in the things that would have the most material reduction in risk? There's a wonderful framework that Gartner came up with that I liked that, and Neil Macdonald from Gartner came up with it, which is the, he calls it the Cloud Workload Protection Framework. He's stack ranked all the things you could do to protect the workload, in order of how much risk it gets rid of. The things at the bottom, the big risks, patching, segmentation, application control, protect the memory, encryption, those are all things that have to do with reducing attack surface as opposed to finding the attack of the day. The stuff at the top, you know, antivirus running for a server inside the data server behind all these walls, it's not, it's marginal residual risk, so the focus of VMware, in the security realm, has been we can not only bake security in, so you're not adding boxes, you're not managing agents. More importantly, we're in this unique position to understand where things are supposed to be. You know, for example, the AppDefense product that we launched last year, you mentioned, and we have a bunch of new stuff here, we're leveraging the hypervisor itself to understand the intention of the applications you loaded on it, and then use the hypervisor to say that's all it can do, nothing else. It flips the model completely from saying I'm going to try to find bad things to I'm going to really understand what good it's supposed to be, and that's all that's allowed. >> So you're narrowing the scope with policy, bascially? >> 100%. >> I mean, so this comes up with IOT, I heard a guy saying these light bulbs that are WiFi-enabled have full, multi-process threads, we don't need it, it's a light bulb. It needs to go on and off, so by bounding, by bounding the apps, that's what you're saying. >> That's exactly right. >> Using virtualization mechanisms to do that. >> Exactly right. We've never used it for this before, but the hypervisor kernel does a bunch of pretty amazing things, we just. It can see what's running, it can see what you provisioned in the first place, it can do that without adding an agent, it can do that in a way that can't be turned off, without a lot of overheard, and it can do almost anything in response. So the central idea behind AppDefense was, let's use it, it will tell you what all your VM's are for, now you have an application view that says here are the applications in your infrastructure divided into services, divided into machines, here's what they're supposed to be, tell us what you want to have happen if what's running doesn't match what you intended. That's it. >> Well, technology's perfectly positioned with that. And Pat was mentioning NSX, and I want to ask about that in a second about NSX. >> Yes. >> But I want to put you on the spot and ask the question that comes up all the time. Two factors in security that's hard to get your arms around. >> Yeah. >> One is, patching. Which, you said, you don't patch stuff, so you don't patch up the whole surface area. Two, social engineering. 'Cos you've got human error whether you pass or not, did I configure the bounding properly, that's a human error, batching, I call human error and social engineering. Those are two factors that are still prevalent in security. >> Absolutely. >> Your thoughts on that? >> Well, you can't patch humans, so that is all weak, and then the thing that we can really advance there is to move increasingly to automation, and do things that, candidly, humans probably aren't the best at doing that, but you can't just automate, old, unreliable processes, that just makes them faster, it doesn't necessarily make them better. >> Yeah. >> I think that the key to a lot of this is, >> Automating a bad process still makes it a bad process. >> Yeah, it's just faster. (chuckles) It's more efficient. >> (chuckles) An efficiently bad process. >> Exactly, exactly right. So, you know, I think a lot of the automation and ability to compartmentalize things and, candidly, a lot of the policies, whether it's for patching, etc, when thought of through the lens of an application as opposed to like, what's our policy for patching the patient care system, how often? Is my patient care system unpatched, is different from saying I've got thousands of machines, and some of them are patched and some of them are not, how do I prioritize which ones I should get. It really does, not only simplify things, but align things to a business outcome, which really, it goes back to a risk management decision a business has. >> Ransomware is a great example to your point earlier, I think you said that off-camera as well, is that, you know, you don't want to attack the same treadmill of problems. So ransomware, one guy said that on theCUBE here at another event said that, ransomware's easy, just patch them back up and you're good. >> Yeah. >> That sounds simple, doesn't it? >> Yeah. It-- >> Surface area, patch it, back it up. >> Yeah. Sometimes there's reasons why the patch, that people just don't roll out the updates to an absolute critical server on the trading floor, sometimes they have challenges. But, you know, interesting enough, yesterday we were showing, we had a live, we did a live attack on stage with Petya, with a live strain or ransomware, throwing it against the machine, we showed why it worked, and we were just using AppDefense to say, all right, let's assume you didn't patch it, AppDefense is going to make sure that application can't do anything you didn't intend it to do, the ransomware doesn't work. And it's not because we understand what malware you had there, it's because the malware, to work, has to change. >> I'm thinking about security strategies