>> From the Aria Resort in Las Vegas, it's theCUBE. Covering AWS marketplace. Brought to you by Amazon Web Services. >> Hey, welcome back everybody, Jeff Frick here with theCUBE. We are kicking off three crazy days at AWS re:Invent. It is the place to be the week after Thanksgiving. There's got to be 50,000 people, we haven't got the official word, but it's packed and it kicks off tonight with a reception. We're here at the AWS Marketplace and Service Catalog Experience over at the Aria, in the quad, come check us out. A lot of good stuff going on. A lot of fun stuff going on. And we're excited to have first time to theCUBE, he's Nathan Dyer, Senior Product Manager for Tenable. Great to see you. >> Jeff, great to be here. Thanks for having me. >> Yeah, have the energy the opened the doors the people are streaming in. >> I don't know if it's the food or the drinks or the vendors. >> All of the above. Probably more the food and the drinks. All right. So give us an overview of Tenable for people who aren't familiar with the company. >> Yeah, so Tenable, we are the cyber exposure company. We help organizations assess, manage, and measure their cyber risk across their entire organization, across their monitored tax surface. And so what we try to do is help answer four fundamental questions around security. How exposed are we? How do we prioritize based on risk, how are we doing over time from a measurement standpoint, and then how do we compare with our peers? And so, if you haven't heard of Tenable, chances are you've heard of Nessus, which is one of our flagship brands. Nessus just turned 20 years young earlier this year. If you're pen tester, if you're a consultant if you're a practitioner, you know Nessus. But over the years we've added some other brands as well. Security Center which is now renamed Tenable.sc which is our On-Prem vulnerability management solution. And then tenable.io which was released in 2017 which is our cloud based vulnerability management solution and built on AWS. >> Right. So I was doing some research, I love your guys' little mantra here, it's security for code, for clouds and containers. You got all the C's there. The containers, you know, what's going on with Docker over the last couple of years and now obviously the huge groundswell with Kubernetes, you know this container thing, depending on who you talk to has been around for a long time but it certainly didn't have the momentum. How's the kind of the growth of the container world impacted the securities base? >> Oh, it's massive. Containers are everywhere. In fact there's a strong affinity to cloud and containers. So a lot of our large AWS customers love containers. They've been dabbling with containers for quite some time. They're moving more and more workloads to be containerized and on Kubernetes, Dockers, et cetera. From a securities standpoint that introduces a lot of challenges, right. They're short lived life cycles of docker containers make it very hard for us in security to assess or discover them. They're part of the whole immutable infrastructure phenomenon, so you can't patch it in production, right. Infrastructure is code. You have to tear down the container, fix the image and then redeploy. So from our perspective, we think you have to secure containers by focusing on the container image. Specifically as developers are spinning up new code, compiling new builds, creating new container images, is it running quality assurance checks? Security has to be a critical part of that quality assurance process. As you're doing integration tests, unit testing, API testing, security has to be a critical test looking for vulnerabilities and malwares is part of that process. >> But the rate of change in those images is pretty high. I mean, the rate of deployments is super high, but like you said a lot of them have short life spans, they're up or they're down. So, have people baked that in to their process? I mean, obviously, I hope they are. Or how are you helping them to make sure that security is a really key piece to that image. Because once that image goes out it has access to all kinds of things. >> So, the new news with containers, and then by focusing on the image it forces security teams to talk to their development peers. In order to secure DevOps and secure containers, security has to be embedded into continuous integration, into continuous delivery cycles or systems. And if you're focusing on development, you have a much greater chance of making sure that vulnerable container images are not escaping into the wild. And you guys should get a hold of those vulnerable images and make sure they adhere to policies before they're released into production. So that's the new news. >> Well, it's funny because you reference the DevOps. 'Cause DevOps has now been around for a while and clearly is the way the code gets deployed in a very rapid iteration. So they're some significant lessons from the DevOps security angle that you're now using then on the container side. Yeah, well first thing with secure DevOps and Devops in general, is that you have to get the developers and security teams to talk. You have to have a shared understanding of what makes each other tick. What are the goals, what are the responsibilities, priorities, understand each other and it turns out there's actually a lot of shared understanding and mutual benefit between infosec and application developments. When security is focused on solving for vulnerabilities and looking for security issues, that's improving code quality. That's removing some of the software defects from the development code and developers love that. They love producing high quality code. On the flip side, security teams can learn a lot about agile development. DevOps principles. Bringing DevOps into the security discipline, and help security teams start to leverage automation and continuous testing, continuous delivery, and make them much more scalable and productive in their organizations. So there's a lot of mutual of understanding there. >> Right. So I'd imagine there's a lot of, kind of similarities between classic waterfall and the moat, versus now kind of the DevOps and the continuous and ongoing constant process. >> That's exactly right. >> Yeah. So we're here at the AWS Marketplace. So you guys are selling through the marketplace, how has that been for the company? How has the experience been working with the AWS marketplace team? >> Oh, it's been great. I mean, Amazon is a great partner to work with. Tenable.io which is our cloud based vulnerability management solution is built on Amazon. We have a great relationship with Amazon engineers. Now for the marketplace, we've been selling Nessus for quite some time through the marketplace. So if you're a Nessus subscriber, if you're a tenable.io or securities center or tenable.sc subscriber, you get access to unlimited Nessus scanners and you can provision them very easily through the marketplace. It's super easy. Just recently, we now unveiled tenable.io through the marketplace and so far it's been a great success. Now customers who prefer to buy through Amazon marketplace AWS marketplace, can do so with a couple of clicks and be provisioned and get up and running with tenable.io. It's super easy, you can learn about the product. Kick the tires with a free evaluation, and really provision the product very simply. >> Yeah, I would imagine the touch from your guys side goes down significantly when they're just coming right through the marketplace. >> Exactly. That's the idea. Make it super easy for customers to invest in tenable.io and get a great experience in doing it. >> What about your own sales guys though. Is there a little channel conflict? They're like hey come one, I want to sell hat thing, we don't want to go through Amazon. >> Not at all. Our mantra is we want our customer to purchase through the channel they're comfortable with. And if they want to purchase through the AWS marketplace we have a channel for them, if they want to go through our three chair model we have obviously a great experience there as well. >> And clearly Amazon brings a lot of customer eyeballs to the table. >> They're a great partner. >> So, just before we wrap, you guys came out with the vulnerability intelligence report. I wonder if you can share some of the highlights of the things. You guys are obviously keeping track of this, you talked about benchmarking against your peers. And I know there's also a lot of sharing of information within security companies, to kind of know what the bad guys are and some of the patterns and best practices. So, I'm wondering if you can share some of the current trends. What are you seeing? How's the landscape changing? >> Well first of all, we have phenomenal tenable research team. They're phenomenal in terms of the data science, in terms of the vulnerability intelligence. We have a wealth of data in our hands from various deployments and so there's a lot of great number crunching and analysis we can generate from that. What we discovered in the vulnerability and intelligence report, is that security teams are just bombarded with vulnerabilities, literally, bombarded. Last year in 2017 we saw over 15,000 CVE's and unique vulnerabilities hitting the marketplace or hitting the industry. And by the end of this year we're expected to be between 18,000 and 19,000 vulnerabilities. So the trend is just going up, up, up. I think what makes matters worse though, is that when you start looking at those 19,000 vulnerabilities, over 60% of those vulnerabilities are classified as either high risk or critical. >> 65%? >> Around 60%. >> Of the, what was the numerator? 18,000? >> Of those 18,000 to 19,000 vulnerabilities, are classified as high risk or critical risk. So, that's a lot of fire drills that security teams need to chase. And so, what we're trying to achieve is helping our customers, helping the market at large understand what are the true risks out there, not the theoretical risks. What are the actual cyber risks. Meaning what are the vulnerabilities that could be easily exploitable, that have exploit kits already developed. We have our data science team looking at the characteristics of vulnerabilities and which ones would be leveraged by the bad guys and which ones would not be. And we significantly boil that number down so that organizations can focus on only 5% of the number of vulnerabilities that they otherwise would be chasing without changing their overall security risk to the organization. So, prioritization is super, super critical for those organizations. >> Nathan I think we all that separating the signal from the noise. (laughs) >> Jeff, well thanks for having me. >> Nathan, thank you very much, it's great to see you and have a great show. >> Thanks. You too. >> All right, I'm Jeff he's Nathan, you're watching theCUBE. We are at the AWS marketplace and service catalog experience at the Aria, at the quad. Come on by. We're serving free food and drink. See you next time. (lively music)

(upbeat music) >> Good morning everybody. Welcome back to Las Vegas. This is day four of theCUBE's wall-to-wall coverage of our Super Bowl, aka AWS re:Invent 2022. I'm here with my co-host, Paul Gillin. My name is Dave Vellante. Sanjay Poonen is in the house, CEO and president of Cohesity. He's sitting in as our guest market watcher, market analyst, you know, deep expertise, new to the job at Cohesity. He was kind enough to sit in, and help us break down what's happening at re:Invent. But Paul, first thing, this morning we heard from Werner Vogels. He was basically given a masterclass on system design. It reminded me of mainframes years ago. When we used to, you know, bury through those IBM blue books and red books. You remember those Sanjay? That's how we- learned back then. >> Oh God, I remember those, Yeah. >> But it made me think, wow, now you know IBM's more of a systems design, nobody talks about IBM anymore. Everybody talks about Amazon. So you wonder, 20 years from now, you know what it's going to be. But >> Well- >> Werner's amazing. >> He pulled out a 24 year old document. >> Yup. >> That he had written early in Amazon's evolution about synchronous design or about essentially distributed architectures that turned out to be prophetic. >> His big thing was nature is asynchronous. So systems are asynchronous. Synchronous is an illusion. It's an abstraction. It's kind of interesting. But, you know- >> Yeah, I mean I've had synonyms for things. Timeless architecture. Werner's an absolute legend. I mean, when you think about folks who've had, you know, impact on technology, you think of people like Jony Ive in design. >> Dave: Yeah. >> You got to think about people like Werner in architecture and just the fact that Andy and the team have been able to keep him engaged that long... I pay attention to his keynote. Peter DeSantis has obviously been very, very influential. And then of course, you know, Adam did a good job, you know, watching from, you know, having watched since I was at the first AWS re:Invent conference, at time was President SAP and there was only a thousand people at this event, okay? Andy had me on stage. I think I was one of the first guest of any tech company in 2011. And to see now this become like, it's a mecca. It's a mother of all IT events, and watch sort of even the transition from Andy to Adam is very special. I got to catch some of Ruba's keynote. So while there's some new people in the mix here, this has become a force of nature. And the last time I was here was 2019, before Covid, watched the last two ones online. But it feels like, I don't know 'about what you guys think, it feels like it's back to 2019 levels. >> I was here in 2019. I feel like this was bigger than 2019 but some people have said that it's about the same. >> I think it was 60,000 versus 50,000. >> Yes. So close. >> It was a little bigger in 2019. But it feels like it's more active. >> And then last year, Sanjay, you weren't here but it was 25,000, which was amazing 'cause it was right in that little space between Omicron, before Omicron hit. But you know, let me ask you a question and this is really more of a question about Amazon's maturity and I know you've been following them since early days. But the way I get the question, number one question I get from people is how is Amazon AWS going to be different under Adam than it was under Andy? What do you think? >> I mean, Adam's not new because he was here before. In some senses he knows the Amazon culture from prior, when he was running sales and marketing prior. But then he took the time off and came back. I mean, this will always be, I think, somewhat Andy's baby, right? Because he was the... I, you know, sent him a text, "You should be really proud of what you accomplished", but you know, I think he also, I asked him when I saw him a few weeks ago "Are you going to come to re:Invent?" And he says, "No, I want to leave this to be Adam's show." And Adam's going to have a slightly different view. His keynotes are probably half the time. It's a little bit more vision. There was a lot more customer stories at the beginning of it. Taking you back to the inspirational pieces of it. I think you're going to see them probably pulling up the stack and not just focused in infrastructure. Many of their platform services are evolved. Many of their, even application services. I'm surprised when I talk to customers. Like Amazon Connect, their sort of call center type technologies, an app layer. It's getting a lot. I mean, I've talked to a couple of Fortune 500 companies that are moving off Ayer to Connect. I mean, it's happening and I did not know that. So it's, you know, I think as they move up the stack, the platform's gotten more... The data centric stack has gotten, and you know, in the area we're working with Cohesity, security, data protection, they're an investor in our company. So this is an important, you know, both... I think tech player and a partner for many companies like us. >> I wonder the, you know, the marketplace... there's been a big push on the marketplace by all the cloud companies last couple of years. Do you see that disrupting the way softwares, enterprise software is sold? >> Oh, for sure. I mean, you have to be a ostrich with your head in the sand to not see this wave happening. I mean, what's it? $150 billion worth of revenue. Even though the growth rates dipped a little bit the last quarter or so, it's still aggregatively between Amazon and Azure and Google, you know, 30% growth. And I think we're still in the second or third inning off a grand 1 trillion or 2 trillion of IT, shifting not all of it to the cloud, but significantly faster. So if you add up all of the big things of the on-premise world, they're, you know, they got to a certain size, their growth is stable, but stalling. These guys are growing significantly faster. And then if you add on top of them, platform companies the data companies, Snowflake, MongoDB, Databricks, you know, Datadog, and then apps companies on top of that. I think the move to the Cloud is inevitable. In SaaS companies, I don't know why you would ever implement a CRM solution on-prem. It's all gone to the Cloud. >> Oh, it is. >> That happened 15 years ago. I mean, begin within three, five years of the advent of Salesforce. And the same thing in HR. Why would you deploy a HR solution now? You've got Workday, you've got, you know, others that are so some of those apps markets are are just never coming back to an on-prem capability. >> Sanjay, I want to ask you, you built a reputation for being able to, you know, forecast accurately, hit your plan, you know, you hit your numbers, you're awesome operator. Even though you have a, you know, technology degree, which you know, that's a two-tool star, multi-tool star. But I call it the slingshot economy. This is like, I mean I've seen probably more downturns than anybody in here, you know, given... Well maybe, maybe- >> Maybe me. >> You and I both. I've never seen anything like this, where where visibility is so unpredictable. The economy is sling-shotting. It's like, oh, hurry up, go Covid, go, go go build, build, build supply, then pull back. And now going forward, now pulling back. Slootman said, you know, on the call, "Hey the guide, is the guide." He said, "we put it out there, We do our best to hit it." But you had CrowdStrike had issues you know, mid-market, ServiceNow. I saw McDermott on the other day on the, on the TV. I just want to pay, you know, buy from the guy. He's so (indistinct) >> But mixed, mixed results, Salesforce, you know, Octa now pre-announcing, hey, they're going to be, or announcing, you know, better visibility, forward guide. Elastic kind of got hit really hard. HPE and Dell actually doing really well in the enterprise. >> Yep. >> 'Course Dell getting killed in the client. But so what are you seeing out there? How, as an executive, do you deal with such poor visibility? >> I think, listen, what the last two or three years have taught us is, you know, with the supply chain crisis, with the surge that people thought you may need of, you know, spending potentially in the pandemic, you have to start off with your tech platform being 10 x better than everybody else. And differentiate, differentiate. 'Cause in a crowded market, but even in a market that's getting tougher, if you're not differentiating constantly through technology innovation, you're going to get left behind. So you named a few places, they're all technology innovators, but even if some of them are having challenges, and then I think you're constantly asking yourselves, how do you move from being a point product to a platform with more and more services where you're getting, you know, many of them moving really fast. In the case of Roe, I like him a lot. He's probably one of the most savvy operators, also that I respect. He calls these speedboats, and you know, his core platform started off with the firewall network security. But he's built now a very credible cloud security, cloud AI security business. And I think that's how you need to be thinking as a tech executive. I mean, if you got core, your core beachhead 10 x better than everybody else. And as you move to adjacencies in these new platforms, have you got now speedboats that are getting to a point where they are competitive advantage? Then as you think of the go-to-market perspective, it really depends on where you are as a company. For a company like our size, we need partners a lot more. Because if we're going to, you know, stand on the shoulders of giants like Isaac Newton said, "I see clearly because I stand on the shoulders giants." I need to really go and cultivate Amazon so they become our lead partner in cloud. And then appropriately Microsoft and Google where I need to. And security. Part of what we announced last week was, last month, yeah, last couple of weeks ago, was the data security alliance with the biggest security players. What was I trying to do with that? First time ever done in my industry was get Palo Alto, CrowdStrike, Wallace, Tenable, CyberArk, Splunk, all to build an alliance with me so I could stand on their shoulders with them helping me. If you're a bigger company, you're constantly asking yourself "how do you make sure you're getting your, like Amazon, their top hundred customers spending more with that?" So I think the the playbook evolves, and I'm watching some of these best companies through this time navigate through this. And I think leadership is going to be tested in enormously interesting ways. >> I'll say. I mean, Snowflake is really interesting because they... 67% growth, which is, I mean, that's best in class for a company that's $2 billion. And, but their guide was still, you know, pretty aggressive. You know, so it's like, do you, you know, when it when it's good times you go, "hey, we can we can guide conservatively and know we can beat it." But when you're not certain, you can't dial down too far 'cause your investors start to bail on you. It's a really tricky- >> But Dave, I think listen, at the end of the day, I mean every CEO should not be worried about the short term up and down in the stock price. You're building a long-term multi-billion dollar company. In the case of Frank, he has, I think I shot to a $10 billion, you know, analytics data warehousing data management company on the back of that platform, because he's eyeing the market that, not just Teradata occupies today, but now Oracle occupies or other databases, right? So his tam as it grows bigger, you're going to have some of these things, but that market's big. I think same with Palo Alto. I mean Datadog's another company, 75% growth. >> Yeah. >> At 20% margins, like almost rule of 95. >> Amazing. >> When they're going after, not just the observability market, they're eating up the sim market, security analytics, the APM market. So I think, you know, that's, you look at these case studies of companies who are going from point product to platforms and are steadily able to grow into new tams. You know, to me that's very inspiring. >> I get it. >> Sanjay: That's what I seek to do at our com. >> I get that it's a marathon, but you know, when you're at VMware, weren't you looking at the stock price every day just out of curiosity? I mean listen, you weren't micromanaging it. >> You do, but at the end of the day, and you certainly look at the days of earnings and so on so forth. >> Yeah. >> Because you want to create shareholder value. >> Yeah. >> I'm not saying that you should not but I think in obsession with that, you know, in a short term, >> Going to kill ya. >> Makes you, you know, sort of myopically focused on what may not be the right thing in the long term. Now in the long arc of time, if you're not creating shareholder value... Look at what happened to Steve Bomber. You needed Satya to come in to change things and he's created a lot of value. >> Dave: Yeah, big time. >> But I think in the short term, my comments were really on the quarter to quarter, but over a four a 12 quarter, if companies are growing and creating profitable growth, they're going to get the valuation they deserve. >> Dave: Yeah. >> Do you the... I want to ask you about something Arvind Krishna said in the previous IBM earnings call, that IT is deflationary and therefore it is resistant to the macroeconomic headwinds. So IT spending should actually thrive in a deflation, in a adverse economic climate. Do you think that's true? >> Not all forms of IT. I pay very close attention to surveys from, whether it's the industry analysts or the Morgan Stanleys, or Goldman Sachs. The financial analysts. And I think there's a gluc in certain sectors that will get pulled back. Traditional view is when the economies are growing people spend on the top line, front office stuff, sales, marketing. If you go and look at just the cloud 100 companies, which are the hottest private companies, and maybe with the public market companies, there's way too many companies focused on sales and marketing. Way too many. I think during a downsizing and recession, that's going to probably shrink some, because they were all built for the 2009 to 2021 era, where it was all about the top line. Okay, maybe there's now a proposition for companies who are focused on cost optimization, supply chain visibility. Security's been intangible, that I think is going to continue to an investment. So I tell, listen, if you are a tech investor or if you're an operator, pay attention to CIO priorities. And right now, in our business at Cohesity, part of the reason we've embraced things like ransomware protection, there is a big focus on security. And you know, by intelligently being a management and a security company around data, I do believe we'll continue to be extremely relevant to CIO budgets. There's a ransomware, 20 ransomware attempts every second. So things of that kind make you relevant in a bank. You have to stay relevant to a buying pattern or else you lose momentum. >> But I think what's happening now is actually IT spending's pretty good. I mean, I track this stuff pretty closely. It's just that expectations were so high and now you're seeing earnings estimates come down and so, okay, and then you, yeah, you've got the, you know the inflationary factors and your discounted cash flows but the market's actually pretty good. >> Yeah. >> You know, relative to other downturns that if this is not a... We're not actually not in a downturn. >> Yeah. >> Not yet anyway. It may be. >> There's a valuation there. >> You have to prepare. >> Not sales. >> Yeah, that's right. >> When I was on CNBC, I said "listen, it's a little bit like that story of Joseph. Seven years of feast, seven years of famine." You have to prepare for potentially your worst. And if it's not the worst, you're in good shape. So will it be a recession 2023? Maybe. You know, high interest rates, inflation, war in Russia, Ukraine, maybe things do get bad. But if you belt tightening, if you're focused in operational excellence, if it's not a recession, you're pleasantly surprised. If it is one, you're prepared for it. >> All right. I'm going to put you in the spot and ask you for predictions. Expert analysis on the World Cup. What do you think? Give us the breakdown. (group laughs) >> As my... I wish India was in the World Cup, but you can't get enough Indians at all to play soccer well enough, but we're not, >> You play cricket, though. >> I'm a US man first. I would love to see one of Brazil, or Argentina. And as a Messi person, I don't know if you'll get that, but it would be really special for Messi to lead, to end his career like Maradonna winning a World Cup. I don't know if that'll happen. I'm probably going to go one of the Latin American countries, if the US doesn't make it far enough. But first loyalty to the US team, and then after one of the Latin American countries. >> And you think one of the Latin American countries is best bet to win or? >> I don't know. It's hard to tell. They're all... What happens now at this stage >> So close, right? >> is anybody could win. >> Yeah. You just have lots of shots of gold. I'm a big soccer fan. It could, I mean, I don't know if the US is favored to win, but if they get far enough, you get to the finals, anybody could win. >> I think they get Netherlands next, right? >> That's tough. >> Really tough. >> But... The European teams are good too, but I would like to see US go far enough, and then I'd like to see Latin America with team one of Argentina, or Brazil. That's my prediction. >> I know you're a big Cricket fan. Are you able to follow Cricket the way you like? >> At god unearthly times the night because they're in Australia, right? >> Oh yeah. >> Yeah. >> I watched the T-20 World Cup, select games of it. Yeah, you know, I'm not rapidly following every single game but the World Cup games, I catch you. >> Yeah, it's good. >> It's good. I mean, I love every sport. American football, soccer. >> That's great. >> You get into basketball now, I mean, I hope the Warriors come back strong. Hey, how about the Warriors Celtics? What do we think? We do it again? >> Well- >> This year. >> I'll tell you what- >> As a Boston Celtics- >> I would love that. I actually still, I have to pay off some folks from Palo Alto office with some bets still. We are seeing unprecedented NBA performance this year. >> Yeah. >> It's amazing. You look at the stats, it's like nothing. I know it's early. Like nothing we've ever seen before. So it's exciting. >> Well, always a pleasure talking to you guys. >> Great to have you on. >> Thanks for having me. >> Thank you. Love the expert analysis. >> Sanjay Poonen. Dave Vellante. Keep it right there. re:Invent 2022, day four. We're winding up in Las Vegas. We'll be right back. You're watching theCUBE, the leader in enterprise and emerging tech coverage. (lighthearted soft music)

