 From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. The pandemic precipitated what is shaping up to be a permanent shift in cybersecurity spending patterns. As a direct result of hybrid work, CISOs have invested heavily in endpoint security, identity access management, cloud security, and further hardening the network beyond the headquarters. We've reported on this extensively in this Breaking Analysis series. Moreover, the need to build security into applications from the start rather than bolting protection on as an afterthought has led to vastly heightened awareness around dev sec ops. Finally, attacking security as a data problem with automation and AI is fueling new innovations in cyber products and services and startups. Hello and welcome to this week's Wikibon Cube Insights powered by ETR. In this Breaking Analysis, we present our quarterly findings in the security industry and share the latest ETR survey data on the spending momentum and market movers. Let's start with the most recent news in cybersecurity. Narria Week goes by without more concerning news. The latest focus in the headline is, of course, Russia's relentless cyber attacks on critical infrastructure in the Ukraine, including banking, government websites, weaponizing information. The hacker group, Blackbite, put a double whammy on the San Francisco 49ers, meaning they exfiltrated data and they encrypted the organization's files as part of its ransomware attack. Then there's the best Super Bowl ad last Sunday, the Coinbase floating QR code. Did you catch that? As people rushed to scan the code and participate in the Coinbase Bitcoin giveaway, it highlights yet another exposure, meaning we're always told not to click on links that we don't trust or we've never seen, but so many people activated this random QR code on their smartphones that had crashed Coinbase's website. What does that tell you? In other news, Securonix raised a billion dollars. They did this raise on top of Lacework's massive $1.3 billion raise last November. Both of these companies are attacking security with data automation and APIs that can engage machine intelligence. Securonix specifically in the announcement mentioned the uptake from MSSP's, Managed Security Service Providers, something we've talked about in this series. And that's a trend that we see as increasingly gaining traction as customers are just drawing in and drowning in security incidents. Peter McKay's company, Sneak, acquired Fugue, a company focused on making sure security policies are consistent throughout the software development life cycle. It's really an example of a developer-defined security approach where policy can be checked at the dev deployment and production phases to ensure the same policies are in place at all stages, including monitoring at runtime. Fugue, according to Crunchbase, had raised $85 million to date. In some other company news, Cisco was rumored to be acquiring Splunk for not much more than Splunk is worth today and the talks reportedly broke down. This would be a major move in security by Cisco and underscores the pressure to consolidate. Cisco would get an extremely strong customer base and through efficiencies could improve Splunk's profitability, but it seems like the premium Cisco was willing to pay was not enough to entice the board to act. Splunk board, that is. Datadog blew away its earnings and the stock was up 12%. It's pulled back now thanks to Putin, but it's one of those companies that is disrupting Splunk. Datadog is less than half the size of Splunk revenue-wise, but its valuation is more than two and a half times greater. Finally, Elastic, another Splunk disruptor, settled its trademark dispute with AWS and AWS will now stop using the name Elasticsearch. All right, let's take a high-level look at how cyber companies have performed in the stock market over time. Here's a graph of the cyber ETF and you can see the March 1st crosshairs of 2020 signifying the start of the lockdown. The trajectory of cybersecurity stocks is shown by the orange and blue lines and it surely has steepened post-March of 2020. And of course it's been down with the market lately, but the run-up as you can see was substantial and eclipsed the trajectory of the previous cycles over the last couple of years, owing much of the momentum to the spending dynamics that we talked about at our open. Let's now drill into some of the names that we've been following over the last few years and take a look at the firm level. This chart shows some data that we've been tracking since before the pandemic. The top rows show the S&P 500 and NASDAQ prices and the bottom rows show specific stocks. The first column is the index price or the market cap of the company just before the pandemic, then the same data one year later. Then the next column shows the peak value during the pandemic and then the current value. Then it shows the next column where it is today in percentage terms, i.e. how far has it pulled back from the peak, then the delta from pre-pandemic. In other words, how much did the issue earn or lose during the pandemic for investors? We then compare the pre-pandemic revenue multiple using a trailing 12 