in general for organizations. You know, given that credential theft is still such a huge problem, are the things that you can do with analytics, because you may have visibility on certain parts from the infrastructure standpoint, that you can do to maybe not stop credential theft, that's bad human behavior, but to identify some anomalous behavior. What's happening with analytics, and what role, if any, does VMware play? >> Yeah, so, again, the central theme, I suppose, is summed up as, we're trying to say, here's your applications and data, what is intended? On the network with NSX, on the compute stack with AppDefense, Workspace One is trying to address that from a user and a device perspective. And the questions one asks for what your discussing is, is this who they say they are, are they on the list of invites, and are they on a trusted device? And those were traditionally silo decisions, separately. And what we're saying is, it's about answering those things in concert that allow us to spot the stuff that doesn't make sense. It's the ability to answer them in concert that allows you to make that less intrusive into the daily activities of the users. So the work that's happening on Workspace One Intelligence to do analytics looking at the device and how the device is behaving, the user, and how the user is, what indication, what risk do we see? This may not be the person or the risk that they're working from a device I might not trust even if I trust who it is. Either of those might tip me off to say, you know what, I might want to limit what they have access to, or this is the place I need to look at first. Again, I think that starts to clarify and put things in context. >> We were talking off-camera about the infosec team and the IT team, and often they're in silos and not talking to each other. What's the right regime, in terms of what you see in the marketplace, of best practice to approach this problem? >> It sort of depends on the size and scope. But the infosec team, often lead by the Chief Security Officer, often, in most organizations that I deal with, own the security operation center, security architecture, and governs it's risk and compliance. They're mostly looking at setting overall policy, and seeing when things are breaking down, and reacting to it. But as you point out, there's a lot of security happening in the infrastructure teams, whether it's firewalling, segmentation, locking down the computer stack, even things like AV running by end user services teams. They're looking to set policy, and things that are getting in the data path, that are about locking things down, and they need to collaborate. They need to, to be effective, they need to each know their roles and operate from a single source of truth, and that's where it's breaking down. In fact, I would take it a step further. The other group that needs to be part of this conversation is the application team. And as we move to Dev Ops, and the applications change very rapidly, it's going to be increasingly important that they collaborate, and not ignore each other as silos. >> Mm-hmm. >> I want to ask you, I know we've got one more question left, but, I want to get out there. You mentioned adaptive segmentation is an extension of where micro-segmentation is going. A lot of buzz here at VMworld on micro-segmentation. What is adaptive segmentation? >> So it's really the next logical evolution. Which is, we've taken some of the technology that we've built with AppDefense, that can figure out and map out the applications. Now we have manifests that say what these things are for, and we know the patient care system is actually all these machines and how they interact. It's basically saying, why don't we have the system program the micro-segment, and do it in an automated way? Now you have a micro-segment that is automatically and perfectly aligned driven from the application itself. And the other beauty is, the adaptive portion, which says, if the application changes, that's pushed down through puppet or chef or it's, or something is modified through patching, to have the system to be smart enough to see that's an update, and that automatically changed the actual segment, and lock the network and compute down. That's what we're doing there. >> What is the impact to the customer? And what is the impact of that? >> It's simpler. Much faster time to actually go in. It's simpler, and it's a much more accurate representation of the application. You lock things down both from lateral and direct attacks, so it's a big deal. >> Okay, final, final question. I always like to get the final question in here. Tom, tell us about a prediction for 2019. Next year VMworld, what are we going to be talking about? What are going to be the security issues on the table? More of the same, rinse and repeat issues? What is your prediction for 2019 in the security world? Well, you know what, I think security's going to get more complicated before it gets simpler. I think we're on the right path, but there are so many moving parts. I think, one thing, I don't think you're going to start seeing people increasingly open to security being delivered as SAAS. Because there's too many benefits of machine learning across populations of users. I think we're going to start to see security models that are, to fool one of us you've got to fool all of us. I think those are the kinds of things that are going to be the needle mover. >> Sounds a great service, security's a service, theCUBE is a service bringing these three days of wall-to-wall coverage, we'll be back with more on day three coverage. I'm John, for Dave, stay with us for more after this short break.