>> From theCUBE Studios in Palo Alto and Boston, bringing you data driven insights from theCUBE and ETR. This is breaking analysis with Dave Vellante. >> The technology spending outlook is not pretty and very much unpredictable right now. The negative sentiment is of course being driven by the macroeconomic factors in earnings forecasts that have been coming down all year in an environment of rising interest rates. And what's worse, is many people think earnings estimates are still too high. But it's understandable why there's so much uncertainty. I mean, technology is still booming, digital transformations are happening in earnest, leading companies have momentum and they got cash runways. And moreover, the CEOs of these leading companies are still really optimistic. But strong guidance in an environment of uncertainty is somewhat risky. Hello and welcome to this week's Wikibon CUBE Insights Powered by ETR. In this breaking analysis, we share takeaways from ETR'S latest spending survey, which was released to their private clients on October 21st. Today, we're going to review the macro spending data. We're going to share where CIOs think their cloud spend is headed. We're going to look at the actions that organizations are taking to manage uncertainty and then review some of the technology companies that have the most positive and negative outlooks in the ETR data set. Let's first look at the sample makeup from the latest ETR survey. ETR captured more than 1300 respondents in this latest survey. Its highest figure for the year and the quality and seniority of respondents just keeps going up each time we dig into the data. We've got large contributions as you can see here from sea level executives in a broad industry focus. Now the survey is still North America centric with 20% of the respondents coming from overseas and there is a bias toward larger organizations. And nonetheless, we're still talking well over 400 respondents coming from SMBs. Now ETR for those of you who don't know, conducts a quarterly spending intention survey and they also do periodic drilldowns. So just by the way of review, let's take a look at the expectations in the latest drilldown survey for IT spending. Before we look at the broader technology spending intentions survey data, followers of this program know that we reported on this a couple of weeks ago, spending expectations that peaked last December at 8.3% are now down to 5.5% with a slight uptick expected for next year as shown here. Now one CIO in the ETR community said these figures could be understated because of inflation. Now that's an interesting comment. Real GDP in the US is forecast to be around 1.5% in 2022. So these figures are significantly ahead of that. Nominal GDP is forecast to be significantly higher than what is shown in that slide. It was over 9% in June for example. And one would interpret that survey respondents are talking about real dollars which reflects inflationary factors in IT spend. So you might say, well if nominal GDP is in the high single digits this means that IT spending is below GDP which is usually not the case. But the flip side of that is technology tends to be deflationary because prices come down over time on a per unit basis, so this would be a normal and even positive trend. But it's mixed right now with prices on hard to find hardware, they're holding more firms. Software, you know, software tends to be driven by lock in and competition and switching costs. So you have those countervailing factors. Services can be inflationary, especially now as wages rise but certain sectors like laptops and semis and NAND are seeing less demand and maybe even some oversupply. So the way to look at this data is on a relative basis. In other words, IT buyers are reporting 280 basis point drop in spending sentiment from the end of last year. Now, something that we haven't shared from the latest drilldown survey which we will now is how IT bar buyers are thinking about cloud adoption. This chart shows responses from 419 IT execs from that drilldown and depicts the percentage of workloads their organizations have in the cloud today and what the expectation is through years from now. And you can see it's 27% today and it's nearly 50% in three years. Now the nuance is if you look at the question, that ETRS, it's they asked about IaaS and PaaS, which to some could include on-prem. Now, let me come back to that. In particular, financial services, IT, telco and retail and services industry cited expectations for the future for three years out that we're well above the average of the mean adoption levels. Regardless of how you interpret this data there's most certainly plenty of public cloud in the numbers. And whether you believe cloud is an operating environment or a place out there in the cloud, there's plenty of room for workloads to move into a cloud model well beyond mid this decade. So you know, as ho hum as we've been toward recent as-a-service models announced from the likes of HPE with GreenLake and Dell with APEX, the timing of those offerings may be pretty good actually. Now let's expand on some of the data that we showed a couple weeks ago. This chart shows responses from 282 execs on actions their organizations are taking over the next three months. And the Deltas are quite traumatic from the early part of this charter than the left hand side. The brown line is hiring freezes, the black line is freezing IT projects, and the green line is hiring increases and that red line is layoffs. And we put a box around the sort of general area of the isolation economy timeframe. And you can see the wild swings on this chart. By mid last summer, people were kickstarting things and more hiring was going on and the black line shows IT project freezes, you know, came way down. And now, or on the way back up as our hiring freezes. So we're seeing these wild swings in organizational actions and strategies which underscores the lack of predictability. As with supply chains around the world, this is likely due to the fact that organizations, pre pandemic they were optimized for efficiency, not a lot of waste rather than business resilience. Meaning, you know, there's again not a lot of fluff in the system or if there was it got flushed out during the pandemic. And so the need for productivity and automation is becoming increasingly important, especially as actions that solely rely on headcount changes are very, very difficult to manage. Now, let's dig into some of the vendor commentary and take a look at some of the names that have momentum and some of the others possibly facing headwinds. Here's a list of companies that stand out in the ETR survey. Snowflake, once again leads the pack with a positive spending outlook. HashiCorp, CrowdStrike, Databricks, Freshworks and ServiceNow, they round out the top six. Microsoft, they seem to always be in the mix, as do a number of other security and related companies including CyberArk, Zscaler, CloudFlare, Elastic, Datadog, Fortinet, Tenable and to a certain extent Akamai, you can kind of put them sort of in that group. You know, CDN, they got to worry about security. Everybody worries about security, but especially the CDNs. Now the other software names that are highlighted here include Workday and Salesforce. On the negative side, you can see Dynatrace saw some negatives in the latest survey especially around its analytics business. Security is generally holding up better than other sectors but it's still seeing greater levels of pressure than it had previously. So lower spend. And defections relative to its observability peers, that's really for Dynatrace. Now the other one that was somewhat surprising is IBM. You see the IBM was sort of in that negative realm here but IBM reported an outstanding quarter this past week with double digit revenue growth, strong momentum in software, consulting, mainframes and other infrastructure like storage. It's benefiting from the Kyndryl restructuring and it's on track IBM to deliver 10 billion in free cash flow this year. Red Hat is performing exceedingly well and growing in the very high teens. And so look, IBM is in the midst of a major transformation and it seems like a company that is really focused now with hybrid cloud being powered by Red Hat and consulting and a decade plus of AI investments finally paying off. Now the other big thing we'll add is, IBM was once an outstanding acquire of companies and it seems to be really getting its act together on the M&A front. Yes, Red Hat was a big pill to swallow but IBM has done a number of smaller acquisitions, I think seven this year. Like for example, Turbonomic, which is starting to pay off. Arvind Krishna has the company focused once again. And he and Jim J. Kavanaugh, IBM CFO, seem to be very confident on the guidance that they're giving in their business. So that's a real positive in our view for the industry. Okay, the last thing we'd like to do is take 12 of the companies from the previous chart and plot them in context. Now these companies don't necessarily compete with each other, some do. But they are standouts in the ETR survey and in the market. What we're showing here is a view that we like to often show, it's net score or spending velocity on the vertical axis. And it's a measure, that's a measure of the net percentage of customers that are spending more on a particular platform. So ETR asks, are you spending more or less? They subtract less from the mores. I mean I'm simplifying, but that's what net score is. Now in the horizontal axis, that is a measure of overlap which is which measures presence or pervasiveness in the dataset. So bigger the better. We've inserted a table that informs how the dots in the companies are positioned. These companies are all in the green in terms of net score. And that right most column in the table insert is indicative of their presence in the dataset, the end. So higher, again, is better for both columns. Two other notes, the red dotted line there you see at 40%. Anything over that indicates an highly elevated spending momentum for a given platform. And we purposefully took Microsoft out of the mix in this chart because it skews the data due to its large size. Everybody else would cluster on the left and Microsoft would be all alone in the right. So we take them out. Now as we noted earlier, Snowflake once again leads with a net score of 64%, well above the 40% line. Having said that, while adoption rates for Snowflake remains strong the company's spending velocity in the survey has come down to Earth. And many more customers are shifting from where they were last year and the year before in growth mode i.e. spending more year to year with Snowflake to now shifting more toward flat spending. So a plus or minus 5%. So that puts pressure on Snowflake's net score, just based on the math as to how ETR calculates, its proprietary net score methodology. So Snowflake is by no means insulated completely to the macro factors. And this was seen especially in the data in the Fortune 500 cut of the survey for Snowflake. We didn't show that here, just giving you anecdotal commentary from the survey which is backed up by data. So, it showed steeper declines in the Fortune 500 momentum. But overall, Snowflake, very impressive. Now what's more, note the position of Streamlit relative to Databricks. Streamlit is an open source python framework for developing data driven, data science oriented apps. And it's ironic that it's net score and shared in is almost identical to those of data bricks, as the aspirations of Snowflake and Databricks are beginning to collide. Now, however, the Databricks net score has held up very well over the past year and is in the 92nd percentile of its machine learning and AI peers. And while it's seeing some softness, like Snowflake in the Fortune 500, Databricks has steadily moved to the right on the X axis over the last several surveys even though it was unable to get to the public markets and do an IPO during the lockdown tech bubble. Let's come back to the chart. ServiceNow is impressive because it's well above the 40% mark and it has 437 shared in on this cut, the largest of any company that we chose to plot here. The only real negative on ServiceNow is, more large customers are keeping spending levels flat. That's putting a little bit pressure on its net score, but that's just conservatives. It's kind of like Snowflakes, you know, same thing but in a larger scale. But it's defections, the ServiceNow as in Snowflake as well. It's defections remain very, very low, really low churn below 2% for ServiceNow, in fact, within the dataset. Now it's interesting to also see Freshworks hit the list. You can see them as one of the few ITSM vendors that has momentum and can potentially take on ServiceNow. Workday, on this chart, it's the other big app player that's above the 40% line and we're only showing Workday HCM, FYI, in this graphic. It's Workday Financials, that offering, is below the 40% line just for reference. Now let's talk about CrowdStrike. We attended Falcon last month, CrowdStrike's user conference and we're very impressed with the product visio, the company's execution, it's growing partnerships. And you can see in this graphic, the ETR survey data confirms the company's stellar performance with a net score at 50%, well above the 40% mark. And importantly, more than 300 mentions. That's second only to ServiceNow, amongst the 12 companies that we've chosen to highlight here. Only Microsoft, which is not shown here, has a higher net score in the security space than CrowdStrike. And when it comes to presence, CrowdStrike now has caught up to Splunk in terms of pervasion in the survey. Now CyberArk and Zscaler are the other two security firms that are right at that 40% red dotted line. CyberArk for names with over a hundred citations in the security sector, is only behind Microsoft and CrowdStrike. Zscaler for its part in the survey is seeing strong momentum in the Fortune 500, unlike what we said for Snowflake. And its pervasion on the X-axis has been steadily increasing. Again, not that Snowflake and CrowdStrike compete with each other but they're too prominent names and it's just interesting to compare peers and business models. Cloudflare, Elastic and Datadog are slightly below the 40% mark but they made the sort of top 12 that we showed to highlight here and they continue to have positive sentiment in the survey. So, what are the big takeaways from this latest survey, this really quick snapshot that we've taken. As you know, over the next several weeks we're going to dig into it more and more. As we've previously reported, the tide is going out and it's taking virtually all the tech ships with it. But in many ways the current market is a story of heightened expectations coming down to Earth, miscalculations about the economic patterns and the swings and imperfect visibility. Leading Barclays analyst, Ramo Limchao ask the question to guide or not to guide in a recent research note he wrote. His point being, should companies guide or should they be more cautious? Many companies, if not most companies, are actually giving guidance. Indeed, when companies like Oracle and IBM are emphatic about their near term outlook and their visibility, it gives one confidence. On the other hand, reasonable people are asking, will the red hot valuations that we saw over the last two years from the likes of Snowflake, CrowdStrike, MongoDB, Okta, Zscaler, and others. Will they return? Or are we in for a long, drawn out, sideways exercise before we see sustained momentum? And to that uncertainty, we add elections and public policy. It's very hard to predict right now. I'm sorry to be like a two-handed lawyer, you know. On the one hand, on the other hand. But that's just the way it is. Let's just say for our part, we think that once it's clear that interest rates are on their way back down and we'll stabilize it under 4% and we have clarity on the direction of inflation, wages, unemployment and geopolitics, the wild swings and sentiment will subside. But when that happens is anyone's guess. If I had to peg, I'd say 18 months, which puts us at least into the spring of 2024. What's your prediction? You know, it's almost that time of year. Let's hear it. Please keep in touch and let us know what you think. Okay, that's it for now. Many thanks to Alex Myerson. He is on production and he manages the podcast for us. Ken Schiffman as well is our newest addition to the Boston Studio. Kristin Martin and Cheryl Knight, they help get the word out on social media and in our newsletters. And Rob Hoff is our EIC, editor-in-chief over at SiliconANGLE. He does some wonderful editing for us. Thank you all. Remember all these episodes, they are available as podcasts. Wherever you listen, just search breaking analysis podcast. I publish each week on wikibon.com and siliconangle.com. Or you can email me at david.vellante@siliconangle.com or DM me @dvellante. Or feel free to comment on our LinkedIn posts. And please do check out etr.ai. They've got the best survey data in the enterprise tech business. If you haven't checked that out, you should. It'll give you an advantage. This is Dave Vellante for theCUBE Insights Powered by ETR. Thanks for watching. Be well and we'll see you next time on Breaking Analysis. (soft upbeat music)

>> From theCUBE Studios in Palo Alto in Boston, bringing you data driven insights from theCUBE and ETR, This is "Breaking Analysis with Dave Vellante". >> Black Hat 22 was held in Las Vegas last week, the same time as theCUBE Supercloud event. Unlike AWS re:Inforce where words are carefully chosen to put a positive spin on security, Black Hat exposes all the warts of cyber and openly discusses its hard truths. It's a conference that's attended by technical experts who proudly share some of the vulnerabilities they've discovered, and, of course, by numerous vendors marketing their products and services. Hello, and welcome to this week's Wikibon CUBE Insights powered by ETR. In this "Breaking Analysis", we summarize what we learned from discussions with several people who attended Black Hat and our analysis from reviewing dozens of keynotes, articles, sessions, and data from a recent Black Hat Attendees Survey conducted by Black Hat and Informa, and we'll end with the discussion of what it all means for the challenges around securing the supercloud. Now, I personally did not attend, but as I said at the top, we reviewed a lot of content from the event which is renowned for its hundreds of sessions, breakouts, and strong technical content that is, as they say, unvarnished. Chris Krebs, the former director of Us cybersecurity and infrastructure security agency, CISA, he gave the keynote, and he spoke about the increasing complexity of tech stacks and the ripple effects that that has on organizational risk. Risk was a big theme at the event. Where re:Inforce tends to emphasize, again, the positive state of cybersecurity, it could be said that Black Hat, as the name implies, focuses on the other end of the spectrum. Risk, as a major theme of the event at the show, got a lot of attention. Now, there was a lot of talk, as always, about the expanded threat service, you hear that at any event that's focused on cybersecurity, and tons of emphasis on supply chain risk as a relatively new threat that's come to the CISO's minds. Now, there was also plenty of discussion about hybrid work and how remote work has dramatically increased business risk. According to data from in Intel 471's Mark Arena, the previously mentioned Black Hat Attendee Survey showed that compromise credentials posed the number one source of risk followed by infrastructure vulnerabilities and supply chain risks, so a couple of surveys here that we're citing, and we'll come back to that in a moment. At an MIT cybersecurity conference earlier last decade, theCUBE had a hypothetical conversation with former Boston Globe war correspondent, Charles Sennott, about the future of war and the role of cyber. We had similar discussions with Dr. Robert Gates on theCUBE at a ServiceNow event in 2016. At Black Hat, these discussions went well beyond the theoretical with actual data from the war in Ukraine. It's clear that modern wars are and will be supported by cyber, but the takeaways are that they will be highly situational, targeted, and unpredictable because in combat scenarios, anything can happen. People aren't necessarily at their keyboards. Now, the role of AI was certainly discussed as it is at every conference, and particularly cyber conferences. You know, it was somewhat dissed as over hyped, not surprisingly, but while AI is not a panacea to cyber exposure, automation and machine intelligence can definitely augment, what appear to be and have been stressed out, security teams can do this by recommending actions and taking other helpful types of data and presenting it in a curated form that can streamline the job of the SecOps team. Now, most cyber defenses are still going to be based on tried and true monitoring and telemetry data and log analysis and curating known signatures and analyzing consolidated data, but increasingly, AI will help with the unknowns, i.e. zero-day threats and threat actor behaviors after infiltration. Now, finally, while much lip service was given to collaboration and public-private partnerships, especially after Stuxsnet was revealed early last decade, the real truth is that threat intelligence in the private sector is still evolving. In particular, the industry, mid decade, really tried to commercially exploit proprietary intelligence and, you know, do private things like private reporting and monetize that, but attitudes toward collaboration are trending in a positive direction was one of the sort of outcomes that we heard at Black Hat. Public-private partnerships are being both mandated by government, and there seems to be a willingness to work together to fight an increasingly capable adversary. These things are definitely on the rise. Now, without this type of collaboration, securing the supercloud is going to become much more challenging and confined to narrow solutions. and we're going to talk about that little later in the segment. Okay, let's look at some of the attendees survey data from Black Hat. Just under 200 really serious security pros took the survey, so not enough to slice and dice by hair color, eye color, height, weight, and favorite movie genre, but enough to extract high level takeaways. You know, these strongly agree or disagree survey responses can sometimes give vanilla outputs, but let's look for the ones where very few respondents strongly agree or disagree with a statement or those that overwhelmingly strongly agree or somewhat agree. So it's clear from this that the respondents believe the following, one, your credentials are out there and available to criminals. Very few people thought that that was, you know, unavoidable. Second, remote work is here to stay, and third, nobody was willing to really jinx their firms and say that they strongly disagree that they'll have to respond to a major cybersecurity incident within the next 12 months. Now, as we've reported extensively, COVID has permanently changed the cybersecurity landscape and the CISO's priorities and playbook. Check out this data that queries respondents on the pandemic's impact on cybersecurity, new requirements to secure remote workers, more cloud, more threats from remote systems and remote users, and a shift away from perimeter defenses that are no longer as effective, e.g. firewall appliances. Note, however, the fifth response that's down there highlighted in green. It shows a meaningful drop in the percentage of remote workers that are disregarding corporate security policy, still too many, but 10 percentage points down from 2021 survey. Now, as we've said many times, bad user behavior will trump good security technology virtually every time. Consistent with the commentary from Mark Arena's Intel 471 threat report, fishing for credentials is the number one concern cited in the Black Hat Attendees Survey. This is a people and process problem more than a technology issue. Yes, using multifactor authentication, changing passwords, you know, using unique passwords, using password managers, et cetera, they're all great things, but if it's too hard for users to implement these things, they won't do it, they'll remain exposed, and their organizations will remain exposed. Number two in the graphic, sophisticated attacks that could expose vulnerabilities in the security infrastructure, again, consistent with the Intel 471 data, and three, supply chain risks, again, consistent with Mark Arena's commentary. Ask most CISOs their number one problem, and they'll tell you, "It's a lack of talent." That'll be on the top of their list. So it's no surprise that 63% of survey respondents believe they don't have the security staff necessary to defend against cyber threats. This speaks to the rise of managed security service providers that we've talked about previously on "Breaking Analysis". We've seen estimates that less than 50% of organizations in the US have a SOC, and we see those firms as ripe for MSSP support as well as larger firms augmenting staff with managed service providers. Now, after re:Invent, we put forth this conceptual model that discussed how the cloud was becoming the first line of defense for CISOs, and DevOps was being asked to do more, things like securing the runtime, the containers, the platform, et cetera, and audit was kind of that last line of defense. So a couple things we picked up from Black Hat which are consistent with this shift and some that are somewhat new, first, is getting visibility across the expanded threat surface was a big theme at Black Hat. This makes it even harder to identify risk, of course, this being the expanded threat surface. It's one thing to know that there's a vulnerability somewhere. It's another thing to determine the severity of the risk, but understanding how easy or difficult it is to exploit that vulnerability and how to prioritize action around that. Vulnerability is increasingly complex for CISOs as the security landscape gets complexified. So what's happening is the SOC, if there even is one at the organization, is becoming federated. No longer can there be one ivory tower that's the magic god room of data and threat detection and analysis. Rather, the SOC is becoming distributed following the data, and as we just mentioned, the SOC is being augmented by the cloud provider and the managed service providers, the MSSPs. So there's a lot of critical security data that is decentralized and this will necessitate a new cyber data model where data can be synchronized and shared across a federation of SOCs, if you will, or mini SOCs or SOC capabilities that live in and/or embedded in an organization's ecosystem. Now, to this point about cloud being the first line of defense, let's turn to a story from ETR that came out of our colleague Eric Bradley's insight in a one-on-one he did with a senior IR person at a manufacturing firm. In a piece that ETR published called "Saved by Zscaler", check out this comment. Quote, "As the last layer, we are filtering all the outgoing internet traffic through Zscaler. And when an attacker is already on your network, and they're trying to communicate with the outside to exchange encryption keys, Zscaler is already blocking the traffic. It happened to us. It happened and we were saved by Zscaler." So that's pretty cool. So not only is the cloud the first line of defense, as we sort of depicted in that previous graphic, here's an example where it's also the last line of defense. Now, let's end on what this all means to securing the supercloud. At our Supercloud 22 event last week in our Palo Alto CUBE Studios, we had a session on this topic on supercloud, securing the supercloud. Security, in our view, is going to be one of the most important and difficult challenges for the idea of supercloud to become real. We reviewed in last week's "Breaking Analysis" a detailed discussion with Snowflake co-founder and president of products, Benoit Dageville, how his company approaches security in their data cloud, what we call a superdata cloud. Snowflake doesn't use the term supercloud. They use the term datacloud, but what if you don't have the focus, the engineering depth, and the bank roll that Snowflake has? Does that mean superclouds will only be developed by those companies with deep pockets and enormous resources? Well, that's certainly possible, but on the securing the supercloud panel, we had three technical experts, Gee Rittenhouse of Skyhigh Security, Piyush Sharrma who's the founder of Accurics who sold to Tenable, and Tony Kueh, who's the former Head of Product at VMware. Now, John Furrier asked each of them, "What is missing? What's it going to take to secure the supercloud? What has to happen?" Here's what they said. Play the clip. >> This is the final question. We have one minute left. I wish we had more time. This is a great panel. We'll bring you guys back for sure after the event. What one thing needs to happen to unify or get through the other side of this fragmentation and then the challenges for supercloud? Because remember, the enterprise equation is solve complexity with more complexity. Well, that's not what the market wants. They want simplicity. They want SaaS. They want ease of use. They want infrastructure risk code. What has to happen? What do you think, each of you? >> So I can start, and extending to the previous conversation, I think we need a consortium. We need a framework that defines that if you really want to operate on supercloud, these are the 10 things that you must follow. It doesn't matter whether you take AWS, Slash, or TCP or you have all, and you will have the on-prem also, which means that it has to follow a pattern, and that pattern is what is required for supercloud, in my opinion. Otherwise, security is going everywhere. They're like they have to fix everything, find everything, and so on and so forth. It's not going to be possible. So they need a framework. They need a consortium, and this consortium needs to be, I think, needs to led by the cloud providers because they're the ones who have these foundational infrastructure elements, and the security vendor should contribute on providing more severe detections or severe findings. So that's, in my opinion, should be the model. >> Great, well, thank you, Gee. >> Yeah, I would think it's more along the lines of a business model. We've seen in cloud that the scale matters, and once you're big, you get bigger. We haven't seen that coalesce around either a vendor, a business model, or whatnot to bring all of this and connect it all together yet. So that value proposition in the industry, I think, is missing, but there's elements of it already available. >> I think there needs to be a mindset. If you look, again, history repeating itself. The internet sort of came together around set of IETF, RSC standards. Everybody embraced and extended it, right? But still, there was, at least, a baseline, and I think at that time, the largest and most innovative vendors understood that they couldn't do it by themselves, right? And so I think what we need is a mindset where these big guys, like Google, let's take an example. They're not going to win at all, but they can have a substantial share. So how do they collaborate with the ecosystem around a set of standards so that they can bring their differentiation and then embrace everybody together. >> Okay, so Gee's point about a business model is, you know, business model being missing, it's broadly true, but perhaps Snowflake serves as a business model where they've just gone out and and done it, setting or trying to set a de facto standard by which data can be shared and monetized. They're certainly setting that standard and mandating that standard within the Snowflake ecosystem with its proprietary framework. You know, perhaps that is one answer, but Tony lays out a scenario where there's a collaboration mindset around a set of standards with an ecosystem. You know, intriguing is this idea of a consortium or a framework that Piyush was talking about, and that speaks to the collaboration or lack thereof that we spoke of earlier, and his and Tony's proposal that the cloud providers should lead with the security vendor ecosystem playing a supporting role is pretty compelling, but can you see AWS and Azure and Google in a kumbaya moment getting together to make that happen? It seems unlikely, but maybe a better partnership between the US government and big tech could be a starting point. Okay, that's it for today. I want to thank the many people who attended Black Hat, reported on it, wrote about it, gave talks, did videos, and some that spoke to me that had attended the event, Becky Bracken, who is the EIC at Dark Reading. They do a phenomenal job and the entire team at Dark Reading, the news desk there, Mark Arena, whom I mentioned, Garrett O'Hara, Nash Borges, Kelly Jackson, sorry, Kelly Jackson Higgins, Roya Gordon, Robert Lipovsky, Chris Krebs, and many others, thanks for the great, great commentary and the content that you put out there, and thanks to Alex Myerson, who's on production, and Alex manages the podcasts for us. Ken Schiffman is also in our Marlborough studio as well, outside of Boston. Kristen Martin and Cheryl Knight, they help get the word out on social media and in our newsletters, and Rob Hoff is our Editor-in-Chief at SiliconANGLE and does some great editing and helps with the titles of "Breaking Analysis" quite often. Remember these episodes, they're all available as podcasts, wherever you listen, just search for "Breaking Analysis Podcasts". I publish each on wikibon.com and siliconangle.com, and you could email me, get in touch with me at david.vellante@siliconangle.com or you can DM me @dvellante or comment on my LinkedIn posts, and please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching, and we'll see you next time on "Breaking Analysis". (upbeat music)