month revenue metric, sorry, that's what we used, it's easy to get. And that's the revenue multiple compared to the August in 2020, when multiples were really high and where they are today. And then a recent quarterly growth rate guide based on the last earnings report, that's the last column. Okay, so I'm throwing a lot of data at you here, but what does it tell us? First, the S&P and the NAS are well up from pre-pandemic levels. Yet they're off 9% and 15% respectively from their peaks today. That was earlier on Friday morning. Now let's look at the names more closely. Splunk has been struggling. It definitely had a tailwind from the pandemic as all boats seem to rise, but its execution has been lacking. It's now 30% off from its pre-pandemic levels. And it's multiple is compressing and perhaps Cisco thought it could pick up the company for a discount. Now let's talk about Palo Alto networks. We had reported on some of the challenges the company faced moving into a cloud friendly model that was before the pandemic. And we talked about the divergence between Palo Alto stock price and the valuations relative to Fortinet. And we said at the time, we fully expected Palo Alto to rebound and that's exactly what happened. It rode the tailwinds of the last two years. It's up over 100% from its pre-COVID levels and its revenue multiple is expanding owing to the nice growth rates. Now Fortinet had been doing well coming into the pandemic. In fact, we said it was executing on a cloud strategy better than Palo Alto networks, hence that divergence and valuations at the time. So it didn't get as much of a boost from the pandemic. Didn't get that momentum at first, but the company's been executing very well. And as you can see with 155% increase in valuation since just before the pandemic, it's going more than okay for Fortinet. Now, Okta is a name that we've really followed closely. The identity access management specialists are rocketed. But since it's off zero acquisition, it's pulled back. Investors are concerned about its guidance and its profitability. Several analysts have downgraded their price targets on Okta. We still really like the company. The off zero acquisition gives Okta a developer vector and we think the company is going hard after market presence and is willing to sacrifice short-term profitability. We actually like that posture. It's very Frank Slutman like. This company spends a lot of money on R and D and go to market. The question is, does Okta have inherent profitability? The company, as they say, spends a ton in some really key areas, but it looks to us like it's going to establish a footprint. It's guiding revenue cagger in the mid-30s over the mid to long-term and near-term should beat that benchmark handily. But you can see the red highlights on Okta. And even though Okta is up 59% from its pre-pandemic levels, it's far behind its peers shown on the chart, especially CrowdStrike and Zscaler, the latter being somewhat less impacted by the pullback in stocks recently, of course, due to the fears of inflation and interest rates and, of course, Russian invasion escalation. But these high flyers, they were bound to pull back. The question is, can they maintain their category leadership? And for the most part, we think they can. All right, let's get into some of the ETR data. Here's our favorite X, Y view with net score or spending momentum on the Y axis in market share or pervasiveness in the data center on the horizontal axis. That red 40% line that indicates a highly elevated spending level and the chart inserts to the right, that shows how the data is plotted with net score and shared N in each of the columns by each company. Okay, so this is an eye chart, but there really are three main takeaways. One is that it's a crowded market. And this shows only the company's ETR captures in its survey, we filtered on those that had more than 50 mentions. Okay, so there's others in the ETR survey that we're not showing here. And there are many more out there which don't get reported in the spending data in the ETR survey. Secondly, there are a lot of companies above the 40% mark and plenty with respectable net scores just below. Third, check out Sentinel-1, Elastic, Taneum, Datadog, Netscope and Darktrace. Each has under 100 Ns, but we're watching these companies closely. They're popping up in the survey and they're catching our attention, especially Sentinel-1 post IPO. So we wanted to pair this back a bit and filter the data some more. So let's look at companies with more than 100 mentions in the same chart. It gets a little cleaner this picture, but it's still pretty crowded. Auth0 leads everyone in net score. Okta is also up there, so that's very positive sign since they just acquired Auth0. CrowdStrike, SailPoint, CyberArk, Cloudflare and Zscaler are all right up there as well. And then there's the bigger security companies, Palo Alto Network, very impressive because it's well above the 40% mark and it has a big presence in the survey and of course in the market. And Microsoft as well, they're such a big whale, they skew the data for everybody else, just kind of mess up these charts. And the position of Cisco and Splunk