(gentle upbeat music) >> Welcome back everyone, to "theCUBE"'s live stage performance here in Palo Alto, California at "theCUBE" Studios. I'm John Furrier with Dave Vellante, kicking off our first inaugural Supercloud event. It's an editorial event, we wanted to bring together the best in the business, the smartest, the biggest, the up-and-coming startups, venture capitalists, everybody, to weigh in on this new Supercloud trend, this structural change in the cloud computing business. We're about to run the Ecosystem Speaks, which is a bunch of pre-recorded companies that wanted to get their voices on the record, so stay tuned for the rest of the day. We'll be replaying all that content and they're going to be having some really good commentary and hear what they have to say. I had a chance to interview and so did Dave. Dave, this is our closing segment where we kind of unpack everything or kind of digest and report. So much to kind of digest from the conversations today, a wide range of commentary from Supercloud operating system to developers who are in charge to maybe it's an ops problem or maybe Oracle's a Supercloud. I mean, that was debated. So so much discussion, lot to unpack. What was your favorite moments? >> Well, before I get to that, I think, I go back to something that happened at re:Invent last year. Nick Sturiale came up, Steve Mullaney from Aviatrix; we're going to hear from him shortly in the Ecosystem Speaks. Nick Sturiale's VC said "it's happening"! And what he was talking about is this ecosystem is exploding. They're building infrastructure or capabilities on top of the CapEx infrastructure. So, I think it is happening. I think we confirmed today that Supercloud is a thing. It's a very immature thing. And I think the other thing, John is that, it seems to me that the further you go up the stack, the weaker the business case gets for doing Supercloud. We heard from Marianna Tessel, it's like, "Eh, you know, we can- it was easier to just do it all on one cloud." This is a point that, Adrian Cockcroft just made on the panel and so I think that when you break out the pieces of the stack, I think very clearly the infrastructure layer, what we heard from Confluent and HashiCorp, and certainly VMware, there's a real problem there. There's a real need at the infrastructure layer and then even at the data layer, I think Benoit Dageville did a great job of- You know, I was peppering him with all my questions, which I basically was going through, the Supercloud definition and they ticked the box on pretty much every one of 'em as did, by the way Ali Ghodsi you know, the big difference there is the philosophy of Republicans and Democrats- got open versus closed, not to apply that to either one side, but you know what I mean! >> And the similarities are probably greater than differences. >> Berkely, I would probably put them on the- >> Yeah, we'll put them on the Democrat side we'll make Snowflake the Republicans. But so- but as we say there's a lot of similarities as well in terms of what their objectives are. So, I mean, I thought it was a great program and a really good start to, you know, an industry- You brought up the point about the industry consortium, asked Kit Colbert- >> Yep. >> If he thought that was something that was viable and what'd they say? That hyperscale should lead it? >> Yeah, they said hyperscale should lead it and there also should be an industry consortium to get the voices out there. And I think VMware is very humble in how they're putting out their white paper because I think they know that they can't do it all and that they do not have a great track record relative to cloud. And I think, but they have a great track record of loyal installed base ops people using VMware vSphere all the time. >> Yeah. >> So I think they need a catapult moment where they can catapult to the cloud native which they've been working on for years under Raghu and the team. So the question on VMware is in the light of Broadcom, okay, acquisition of VMware, this is an opportunity or it might not be an opportunity or it might be a spin-out or something, I just think VMware's got way too much engineering culture to be ignored, Dave. And I think- well, I'm going to watch this very closely because they can pull off some sort of rallying moment. I think they could. And then you hear the upstarts like Platform9, Rafay Systems and others they're all like, "Yes, we need to unify behind something. There needs to be some sort of standard". You know, we heard the argument of you know, more standards bodies type thing. So, it's interesting, maybe "theCUBE" could be that but we're going to certainly keep the conversation going. >> I thought one of the most memorable statements was Vittorio who said we- for VMware, we want our cake, we want to eat it too and we want to lose weight. So they have a lot of that aspirations there! (John laughs) >> And then I thought, Adrian Cockcroft said you know, the devs, they want to get married. They were marrying everybody, and then the ops team, they have to deal with the divorce. >> Yeah. >> And I thought that was poignant. It's like, they want consistency, they want standards, they got to be able to scale And Lori MacVittie, I'm not sure you agree with this, I'd have to think about it, but she was basically saying, all we've talked about is devs devs devs for the last 10 years, going forward we're going to be talking about ops. >> Yeah, and I think one of the things I learned from this day and looking back, and some kind of- I've been sauteing through all the interviews. If you zoom out, for me it was the epiphany of developers are still in charge. And I've said, you know, the developers are doing great, it's an ops security thing. Not sure I see that the way I was seeing before. I think what I learned was the refactoring pattern that's emerging, In Sik Rhee brought this up from Vertex Ventures with Marianna Tessel, it's a nuanced point but I think he's right on which is the pattern that's emerging is developers want ease-of-use tooling, they're driving the change and I think the developers in the devs ops ethos- it's never going to be separate. It's going to be DevOps. That means developers are driving operations and then security. So what I learned was it's not ops teams leveling up, it's devs redefining what ops is. >> Mm. And I think that to me is where Supercloud's going to be interesting- >> Forcing that. >> Yeah. >> Forcing the change because the structural change is open sources thriving, devs are still in charge and they still want more developers, Vittorio "we need more developers", right? So the developers are in charge and that's clear. Now, if that happens- if you believe that to be true the domino effect of that is going to be amazing because then everyone who gets on the wrong side of history, on the ops and security side, is going to be fighting a trend that may not be fight-able, you know, it might be inevitable. And so the winners are the ones that are refactoring their business like Snowflake. Snowflake is a data warehouse that had nothing to do with Amazon at first. It was the developers who said "I'm going to refactor data warehouse on AWS". That is a developer-driven refactorization and a business model. So I think that's the pattern I'm seeing is that this concept refactoring, patterns and the developer trajectory is critical. >> I thought there was another great comment. Maribel Lopez, her Lord of the Rings comment: "there will be no one ring to rule them all". Now at the same time, Kit Colbert, you know what we asked him straight out, "are you the- do you want to be the, the Supercloud OS?" and he basically said, "yeah, we do". Now, of course they're confined to their world, which is a pretty substantial world. I think, John, the reason why Maribel is so correct is security. I think security's a really hard problem to solve. You've got cloud as the first layer of defense and now you've got multiple clouds, multiple layers of defense, multiple shared responsibility models. You've got different tools for XDR, for identity, for governance, for privacy all within those different clouds. I mean, that really is a confusing picture. And I think the hardest- one of the hardest parts of Supercloud to solve. >> Yeah, and I thought the security founder Gee Rittenhouse, Piyush Sharrma from Accurics, which sold to Tenable, and Tony Kueh, former head of product at VMware. >> Right. >> Who's now an investor kind of looking for his next gig or what he is going to do next. He's obviously been extremely successful. They brought up the, the OS factor. Another point that they made I thought was interesting is that a lot of the things to do to solve the complexity is not doable. >> Yeah. >> It's too much work. So managed services might field the bit. So, and Chris Hoff mentioned on the Clouderati segment that the higher level services being a managed service and differentiating around the service could be the key competitive advantage for whoever does it. >> I think the other thing is Chris Hoff said "yeah, well, Web 3, metaverse, you know, DAO, Superclouds" you know, "Stupercloud" he called it and this bring up- It resonates because one of the criticisms that Charles Fitzgerald laid on us was, well, it doesn't help to throw out another term. I actually think it does help. And I think the reason it does help is because it's getting people to think. When you ask people about Supercloud, they automatically- it resonates with them. They play back what they think is the future of cloud. So Supercloud really talks to the future of cloud. There's a lot of aspects to it that need to be further defined, further thought out and we're getting to the point now where we- we can start- begin to say, okay that is Supercloud or that isn't Supercloud. >> I think that's really right on. I think Supercloud at the end of the day, for me from the simplest way to describe it is making sure that the developer experience is so good that the operations just happen. And Marianna Tessel said, she's investing in making their developer experience high velocity, very easy. So if you do that, you have to run on premise and on the cloud. So hybrid really is where Supercloud is going right now. It's not multi-cloud. Multi-cloud was- that was debunked on this session today. I thought that was clear. >> Yeah. Yeah, I mean I think- >> It's not about multi-cloud. It's about operationally seamless operations across environments, public cloud to on-premise, basically. >> I think we got consensus across the board that multi-cloud, you know, is a symptom Chuck Whitten's thing of multi-cloud by default versus multi- multi-cloud has not been a strategy, Kit Colbert said, up until the last couple of years. Yeah, because people said, "oh we got all these multiple clouds, what do we do with it?" and we got this mess that we have to solve. Whereas, I think Supercloud is something that is a strategy and then the other nuance that I keep bringing up is it's industries that are- as part of their digital transformation, are building clouds. Now, whether or not they become superclouds, I'm not convinced. I mean, what Goldman Sachs is doing, you know, with AWS, what Walmart's doing with Azure connecting their on-prem tools to those public clouds, you know, is that a supercloud? I mean, we're going to have to go back and really look at that definition. Or is it just kind of a SAS that spans on-prem and cloud. So, as I said, the further you go up the stack, the business case seems to wane a little bit but there's no question in my mind that from an infrastructure standpoint, to your point about operations, there's a real requirement for super- what we call Supercloud. >> Well, we're going to keep the conversation going, Dave. I want to put a shout out to our founding supporters of this initiative. Again, we put this together really fast kind of like a pilot series, an inaugural event. We want to have a face-to-face event as an industry event. Want to thank the founding supporters. These are the people who donated their time, their resource to contribute content, ideas and some cash, not everyone has committed some financial contribution but we want to recognize the names here. VMware, Intuit, Red Hat, Snowflake, Aisera, Alteryx, Confluent, Couchbase, Nutanix, Rafay Systems, Skyhigh Security, Aviatrix, Zscaler, Platform9, HashiCorp, F5 and all the media partners. Without their support, this wouldn't have happened. And there are more people that wanted to weigh in. There was more demand than we could pull off. We'll certainly continue the Supercloud conversation series here on "theCUBE" and we'll add more people in. And now, after this session, the Ecosystem Speaks session, we're going to run all the videos of the big name companies. We have the Nutanix CEOs weighing in, Aviatrix to name a few. >> Yeah. Let me, let me chime in, I mean you got Couchbase talking about Edge, Platform 9's going to be on, you know, everybody, you know Insig was poopoo-ing Oracle, but you know, Oracle and Azure, what they did, two technical guys, developers are coming on, we dig into what they did. Howie Xu from Zscaler, Paula Hansen is going to talk about going to market in the multi-cloud world. You mentioned Rajiv, the CEO of Nutanix, Ramesh is going to talk about multi-cloud infrastructure. So that's going to run now for, you know, quite some time here and some of the pre-record so super excited about that and I just want to thank the crew. I hope guys, I hope you have a list of credits there's too many of you to mention, but you know, awesome jobs really appreciate the work that you did in a very short amount of time. >> Well, I'm excited. I learned a lot and my takeaway was that Supercloud's a thing, there's a kind of sense that people want to talk about it and have real conversations, not BS or FUD. They want to have real substantive conversations and we're going to enable that on "theCUBE". Dave, final thoughts for you. >> Well, I mean, as I say, we put this together very quickly. It was really a phenomenal, you know, enlightening experience. I think it confirmed a lot of the concepts and the premises that we've put forth, that David Floyer helped evolve, that a lot of these analysts have helped evolve, that even Charles Fitzgerald with his antagonism helped to really sharpen our knives. So, you know, thank you Charles. And- >> I like his blog, by the I'm a reader- >> Yeah, absolutely. And it was great to be back in Palo Alto. It was my first time back since pre-COVID, so, you know, great job. >> All right. I want to thank all the crew and everyone. Thanks for watching this first, inaugural Supercloud event. We are definitely going to be doing more of these. So stay tuned, maybe face-to-face in person. I'm John Furrier with Dave Vellante now for the Ecosystem chiming in, and they're going to speak and share their thoughts here with "theCUBE" our first live stage performance event in our studio. Thanks for watching. (gentle upbeat music)

>> From theCUBE Studios in Palo Alto and Boston bringing you data driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> After a two year hiatus, AWS re:Inforce is back on as an in-person event in Boston next week. Like the All-Star break in baseball, re:Inforce gives us an opportunity to evaluate the cyber security market overall, the state of cloud security and cross cloud security and more specifically what AWS is up to in the sector. Welcome to this week's Wikibon cube insights powered by ETR. In this Breaking Analysis we'll share our view of what's changed since our last cyber update in May. We'll look at the macro environment, how it's impacting cyber security plays in the market, what the ETR data tells us and what to expect at next week's AWS re:Inforce. We start this week with a checkpoint from Breaking Analysis contributor and stock trader Chip Simonton. We asked for his assessment of the market generally in cyber stocks specifically. So we'll summarize right here. We've kind of moved on from a narrative of the sky is falling to one where the glass is half empty you know, and before today's big selloff it was looking more and more like glass half full. The SNAP miss has dragged down many of the big names that comprise the major indices. You know, earning season as always brings heightened interest and this time we're seeing many cross currents. It starts as usual with the banks and the money centers. With the exception of JP Morgan the numbers were pretty good according to Simonton. Investment banks were not so great with Morgan and Goldman missing estimates but in general, pretty positive outlooks. But the market also shrugged off IBM's growth. And of course, social media because of SNAP is getting hammered today. The question is no longer recession or not but rather how deep the recession will be. And today's PMI data was the weakest since the start of the pandemic. Bond yields continue to weaken and there's a growing consensus that Fed tightening may be over after September as commodity prices weaken. Now gas prices of course are still high but they've come down. Tesla, Nokia and AT&T all indicated that supply issues were getting better which is also going to help with inflation. So it's no shock that the NASDAQ has done pretty well as beaten down as tech stocks started to look oversold you know, despite today's sell off. But AT&T and Verizon, they blamed their misses in part on people not paying their bills on time. SNAP's huge miss even after guiding lower and then refusing to offer future guidance took that stock down nearly 40% today and other social media stocks are off on sympathy. Meta and Google were off, you know, over 7% at midday. I think at one point hit 14% down and Google, Meta and Twitter have all said they're freezing new hires. So we're starting to see according to Simonton for the first time in a long time, the lower income, younger generation really feeling the pinch of inflation. Along of course with struggling families that have to choose food and shelter over discretionary spend. Now back to the NASDAQ for a moment. As we've been reporting back in mid-June and NASDAQ was off nearly 33% year to date and has since rallied. It's now down about 25% year to date as of midday today. But as I say, it had been, you know much deeper back in early June. But it's broken that downward trend that we talked about where the highs are actually lower and the lows are lower. That's started to change for now anyway. We'll see if it holds. But chip stocks, software stocks, and of course the cyber names have broken those down trends and have been trading above their 50 day moving averages for the first time in around four months. And again, according to Simonton, we'll see if that holds. If it does, that's a positive sign. Now remember on June 24th, we recorded a Breaking Analysis and talked about Qualcomm trading at a 12 X multiple with an implied 15% growth rate. On that day the stock was 124 and it surpassed 155 earlier this month. That was a really good call by Simonton. So looking at some of the cyber players here SailPoint is of course the anomaly with the Thoma Bravo 7 billion acquisition of the company holding that stock up. But the Bug ETF of basket of cyber stocks has definitely improved. When we last reported on cyber in May, CrowdStrike was off 23% year to date. It's now off 4%. Palo Alto has held steadily. Okta is still underperforming its peers as it works through the fallout from the breach and the ingestion of its Auth0 acquisition. Meanwhile, Zscaler and SentinelOne, those high flyers are still well off year to date, with Ping Identity and CyberArk not getting hit as hard as their valuations hadn't run up as much. But virtually all these tech stocks generally in cyber issues specifically, they've been breaking their down trend. So it will now come down to earnings guidance in the coming months. But the SNAP reaction is quite stunning. I mean, the environment is slowing, we know that. Ad spending gets cut in that type of market, we know that too. So it shouldn't be a huge surprise to anyone but as Chip Simonton says, this shows that sellers are still in control here. So it's going to take a little while to work through that despite the positive signs that we're seeing. Okay. We also turned to our friend Eric Bradley from ETR who follows these markets quite closely. He frequently interviews CISOs on his program, on his round tables. So we asked to get his take and here's what ETR is saying. Again, as we've reported while CIOs and IT buyers have tempered spending expectations since December and early January when they called for an 8% plus spending growth, they're still expecting a six to seven percent uptick in spend this year. So that's pretty good. Security remains the number one priority and also is the highest ranked sector in the ETR data set when you measure in terms of pervasiveness in the study. Within security endpoint detection and extended detection and response along with identity and privileged account management are the sub-sectors with the most spending velocity. And when you exclude Microsoft which is just dominant across the board in so many sectors, CrowdStrike has taken over the number one spot in terms of spending momentum in ETR surveys with CyberArk and Tanium showing very strong as well. Okta has seen a big dropoff in net score from 54% last survey to 45% in July as customers maybe put a pause on new Okta adoptions. That clearly shows in the survey. We'll talk about that in a moment. Look Okta still elevated in terms of spending momentum, but it doesn't have the dominant leadership position it once held in spend velocity. Year on year, according to ETR, Tenable and Elastic are seeing the biggest jumps in spending momentum, with SailPoint, Tanium, Veronis, CrowdStrike and Zscaler seeing the biggest jump in new adoptions since the last survey. Now on the downside, SonicWall, Symantec, Trellic which is McAfee, Barracuda and TrendMicro are seeing the highest percentage of defections and replacements. Let's take a deeper look at what the ETR data tells us about the cybersecurity space. This is a popular view that we like to share with net score or spending momentum on the Y axis and overlap or pervasiveness in the data on the X axis. It's a measure of presence in the data set we used to call it market share. With the data, the dot positions, you see that little inserted table, that's how the dots are plotted. And it's important to note that this data is filtered for firms with at least 100 Ns in the survey. That's why some of the other ones that we mentioned might have dropped off. The red dotted line at 40% that indicates highly elevated spending momentum and there are several firms above that mark including of course, Microsoft, which is literally off the charts in both dimensions in the upper right. It's quite incredible actually. But for the rest of the pack, CrowdStrike has now taken back its number one net score position in the ETR survey. And CyberArk and Okta and Zscaler, CloudFlare and Auth0 now Okta through the acquisition, are all above the 40% mark. You can stare at the data at your leisure but I'll just point out, make three quick points. First Palo Alto continues to impress and as steady as she goes. Two, it's a very crowded market still and it's complicated space. And three there's lots of spending in different pockets. This market has too many tools and will continue to consolidate. Now I'd like to drill into a couple of firms net scores and pick out some of the pure plays that are leading the way. This series of charts shows the net score or spending velocity or granularity for Okta, CrowdStrike, Zscaler and CyberArk. Four of the top pure plays in the ETR survey that also have over a hundred responses. Now the colors represent the following. Bright red is defections. We're leaving the platform. The pink is we're spending less, meaning we're spending 6% or worse. The gray is flat spend plus or minus 5%. The forest green is spending more, i.e, 6% or more and the lime green is we're adding the platform new. That red dotted line at the 40% net score mark is the same elevated level that we like to talk about. All four are above that target. Now that blue line you see there is net score. The yellow line is pervasiveness in the data. The data shown in each bar goes back 10 surveys all the way back to January 2020. First I want to call out that all four again are seeing down trends in spending momentum with the whole market. That's that blue line. They're seeing that this quarter, again, the market is off overall. Everybody is kind of seeing that down trend for the most part. Very few exceptions. Okta is being hurt by fewer new additions which is why we highlighted in red, that red dotted area, that square that we put there in the upper right of that Okta bar. That lime green, new ads are off as well. And the gray for Okta, flat spending is noticeably up. So it feels like people are pausing a bit and taking a breather for Okta. And as we said earlier, perhaps with the breach earlier this year and the ingestion of Auth0 acquisition the company is seeing some friction in its business. Now, having said that, you can see Okta's yellow line or presence in the data set, continues to grow. So it's a good proxy from market presence. So Okta remains a leader in identity. So again, I'll let you stare at the data if you want at your leisure, but despite some concerns on declining momentum, notice this very little red at these companies when it comes to the ETR survey data. Now one more data slide which brings us to our four star cyber firms. We started a tradition a few years ago where we sorted the ETR data by net score. That's the left hand side of this graphic. And we sorted by shared end or presence in the data set. That's the right hand side. And again, we filtered by companies with at least 100 N and oh, by the way we've excluded Microsoft just to level the playing field. The red dotted line signifies the top 10. If a company cracks the top 10 in both spending momentum and presence, we give them four stars. So Palo Alto, CrowdStrike, Okta, Fortinet and Zscaler all made the cut this time. Now, as we pointed out in May if you combined Auth0 with Okta, they jumped to the number two on the right hand chart in terms of presence. And they would lead the pure plays there although it would bring down Okta's net score somewhat, as you can see, Auth0's net score is lower than Okta's. So when you combine them it would drag that down a little bit but it would give them bigger presence in the data set. Now, the other point we'll make is that Proofpoint and Splunk both dropped off the four star list this time as they both saw marked declines in net score or spending velocity. They both got four stars last quarter. Okay. We're going to close on what to expect at re:Inforce this coming week. Re:Inforce, if you don't know, is AWS's security event. They first held it in Boston back in 2019. It's dedicated to cloud security. The past two years has been virtual and they announced that reinvent that it would take place in Houston in June, which everybody said, that's crazy. Who wants to go to Houston in June and turns out nobody did so they postponed the event, thankfully. And so now they're back in Boston, starting on Monday. Not that it's going to be much cooler in Boston. Anyway, Steven Schmidt had been the face of AWS security at all these previous events as the Chief Information Security Officer. Now he's dropped the I from his title and is now the Chief Security Officer at Amazon. So he went with Jesse to the mothership. Presumably he dropped the I because he deals with physical security now too, like at the warehouses. Not that he didn't have to worry about physical security at the AWS data centers. I don't know. Anyway, he and CJ Moses who is now the new CISO at AWS will be keynoting along with some others including MongoDB's Chief Information Security Officer. So that should be interesting. Now, if you've been following AWS you'll know they like to break things down into, you know, a couple of security categories. Identity, detection and response, data protection slash privacy slash GRC which is governance, risk and compliance, and we would expect a lot more talk this year on container security. So you're going to hear also product updates and they like to talk about how they're adding value to services and try to help, they try to help customers understand how to apply services. Things like GuardDuty, which is their threat detection that has machine learning in it. They'll talk about Security Hub, which centralizes views and alerts and automates security checks. They have a service called Detective which does root cause analysis, and they have tools to mitigate denial of service attacks. And they'll talk about security in Nitro which isolates a lot of the hardware resources. This whole idea of, you know, confidential computing which is, you know, AWS will point out it's kind of become a buzzword. They take it really seriously. I think others do as well, like Arm. We've talked about that on previous Breaking Analysis. And again, you're going to hear something on container security because it's the hottest thing going right now and because AWS really still serves developers and really that's what they're trying to do. They're trying to enable developers to design security in but you're also going to hear a lot of best practice advice from AWS i.e, they'll share the AWS dogfooding playbooks with you for their own security practices. AWS like all good security practitioners, understand that the keys to a successful security strategy and implementation don't start with the technology, rather they're about the methods and practices that you apply to solve security threats and a top to bottom cultural approach to security awareness, designing security into systems, that's really where the developers come in, and training for continuous improvements. So you're going to get heavy doses of really strong best practices and guidance and you know, some good preaching. You're also going to hear and see a lot of partners. They'll be very visible at re:Inforce. AWS is all about ecosystem enablement and AWS is going to host close to a hundred security partners at the event. This is key because AWS doesn't do it all. Interestingly, they don't even show up in the ETR security taxonomy, right? They just sort of imply that it's built in there even though they have a lot of security tooling. So they have to apply the shared responsibility model not only with customers but partners as well. They need an ecosystem to fill gaps and provide deeper problem solving with more mature and deeper security tooling. And you're going to hear a lot of positivity around how great cloud security is and how it can be done well. But the truth is this stuff is still incredibly complicated and challenging for CISOs and practitioners who are understaffed when it comes to top talent. Now, finally, theCUBE will be at re:Inforce in force. John Furry and I will be hosting two days of broadcast so please do stop by if you're in Boston and say hello. We'll have a little chat, we'll share some data and we'll share our overall impressions of the event, the market, what we're seeing, what we're learning, what we're worried about in this dynamic space. Okay. That's it for today. Thanks for watching. Thanks to Alex Myerson, who is on production and manages the podcast. Kristin Martin and Cheryl Knight, they helped get the word out on social and in our newsletters and Rob Hoff is our Editor in Chief over at siliconangle.com. You did some great editing. Thank you all. Remember all these episodes they're available, this podcast. Wherever you listen, all you do is search Breaking Analysis podcast. I publish each week on wikibon.com and siliconangle.com. You can get in touch with me by emailing avid.vellante@siliconangle.com or DM me @dvellante, or comment on my LinkedIn post and please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching and we'll see you in Boston next week if you're there or next time on Breaking Analysis (soft music)

>> From theCUBE studios in Palo Alto in Boston bringing you data driven insights from theCUBE and ETR. This is breaking analysis with Dave Vellante. >> Despite fears of inflation, supply chain issues skyrocketing energy and home prices and global instability caused by the Ukraine crisis CIOs and IT buyers continue to expect overall spending to increase more than 6% in 2022. Now, while this is lower than our 8% prediction that we made earlier this year in January, it remains in line with last year's roughly six to 7% growth and is holding firm with the expectations reported by tech executives on the ETR surveys last quarter. Hello and welcome to this week's wiki bond cube insights powered by ETR in this breaking analysis, we'll update you on our latest look at tech spending with a preliminary take from ETR's latest macro drill down survey. We'll share some insights to which vendors have shown the biggest change in spending trajectory. And we'll tap our technical analysts to get a read on what they think it means for technology stocks going forward. The IT spending sentiment among IT buyers remains pretty solid. >> In the past two months, we've had conversations with dozens of CIOs, chief digital officers data executives, IT managers, and application developers, and across the board, they've indicated that for now at least their spending levels remain largely unchanged. The latest ETR drill down data which will share shortly, confirms these anecdotal checks. However, the interpretation of this data it's somewhat nuanced. Part of the reason for the spending levels being you know reasonably strong and holding up is inflation. Stuff costs more so spending levels are higher forcing IT managers to prioritize. Now security remains the number one priority and is less susceptible to cuts, cloud migration, productivity initiatives and other data projects remain top priorities. >> So where are CIO's robbing from Peter to pay Paul to focus on these priorities? Well, we've seen a slight uptick in certain speculative. IT projects being put on hold or frozen for a period of time. And according to ETR survey data we've seen some hiring freezes reported and this is especially notable in the healthcare sector. ETR also surveyed its buyer base to find out where they were adjusting their budgets and the strategies and tactics they were using to do so. Consolidating IT vendors was by far the most cited tactic. Now this makes sense as companies in an effort to negotiate better deals will often forego investments in newer so-called best of breed products and services, and negotiate bundles from larger suppliers. You know, even though they might not be as functional, the buyers >> can get a better deal if they bundle together from one of their larger suppliers. Think Microsoft or a Dell or other, you know, large companies. ETR survey respondents also cited cutting the cloud bill where discretionary spending was in play was another strategy or tactic that they were using. We certainly saw this with some of the largest snowflake customers this past quarter. Where even though they were still growing consumption rapidly certain snowflake customers dialed down their consumption and pushed spending off to future quarters. Now remember in the case of snowflake, anyway, customers negotiate consumption rates and their pricing based on a total commitment over a period of time. So while they may consume less in one quarter, over the lifetime of the contract, snowflake, as do many other cloud companies, have good visibility on the lifetime value of a deal. Now this next chart shows the latest ETR spending expectations among more than 900 respondents. The bars represent spending growth expectations from the periods of December, 2021 that's the gray bars, March of 2022 survey in the blue, and the most recent June data, That's the yellow bar. So you can see spending expectations for the quarter is down slightly in the mid 5% range. But overall for the year expectations remain in the mid 6% range. Now it's down from 8%, 8.3% in December where it looked like 2022 was going to really be a breakout year and have more momentum than even last year. Now, remember this was before Russia invaded Ukraine which occurred in mid-February of this year. So expectations were a little higher. So look, generally speaking CIOs have told us that their CFOs and CEOs have lowered their earnings outlooks and communicated that to Wall Street. They've told us that unless and until these revised forecasts appear at risk, they continue to expect their budget levels to remain pretty constant. Now there's still plenty of momentum and spending velocity on specific vendor platforms. Let's take a look at that. >> This chart shows the companies with the greatest spending momentum as measured by ETRs proprietary net score methodology. Net score essentially measures the net percent of customers spending more on a particular platform. That measurement is shown on the Y axis. The red line there that's inserted that red dotted line at 40%, we consider to be a highly elevated mark. And the green dots are companies in the ETR survey that are near or above that line. The X axis measures the presence in the data set, how much, you know sort of pervasiveness, if you will, is in the data. It's kind of a proxy for market presence. Now, of course we all know Kubernetes is not a company, but it remains an area where organizations are spending lots of resources and time particularly to modernize and mobilize applications. Snowflake remains the company which leads all firms in spending velocity, but as you'll see momentarily, despite its highest position relative to everybody else in the survey, it's still down from its previous levels in the high seventies and low 80% range. AWS is incredibly impressive because it has an elevated level but also a big presence in the data set in the survey. Same with Microsoft, same with ServiceNow which also stands out. And you can see the other smaller vendors like HashiCorp which is increasingly being seen as a strategic cross cloud enabler. They're showing, spending momentum. The RPA vendors you see in there automation anywhere and UI path are in the mix with numerous security companies, CrowdStrike, CyberArk, Netskope, Cloudflare, Tenable Okta, Zscaler Palo Alto networks, Sale Point Fortunate. A big number of cybersecurity firms hovering at or above that 40% mark you can see pure storage remains elevated as do PagerDuty and Coupa. So plenty of good news here, despite the recent tech crash. So that was the good, here's the not so good. So >> there is no 40% line on this chart because all these companies are well below that line. Now this doesn't mean these companies are bad companies. They just don't have the spending velocity of the ones we showed earlier. A good example here is Oracle. Look how they stand out on the X axis with a huge market presence. And Oracle remains an incredibly successful company selling to high end customers and really owning that mission critical data and application space. And remember ETR measures spending activity, but not actual spending dollars. So Oracle is skewed as a result because Oracle customers spend big bucks. But the fact is that Oracle has a large legacy install base that pulls down their growth rates. And that does show up in the ETR survey data. Broadcom is another example. They're one of the most successful companies in the industry, and they're not going after growth at all costs at all. They're going after EBITDA and of course ETR doesn't measure EBIT. So just keep that in mind, as you look at this data. Now another way to look at the data and the survey, is exploring the net score movement over the last period amongst companies. So how are they moving? What's happening to the net score over time. And this chart shows the year over year >> net score change for vendors that participate in at least three sectors within the ETR taxonomy. Remember ETR taxonomy has 12, 15 different segments. So the names above or below the gray dotted line are those companies where the net score has increased or decreased meaningfully. So to the earlier chart, it's all relative, right? Look at Oracle. While having lower net scores has also shown a more meaningful improvement in net score than some of the others, as have SAP and Teradata. Now what's impressive to me here is how AWS, Microsoft, and Google are actually holding that dotted line that gray line pretty well despite their size and the other ironically interesting two data points here are Broadcom and Nutanix. Now Broadcom, of course, as we've reported and dug into, is buying VMware and, and of, of course most customers are concerned about getting hit with higher prices. Once Broadcom takes over. Well Nutanix despite its change in net scores, in a good position potentially to capture some of that VMware business. Just yesterday, I talked to a customer who told me he migrated his entire portfolio off VMware using Nutanix AHV, the Acropolis hypervisor. And that was in an effort to avoid the VTEX specifically. Now this was a smaller customer granted and it's not representative of what I feel is Broadcom's ICP the ideal customer profile, but look, Nutanix should benefit from the Broadcom acquisition. If it can position itself to pick up the business that Broadcom really doesn't want. That kind of bottom of the pyramid. One person's trash is another's treasure as they say, okay. And here's that same chart for companies >> that participate in less than three segments. So, two or one of the segments in the ETR taxonomy. Only three names are seeing positive movement year over year in net score. SUSE under the leadership of amazing CEO, Melissa Di Donato. She's making moves. The company went public last year and acquired rancher labs in 2020. Look, we know that red hat is the big dog in Kubernetes but since the IBM acquisition people have looked to SUSE as a possible alternative and it's showing up in the numbers. It's a nice business. It's going to do more than 600 million this year in revenue, SUSE that is. It's got solid double digit growth in kind of the low teens. It's profitability is under pressure but they're definitely a player that is found a niche and is worth watching. The SolarWinds, What can I say there? I mean, maybe it's a dead cat bounce coming off the major breach that we saw a couple years ago. Some of its customers maybe just can't move off the platform. Constant contact we really don't follow and don't really, you know, focus on them. So, not much to say there. Now look at all the high priced earning stocks or infinite PE stocks that have no E and divide by zero or a negative number and boom, you have infinite PE and look at how their net scores have dropped. We've reported extensively on snowflake. They're still number one as we showed you earlier, net score, but big moves off their highs. Okta, Datadog, Zscaler, SentinelOne Dynatrace, big downward moves, and you can see the rest. So this chart really speaks to the change in expectations from the COVID bubble. Despite the fact that many of these companies CFOs would tell you that the pandemic wasn't necessarily a tailwind for them, but it certainly seemed to be the case when you look back in some of the ETR data. But a big question in the community is what's going to happen to these tech stocks, these tech companies in the market? We reached out to both Eric Bradley of ETR who used to be a technical analyst on Wall Street, and the long time trader and breaking analysis contributor, Chip Symington to get a read on what they thought. First, you know the market >> first point of the market has been off 11 out of the past 12 weeks. And bare market rallies like what we're seeing today and yesterday, they happen from time to time and it was kind of expected. Chair Powell's testimony was broadly viewed as a positive by the street because higher interest rates appear to be pushing commodity prices down. And a weaker consumer sentiment may point to a less onerous inflation outlook. That's good for the market. Chip Symington pointed out to breaking analysis a while ago that the NASDAQ has been on a trend line for the past six months where its highs are lower and the lows are lower and that's a bad sign. And we're bumping up against that trend line here. Meaning if it breaks through that trend it could be a buying signal. As he feels that tech stocks are oversold. He pointed to a recent bounce in semiconductors and cited the Qualcomm example. Here's a company trading at 12 times forward earnings with a sustained 14% growth rate over the next couple of years. And their cash flow is able to support their 2.4, 2% annual dividend. So overall Symington feels this rally was absolutely expected. He's cautious because we're still in a bear market but he's beginning to, to turn bullish. And Eric Bradley added that He feels the market is building a base here and he doesn't expect a 1970s or early 1980s year long sideways move because of all the money that's still in the system. You know, but it could bounce around for several months And remember with higher interest rates there are going to be more options other than equities which for many years has not been the case. Obviously inflation and recession. They are like two looming towers that we're all watching closely and will ultimately determine if, when, and how this market turns around. Okay, that's it for today. Thanks to my colleagues, Stephanie Chan, who helps research breaking analysis topics sometimes, and Alex Myerson who is on production in the podcast. Kristin Martin and Cheryl Knight they help get the word out and do all of our newsletters. And Rob Hof is our Editor in Chief over at siliconangle.com and does some wonderful editing for breaking analysis. Thank you. Remember, all these episodes are available as podcasts wherever you listen. All you got to do is search breaking analysis podcasts. I publish each week on wikibon.com and Siliconangle.com. And of course you can reach me by email at david.vellante@siliconangle.com or DM me at DVellante comment on my LinkedIn post and please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for the CUBE insights powered by ETR. Stay safe, be well. And we'll see you next time. (soft music)

>> From The Cube Studios in Palo Alto in Boston, bringing you data-driven insights from The Cube in ETR. This is "Breaking Analysis" with Dave Vellante >> The pandemic not only accelerated the shift to digital but it also highlighted a rush of cyber criminal sophistication, collaboration, and chaotic responses by virtually every major company in the planet. The SolarWinds hack exposed supply chain weaknesses and so-called island hopping techniques that are exceedingly difficult to detect. Moreover, the will and aggressiveness of well-organized cybercriminals has elevated to the point where incident responses are now met with counter attacks, designed to both punish and extract money from victims via ransomware and other criminal activities. The only upshot is the cybersecurity market remains one of the most enduring and attractive investment sectors for those that can figure out where the market is headed and which firms are best positioned to capitalize. Hello, everyone. And welcome to this week's Wikibon Cube Insights powered by ETR. In this "Breaking Analysis" we'll provide our quarterly update of the security industry, and share new survey data from ETR and the Cube community that will help you navigate through the maze of corporate cyber warfare. We'll also share our thoughts on the game of 3D chess that Okta CEO, Todd McKinnon, is playing against the market. Now, we all know this market is complicated, fragmented and fast moving. And this next chart says it all. It's an interactive graphic from Optiv, a Denver, Colorado-based SI that's focused on cybersecurity. They've done some really excellent research and put together this awesome taxonomy, and it mapped vendor names therein. And this helps users navigate the complex security landscape. And there are over a dozen major sectors, high-level sectors within the security taxonomy and nearly 60 subsectors. From monitoring, vulnerability assessment, identity, asset management, firewalls, automation, cloud, data center, sim, threat detection and intelligent endpoint network, and so on and so on and so on. But this is a terrific resource, and going to help you understand where players fit and help you connect the dots in the space. Now let's talk about what's going on in the market. The dynamics in this crazy mess of a landscape are really confusing sometimes. Now, since the beginning of cyber time, we've talked about the increasing sophistication of the adversary, and the back and forth escalation between good and evil. And unfortunately, this trend is unlikely to stop. Here's some data from Carbon Black's annual modern bank heist report. This is the fourth, and of course now, VMware's brand, highlights the Carbon Black study since the acquisition, and to catalyze the creation of VMware's cloud security division. Destructive malware attacks, according to the recent study are up 118% from last year. Now, one major takeaway from the report is that hackers aren't just conducting wire fraud, they are. 57% of the banks surveyed, saw an increase in wire fraud, but the cybercriminals are also targeting non-public information such as future trading strategies. This allows the bad guys to front-run large block trades and profit. It's become a very lucrative practice. Now the prevalence of so-called island hopping is up 38% from already elevated levels. This is where a virus enters a company supply chain via a partner, and then often connects with other stealthy malware downstream. These techniques are more common where the malware will actually self-form with other infected parts of the supply chain and create actions with different signatures, designed to identify and exfiltrate valuable information. It's a really complex problem. Of major concern is that 63% of banking respondents in the study reported that responses to incidents were then met with retaliation designed to intimidate, or initiate ransomware tax to extract a final pound of flesh from the victim. Notably, the study found that 75% of CISOs reported to the CIO, which many feel is not the right regime. The study called for a rethinking of the right cyber regime where the CISO has increased responsibility and a direct reporting line to the CEO, or perhaps the COO, with greater exposure to boards of directors. So, many thanks to VMware and Tom Kellerman specifically for sharing this information with us this past week. Great work by your team. Now, some of the themes that we've been talking about for several quarters are shown in the lower half of the chart. Cloud, of course is the big driver thanks to work-from-home and to the pandemic. And the interesting corollary of course, is we see a rapid rethinking of end point and identity access management, and the concept of zero trust. In a recent ESG survey, two thirds of respondents said that their use of cloud computing necessitated a change in how they approach identity access management. Now, as shown in the chart from Optiv, the market remains highly fragmented, and M&A is of course, way up. Now, based on our research, it looks like transaction volume has increased more than 40% just in the last five months. So let's dig into the M&A, the merger and acquisition trends for just a moment. We took a five-month snapshot and we were able to count about 80 deals that were completed in that timeframe. Those transactions represented more than $20 billion in value. Some of the larger ones are highlighted here. The biggest of course, being the Thoma Bravo, taking Proofpoint private for a $12 plus billion price tag. The stock went from the low 130s and is trading in the low 170s based on the $176 per share offer. So there's your arbitrage, folks. Go for it. Perhaps the more interesting acquisition was Auth0 by Optiv for 6.5 billion, which we're going to talk about more in a moment. There was more private equity action we saw as Insight bought Armis, an IOT security play, and Cisco shelled out $730 million for IMImobile, which is more of an adjacency to cyber, but it's going to go under Cisco security and applications business run by Jeetu Patel. But these are just the tip of the iceberg. Some of the themes that we see connecting the dots of these acquisitions are first, SIs like Accenture, Atos and Wipro are making moves in cyber to go local. They're buying SecOps expertise, as I say, locally in places like France, Germany, Netherlands, Canada, and Australia, that last mile, that belly to belly intimate service. Israeli-based startups chocked up five acquired companies in the space over the last five months. Also financial services firms are getting into the act with Goldman and MasterCard making moves to own its own part of the stack themselves to combat things like fraud and identity theft. And then finally, numerous moves to expand markets. Okta with Auth0, CrowdStrike buying a log management company, Palo Alto, picking up dev ops expertise, Rapid7 shoring up it's Coobernetti's chops, Tenable expanding beyond Insights and going after identity, interesting. Fortinet filling gaps in a multi-cloud offering. SailPoint extending to governance risk and compliance, GRC. Zscaler picked up an Israeli firm to fill gaps in access control. And then VMware buying Mesh7 to secure modern app development and distribution service. So tons and tons of activity here. Okay, so let's look at some of the ETR data to put the cyber market in context. ETR uses the concept of market share, it's one of the key metrics which is a measure of pervasiveness in the dataset. So for each sector, it calculates the number of respondents for that sector divided by the total to get a sense for how prominent the sector is within the CIO and IT buyer communities. Okay, this chart shows the full ETR sector taxonomy with security highlighted across three survey periods; April last year, January this year, and April this year. Now you wouldn't expect big moves in market share over time. So it's relatively stable by sector, but the big takeaway comes from observing which sectors are most prominent. So you see that red line, that dotted line imposed at the 60% level? You can see there are only six sectors above that line and cyber security is one of them. Okay, so we know that security is important in a large market. But this puts it in the context of the other sectors. However, we know from previous breaking analysis episodes that despite the importance of cyber, and the urgency catalyzed by the pandemic, budgets unfortunately are not unlimited, and spending is bounded. It's not an open checkbook for CSOs as shown in this chart. This is a two-dimensional graphic showing market share in the horizontal axis, or pervasiveness in net score in the vertical axis. Net score is ETR's measurement of spending velocity. And we've superimposed a red line at 40% because anything over 40%, we consider extremely elevated. We've filtered and limited the number of sectors to simplify the graphic. And you can see, in the sectors that we've highlighted, only the big four are above that 40% line; AI, containers, RPA, and cloud. They exceed that sort of 40% magic waterline. Information security, you can see that as highlighted and it's respectable, but it competes for budget with other important sectors. So this is of course creates challenges for organization, because not only are they strapped for talent as we've reported, they like everyone else in IT face ongoing budget pressures. Research firm, Cybersecurity Ventures estimates that in 2021, $6 trillion worldwide will be lost on cyber crime. Conversely, research firm, Cannolis peg security spending somewhere around $60 billion annually. IDC has at higher, around $100 billion. So either way, we're talking about spending between 1 to 1.6% annually of how much the bad guys are taking out. That's peanuts really when you consider the consequences. So let's double-click into the cyber landscape a bit and further look at some of the companies. Here's that same X/Y graphic with the companies ETR captures from respondents in the cybersecurity sector. That's what's shown on the chart here. Now, the usefulness of the red lines is 20% on the horizontal indicates the largest presence in the survey, and the magic 40% line that we talked about earlier shows those firms with the most elevated momentum. Only Microsoft and Palo Alto exceed both high watermarks. Of course, Splunk and Cisco are prominent horizontally. And there are numerous companies to the left of the 20% line and many above that 40% high watermark on the vertical axis. Now in the bottom left quadrant, that includes many of the legacy names that have been around for a long time. And there are dozens of companies that show spending momentum on their platforms, i.e above single digits. So that picture is like the first one we showed you, very, very crowded space. But so let's filter it a bit and only include companies in the ETR survey that had at least 100 responses. So an N of 100 or greater. So it was a little easier to read but still it's kind of crowded when you think about it. Okay, so same graphic, and we've superimposed the data that determined the plot position over in the bottom right there. So there's net score and shared in, including only companies with more than 100 N. So what does this data tell us about the market? Well, Microsoft is dominant as always, it seems in all dimensions but let's focus on that red line for a moment. Some of the names that we've highlighted over the past two years show very well here. First, I want to talk about Palo Alto Networks. Pre-COVID as you might recall, we highlighted the valuation divergence between Palo Alto and Fortinet. And we said Fortinet was executing better on its cloud strategy, and Palo Alto was at the time struggling with the transition especially with its go-to-market and its Salesforce compensation, and really refreshing its portfolio. But we told you that we were bullish on Palo Alto Networks at the time because of its track record, and the fact that CIOs consistently told us that they saw Palo Alto as a thought leader in the space that they wanted to work with. They said that Palo Alto was the gold standard, the best, especially larger company CISOs. So that gave us confidence that Palo Alto, a very well-run company was going to get its act together and perform better. And Palo Alto has just done just that. As we expected, they've done very well and rapidly moving customers to the next generation of platforms. And we're very impressed by the company's execution. And the stock has generally reflected that. Now, some other names that hit our radar in the ETR data a couple of years ago, continue to perform well. CrowdStrike, Zscaler, SailPoint, and CloudFlare. Now, CloudFlare just reported and beat earnings but was off, the stock fell on headwinds for tech overall, the big rotation. But the company is doing very well and they're growing rapidly and they have momentum as you can see from the ETR data. Now, we put that double star around Proofpoint to highlight that it was worthy of fetching $12.5 billion from private equity firm. So nice exit there, supporting the continued consolidation trend that we've predicted in cybersecurity. Now let's turn our attention to Okta and Auth0. This is where it gets interesting, and is a clever play for Okta we think, and we want to drill into it a bit. Okta is acquiring Auth0 for big money. Why? Well, we think Todd McKinnon, Okta CEO, wants to run the table on identity and then continue to expand as TAM has to do that, to justify his lofty valuation. So Okta's ascendancy around identity and single sign-on is notable. The fragmented pictures that we've shown you, they scream out for simplification and trust, and that's what Okta brings. But it competes with some major players, most notably Microsoft with active directory. So look, of course, Microsoft is going to dominate in its massive customer base, but the rest of the market, that's like (indistinct) wide open. And we think McKinnon saw the opportunity to go dominate that sector. Now Okta comes at this from an enterprise perspective bringing top-down trust to the equation, and throwing a big blanket over all the discreet SaaS platforms and unifying employee access. Okta's timing was perfect. It was founded in 2009, just as the massive SaaSifiation trend was happening around CRM and HR, and service management and cloud, et cetera. But the one thing that Okta didn't have that Auth0 does is serious developer chops. While Okta was crushing it with its enterprise sales strategy, Auth0 was laser-focused on developers and building a bottoms up approach to identity. By acquiring Auth0, Okta can dominate both sides of the barbell and then capture the fat middle. So yes, it's a pricey acquisition, but in our view, it's a great move by McKinnon. Now, I don't know McKinnon personally, but last week I spoke to Arun Shrestha, who's the CEO of security specialist, BeyondID, they're a platinum services partner of Okta. And they're a zero trust expert. He worked for Okta for a number of years and shared with me a bit about McKinnon's style, and think big approach. Arun said something that caught my attention. He said, firewalls used to be the perimeter, now people are. And while that's self-serving to Okta and probably BeyondID, it's true. People, apps and data are the new perimeter, and they're not in one location. And that's the point. Now, unfortunately, I had lined up an interview with Diya Jolly, who was the chief product officer at Okta and a Cube alum for this past week, knowing that we were running this segment in this episode but she unfortunately fell ill the day of our interview and had to cancel. But I want to follow up with her, and understand how she's thinking about connecting the dots with Auth0 with devs and enterprises and really test our thesis there. This is a really interesting chess match that's going on. Let's look a little deeper into that identity space. This chart here shows some of the major identity players. It has some of the leaders in the identity market, and is a breakdown at ETR's net score. Now net score comprises five elements. The lime green is, we're adding the platform new. The forest green is we're spending 6% or more relative to last year. The gray is flat send plus or minus flat spend, plus or minus 5%. The pinkish is spending less. And the bright red is we're exiting the platform, retiring. Now you subtract the red from the green, and that gets you the result for net score which you can see super-imposed on the right hand chart at the bottom, that first column there. The far column is shared in which informs and indicates the number of responses and is a proxy for presence in the market. Oh, look at the top two players in terms of spending momentum. Now SailPoint is right there, but Auth0 combined with Okta's distribution channel will extend Okta's lead significantly in our view. And then there's Microsoft. Now just a caveat, this includes all of Microsoft's security offerings, not just identity, but it's there for context. And CyberArk as well includes this acquisition of adaptive, but also other parts of CyberArk's portfolio. So you can see some of the other names that are there, many of which you'll find in the Gartner magic quadrant for identity. And as we said, we really like this move by Okta. It combines positive market forces with lead offerings from very well-run companies that have winning DNA and passionate people. Now, to further emphasize what's happening here, take a look at this. This chart shows ETR data for Okta within SailPoint and CyberArk accounts. Out of the 230 CyberArk and SailPoint customers in the dataset, there are 81 Okta accounts. That's a 35% overlap. And the good news for Okta is that within that base of SailPoint and CyberArk accounts, Okta is shown by the net score line, that green line has a very elevated spending in momentum. And the kicker is, if you read the fine print in the right hand column, ETR correctly points out that while SailPoint and CyberArk have long been partners with Okta, at the recent Octane21 event, Okta's big customer event, The company announced that it was expanding into privileged access management, PAM, and identity governance. Hello, and welcome to co-opetition in the 2020s. Now, our current thinking is that this bodes very well for Okta and CyberArk and SailPoint. Well, they're going to have to make some counter moves to fend off the onslaught that is coming. Now, let's wrap up with what has become a tradition in our quarterly security updates. Looking at those two dimensions of net score and market share, we're going to see which companies crack the top 10 for both measures within the ETR dataset. We do this every quarter. So here in the left, we have the top 20, sorted by net score spending momentum and on the right, we sort by shared N. So it's again, top 20, which informs, shared N informs the market share metric or presence in the dataset. That red horizontal lines, those two lines on each separate the top 10 from the remaining 10 within those top 20. And our method, what we do is we assign four stars to those companies that crack the top 10 for both metrics. So again, you see Microsoft, Palo Alto Networks, Okta, CrowdStrike, and Fortinet. Fortinet by the way, didn't make it last quarter. They've kind of been in and out and on the bubble, but company is very strong, and doing quite well. Only the other four did last quarter. They were the same for last quarter. And we give two stars to those companies that make it in both categories within the top 20 but didn't make the top 10. So Cisco, Splunk, which has been steadily decelerating from a spending momentum standpoint, and Zscaler, which is just on the cusp. We really like Zscaler and the company has great momentum, but that's the methodology. That is what it is. Now you can see, we kept Carbon Black on the right most chart, it's like kind of cut off, it's number 21. Only because they're just outside looking in on net score. You see them there, they're just below on net score, number 11. And VMware's presence in the market we think, that Carbon Black is right really worth paying attention to. Okay, so we're going to close with some summary and final thoughts. Last quarter, we did a deeper dive on the SolarWinds hack, and we think the ramifications are significant. It has set the stage for a new era of escalation and adversary sophistication. Now, major change we see is a heightened awareness that when you find intruders, you'd better think very carefully about your next moves. When someone breaks into your house, if the dog barks, or if you come down with a baseball bat or other weapon, you might think the intruder is going to flee. But if the criminal badly wants what you have in your house and it's valuable enough, you might find yourself in a bloody knife fight or worse. Well, what's happening is intruders come to your company via island hopping or insider subterfuge or whatever method. And they'll live off the land stealthily using your own tools against you so that you can't find them so easily. So instead of injecting new tools in that send off an alert, they just use what you already have there. That's what's called living off the land. They'll steal sensitive data, for example, positive COVID test results when that was really, really sensitive, obviously still is, or other medical data. And when you retaliate, they will double-extort you. They'll encrypt your data and hold it for ransom, and at the same time threaten to release the sensitive information, crushing your brand in the process. So your response must be as stealthy as their intrusion, as you marshal your resources and devise an attack plan. And you face serious headwinds. Not only is this a complicated situation, there's your ongoing and acute talent shortage that you tell us about all the time. Many companies are mired in technical debt, that's an additional challenge. And then you've got to balance the running of the business while actually effecting a digital transformation. That's very, very difficult, and it's risky because the more digital you become, the more exposed you are. So this idea of zero trust, people used to call it a buzzword, it's now a mandate along with automation. Because you just can't throw labor at the problem. This is all good news for investors as cyber remains a market that's ripe for valuation increases and M&A activity, especially if you know where to look. Hopefully we've helped you squint through the maze a little bit. Okay, that's it for now. Thanks to the community for your comments and insights. Remember I publish each week on wikibon.com and siliconangle.com. These episodes, they're all available as podcasts. All you got to do is search breaking analysis podcasts, put in the headphones, listen when you're in your car, or out for your walk or run, and you can always connect on Twitter @DVellante, or email me at david.vellante@siliconangle.com. I appreciate the comments on LinkedIn and in Clubhouse, please follow me, so you're notified when we start a room and riff on these topics and others. And don't forget to check out etr.plus for all the survey data. This is Dave Vellante for The Cube Insights powered by ETR. Be well, and we'll see you next time. (light instrumental music)

>> From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR, this is Breaking Analysis with Dave Vellante. >> Application performance management AKA APM, you know it's been around since the days of the mainframe. Now, as systems' architectures became more complex, the technology evolved to accommodate client-server, web-tier architectures, mobile and now of course, cloud-based systems. A spate of vendors have emerged to solve the sticky problems associated with ensuring consistent and predictable user experiences. The market has grown, I mean it's decent size, it's about $5 billion globally. It's growing at a consistent 10% CAGR. It's got a variety of established companies and new entrants that are attacking this space. Hi everyone, welcome to this week's Wikibon Cube Insights powered by ETR. My name is Dave Vellante and today, we welcome back ETR's Erik Bradley, who was the chief engagement strategist at Aptiviti which is the holding company of our data partner, ETR. Erik, my friend, great to see you. Thanks so much for coming on and spending some time with us. >> Oh, always enjoy it Dave. Great to see you too and I'm just glad I got some fresh material for ya. >> As always, you have fresh data. Now, Erik just recently hosted an ETR VENN session and on this particular topic, APM. Now VENNs are an open round table, they're exclusively available to ETR's clients and what we do is we sometimes come in theCUBE and we summarize those sessions in our Breaking Analysis. Now Erik, yo let's start with a summary slide here, guys, if you could bring that up, we just want to make a couple of points and... So as I said Erik, I mean this started back, you know in the System/390 days. Now, distributed systems and cloud of course create a lot more complexity, you got data that's really fragmented. You got user data, you got application data, you have infrastructure data and it gets complicated and you've got guys in lab coats having to come in and diagnose these stuff, lot of tribal knowledge. What are you seeing in the space? >> Well yeah, you know to start back, you know it's funny when the panel I hosted, one of the guys even brought up Tivoli, how long ago that was right? Then of course you get, you know you have the solar winds and you had people like that trying to just kind of monitor your network. You know what we've heard a lot about now is infrastructure has really become code-based. So when that happens, you really start wondering to yourself the lines are blurring between infrastructure and application because at the end of the day, what you're really monitoring is code. So it has gotten incredibly complex, you have OnPrem, you have hybrid, you have multi-cloud approach so it has gotten extremely complex and there's also now a third wave of next-gen vendors getting involved in the mix as well. As you're aware, New Relic and Datadog, obviously, Splunk has been in logging and monitoring for a long time. You also had some of the traditional players throw their hat in the ring through acquisition, that you know AppDynamics gobbled up by Cisco and obviously Splunk trying to continue to reinvent themselves a little bit by SignalFx. So it is a very crowded, complex space, it is a complicated problem but it's also a problem that needs to be solved. You know, we were looking at, you said in your intro about, it's only about a $5 billion market right now but there's been a lot of data out there from industry analysts saying that that's going to grow quite handsomely over the next five years and it could get up to 13, 14, 15 billion. And when I asked my panel about that, I had one gentleman say without a doubt, they see the next 10 years that spending in this space will continue. And when you pry and ask why, they simply state that digital transformation is not going to stop, it's marching forward, whether anyone likes it or not and as it does, monitoring is going to be critical, it's only going to increase and increase and increase. So right now, to your point, it's a small market but it's a growing market and there's a lot of entrance in there and their whole goal is to reduce this complexity that you're talking about. >> Now, one of the things we heard from the panel, guys if you bring up that same slide again, you know the third point on that slide was what's closely tied to digital transformation. You heard a number of individuals say, "Look, your digital business is critical, it's all about monitoring your applications and your data and your infrastructure. And we heard a lot that they wanted a, a single pane of glass and you made a number of points about the market. What are your thoughts on both the digital transformation, maybe the COVID acceleration of that mandate and that notion of a single pane of glass, is that aspirational or is it, in your view, something that is actually technically feasible? >> Not only is it technically feasible, it has to happen. It's going to be demanded by the large enterprise, they can't continue to monitor hundreds and hundreds of applications. They need something that not only can give them observability through their entire stack, but they need to be able to view it in one way, there's enough fatigue in monitoring and logging. And actually it goes even further than one pane of glass, they're demanding that these systems can now actually employ machine learning algorithms to be proactive. It's not enough to just say, "Okay, I observed this," you have to let me know that this may happen in the future and what to do about it. So not only is it feasible, it's something that is being demanded by the end-user market and the players that survive are the ones that already have that in their roadmap. >> Now, as we always like to do in these sessions, we're going to bring up some ETR data and we like to position the companies. So what we do is, we're going to bring up some of the pure players, pure-play companies and you can see them on this slide. But Erik, and when we talk about companies in this space, they are well over a dozen. It's just again for reference, you know it's Cisco with AppD, you mentioned that before Dynatrace is one of the leaders, New Relic has been around for awhile and is doing well, Splunk, Datadog. Now of course, and we're not showing them here, AWS, Microsoft and Google cause they just sort of, they pollute the chart. But so I want to start with the guys that are on this view and maybe talk about a few. Elastic came up a lot, certainly AppD came up a little, Dynatrace was obviously mentioned, especially in large organizations. Lot of conversations about New Relic. So let's go through them. Where do you want to start here? >> Yeah there's a lot to go through and we did spend the majority of the panel talking about the individual players, the differences between them and also what we thought their longer term prospects were but yeah, we'll go through each one. I think maybe to start with, let's go back in time a little bit, right? Cisco is a wonderful acquirer, they do a great job at M&A. A lot of companies will acquire something and let it die on the vine. Cisco has proven recently that they are reinventing themselves as a full platform play, whether that be through, you know, kind of, their networking reach or whether it be through the security. And AppDynamics is one of those that actually kind of gives you a little bit of both with being able to monitor. It is a great play for people that are already involved with Cisco. Now, I don't think you're going to see too many people that are non-Cisco customers run out and buy it. There you're going to see some of them, maybe the pure plays or one of my guests called the third wave of vendors. And that third wave is really about a Datadog and a New Relic. Let's talk about Datadog first. >> Yeah let's bring that back up guys, if you would. Now let me just, sorry to interrupt you Erik (indistinct) The vertical axis here is net score, that's the ETR's primary metric, and that's an indication of spending velocity, the higher, the better. And on the horizontal axis is market share. Now we're showing the July data, the October data is in the field, you know once ETR releases that to its clients, then we'll share that with you. But the first thing that jumps out at me is other than Elastic Erik, I mean, I'm not blown away by the spending momentum in this space but let's talk about that and then some of your thoughts on the specific vendors. >> Yeah, you know I'll go back because you asked a little bit about the digital transformation, I don't think I answered it fully. So to your comment about maybe not being impressed with the spend, I think this is one where the spend is going to come, kind of as a laggard because you're not going to rush out and go buy the software to monitor until you've built out the, what needs to be monitored. So as we're seeing this increase in the digital transformation, and I think you and I had a conversation in the past, but when COVID first hit and I did a series of panels, we had one person say that this virus is going to increase digital transformation by five to 10 years. Now that was an amazing statement. Basically, if you were on the fence, if you didn't, if you weren't already heading down to digital transformation, you needed to play catch up quickly. So now that you are doing that right, now that you're moving from OnPrem to a multicloud or a hybrid cloud environment, you have to get observability, you have to get monitoring into it. So now these players start to play catch up and this is where you're going to see the proof of concepts and you're going to see people trying to decide which direction they're going to take their company. Now back to the actual vendors. I believe that there is some differentiation, right? So we'll just take, for instance, Splunk. Splunk is obviously probably the biggest boy on the block when it comes to just straight up logging and monitoring. They've leveraged that big boy position to really, you know, add some costs, kind of intimidate their customers they've been compared in the past of the type of things that Oracle used to do from their cost perspective. And that's opened up some new competition, Datadog is one of those. According to my panel, Datadog is viewed more for logging and monitoring than it is truly full end-to-end observability throughout your entire network and application system. So that is one of the areas that's there. Now, to stay on those two names for a quick second, Splunk obviously has some holes in what they're trying to offer, they went out and tried to buy SignalFx to fill one of those holes. Now according to my panel again, did a great job filling that hole, problem is if you have a boat with three holes, you can't put your fingers everywhere. So they think, hey listen, Splunk scrape, they're going to keep the company they have and I know that we can talk a little bit more about valuations and the equity side later, but I think it's very clear that their sales and revenue are trending flat to down, whereas some of these other names still have great acceleration in their sales. So Splunk and Datadog both are really facing pressure from Elastic or generally just open-source. >> I was struck by the panel and how much emphasis they, how much complaining they did about Splunk pricing. Generally, I feel like hey, if your price is too high is the biggest objection, that's actually not a bad thing for a company but the way they kept hitting on it and said, "Hey, we're actively looking for alternatives" and Datadog was one of those and given the momentum that Datadog has, I don't think that that's necessarily a positive. But you know Splunk has a lot of loyal customers but you know to your point if you go back to the slide, Elastic came up very, very strong and they are head and shoulders from a spending momentum above the rest of the crowd here. >> Right. And you know, so you're right. If the only problem with a vendor or a technology is cost, usually you live with it because that means it's giving you what you need. So okay, it's expensive but it's also the best in breed and that's where Splunk has been for a very long time. And I think they're resting on their laurels knowing that. Enter Elastic and you say to these guys, the panel, I asked them, well okay, you can make Elastic work but is it truly a viable alternative from a technology standpoint? And the answer to that was not only is it viable, it's half the price. So if you can bring something in that can do the job the same and it's half the cost, it's really difficult not to at least try. And I had one of the other gentlemen who was a Datadog customer said, "Listen, we love Datadog, we were a huge customer and then I started getting enormous bills and I just switched over to open-source, I switched to Elastic, I switched to Kibana, I switched to Kafka and I can do this search myself. Now the difference is not every enterprise has the human skillset to do so and I'm not saying Splunk's going to turn around to disappear tomorrow, not even close. Because there is a difference in spending that money with the vendor or spending that money developing the human skillset to use open-source. But the bigger backdrop here is there are more alternatives than there used to be, there's more competition and the space is getting very crowded. >> Yeah, comment on open-source. I mean open-source is free like a puppy. But the thing about that, and we had one of the panelists was a very senior consultant, exclusively work with very large companies, he told a story about one of the companies years ago, he came in to solve a problem. The problem was they had 70% availability and then they had no visibility on their infrastructure and there's really no great, no good monitor, they get them up to whatever, five nines or two, three nines or wherever they got them to, but dramatic improvement. And so, but he said, "Look it, I work with companies with billions of dollars, $3 billion IT budgets so they don't rely on open-source for this stuff, they're happy to spend." But there's a huge market, particularly in the mid size where we heard that New Relic plays in a big way, it might be more receptive to open-source. >> Couple of great points there Dave, honestly. I'm going to jump over to the use case that was given by that person who was in a healthcare role. And essentially the part I didn't write into my summary was that his CEO was two days away from shutting down the entire business because he was so frustrated that he had no observability and Dynatrace was the one that was able to step in and fix that. And this gentleman did say that the majority of the companies that he does work with which are all in the Fortune 100, Dynatrace has a stranglehold in that spot. So that's really interesting to note. Now on the flip side, when pushed a little bit more later in the panel, he said, "Dynatrace is sort of resting on its laurels from a product roadmap standpoint and that's going to open up the possibility of a New Relic getting in," a transition to New Relic as you mentioned on their small to medium sized business. They recently launched a new pricing strategy which is basically a free version to get you involved to kind of get their hooks into you and see if you can work it out. And basically what they're trying to do there I think is, you know, make up for their lack of marketing. As you saw the panel that we spoke about said, "New Relic's technology is fantastic." They have the ability to provide a single pane of glass which is the Holy Grail in this space and they have the ability to provide machine learning and proactive type of ability which again are the two things that all of the end-users are asking for. The problem is that most people might not be aware of it because New Relic doesn't have as flashy a marketing department, they don't have the dollars as much as the others to go out there and compete with the Splunk and Dynatrace and Cisco. But from a roadmap perspective, it was almost unanimous that our panel agreed, New Relic is by far, one of the leaders from a functionality standpoint. >> Yeah, if you guys bring that slide up one more time, the X Y. I mean, I look at where New Relic is and I'm like wow, I'm surprised. I mean this company, I mean they were the hot company for awhile and I think still have the capability. You're talking about the technology. NRDB, New Relic database is like, it kicks ass. In fact, you know Erik, somebody brought up in the panel that they thought that snowflake could compete in this market because essentially Snowflake's positioning is this data cloud. But you know, here's New Relic, they have a purpose-built database specifically for monitoring an APM so you would think that with that technology, they could really make some moves. And then I just want to bring in two other companies to the mix here. Honeycomb who I think even their founder and former CEO now CTO, she coined the term I believe, observability. And there's another company that is run by Jeremy Burton, company's called Observe, okay (indistinct) and it's funded by the Silicon Valley Mafia. So that's going to be an interesting one to watch, they're coming out, well they're out of stealth but they're doing a launch on October 7th. So I think those are two companies that could disrupt this space and I would expect to see, as you said, it's a latent momentum in net score from a dataset standpoint because people are trying to plug the holes cause of COVID, you know security, work from home, that pivot and now it's really on to digital transformation and that's where APM really comes in. >> It really does and again, it comes back to that comment someone made a long time ago that everything's becoming code as software eats the world and everything becomes code, you need the ability to kind of monitor that code, enter Honeycomb. And as you know, we have two different studies at ETR, one of them is for emerging technology. Honeycomb is in our emerging technology study that's more of a private series B to series E round stage whereas our main study is for companies that are pre IPO or already public. But Honeycomb is a little bit different in my opinion, that they're focused very much so on the developers or the software engineers. They're a very microservices oriented type of product whereas some of the other ones may have started as an infrastructure monitoring and then kind of work their way backward into application. But Honeycomb certainly needs to be observed and it's funny when you talk about that, the one thing I think is, "Oh great, more players." The crowded space gets even more crowded. And I think well you know, kind of foreshadowing something you and I will be speaking about in a little bit but there's a lot of players in this space and there's a lot of other possible interest in there. You mentioned Snowflake. It actually wasn't brought up from our panelists, it was a question that came from one of my clients that said, "Hey, I'm curious, can snowflake play in this space?" And the panel thought about it for a second and said, "There's absolutely no reason why they can't, they most certainly can." And we all know the cash they have so I mean the easiest way to play in that would maybe be to buy some of the technology, integrate it in and yeah, they have that portability. And if I can real quickly, they've just, one of the things that came out that was so important about this, we haven't spoken about the vendors is, is the public cloud. The public cloud offers this. They offer monitoring, they'll give it to you for free. If I'm going to run Kubernetes at Google, I'm going to get the monitoring for free which is super nice, right? But if I have an enterprise that has multicloud or hybrid cloud, and I'm working outside of that public cloud silo, it doesn't work. This is the exact conversation you and I had about Snowflake. AWS Redshift's fantastic but it doesn't work outside of AWS. So if every one of our enterprises continues on the digital transformation, they need portability. They have to be able to go across any architecture structure and that's why these independent providers are really starting to gain steam when you would think they could never compete with the public cloud. >> Yeah man, that's a great point. And we've talked about this in the context of Snowflake that who are you going to trust with your multi-cloud strategy? Are you going to trust AWS? Are you going to trust Google? Yeah, okay, they got Anthos but we kind of know why they're taking that posture. Microsoft, look, I'm probably going to partner with somebody who can, who's maybe I have a relationship with them with my OnPrem and that is really sort of agnostic to the various clouds so I'm glad you brought that up. And you know the point you're making about Honeycomb is a good one and I'll add that, again, it gets more complex with microservices and containers, that's spinning them up, spinning them down. Sometimes these, first of all, these microservices, sometimes aren't that micro and second of all, you're sometimes talking about hundreds of thousands of containers so it's a really increasingly complex environment. All right. What I want to do is-- >> You didn't even touch on serverless, we'll do that some other day. >> Oh, yeah, I mean absolutely. A hundred percent, right. So, now let's take a look at some of the valuations, guys if you bring that up for me. So I put this little chart together and it's always instructive. Now I like to, simple guy Erik so I like to... So you see, the company, I take a trailing 12-month revenue and then the market cap as of 9/25. And then just a simple revenue multiple, just to get a sense, it's not a hardcore valuation model but it's interesting and there usually is a correlation to the growth rate, I just pulled that off the latest quarterly growth rate. I mean, look at Datadog. I mean that's like Snowflake pre IPO valuations. I mean you're really, right around there with smaller revenue, smaller growth rate, Snowflakes up in the whatever 120% range but well eye-popping. You know the same valuation as Splunk, I mean that's just amazing. What do you make of this data? >> Well, you know I was an equity analyst for almost 15 years on the Wall Street side. So the, my first caveat is a trailing revenue to the multiple is not always the same because people are looking at what the forward expected revenue will be but I actually do see the correlation here. And when you brought this up, my eyes popped open. I do not understand why Datadog has a 27 billion market cap on a trailing 350 million in revenue. I just don't know if their forward looking growth really warrants that and at the same time, then you look at a Splunk, right? I mean they have two and a half billion in revenue but their growth rate's down and truthfully, when I see a -5% growth rate, I don't know why you weren't at 12% sales either. I would argue that there's quite a few names on here that could be in for a reckoning, ETR actually as far back as a year ago caught this in our data and said, "Hey, there's some inflection points here and I think investors need to pay attention to them." And since we came out with the July report, a lot of these names we're talking about, despite insane valuations in the equity markets are flat to down. And, you know I do think that, hey if they stay stagnant and their technology is right but it's a crowded space, I think we're really leading to the point where as one of my panelists said, this industry is ripe for consolidation. These players are not all going to be here in 12 months, it's that simple. >> Yeah and by the way, thank you for mentioning that as a former equity analyst, you were right (indistinct) 12 months, it's kind of the rear-view mirror. But I'll tell you, two reasons why I do that. One is, I put the growth rate in there so you can pick your own growth rate and your own forward revenue. The other is it's really easy for me to get TTM off a Yahoo as opposed to >> Right exactly. >> And so truth be told. But, guys bring that back up one more time cause I want to make a point about New Relic. I mean I think they are potentially right for an M&A because they got great technology. Now remember Elliot Management is in there and when Elliot's is in there, stuff's going to happen. They're going to start cleaning house, they're going to really create changes, they don't just get in in a big way and sit back and watch, they are extremely active. And the New Relic, leader in this space, great technology, great heritage. So either they got to clean up and get that valuation back up maybe as you pointed out, little bit better marketing posture, et cetera or they get taken out. >> Yeah and let's think about the two things that coincide, right? You have one of the world's best activist funds get involved in Elliot Management. And as you said, they don't get involved to just sort of watch or observe as we're talking about here today, they are very active in trying to get some sort of a, you know, corporate action done. And at the same time, all of a sudden New Relic comes out with a new pricing model. They're trying to create a moat around the small to medium business, right? They're trying to grow their footprint. Now the great thing about getting involved in small to medium businesses, it starts off for free but you grow with them. So I don't think those two are a coincidence, let me just put it that way. I think that they're coming in, they're trying to entrench themselves in a new market and set themselves up for future growth and I truly believe that based on the product roadmap and the feedback we were getting from the end-users in my panel, New Relic has the ability to look across all architecture, it has the ability to provide a single pane of glass and it has the ability to incorporate machine learning for proactive response. Their roadmap is fantastic, they have an active manager inside as an investor, I don't think they're going to be around for much, much longer. And obviously that you look around and you wonder who the acquirers will be and it might be one of the major cloud players. >> Yeah that would be interesting. I mean it gives them a play in a multicloud world and either they're going to just use that for their own advantage or they will actually see that as an opportunity, we'll be itching to watch. Alright, anything we didn't cover that you want to touch on or give us your final thoughts, please Erik. >> You know I would also just sort of mention a little bit about Splunk. This is a company that has a tremendous amount of revenue, a tremendous installed customer base but many, many times we've seen it before and Oracle is the greatest example. They kind of forget about their customers and they don't treat them properly. And I can't tell you how many people I have mentioned to me said, "Hey when this all went down in the viral pandemic and I went to Splunk and I asked for a little bit of pricing flexibility, I asked for this, I asked for that and they just wouldn't give it to me." And I wrote an article once called (indistinct) never forget similar to an elephant. And when they come out the other side, they're going to find a way to replace them. And today I also wrote an article that it was our 200th interview and I entitled it, The Splunk Funk. And basically it's about all the alternatives that are now out there, not just open source, but other vendors, even the vulnerability management players like a Rapid7, like a Tenable are getting into this space now. Fortinet, which one guy called "Fortaeverything" is a company that's really expanding. So I would just really kind of caution some of those vendors out there that don't rest on your laurels, don't take your customers for granted because sooner or later, they're going to be in a position to bite the back. >> Well I'll say this about Splunk, I've been following the company since the early part of last decade and I've done a lot of Cube interviews at their shows. They do have a passionate, passionate customer base, they got the experts that run around with that crazy hat and I've seen Splunk killers emerge for the last decade and so... But I think your point is right. I mean they've, the SignalFx acquisition was something that, it was a hole to fill and it gets them into a subscription-based model, they're going through that transition now. But I think they have some real gravity with their customer base. So, all right, let me summarize. For years, the application monitoring and management, it's really relied on alerts, logs, traces and even what I call tribal knowledge. In that world of pre-distributed systems, that was fine, like I said a trace can tell you what was going on. But things have begotten much more complicated architecturally with cloud and mobile and they're really changing fast now. Erik mentioned serverless, we talked about containers. So, today it's much harder to understand the customer experience because it's difficult to get a full picture of the data. And what I mean by that is that the user data, the application data, the infrastructure data, they're all fragmented and the Holy Grail solution really takes all this disparate data, it ingests it, it transforms it. Connects the dots if you will, across clouds, Onprem and then it shapes it, brings in machine intelligence, really creating an organic systems view that can proactively tell you that there's a problem coming. And finally, nearly absolute Nirvana is doing this in a way that non-technical people are going to be able to understand the true user experience. You know in theory, this is going to allow organizations to remediate in 110th the time with much, much lower costs and that's going to be critical in this world of digital transformation. So thank you Erik, really appreciate you coming on today. >> Always enjoy it Dave, it's always great talking to you and hopefully we'll do it again soon. >> All right, I can't wait. And thank you everybody for watching this episode of theCUBE Insights powered by ETR. Remember these episodes, they're all available on podcasts. We publish weekly on wikibon.com and siliconangle.com so you got to check that out. And don't forget, go to etr.plus for all the survey action. Would appreciate if you kindly comment on my LinkedIn post or tweet me @dvellante or email at david.vellante@siliconangle.com This is Dave Vellante. Thanks so much to Erik Bradley, be well and we'll see you next time. (bouncy music)

>>Bye from San Francisco. It's the cube covering RSA conference, 2020 San Francisco brought to you by Silicon angle media. >>Hey, welcome back. Everyone's keeps coverage here in San Francisco at the Moscone center for RSA conference 2020 I'm John, your host, as cybersecurity goes to the next generation as the new cloud scale, cyber threats are out there, the real impact a company's business and society will be determined by the industry. This technology and the people that a cube alumni here, caramel Jaffer, SVP, senior vice president of strategy and corporate development for iron net. Welcome back. Thanks to Shawn. Good to be here. Thanks for having so iron net FC general Keith Alexander and you got to know new CEO of there. Phil Welsh scaler and duo knows how to scale up a company. He's right. Iron is doing really well. The iron dome, the vision of collaboration and signaling. Congratulations on your success. What's a quick update? >> Well look, I mean, you know, we have now built the capability to share information across multiple companies, multiple industries with the government in real time at machine speed. >>Really bringing people together, not just creating collected security or clip to defense, but also collaborating real time to defend one another. So you're able to divide and conquer Goliath, the enemy the same way they come after you and beat them at their own game. >> So this is the classic case of offense defense. Most corporations are playing defense, whack-a-mole, redundant, not a lot of efficiencies, a lot of burnout. Exactly. Not a lot of collaboration, but everyone's talking about the who the attackers are and collaborating like a team. Right? And you guys talk about this mission. Exactly. This is really the new way to do it. It has, the only way it works, >> it is. And you know, you see kids doing it out there when they're playing Fortnite, right? They're collaborating in real time across networks, uh, to, you know, to play a game, right? You can imagine that same construct when it comes to cyber defense, right? >>There's no reason why one big company, a second big company in a small company can't work together to identify all the threats, see that common threat landscape, and then take action on it. Trusting one another to take down the pieces they have folk to focus on and ultimately winning the battle. There's no other way a single company is gonna be able defend itself against a huge decency that has virtually unlimited resources and virtually unlimited human capital. And you've got to come together, defend across multiple industries, uh, collectively and collaboratively. >> Do you mean, we talked about this last time and I want to revisit this and I think it's super important. I think it's the most important story that's not really being talked about in the industry. And that is that we were talking last time about the government protects businesses. If someone dropped troops on the ground in your neighborhood, the government would protect you digitally. >>That's not happening. So there's really no protection for businesses. Do they build their own militia? Do they build their own army? Who was going to, who's going to be their heat shield? So this is a big conversation and a big, it brings a question. The role of the government. We're going to need a digital air force. We're going to need a digital army, Navy, Navy seals. We need to have that force, and this has to be a policy issue, but in the short term, businesses and individuals are sitting out there being attacked by sophisticated mission-based teams of hackers and nation States, right? Either camouflaging or hiding, but attacking still. This is a huge issue. What's going on? Are people talking about this in D C well, >> John, look not enough. People are talking about it, right? And forget DC. We need to be talking about here, out here in the Silicon Valley with all these companies here at the RSA floor and bring up the things you're bringing up because this is a real problem we're facing as a nation. >>The Russians aren't coming after one company, one state. They're coming after our entire election infrastructure. They're coming after us as a nation. The Chinese maybe come after one company at a time, but their goal is to take our electoral properties, a nation, repurpose it back home. And when the economic game, right, the Iranians, the North Koreans, they're not focused on individual actors, but they are coming after individual actors. We can't defend against those things. One man, one woman, one company on an Island, one, one agency, one state. We've got to come together collectively, right? Work state with other States, right? If we can defend against the Russians, California might be really good at it. Rhode Island, small States can be real hard, defends against the Russians, but if California, Rhode Island come together, here's the threats. I see. Here's what it's. You see share information, that's great. Then we collaborate on the defense and work together. >>You take these threats, I'll take those threats and now we're working as a team, like you said earlier, like those kids do when they're playing fortnight and now we're changing the game. Now we're really fighting the real fight. >> You know, when I hear general Keith Alexander talking about his vision with iron net and what you guys are doing, I'm inspired because it's simply put, we have a mission to protect our nation, our people, and a good businesses, and he puts it into kind of military, military terms, but in reality, it's a simple concept. Yeah, we're being attacked, defend and attack back. Just basic stuff. But to make it work as the sharing. So I got to ask you, I'm first of all, I love the, I love what he has, his vision. I love what you guys are doing. How real are we? What's the progression? >>Where are we on the progress bar of that vision? Well, you know, a lot's changed to the last year and a half alone, right? The threats gotten a lot, a lot more real to everybody, right? Used to be the industry would say to us, yeah, we want to share with the government, but we want something back for, right. We want them to show us some signal to today. Industry is like, look, the Chinese are crushing us out there, right? We can beat them at a, at some level, but we really need the governor to go do its job too. So we'll give you the information we have on, on an anonymized basis. You do your thing. We're going to keep defending ourselves and if you can give us something back, that's great. So we've now stood up in real time of DHS. We're sharing with them huge amounts of data about what we're seeing across six of the top 10 energy companies, some of the biggest banks, some of the biggest healthcare companies in the country. >>Right? In real time with DHS and more to come on that more to come with other government agencies and more to come with some our partners across the globe, right? Partners like those in Japan, Singapore, Eastern Europe, right? Our allies in the middle East, they're all the four lenses threat. We can bring their better capability. They can help us see what's coming at us in the future because as those enemies out there testing the weapons in those local areas. I want to get your thoughts on the capital markets because obviously financing is critical and you're seeing successful venture capital formulas like forge point really specialized funds on cyber but not classic industry formation sectors. Like it's not just security industry are taking a much more broader view because there's a policy implication is that organizational behavior, this technology up and down the stack. So it's a much broad investment thesis. >>What's your view of that? Because as you do, you see that as a formula and if so, what is this new aperture or this new lens of investing to be successful in funding? Companies will look, it's really important what companies like forge point are doing. Venture capital funds, right? Don Dixon, Alberta Pez will land. They're really innovating here. They've created a largest cybersecurity focused fund. They just closed the recently in the world, right? And so they really focus on this industry. Partners like, Kleiner Perkins, Ted Schlein, Andrea are doing really great work in this area. Also really important capital formation, right? And let's not forget other funds. Ron Gula, right? The founder of tenable started his own fund out there in DC, in the DMV area. There's a lot of innovation happening this country and the funding on it's critical. Now look, the reality is the easy money's not going to be here forever, right? >>It's the question is what comes when that inevitable step back. We don't. Nobody likes to talk about it. I said the guy who who bets on the other side of the craps game in Vegas, right? You don't wanna be that guy, but let's be real. I mean that day will eventually come. And the question is how do you bring some of these things together, right? Bring these various pieces together to really create long term strategies, right? And that's I think what's really innovative about what Don and Alberto are doing is they're building portfolio companies across a range of areas to create sort of an end to end capability, right? Andrea is doing things like that. Ted's doing stuff like that. It's a, that's really innovation. The VC market, right? And we're seeing increased collaboration VC to PE. It's looking a lot more similar, right? And now we're seeing innovative vehicles like stacks that are taking some of these public sort of the reverse manner, right? >>There's a lot of interests. I've had to be there with Hank Thomas, the guys chief cyber wrenches. So a lot of really cool stuff going on in the financing world. Opportunities for young, smart entrepreneurs to really move out in this field and to do it now. And money's still silver. All that hasn't come as innovation on the capital market side, which is awesome. Let's talk about the ecosystem in every single market sector that I've been over, my 30 year career has been about a successful entrepreneurship check, capital two formation of partnerships. Okay. You're on the iron net, front lines here. As part of that ecosystem, how do you see the ecosystem formula developing? Is it the same kind of model? Is it a little bit different? What's your vision of the ecosystem? Look, I mean partnerships channel, it's critical to every cyber security company. You can't scale on your own. >>You've got to do it through others, right? I was at a CrowdStrike event the other day. 91% of the revenue comes from the channel. That's an amazing number. You think about that, right? It's you look at who we're trying to talk about partnering with. We're talking about some of the big cloud players. Amazon, Microsoft, right? Google, right on the, on the vendor side. Pardon me? Splunk crashes, so these big players, right? We want to build with them, right? We want to work with them because there's a story to tell here, right? When we were together, the AECOS through self is defendant stronger. There's no, there's no anonymity here, right? It's all we bring a specialty, you bring specialty, you work together, you run out and go get the go get the business and make companies safer. At the end of the day, it's all about protecting the ecosystem. What about the big cloud player? >>Cause he goes two big mega trends. Obviously cloud computing and scale, right? Multi-cloud on the horizon, hybrids, kind of the bridge between single public cloud and multi-cloud and then AI you've got the biggies are generally will be multiple generations of innovation and value creation. What's your vision on the impact of the big waves that are coming? Well, look, I mean cloud computing is a rate change the world right? Today you can deploy capability and have a supercomputer in your fingertips in in minutes, right? You can also secure that in minutes because you can update it in real time. As the machine is functioning, you have a problem, take it down, throw up a new virtual machine. These are amazing innovations that are creating more and more capability out there in industry. It's game changing. We're happy, we're glad to be part of that and we ought to be helping defend that new amazing ecosystem. >>Partnering with companies like Microsoft. They didn't AWS did, you know, you know, I'm really impressed with your technical acumen. You've got a good grasp of the industry, but also, uh, you have really strong on the societal impact policy formulation side of government and business. So I want to get your thoughts for the young kids out there that are going to school, trying to make sense of the chaos that's going on in the world, whether it's DC political theater or the tech theater, big tech and in general, all of the things with coronavirus, all this stuff going on. It's a, it's a pretty crazy time, but a lot of work has to start getting done that are new problems. Yeah. What is your advice as someone who's been through the multiple waves to the young kids who have to figure out what half fatigue, what problems are out there, what things can people get their arms around to work on, to specialize in? >>What's your, what's your thoughts and expertise on that? Well, John, thanks for the question. What I really like about that question is is we're talking about what the future looks like and here's what I think the future looks like. It's all about taking risks. Tell a lot of these young kids out there today, they're worried about how the world looks right? Will America still be strong? Can we, can we get through this hard time we're going through in DC with the world challenges and what I can say is this country has never been stronger. We may have our own troubles internally, but we are risk takers and we always win. No matter how hard it gets them out of how bad it gets, right? Risk taking a study that's building the American blood. It's our founders came here taking a risk, leaving Eagle to come here and we've succeeded the last 200 years. >>There is no question in my mind that trend will continue. So the young people out there, I don't know what the future has to hold. I don't know if the new tape I was going to be, but you're going to invent it. And if you don't take the risks, we're not succeed as a nation. And that's what I think is key. You know, most people worry that if they take too many risks, they might not succeed. Right? But the reality is most people you see around at this convention, they all took risks to be here. And even when they had trouble, they got up, they dust themselves off and they won. And I believe that everybody in this country, that's what's amazing about the station is we have this opportunity to, to try, if we fail to get up again and succeed. So fail fast, fail often, and crush it. >>You know, some of the best innovations have come from times where you had the cold war, you had, um, you had times where, you know, the hippie revolution spawn the computer. So you, so you have the culture of America, which is not about regulation and stunting growth. You had risk-taking, you had entrepreneurship, but yet enough freedom for business to operate, to solve new challenges, accurate. And to me the biggest imperative in my mind is this next generation has to solve a lot of those new questions. What side of the street is the self driving cars go on? I see bike lanes in San Francisco, more congestion, more more cry. All this stuff's going on. AI could be a great enabler for that. Cyber security, a direct threat to our country and global geopolitical landscape. These are big problems. State and local governments, they're not really tech savvy. They don't really have a lot ID. >>So what do they do? How do they serve their, their constituents? You know, look John, these are really important and hard questions, but we know what has made technology so successful in America? What's made it large, successful is the governor state out of the way, right? Industry and innovators have had a chance to work together and do stuff and change the world, right? You look at California, you know, one of the reasons California is so successful and Silicon Valley is so dynamic. You can move between jobs and we don't enforce non-compete agreements, right? Because you can switch jobs and you can go to that next higher value target, right? That shows the value of, you know, innovation, creating innovation. Now there's a real tendency to say, when we're faced with challenges, well, the government has to step in and solve that problem, right? The Silicon Valley and what California's done, what technology's done is a story about the government stayed out and let innovators innovate, and that's a real opportunity for this nation. >>We've got to keep on down that path, even when it seemed like the easier answer is, come on in DC, come on in Sacramento, fix this problem for us. We have demonstrated as a country that Americans and individual are good at solve these problems. We should allow them to do that and innovate. Yeah. One of my passions is to kind of use technology and media to end communities to get to the truth faster. A lot of, um, access to smart minds out there, but young minds, young minds, uh, old minds, young minds though. It's all there. You gotta get the data out and that's going to be a big thing. That's the, one of the things that's changing is the dark arts of smear campaigns. The story of Bloomberg today, Oracle reveals funding for dark money, group biting, big tech internet accountability projects. Um, and so the classic astroturfing get the Jedi contract, Google WASU with Java. >>So articles in the middle of all this, but using them as an illustrative point. The lawyers seem to be running the kingdom right now. I know you're an attorney, so I'm recovering, recovering. I don't want to be offensive, but entrepreneurship cannot be stifled by regulation. Sarbanes Oxley slowed down a lot of the IPO shifts to the latest stage capital. So regulation, nest and every good thing. But also there's some of these little tactics out in the shadows are going to be revealed. What's the new way to get this straightened out in your mind? We'll look, in my view, the best solution for problematic speech or pragmatic people is more speech, right? Let's shine a light on it, right? If there are people doing shady stuff, let's talk about it's an outfit. Let's have it out in the open. Let's fight it out. At the end of the day, what America's really about is smart ideas. >>Winning. It's a, let's get the ideas out there. You know, we spent a lot of time, right now we're under attack by the Russians when it comes to our elections, right? We spent a lot of time harping at one another, one party versus another party. The president versus that person. This person who tells committee for zap person who tells committee. It's crazy when the real threat is from the outside. We need to get past all that noise, right? And really get to the next thing which is we're fighting a foreign entity on this front. We need to face that enemy down and stop killing each other with this nonsense and turn the lights on. I'm a big believer of if something can be exposed, you can talk about it. Why is it happening exactly right. This consequences with that reputation, et cetera. You got it. >>Thanks for coming on the queue. Really appreciate your insight. Um, I want to just ask you one final question cause you look at, look at the industry right now. What is the most important story that people are talking about and what is the most important story that people should be talking about? Yeah. Well look, I think the one story that's out there a lot, right, is what's going on in our politics, what's going on in our elections. Um, you know, Chris Krebs at DHS has been out here this week talking a lot about the threat that our elections face and the importance about States working with one another and States working with the federal government to defend the nation when it comes to these elections in November. Right? We need to get ahead of that. Right? The reality is it's been four years since 2016 we need to do more. That's a key issue going forward. What are the Iranians North Koreans think about next? They haven't hit us recently. We know what's coming. We got to get ahead of that. I'm going to come again at a nation, depending on staff threat to your meal. Great to have you on the QSO is great insight. Thanks for coming on sharing your perspective. I'm John furrier here at RSA in San Francisco for the cube coverage. Thanks for watching.

(upbeat music) >> Welcome to this special Cube conversation here in Palo Alto, California. I'm John Furrier, host of theCUBE, we have two special guests, Karim Toubba, CEO of Kenna Security, and Caroline Japic, CMO, Kenna Security. Great to see you guys, thanks for coming on, appreciate you taking the time, appreciate it. >> Thanks for having us. >> So RSA is coming up, big show, security's at the top of the list of all companies. You guys have a very interesting company. Risk based vulnerability management is like the core secret sauce, but there's a lot going on. Take a minute to talk about your company. What do you guys do? Why do you exist? >> Yeah, sure. Thanks for having us. Some, the security landscape as you very well know, pretty crowded space, a lot of different vendors, a lot of technologies that enterprises and organisations have to deal with. What we do has a lot of complexity behind it, but in an app practicality for enterprises is actually quite simple. They have many, many data sources that are finding problems for them, mapping to their attack surface, what are misconfigurations? Where are there vulnerabilities in your network or your host, where there vulnerabilities in your applications, we taking all of that data, specifically from 48 different data sources, we map it to what attackers are doing in the wild, run it through a lens of risk, and then enable the collaboration between I.T. and security, on what to focus on at the tip of the spear with a high degree of fidelity and efficacy so that they know that they can't fix everything, but prioritize the things that matter and are going to move the meter the most. >> So you guys have emerged as one of those kind of new models, the new guard of security, it's interesting, it's been around for 10 years, but yet a lot's changed in 10 years but a lot of evolving. Risk based vulnerability management is the buzzword, R-B- >> V-M >> Okay, really comes from the founder of the company. Why is this becoming an important theme? Because you got endpoints, you got all kinds of predictive stuff with data, you got surface area is growing, but what specifically about this approach makes it unique and popular? >> Yeah, I think what's happening is if you, to really answer that question, you have to look at two different ends of the spectrum in terms of the business, the security side and the IT DevOps and application development side. And at the core of that is what was largely traditional tension. If you think about security teams, operations teams, incident response teams, and if you sit down with them and understand what they do on a day to day basis, beyond the incident response and reaction side, they have a myriad of tools and technologies that discover problems, typically millions of issues. Then you go to the IT side, and the application and DevOps side, and they care about building the next application, making sure the systems are up and running. And what happens is they, we've gotten to the point where they can't possibly fix everything security is asking them to fix, and that's created a lot of tension, people have woken up, started to realize that that tension has to give way to collaboration. And the only way you can do that is enable security to detect all the problems, but then very quickly focus and prioritize on the things that matter, and then go to IT and then tell them specifically what to fix so that they have a high degree of precision and understanding, that the needle will be moved relative to what they're asking them to do. >> So is it the timing of the marketplace and the evolution of the business where it used to be IT that handled it, and now security has gotten broader in its scope, that there's now too many cooks in the kitchen, so to speak? >> Yeah, it's gotten broader in its scope, and there's also been a realization that if you think about the security problem statement, they find all the problems, but if you if you peel back the layers, you quickly realize, they own very little the remediation path. Who fixes-- >> John: They being IT? >> They being security. >> John: Okay. >> Yeah, so it's actually quite fascinating. If you think about who fixes a vulnerability on an operating system like Windows or Linux, it's the IT team. If you think about who fixes or upgrades a Java library or rewrites an application it's DevOps or the application developers, but security's finding all the problems. So they're realizing, as they deploy more tools, find more issues, and increase the amount of data, they've got to get very precise and really enable an entirely new way of collaborating with IT so that they can get them to focus on the things that matter the most. >> Karim, I want to dig into some of the complexity, but first want to get the Caroline on the brand, and the marketing challenge because it's almost an easy job in the sense, because there's a lot of security problems out there to solve, but it's also hard on the other side, is that, where's the differentiation? There's so many vendors out, there's a lot of noise. How are you looking at the marketplace? Because you guys are emerging in with nice, lift on the value proposition, you won some recent awards. How do you view the marketplace? RSA is going to be packed with vendors, it's going to be wall to wall, we get put in the corner, we are going to have small space for theCUBE, but there's a lot there and customers are being bombarded. How are you marketing the value proposition? >> You are right. There's so much noise out there, but we are very clear and precise on the value we bring to our customers, we also let our customers tell the story. So whether it's HSBC, or SunTrust, or Levi, we work with them very closely with those CSOs, with their head of IT to understand their challenges, and then to bring those stories to life so we can help other companies because our biggest challenge is that people just don't know that there's a better solution to this problem. This problem's been around a long time, it's getting worse every day, we're reading about the vulnerabilities that are happening on a regular basis, and we're here to let people know we can fix it, and we can do it in a pretty quick and painless way. >> You had mentioned before we came on camera that when you you're getting known, as the brand gets out there, but when you're in the deals, you win. Could you guys share some commentary on why that's the case? Why are you winning? >> Yeah, by the way, just to piggyback off that a little bit, there is a really interesting paradigm happening within the security space, if you look at the latest publications, I don't know, there are 1400 of us all buzzing around with the same words? I think what Caroline and the team have done an exceptional job on, particularly in relative to the positioning is, we don't want to scare people into looking at Kenna. We want to be more ethereal than that and make them understand that we're ushering in a new way away from tension to an era of collaboration with IT, DevOps and application teams. That's very different than telling somebody in your messaging, Hey, did you hear the latest attack that happened at XYZ? >> Yeah. >> That sort of fear and marketing through FUD, is creating a lot of challenges for organizations, and candidly, is making CISOs and other people in security close the door. >> I've definitely heard that, do you think that's happening a lot? >> I think that's happening a lot. I think we're sort of, I like to think that Caroline and the team are sort of at the forefront of leading that initiative, and you can, and we're doing it in every way possible to really sort of tell a much more positive story about how security can be smarter and spin in a positive light, and in fact, the technology is enabling that, so it's consistent. >> We live in dark times. Unfortunately, a lot of people like, if it bleeds, it leads, and that's a really kind of bad way to look at it. But back to your point about tension and collaborations, I think that's an interesting thread. There's a ton of tension out there, that's real, from the CISO's perspective. Because there's too many teams, I mean, you got, Blue Team, Red Team, IT, governance, compliance, full stack developers, app. So you have now too many teams, too many tools that have been bought and it's like, people have all these platforms, they're drowning in this. How do you guys solve that problem? >> Yeah, it's back to that point of collaboration, and what we've really found that's been interesting in solving that problem, because what we're doing if you step back, is, we're bringing in all these data sources, and where that tension comes in, if you unpack it a little bit, is from different people coming in with different data sources. So IT comes to the table about what to fix, with their own point of view, security comes with their own point of view, application teams come with their own point of view, governance and compliance comes with their point of view. What we do is we come in and even though we're technology, we're really aligning people in process. We're saying, "Look, we're going to to amass all that data, "we're going to very quickly use machine learning "and a bunch of algorithms to sift through "millions of pieces of data "and divine what actually matters." It's empirical, it's evidence based, and we align all the organizations around that filter through risks so that there's agreement on how to measure that, what to prioritize, what to action and what the results look like. And when it turns out that when you get a bunch of people across an organization, to get aligned around data that they all agree with as the source of truth, it gets much easier to get them to really focus on the things that ultimately matter. >> It's a single version of the truth, right? It's a single version that they all can work from. Security isn't telling IT, "This should be your priority today," when they say, "You don't know what my priorities are," is actually the data that's telling them what their priorities are by role, and that's really important and really gets past all the, the friction and the fighting in between the teams. >> Yeah, that's great point, back to my other question when I get back to you Caroline, is what is the success formula look like for you guys? Why are you winning? What are the feedback you're hearing from your customers? Because at the end of the day, references are important, but also, success is a tell sign. So what's the reasons behind the success? >> Yeah, I'll let Karim talk about being face to face with customers, because he does that all the time. But what we're saying is that, the customers are resonating with the story that we're telling, they understand they have the problem we're laying out in a very simple way for, to be able to solve their solution, and that's working. We've redone our positioning, our messaging, we've trained our sales team, people understand the value we can bring, and that's what we're communicating, and that's what's working. >> Karim, please add on that, I want to get more into this. >> Yeah, and on the customer side, what we see and I'll give you a pretty classic example for us with a very large bank that's a customer of ours. We actually started on the security side, right? We sold to their deputy CISO to deploy, and then eventually, they doubled down and then deployed globally across 64 countries. And that happened sponsored by the CIO. Now we're a security company, so you ask the question, well, why did that get driven in that structure? And why did that deal go down ultimately in that way? And what was the real value? The value to the security person was clear, I want to aggregate 10 to 12 different data sources, I want to prioritize, I want to collaborate with IT. The value to the CIO was the CIO happens to own all the application developers and all the IT people and the security people on a global basis. And so what they wanted to do, is they wanted to understand what the risk was for each of the lines of businesses they had within organization so that they can hold the business users accountable to paying a small tax for security, not just developing the next billion dollar high net worth application, which is extremely important to those businesses, but at the same time, ensuring that they're secure. And so that leverage when you start with security, and then branch out in other organizations, especially in large, multinational organizations, is really where the the real value comes into the platform. >> So if I hear you correctly, you come in for security, okay, we can get rid of the noise, help you out, check, win, and then the rest of the organization doesn't have security teams per se, >> Karim: Correct. >> Needs security to be built in from day one. >> Karim: Correct. >> You're providing a cross connect of value to the other teams? >> That's right. >> It's almost like, security is code, if you will. >> Karim: That's right. And nowhere is that more evident in our utilization statistics. So we're a SaaS platform, so of course we, like many other SaaS companies do a bunch of analytics on utilization of our customers, more often than not, in our large scale enterprises, we actually have more IT and non security users logging into Kenna, in a self service model, because they're the ones, back to the point you made earlier, that are actually driving the remediation path. >> Take us through how that works. So say I'm interested, okay, you sold me on it, great, I need the pain relief on the security side, I need the enablement and empowerment on the collaboration side, what do I do? Do I just plug my databases into you? Is it API driven? Are you on Amazon? Are you on Azure? What's cloud? What am I dealing with? Take me through the engagement. >> Yeah, so we're 100% cloud based platform. Multi cloud, so we can deploy in AWS, we can deploy in Google et cetera. And then what we do is we effectively through a bunch of API's called connectors that are transparent to the customers, we enable them to bring in their data. So this is everything from traditional scanning data like Qualys, Rapid7, Tenable, more, newer data like CrowdStrike, Tanium, DaaS SaaS, software composition analysis tools, WhiteHat, Veracode, Black Duck, Sonatype, you name it. The list goes on, specifically, there's about 48 of them. All of that is basically helps us understand what the totality of the attack surface is. That's very useful for security because they're using multiple tools. We then overlay what we call exploit and tell, this is the data that tells us about what attackers are doing in the wild. Specifically, we have 5 billion pieces of data that tell us about what vulnerabilities are being popped, what's the rate of change, what malware are they being embedded in? That use, that information is used through machine learning to help us prioritize and risk score each of the findings we get from the customer tools. And then where it pivots over to IT, is we then allow them to take all of that data and that metadata and asset criticality into what we call risk meters. So they're basically aligned with where, how IT operates. So for example, if you own all the Linux infrastructure in the cloud, you log in, you'll only see the risk across the infrastructure you own. Whereas if Caroline owns all the endpoint real estate across Windows, she logs in and understands what her risk is across Windows. And then we of course, integrate in the ticketing systems to drive the remediation and report up to executives and then over to security, about what the workflow you-- >> So you guys really focusing not so much on the security knock or the sock, it's more on indexing, if you will, for lack of a better description, the surface area, >> Karim: Correct. >> And getting that prepared from a visibility standpoint to acquire the data. >> Karim: That's right. >> And then leveraging that across-- >> Across the organizations, yeah. >> Did I get that, right? >> It's exactly right. And if you ask, if you again, double click deeper on that, what's fascinating to watch, so we have a an annual, or bi annual report that we do called prioritization or prediction, or P2P. And this is all of our customer data completely anonymized in a warehouse, and then we run a bunch of reports, and lot of the analytics we ran initially were around security. Now we're starting to pivot in IT. If you look at our latest report, one of the most interesting things I found in my time here is that the average large scale enterprise has actually no more than 10% remediation capacity, right? So what does that tell you? That tells you that 90% of the problems are going to go unsolved, which pinpoints why it's even more important to have specific prioritization on the things that matter. >> They solve the right 10%. >> At the right time too, >> At the right time. >> 10% capacity, operating capacity, assuming some automation that might take care of some of the low hanging fruit >> Exactly. >> Through DevOps or automation. You can focus on those 10% at the right time, which by the way, if you use that capacity for the wrong problems at the wrong time, it's wasted capacity. >> Karim: That's right. >> That's what you guys are trying to get at, right? >> Karim: That's exactly right, work smarter, not harder. >> So Kenna security, what's the vision? What's the next step? Why should someone care about working with you guys? Why is it important to engage you guys? What's the big deal? Is it the risk based vulnerability, kind of origination invention, which is the core or the DNA, or is it something bigger? What's the vision? What's the why? Yeah, well look for us, we started, our company was actually founded by a gentleman by the name Ed Bellis, who's the ex chief security officer at Orbitz, and he founded the company out of a need. We started very early in the traditional pure vulnerability space. This was like calling Classic Qualys, Rapid7, Tenable. We then expanded into the application world. So this is starting to take in, moving up stack if you will full stack, as the environment moves to cloud, as the environment moves to containers, as the environment moves to configuration management as the environment moves to a much more ephemeral state, that will drive an entirely new set of data sources that will drive an entirely different new set of priorities all aligned with the same model of risk. So our view of the future is that we are the platform that enables the organization to understand the totality of the attack surface, that enables collaboration across all the groups that deal with technology within enterprises, and allows them to really prioritize and understand risk in a way that not only fosters the collaboration, but gives you that return on investment that candidly ultimately CIOs are looking for. >> Caroline the story from a marketing perspective, what's the story you're trying to tell? >> We started this space, our founder Ed Bellis is the father of risk based vulnerability management and he loves it when I say that, but it's 100% true. We are continuing down this path, I mean, there are so many companies that have this problem that don't know that there's a better way to solve it. And so for now, our mission is to make sure that we're educating those people, they understand what's possible to do today, and then continuing from there, so. >> Well, I really appreciate you guys coming in and introducing and sharing more about Kenna Security, we've been seeing successes. I'm going to ask you about what you guys think about RSA, I'd love to get both you guys to weigh in. But before we get to the RSA kind of what's coming, take a quick minute to plug the company. What do you guys looking to do? You hiring? You just got some funding? Give the quick pitches. >> Yeah, sure, we did. We just closed $48 million series D round. We had all of our investors and a new investor, Sorenson Ventures come in. We also had two strategic investors, Citi and HSBC, because we do quite well, that very good validation. And we're also quite prominent in the financial services vertical, it helps that. And so for us, it's really about scaling, right? Scaling people, scaling the technology, scaling capabilities-- >> John: Across the board. >> Across the board. >> Engineering, obviously. >> Engineering, sales, geographies, it's really about getting the word out there and then being able to follow that up with the feed on the street that matter. >> We're definitely hiring, but we're also growing through OEMs. So we have a relationship with VMware, they're embedding us into their app defense products, and so if you buy app defense from VMware, you are buying Kenna whether you know it or not. >> So you're going to be an ingredient in other products. >> That's right. >> And or direct or indirect, probably some channel ecosystem opportunities? >> That's right. >> So we're growing on the technology partner OEM front, definitely interested in talking to companies that are interested on that front. >> We should do a whole segment on my fascination with what I call tier two or tier 1B clouds, specialty clouds, security clouds. So maybe do that another time. Okay, final question for you guys. RSA is coming this year 2020, and then a series of other events. Cloud Security has been a hot topic since re:Inforce last year was launched, we were there, kicking off theCUBE in security. What do you guys expect this year at RSA? What do you think the big themes are going to be? The hype? The meat on the bone? What's the real deal? What's the hype? What do you guys think is going to happen? >> Karim: I'll let you start. >> Yeah, I can tell you our theme is the right fight club. Because we are focused on the right fight that you need to have every day inside your enterprise. It's not focused on all the vulnerabilities that are hitting you because they're hundreds of thousands of them, millions of them, and there's going to be more every single day, it's about fighting the right fight. So if you come by our booth, you'll see that, it's going to be very exciting-- >> And of course, don't talk about the Fight Club vulnerabilities. (Karim laughs) >> You know the rules of the fight club. >> The first rule is to talk to Kenna about the right fight club. That is the first rule. >> That's cool. >> Yeah, I mean, it's interesting. Every, as you very well know, every year when people walk away from RSA, there's a few blogs that are written about what was the theme this year, I suspect this year's in security specifically, is going to be about AI driven security. We've been starting to see that for a while, it started to bleed into last year's event. I think for us in particular, we have a very particular point of view, and our book point of view is that doesn't matter if it's ML, if it's AI, or what type of algorithms you're running, the question is, what's the value? What is the value when you have 1400 people all screaming to get in the door of an organization? Everybody really has to begin to answer that question fundamentally. And I think the people that have that position in the market are the people that are going to be able to stand out. It's interesting, as always the hype with AI, but it's interesting, I was just trying to figure out when the term there is no perimeter was kind of first coined in theCUBE, I'm thinking probably about five years ago, it really became a narrative and then more recently, with the cloud, the perimeter is dead. Edge is out there. >> Karim: Right. >> So this is, what's the gestation period of real scalable security post perimeter is dead. It's interesting, is it years, is it seems to be hitting this year. It seems to be the point where, okay, I tried everything, now I've got to be data driven or figure out a way to map the surface area. >> That's right. >> End to end. Well, thanks to Kenna Security coming in, a solution for figuring out the vulnerabilities with a real invention. We're going to be covering security at RSA with Kenna Security and others. Thanks for watching, this is theCUBE. (upbeat music)

(upbeat music) >> From our studios in the heart of Silicon Valley, Palo Alto, California. This is a CUBE Conversation. >> Hi, everyone. Welcome to this CUBE Conversation here in Palo Alto, theCUBE Studios. I'm John Furrier, host of theCUBE. We're here with two great guests, Carl Eschenbach, partner at Sequoia Capital on the board of Cohesity as well with the CMO Lynn Lucas. Lynn, great to see you. Carl, thanks for coming back on. >> Great to be here. >> Appreciate it. So Lynn, you know we've been following you guys for many many years, watching the rapid growth of Cohesity. Funding round after funding round, Unicorn. From a start up, to going through the atmosphere heading into orbit, nice growth. >> Mid-size company I would say now. >> Yeah >> Yeah >> No longer a startup. >> Growing like crazy. >> No longer a startup, yeah. >> Good round, good financing track. Thanks to Sequoia. >> Well, we're proud and happy investors and partners with them, that's for sure. >> Yeah, one of the things we're super excited about right now, Lynn I want to get your thoughts on this is that, how do you maintain the growth because cloud is an ever changing landscape, data management's really hot and changing. What's been the success formula for you guys, staying ahead? Both in terms of continuing to push the brand, push the message and success. What's been the formula? >> Well, I think it starts with our founder, Mohit Aron, and his vision and strategy which, if you go back, he's been extraordinarily consistent on and he saw this massive opportunity to take hyper-convergence, which of course he's really the father of from Nutanix and bring it to this whole other area of data, the vast majority of data that enterprises have. That is in all of these different silos and so really I think that Cohesity has this opportunity to be a once in a generation platform company much like VMware and really change the way enterprises, protect, manage, store and ultimately do more with their data. So, I'm going to say it's less about the brand. I'm proud about the brand. But, it's really about... >> You did a great job the brand, but I think the execution is. I think one thing I love about this market cloud in the next ten years ahead of us is that you can come into the market with a feature or a specific thing, like backup and turn it into a broad ranging high-growth, billions dollars of value. I think that's what you guys are on. But I, while we have Carl here, I want to put him on the spot because, you know, of his experience at VMware and now at Sequoia. What's he bringing to the table for Cohesity? What's his operational knowledge? What is some of the things Carl's brought to Cohesity? >> Oh, my gosh. >> What hasn't he brought. >> Well, Carl is obviously incredibly experienced and brings a wealth of go to market knowledge and connections and advice for us. I think instrumental in helping us see how to scale. As well as, change and shift the business model over to software and subscription. Which is what Cohesity did last year and is right in line with the move towards the cloud. >> Carl, your thoughts? >> I have to say one of the things just to echo, so thank you for those kind words. But quite frankly its all about execution and these folks at Cohesity know how to execute. If you just look at their scale over the last three years and their ability to execute. It's pretty impressive, not on the technology side only. But, if you think about their go to market motion and what they've not both here in the U.S., internationally, over into, you know, Asia and in Japan with the joint venture they have with SoftBank and some of the others. It's been amazing to watch them scale and to go market and also the ecosystem that they started to build around them and leveraging partners like HPE and Cisco as Cohesity has transitioned from being an appliance solution to being a software and data management platform and moving the hardware to other partners. It's been amazing to watch that transformation happen. So, it's technology, yes. But, it's also every other component and piece of the business that's been able to scale through good execution. >> Let's talk about the ecosystem, cause I think it's a super important, ever changing conversation. Especially as the bigger players get bigger and then the mid-size folks like you guys get bigger as well. The relationships change. You've certainly seen your share, Carl, at VMware. At VMworld every year, the ecosystem has its growth. It changes over, new value propositions are coming in. You have a constant rotation through the ecosystem dynamic. >> Yeah, no. >> What are some of the going on now that Cohesity's taken advantage of? >> What are they... >> Yeah, so because Cohesity is actually building a true platform as Lynn was articulating. If you're a platform in a data center it means two things. You have to partner with people on the south-bound side of that platform and the north-bound side of the platform because everything's going to go through a platform and because of that you form a very rich ecosystem but you also form sometimes competitors. In this world everyone I think describes it as friends and enemies. They're frenemies and they've done a very good job at that but at the same time they've really focused on key partners like an HPE or a Cisco or many others that can really differentiate themselves and allow them to focus on what they truly are and that's a data management software company. So, I think they've done a really good job navigating the ecosystem and building off of it and aligning with the right people. For example you sit here at VMWworld today. Look at the partnership they have with VMware they have V-ready, you know, certification across vsan, their infrastructure platform. Vcloud Director, AWS, you name it. So, I think they've done a great job and that's thanks to people like Lynn and the team. >> Lynn, talk about the ecosystem dynamic. Because you guys are actively market a big booth every year at VMworld as well as Amazon re:invent and other shows. You have to be out there. What are you hearing? What are some of the dynamics that your working through? >> Well speaking of VMworld and VMware they really were the original ecosystem partner and I think we believe that north of 70 percent of our customers are VMware customers and they're getting better value out of that. But, we haven't talked a lot about the cloud and that's obviously a massive ecosystem that's continuing to develop and bringing those two things together is something that Cohesity specializes in. With our native capabilities, with Amazon, Azure, Google but the other third piece of the ecosystem that we're now developing is the applications and that's unique to Cohesisty really redefining data management. Just announced Cohesity CyberScan based on Tenable running on the Cohesity platform. Prior to the, Splunk, running on the platform. So we're developing these ecosystem partnerships in new ways with application providers. >> So when are we going to see Cohesity world. (laughing) >> I am just so happy to be at Vmworld it's a great place for us to meet a lot of customers and partners. So we'll stay with that. >> Carl you were talking about, before we came on camera, about your first VMworld. You know, oh my god, it's huge, now it's even bigger. This is the opportunity for firms like Cohesity, if they continue the momentum. Building out applications which if you think about it that's an enabling technology. You can enable developers to be successful. That truly is a testament to what a true platform is. >> Yeah, again, I think, she said they don't have a big user conference yet. I don't think it will be long before we such momentum in the market that we will have a user conference at some point. Where you will see a large turnout of people using the technology. People from the ecosystem there and then developers as well and lastly you'll start to see application vendors like a Splunk or a Tenable who are actually now running their applications on top of this. This isn't just data management but it's also supporting applications and when you pull those three different you know constituents together you have a pretty big opportunity to pull off some type of platform show. >> Lynn, I got to put you on the spot here for a minute you got Carl, he's also a partner with Sequoia Venture Capital. What are the pros and cons with working with a big time tier one renowned VC like Sequoia is? Sequoia's Don Valentine is a well documented story. Moritz goes on, the young guns in there now. Get the operating experience from like the Carl's. Pretty established, they got a great business model, you know that. What's the pros and cons of working for the big time Sequoia. >> I've not seen any cons. Pros are as you said the operating experience and I think also the experience in guiding a company through this hyper growth. Cohesity is now well over 1200 employees. Last year, when you and I sat here much less than that, right? And they've seen it and done it before with other partners or with other portfolio companies that I think is one of the best pieces of advice that Carl has given us coming into our company is how to maintain that culture and that focus on the mission as we move through this tremendous growth phase. >> That's interesting, Sequoia loves you when your growing but then, but they've seen success. The cons haven't come yet. But, if you continue to grow there will be no cons. Everyone's happy and growing. But, I want to get your thoughts because Sequoia also builds world-class companies and they also, Apple the names are legendary. Your founder on theCUBE told me that he doesn't just want to get an exit. He wants to build world class company. >> That's right >> Well, exit is not as important as like EMEA. But in like public that happens. He's not in it for the cash. He wants build a durable world class company. >> That's exactly right, right Mohit has had a number of successes, Google, Nutanix. So he's not in this for the short return and we really are focused on building a culture and a set of values and a long term sustainable business and he really means what he says about. He's here to change the world and data is the foundation of what most businesses are going to compete on and he believes he can really empower organizations to do that and we can build a great culture and a great company while were helping. >> Carl when you hear that.. >> I want to piggyback off what Lynn just said and its exactly what Lynn articulated about Mohit to want to build a big enduring company that stands the test of time. If you look at our ethos at Sequoia we want to partner with founders from idea to IPO and beyond. We're not looking for a quit hit, a quick win. We want to be with them through IPO and beyond and build big legendary companies that stand the test of time and in the form of Cohesity we have that opportunity and we're well on that path to build a legendary platform company that will service both the enterprise in the cloud companies into the future. That's our mission, so I think our missions are aligned. >> Well you just answered the question I was going to ask you. That is music to your ears this is the kind of model you guys want and certainly you guys do a good job of exiting out on EMEA and doing, making your LPs a lot of money. You got to make money. >> Right, but, you know a lot of people think when our companies go public this is an exit for us. It's just an event. If we believe in the companies were going to hold long into the public market from that idea and that seed investment, like we did here at Cohesity, well beyond the IPO. >> There's a renaissance going on , I love it because two things are happening in this next 10 years. You seen a systems platform mindset come back versus the quick hits and also people want to build big companies they don't want to do the quick flips anymore. So at lot of young entrepreneurs are, they are in it for a mission. This is a new vibe. What kind of advice do you give entrepreneurs that are looking to bring that Cohesity model and get the attention of Sequoia? What are some of the things that you see as success for the young entrepreneurs out there? >> Yeah, so it is around the word mission. Like we want to partner with people that are mission driven that are going to have a huge impact on business and society as a whole and even you know the social efforts in our world. So were looking for people that want to change the trajectory of whatever it is they are addressing and we think for example with Cohesity there's a radical transformation taking place in the infrastructure and someone's got to innovate because a lot of innovators today are not coming from the incumbent it's coming from the next generation of founders like Mohit and he's very mission driven. Build a big company, service a community of people change the way people store and think about data and manage it and that mission-centric founder is one we love to partner with. >> Final question I'd love to get both your take on this question, Lynn and Carl is. When you meet someone that may not be inside the ropes of technology like the enterprise tech like we are the few and others and they ask you the question "Why is Cohesity so successful?" How do you describe the dynamics of the marketplace and Cohesity's role in it on it's success? What is the answer to that question? >> I think it's really two things. So one is I think that there is this generational shift in the architecture that underpins data and we've got a perfect storm with data doing exponential growth and as Carl's been saying there really hasn't been a lot of innovation in the infrastructure in more than a decade. Mohit saw that, but then that's combined with a mission, a passion for customers and sticking to that execution of serving the customer and that's making us successful. >> Carl your thoughts after that. >> Listen, it starts with technology and to have great technology you have to have a great technical founder and we have that in Mohit, time and time again. I can go, we've all talked about Mohit and how special he is. At the same time you need to build a company that has a special culture, that can stand the test of time, that is resilient, that has grit and has passion and perseverance for the work their doing around their mission and I think we have all of that in Cohesity and that's a lot of it's because of Mohit and people like Lynn that he's brought in around his executive team. You can just see that permeate through the entire organization. >> That's awesome. Thanks for sharing the insight. Carl, great to have you comment here with Lynn on Cohesity, I know your on the board. Lot of great things happening, looking to see what's happening at the VMware parties. Thanks for hosting some awesome events for the community. >> Can't wait to be back. Bring some of our customers on. >> Thanks for spending the time. This is theCUBE Conversation here at Palo Alto. I'm John Furrier, thanks for watching. (upbeat music)

>> Announcer: From downtown San Francisco, it's theCUBE. Covering RSA North America 2018. >> Hey welcome back everybody, Jeff Frick here with theCUBE. We're at RSA North America 2018 in San Francisco. 40,000 plus people talking security, enterprise security, cloud security, a lot going on. It just continues to get more and more important. And we're really excited for our next guest who's been playing in the enterprise space for as long as I can remember, which has been a little while. Mike Decesare, he's the CEO and President of ForeScout. Mike, great to see you. >> Started my career off when I was one. (Jeff laughs) So, I've been in this for a long time. >> You have been in it a long time. So you guys now you're all about, right so there's so much stuff going on in security and security is one of these things that I have to look at it as kind of like insurance. You can't put every last nickel in security, but at the same time, you have to protect yourself. The attack surfaces are only growing with IIoT and we were at an autonomous vehicle show, and 5G is just coming around the corner, and all these connected devices and APIs. So you guys have a pretty unique approach to how you top level think about security called visibility. Explain that to us. >> So visibility is the next big thing in the world of cybersecurity and the dynamic is very basic. It's, for 20 plus years, CIOs and CSOs were substantially able to control everything that was on their network. You'd buy your servers and Windows machines and Blackberries for your employees and then there was very little tolerance for other devices being on those organization's networks. And what happened 10 years ago this year, with the birth of the iPhone was that CIOs, those same CIOs now had to deal with allowing things onto their network that don't subscribe to those same philosophies and when you can't buy it and outfit it with security before you put it into the environment. And that's the gap that ForeScout closes for organizations is we have an agentless approach which means we plug into the network infrastructure itself and we give customers visibility into everything that is connected to their network. >> So that begs a question, how do you do that without an agent? I would imagine you would put a little agent on all the various devices. So what's your technique? >> We actually don't. That's the secret sauce of the company is that >> okay >> you know over 10 years ago, we recognized this IoT trend coming because that's, that's the thing in the world of IoT is unlike the first kind o' 20 years of the internet, there was a substantially smaller number of operating systems, most of them open. The different characteristic about the current internet is that many of these use cases are coming online as closed proprietary operating systems. The example I use here is like your home. You know, you get a Nest thermostat and you put in on your network and it monitors, you know, heating and cooling but the device, the operating system, the application is all one consumer device. It doesn't run Windows. You can't install antivirus on you Nest thermostat. So our approach is we plug into the network infrastructure. We integrate to all of the network vendors, the firewall vendors, the wireless controlling vendors and we pull both active and passive techniques for gathering data off those devices and we translate that into a real-time picture of not just everything connected to the network but we know what those devices are without that client having to do anything. >> So you have what you call device cloud or yeah, ForeScout device cloud. So is that, is that a directory of all potential kind of universe of devices that you're querying off of or is that the devices within the realm of control of your of your clients directly? >> It's the second. It's the, so the way that our product works is we plug into the network infrastructure so anything that requests an IP address, whether is wired and wireless in the campus environment, whether it's data center or cloud in the data center environments or even into the OT space, anything that requests an IP address pops onto our radar the second it requests that address. And that cloud that we've built, that we've had for about nine months, we already have three million devices inside, almost three and a half million devices, is a superset of all of the different devices across our entire install base just from the clients that have been willing to share that data with us already. And that gives us optimism because what that becomes is a known set of fingerprints about all known devices so the first time that we discover a Siemens camera that might be a manufacturer, the company might have ten thousand of those in the environment, the first time that we see that device, we have to understand the pattern of traffic off that device, we label that as a security camera and any other customer world-wide that's has that same device connects, we instantaneously know it's a Siemens security camera. So we need the fingerprint of those devices once. >> Right, and so you're almost going to be like the GE Predix of connected devices down the road potentially with this cloud. >> We won't go there on that. >> He won't go there, alright. We've talked to Bill Ruh a lot of times but he does an interesting concept. The nice thing 'cause you can leverage from a single device and knowledge across the other ones which is so, so important on security so you can pick up multiple patterns, repeated patterns et cetera. >> One of the best parts about ForeScout is the fact that we deployed incredibly quickly. We have clients that have almost a million devices that got live in less than three months. And the reason we're able to do that is we plug into the infrastructure, and then our product kind o' does its own thing with very little effort from the client where we compare what we have in this repository against what they have in their environment. We typically get to an 80 or 90% auto-classification meaning that we know 80 or 90% of the time, not just what's on the network but what that device is and then the other 20% is where we have the implementation where we go through and we look at unique devices. It might be a bank has some model of ATM we've never seen before or a healthcare company has beds or machines on a hospital floor that we haven't recognized before. And the first time that we see each of those devices uniquely, we have to go through the process of fingerprinting it which means that we're looking for the unique pattern of traffic that's coming off a, you know, a router, a switch and a firewall and we're ingesting that and we're tagging that device and saying anytime we see that unique pattern of traffic, that's a certain device, a security camera or what have you. >> Right. >> The reason's that useful is then we get to put a policy in place about how those devices are allowed to behave on the network. So if you take something like the Mirai Botnet which hit about a year ago, was the thing that took down a big chunk of the Northeast, you know, utilities and you know, internet, it infected, it was a bot that infected security cameras predominantly. Nobody thought twice about having security cameras in their environment, but they're the same as they are in your house where you know, you put it online, you hit network pair and it's online. >> Right. >> But that bot was simply trying to find devices that had the default password that shipped from the security manufacturer and was able to be successful millions of time. And with our product in place, that couldn't happen because when you set us up, we would know it's a security camera, we'd put a policy in place that says security camera can speak to one server in the data center called the security camera server. And if that device tries to do anything more criminal, if it tries to dial the internet, if it tries to break into your SAP backend, any of those activities, we would give the customer the ability to automatically to take that device offline in real time. >> Right, so you're... >> And that's why our clients find us to be very useful. >> Right, so you're really segregating the devices to the places they're supposed to play, not letting 'em out of the areas they're supposed to be. Which is the >> Absolutely. >> Which is the classic kind of back door way in that the bad guys are coming in. >> Our philosophy is let everything onto the network. We take a look at that traffic. We give you a picture of all those devices and we allow each customer to put an individual policy in place that fences that in. If you take the other extreme like a Windows machine in a corporate environment, our typical policy will be you know, do you have Windows 2009 or later? 'Cause most customers have policies they don't want XP in their environments anymore. But we enforce it. So if an XP device hits the network, we can block that device or we can force a new version down. If you have Symantec, has it got a dat file update? If you've got Tenable, has it had a scan recently? If you've got, you know, any of the other products that are out there that are on those machines, our job is to enforce that the device actually matches the company's policy before that device is allowed in. >> Before you let it. Alright. >> And if at any time that it's on that network, it becomes noncompliant, we would take that device offline. >> You know, with the proliferation of devices and continuation growth of IoT and then industrial IoT, I mean, you guys are really in a good space because everything is getting an IP address and as you said, most of them have proprietary operation systems or they have some other proprietary system that's not going to allow, kind o' classic IT protections to be put into place. You've really got to have something special and it's a pretty neat approach coming at it from the connectivity. >> It's the secret sauce of the company is we recognized many years ago that the the combination of not just there being very few operating systems but they were all open. Windows, Lennox, right? I mean, you can buy a Windows machine and you can install any product you want on it. But we saw this trend coming when the next wave of devices was going to be massively heterogeneous and also in many cases, very closed. And you know, you mentioned the example of the OT space and that's one of the other, the third biggest driver for us in our business is the OT space because when you looking a WanaCry or a NotPetya and you see companies like Maersk and FedEx and others that are, that are publicly talking about the impact of these breaches on their earnings calls. What those companies are waking up and realizing is they've got 25 year old systems that have run, you know, an old version of Microsoft that's been end-of-life decades ago and the bad actors have proven very adept at trying to find any entry point into an organization, right, and the great news for ForeScout is that really lends itself very much towards our age-endless approach. I mean, many of these OT companies that we're in, devices that are in their manufacturing facilities don't even have an API. There were built so long ago so there's no concept of interacting with that machine. >> Right >> So for us, allowing that device to hit the Belden switches and then be able to interrogate the traffic coming off those switches let's us do the same thing that we do in the campus world over in the OT world as well. >> Good spot to be. So RSA 2018, what are ya looking forward to for this week? >> This is just massive in size. It's like speed dating. From a customer's perspective too, I mean, I meet so many customer's that come here and able to meet with 30 or 40 vendors in a single week and it's no different, you know, for the providers themselves so. You know, we've got some really, kind o' really high profile big wins, you know, it's very coming for us to be doing deals at this point that get up over a million devices so they're very high profile so it's a great chance to reconnect with customers. You know, one of the things I didn't mention to you is that kind o' the, the whole thing that we do of identifying devices and then understanding what they are and allowing those policies to get put in places, that's fundamentally done with our own IP, and the connections into the switch and firewall vendors. But we've built this whole other ecosystem of applications in the world of orchestration that set on top of our products. We integrate the firewall vendors, the vulnerability management vendors, the EDR vendors, the AV vendors, so it's a great chance for us to reconnect with you know, those vendors as well. In fact, we're doing a dinner tonight with CrowdStrike. They're one of our newer partners. Very excited about this week. It brings a lot of optimism. >> Well, great story Mike and excited to watch it to continue to unfold. >> We appreciate you giving us some time. >> Alright, thanks for stopping by. That's Mike Decesare. I'm Jeff Frick. You're watching theCUBE from RSA North America 2018. Thanks for watchin'. Catch you next time. (techno music)

>> Announcer: Live from Orlando, Florida, it's the Cube. Covering Servicenow, Knowledge 17. Brought to you by Servicenow. >> Welcome back to Orlando everybody this is the Cube the leader in live tech coverage, we go out to the events, we extract the signal from the noise, and we are here for our fifth year at Knowledge this is Knowledge 17, Sean Convery's here he's the general manager of the security business unit at Servicenow, an area that I'm very excited about Shawn. Welcome back to the Cube, it's good to see you again. >> It's great to be here, thanks for having me. >> So let's see you guys launched last year at RSA we talked in depth at Servicenow Knowledge about what you guys were doing. You quoted a stat the other day which I thought was pretty substantial at the financial analyst meeting, 1.1 million job shortfall in cyber. That is huge. That's the problem that you're trying to address. >> Well it's unbelievable, I was- you know we were just doing the keynote earlier this morning and I was recounting, most people in security get in it because they have some, you know desire to save the world right? To to- they watched a movie, they read a book, they're really excited and motivated to come in- >> What's was yours, was it comic book, was it- >> It was, uh, War Games with Matthew Broderick, I was 10 years old which totally dates me, movie came out in '83 so nobody has to look it up. (laughing) And you know I was just, you know blown away by this idea of using technology and being able to change things and the trouble is analysts show up to work and they don't have that experience, and nobody's expected, but they're not even close right? They wind up being told okay here's all this potential phishing email, we'd like you to spend 20 minutes on each one trying to figure out if it actually is phishing. And there's 600 messages. So tell me when you're done and I'll give you the next 600 messages. And so it's not motivating >> Not as sexy as War Games. >> It's not as sexy as War Games exactly. And then the CICO's say, well I can't even afford the people who are well trained. So I hire people right out of school, it takes me six months to train them, they're productive for six months, and then they leave for double their salary. So you wind up with a, sort of a 50 percent productivity rate out of you new hires, and it's just, it's just a recipe for for the past right? You know, we need to think more about how we, how we change things. >> So let's sort of remind our audience in terms of security, you're not building firewalls, you're not, you know competing with a lot of the brand name securities like MacAfee or FireEye, or Palo Alto networks, you're complementing them. Talk about where you fit in the security ecosystem. >> Sure. So if you boil down the entire security market, you can really think about protection and detection as the main two areas, so protection think of a firewall, an antivirus, something that stops something bad, and think of detection as uh, I'm going to flag potentially bad things that I think are bad but I'm not to certain that I want to absolutely stop them. And so what that does is it creates a queue of behavior that needs to be analyzed today by humans, right? So this is where the entire SIM market and everything else was created to aggregate all those alerts. So once you've got the alerts, you know awesome, but you've got to sort of walk thought them and process them. So what Servicenow has focused on is the response category. And visualization, aggregation is nice, but will be much better is to provide folks the mechanism to actually respond to what's happening. Both from a vulnerability standpoint, and from an incidence standpoint. And this is really where Servicenow's expertise shines because we know workflow, we know automation, we know about system of action, right? So that's our pedigree and IT frankly is several years ahead of where the security industry is right now until we can leverage that body of expertise not just with Servicenow, but with now all of our partners to help accelerate the transformation for security team. >> So I got to cut right to the chase. So last year we talked about- and of course every time we get a briefing for instance from a security vendor, where- we're given a stat that is on average it takes 200 sometimes you've seen as high as 300 but let's say 200 days to detect an incident then the answer is so buy our prevention, or our detection solution. >> Yeah. >> I asked you last year and I tweeted out, you know a couple days ago is, has Servicenow affected that? Can you affect- I asked you last year, can you affect that, can you compress that timeframe, you said "we think so." Um what kind of progress have you made? >> Sure so you have to remember about that 200 day stat that that is a industry average across all incidents right? So the Ponemon institute pulls this data together once a year, they survey over 300 companies, and they found that I think it's 206 days is the average right now. And so to identify an- a breach, and then another 75 days to contain it. So together it's nine months, which is a frighteningly long period of time. And so what we wanted to do is measure across all of our productions security operations customers what is their average time to identify and time to contain. So it turns out, it's so small we have to convert it to hours. It's 29 hours to identify, 33 hours to contain, which actually is a 160x improvement in identification, and a 50x improvement in containment. And so we're really excited about that. But you know, frankly, I'm not satisfied. You know, I'm still measuring in hours. Granted we've moved from months to hours, but I want it from hours, to minutes, to seconds, and really, you know we can show how we can do that in minutes today with certain types of attacks. But, there's still the long breaches. >> That's a dramatic reduction, you know I know it's, that 206 whatever it is is an average of averages. >> For sure. >> But the delta between what you're seeing and your customer base is not explainable by, oh well the Servicenow customers just happen to be better at it or lucky year, it's clearly an impact that you're having. >> Well sure, let's be you know as honest as we can be here right? The, you know the people who are adopting security operations are forward thinking security customers so you would expect that they're better, right? And so your- there program should already be more mature than the average program. And if you look across those statistics, like 200 and some days, you know that includes four year long breaches, and it also includes companies that frankly don't pay as much attention to security as they should. But even if you factor all of that out, it's still a massive massive difference. >> So if I looked at the bell curve of your customers versus some of the average in that survey, you'd see, the the shift, the lump would shift way to the left, right? >> Correct. Correct. And, and you know we actually have a customer, Ron Wakely from ANP Financial Services out of Australia, who was just up on stage talking about a 60 percent improvement in his vulnerability and response time. So from identifying the vulnerabilities via Quaales, Rapid 7, Tenable, whoever their scanning vendor is, all the way through IT patching, 60 percent faster, and given that, I think it's something like 80 percent of vulnerabi- or 80 percent of attacks, come from existing vulnerabilities, that's big change. >> So do get- you got to level it when you're measuring things and you change the variable that you're measuring, as opposed to the number, right? That means you're doing a good thing. So to go from, from hours to minutes, is it continuous improvement, or are there some big, you know potential challenges that you can see that if you overcome those challenges, those are going to give you some monumental shifts in the performance. >> I, I think we're ready. I think when we come back next year, the numbers will be even better and this is why, so many of our customers started by saying "I have no process at all, I have manual, you know I'm using spreadsheets, and emails, and notebooks, you know, and trying to manage the security incident when it happens." So let me just get to a system of action, let me get to a common place where I can do all of this investigation. And that's where most of our production customers are so if you look across the ones who gave us the 29 hour and the 33 hour set, that really just getting that benefit from having a place for everybody to work together where we're going, but this is already shipping in our product is the ability to automate the investigation, so back to, back to the, you know, the poor 10 year old who didn't get to save the world, you know, now he gets to say, this entire investigation stage is entirely automated. So if I hand an analyst, for example, an infected server, there's 10 steps they need to do before they even make a decision on anything right? They have to get the network connections, get the running processes, compare them to the processes that should be on the system, look up on a reputation site all the ones that are wrong like all these manual steps. We can automate that entire process so that the analyst gets to make the decision, he's sort of presented the data, here's the report, now decide. The analogy I always use is the, the doctor who's sort of rushing down in an ER show, and somebody hands him an MRI or an X-ray and he's looking at it, you know, through the fluorescent, you know, lights as he's walking and he's like "oh" you know "five millileters of" whatever and "do this" right? >> Right. >> That's the way an analyst wants to work right? They want the data so they can decide. >> I tell you this is the classic way that machines help people do better work right? Which we hear about over and over and over. Let the machines do the machine part, collecting all the shitty boring data, um, and then present you know the data to the person to make the decision. >> Absolutely. >> Probably with recommendations as well right? With some weighted average recommendations >> Yeah and this is where it gets really exciting, because the more we start automating these tasks, you know the human still wants to make the decision but as we grow and grow this industry, one of the benefits of us being in a cloud, is we can start to measure what's happening across all of our customers, so when attack X occurs, this is the behavior that most of our customers follow, so now if you're a new customer, we can just say "in your industry, customers like you tend to do this". >> Right. >> Right? And really excited by what our engineering team is starting to put together. >> Do you have a formal, or at some point maybe down the road a formal process where customers can opt in to an aggregation of, you know we're all in this together we're probably going to share our breach data with one another so that we can start to apply a lot more data across properties to come to better resolutions quicker. >> Well we actually announced today something called trusted security circles. So this is a capability to allow all of our customers to share indicators, so when you're investigating an issue, the indicators are something that are called an indicator of compromise, or an IOC, so we can share those indicators between customers, but we can do that in an anonymous way right? And so you know, the analogy I give you is, what do you do when you lose power in your house? Right? You grab the flashlight, you check the breakers, and then you look out the window, because what are you trying to find out? >> Is anybody else out? >> Is anybody else out exactly. So, you can't do that in security, you're all alone, because if you disclose anything, you risk putting your company further in a bad spot right? Cause now it's reputation damage, somebody discloses the information, so now we've been able to allow people to do this anonymously right so it's automatic. I share something with both of you, you only see that I shared if it's relevant, meaning the service now instance found it in your own environment, and then if all three of us are in a trusted circle, when any one of us shares, we know it was one of the three, but we don't know which one. So the company's protected. >> So just anecdotally when I speak to customers, everybody still is spending more on prevention than on detection. And there's a recognition that that has to shift, and it's starting to. Now you're coming in saying, invest in response. Which, remember from our conversation last year is right on I'm super excited about that because I think the recognition must occur at the board room that you are going to get infiltrated it's the response that is going to determine the quality of your security. And you still have to spend on prevention and detection. But as you go to the market, first of all can you affirm or deny that you're seeing that shift from prevention to detection in spending, is it happening sort of fast enough, and then as you go in and advise people to think about spending on responding, what's their reaction? What are you finding is the, are the headwinds and what's the reception like? >> Sure. So you know to answer your first question about protection to detection, I would say that if you look at the mature protection technologies, right they are continuing to innovate, but certainly what you would expect a firewall to do this year, is somewhat what you expected it to do last year. But the detection category really feels like where there's a lot of innovation, right? So you're seeing you know new capabilities on the endpoint side network side, anomol- you're just seeing all sorts of diff- >> Analytics. >> Analytics, absolutely. And so uh, I do see more spent simply because more of these attacks are too, too nasty to stop, right? You sort of have to detect them and do some more analysis before you can make the decision. To your second question about, you know, what's the reception been when we started talking about response. You know, I haven't had a single meeting with a customer where they haven't said, "wow" like "we need that", right? It was very- I've never had anybody go "Well yeah our program is mature, we're fine, we don't need this." Um, the question is always just where do we start? And so we see, you know vulnerability management as one great place to start incident response is another great place to start. We introduced the third way to start, just today as well. We started shipping this new capability called vendor risk management, which actually acknowledges the the, you know we talked about the perimeter list network what five years ago? Something like that, we're saying oh the perimeter's gone, you know, mobile devices, whatever. But there's another perimeter that's been eroding as well, which is the distinction between a corporate network and your vendors and suppliers. And so your vendors and suppliers become massive sources of potential threat if they're not protected. And so the assessment process, you know, there's telcos who have 50,000 vendors. So you think about the exposure of that many companies and the process to figure out, do they have a strong password policy, right? Do they follow the best practices around network security, those kinds of things, we're allowing you to manage that entire process now. >> So you're obviously hunting within the service now customer-based presumably, right? You want to have somebody to have the platform in order to take advantage of your product. >> Sure. >> Um, could you talk about that dynamic, but also other products that you integrate with. What are you getting from the customers, do I do I have this capability- this is who I use for firewall who I use for detection do you integrate them, I'm sure you're getting that a lot. Maybe talk to that. >> Sure sure. So first off, it's important to share that the Servicenow platform as a whole is very easy to integrate with. There's API's throughout the entire system, you know we can very easily parse even emails, we have a lot of customers that you know have an email generated from an alert system, and we can parse out everything in the email and map it right into a structured workflow, so you can kind of move from unstructured email immediately into now it's in service now. But we have 40 vendors that we directly integrate with today and when I was here about a year ago, I think that number was maybe three or two. And so we're up at 40 now, and that really encompasses a lot of the popular products so we can for example, you know, a common use case, we talked about phishing a little bit right? You know, let me process a potential phishing email, pull out the URL, the subject line, all the things that might indicate bad behavior, let me look them up automatically on these public threat sources like Virus Total or Meta Defender, and then if the answer is they don't think it's bad, I can just close the incident right? If they think it's bad, now I can ask the Palo Alto Firewall, are you already blocking this particular URL, and if the Palo Alto Firewall says "yeah I was already blocking it", again you can close the incident. Only the emails that were known to be bad, and your existing perimeter capabilities didn't stop, did you need to involve people. >> I have to ask you, it goes back to the conversation we had with Robert Gates last year, but I felt like Stuxnet was this milestone, where the, the game just got escalated big time. And it went from sort of harmless, sometimes not harmless, really up the level of risk. Because now others, you know the bad guys really dug into what they could do, and it became pretty substantial. I was asking Gates generally about some future warfare in cyber, and he, this is obviously before the whole Russian hacking, but certainly Snowden and Wikileaks and so fourth was around. And he said, "The United States has to be very careful about how it responds. We have maybe many more capabilities but if we show our hand, others are going to see those weapons, and have access to those weapons, cause it's digital." I wonder as a security expert if you could sort of comment on the state of security, the future of that threat generically, or generally. Where do you see that going? >> Well there's a couple of things that come to mind as you're talking. Uh, one is you're right, Stuxnet was an eye opener I think for a lot of people in the industry that that, that these kinds of vulnerabilities are being used for, you know nation state purposes rather than, you know just sort of, uh random bad behavior. So yeah I would go back to what I said earlier and say that, um, we have to take the noise, the mundane off the table. We have to automate that, you're absolutely right. These sort of nation state attackers, if you're at a Global 2000 organization, right your intellectual property is valuable, the data you have about your employees is valuable, right all this information is going to be sought by competitors, by nation states, you have to be able to focus on those kinds of attacks, which back to my kind of War Games analogy, like that's what these people wanted to do, they wanted to find the needle in the haystack, and instead they're focusing on something more basic. And so I think if we can up the game, that changes things. The second, and really interesting thing for me is this challenge around vulnerability, so you talked about Gates saying that he has to be careful sort of how much he tips his hand. I think it was recently disclosed that the NSA had a stockpile of vulnerabilities that they were not disclosing to weaponize themselves. And that's a really paradoxical question right? You know, do you share it so that everybody can be protected including your own people, right? Imagine Acrobat, you find some problem in Acrobat, like well do you use it to exploit the enemy, or do you use it to protect your own environment? >> It's quite a dilemma. >> You- it's a huge dilemma cause you're assuming either they have it or they don't have the same vulnerability and so I'm fascinated by how that whole plays out. Yeah, it's a little frightening. >> And you know, in the land of defense, you think okay United States, you know biggest defense, spends the most money, has the, you know the most, you know, amazing machines whatever. Um, but in cyber, you know you presume that's the case, but you don't really know, I think of high frequency trading, you know, it was a lit of Russian mathmeticians that actually developed that, so clearly other states have, you know smart people that can you know create, you know, dangerous threats. And it's, it's- >> You only have to live once to, that's kind of the defense game. You got to defend them all, you have to bat 1000 on the defense side, or you know, get it and react, from the other guys side, he can just pow pow pow pow pow, you just got to get through once. >> So this is why your strategy of response is such a winner. >> Well this is where it comes back to risk as well right? At the end of the day you're right, you know a determined adversary you know, sorry to break it to everybody at some point is going to be able to find some way to do some damages. The question is how do you quantify the various risks within your organization? How do you focus your energy from a technology perspective, from a people standpoint, on the things that have the most potential to do your organization harm, and then, you know there's just no way people can stop everything unless you, you know unplug. >> And then there's the business. Then there's the business part of it too right? Cause this is like insurance when do you stop buying more insurance, you know? You could always invest more at what point does the investment no longer justify the cost because there's no simple answer. >> Well this is where, uh you know, we talked to chief information security officers all the time who are struggling with the board of directors conversation. How do I actually have an emotional conversation that's not mired in data on how things are going? And today they often have to fall back on stats like you know we process 5 million alerts per day, or we have, you know x number of vulnerabilities. But with security operations what they can do is say things like well my mean time to identify, you know was 42 hours, and this quarter it's 14 hours, and so the dollars you gave me, here's the impact. You know I have 50 critical vulnerabilities last quarter, this quarter I have 70, but only on my mission critical system, so that indicates future need to fund or reprioritize, right? So suddenly now you've got data where you can actually have a meaningful conversation about where things are from a posture prospective. >> These are the assets that we've, you know quantified the value of, these are the ones that were prioritizing the protection on and here's why we came up with that priority, let's look at that and, you know agree. >> Exactly. You know large organizations, I was talking to the CISO of a fortune ten, 50 I guess and he was sharing that it takes 40 percent of their time in incident response is spent tracking down who owns the IP address. 40 percent. So imagine, you spent 40 percent of a, you know 25 hour response time investigating who owns the asset, and then you find out it's a lab system, or it's a spare. You just wasted 40 percent of your time. But if you can instead know, oh this is your finance reporting infrastructure, okay you super high priority, let's focus in on that. So this is where the business service mapping, the CMDB becomes such a differentiator, when it's in the hands of our customers. >> Super important topic Sean Convery, thanks very much for coming back in the cube and, uh great work. Love it. >> It's great to be here, thanks for having me. >> Alright keep it right there everybody we'll be right back with our next guest, this is the Cube, we're live from Servicenow Knowledge 17 in Orlando. We'll be right back.