make for an interesting combination. We get both decent net scores, not above the 40% line, but they got a good presence in the survey as well. We're thinking about the acquisition. Al Shugart was the CEO of Seagate and Founder, brilliant Silicon Valley icon and engineer, great business person. I was asking him one time, are you thinking about buying this company or that company? And of course he's not going to tell me who he's thinking about buying or acquiring. He said, let me just tell you this. If you want to know what I'm thinking, ask yourself, if it were free, would you take it? And he said the answer is not always obviously yes because acquisitions can be messy and disruptive. In the case of Cisco and Splunk, I think the answer would be a definitive yes. It would expand Cisco's portfolio and make it the leader in security with an opportunity to bring greater operating leverage to Splunk. Cisco just got to pay more if it wants that asset. It's going to have to pay more than the, suppose a $20 billion offer that it made. It's going to have to get, kind of probably north of 23 billion. I pinged my ETR colleague, Eric Bradley on this and he generally agreed. He's very close to the security space. He said Splunk isn't growing the customer base but the customers are sticky, totally agree. Cisco could roll Splunk into its security suite. Splunk is the leader in SIM, that space security information and event management and Cisco really is missing that piece of the pie. All right, let's filter the data even more and look at some of the companies that have moved in the survey over the past year and a half. We'll go back here to July 2020, same two dimensional chart and we're isolating here, Auth0, Octa, SailPoint, CrowdStrike, Zscaler, CyberArk, Fortinet and Cisco. No Microsoft that cleans up the chart. Okay, why these firms? Because they've made some major moves to the right and some even up since last July. And that's what this next chart shows. Here's the data from the January 2022 survey. The arrow start points show the position that we just showed you earlier in July 2020 all these players have made major moves to the right. Now come, well it's likely a combination of strong execution and the fact that security is on the radar of every CEO, CIO, of course, CISOs, business heads, boards of directors, everyone is thinking about security. The market momentum is there, especially for the leaders and it's quite tremendous. All right, let's now look at what's become a bit of a tradition with breaking analysis and look at the firms that have earned four stars. Four star firms are leaders in the ETR survey that demonstrate both a large presence, that's that X-axis that we showed you, an elevated spending momentum. On this chart we filter the ends, it has to be greater than 100 and we isolate on those companies. So more than 100 responses in the survey. On the left hand side of the chart we sort by net score or spending velocity on the right hand side, we sort by shared ends or presence in the dataset. We show the top 20 for each of the categories and the red line shows the top 10 cutoffs. Companies that show up in the top 10 for both spending momentum and presence in the dataset earn four stars. If they show up in one and make the top, shape the top 10 in one and make the top 20 in the other they get two stars. And we've added a one star category as honorable mention for those companies that make the top 20 in both categories. Microsoft Palo Alto Networks CrowdStrike and Okta make the four star grade. Okta makes it even without Auth0 which has the number one net score in this dataset with 115 shared end to boot. So you can add that to Okta. The weighted average would pull Okta's net score to just above cyber arcs into fourth place and its shared end would bump Okta up to third place on the right hand side of the chart. Cisco, Splunk, Proofpoint, No Before, Zscaler and Cyber Arc get two stars and then you can see the honorable mentions with one star. Now thinking about a Cisco-Splunk combination you'd get an entity with a net score in the mid-20s. Not too bad, definitely respectable but they'd be number one on the right hand side of this chart with the largest market presence in the survey by far. Okay, let's wrap. The trends around hybrid work, cloud migration and the attacker escalation that continue to drive cybersecurity momentum and they're going to do so indefinitely. And we've got some bullet points here that you're seeing private companies, they're picking up gobs of money which really speaks to the fact that there's no silver bullet in this market. It's complex, chaotic and cash rich. This idea of MSSPs on the rise is going to continue we think. About half the mid-size and large organization in the U.S. don't have a SecOps, a security operations center and outsourcing to one that can be tapped on a consumption basis, cloud-like as a service just makes sense to us. We see the momentum that companies that we've highlighted over the many quarters of breaking analysis are forming. They're forming a strong base in the market. They're going for market share and footprint and they're focusing on growth and bringing in new talent. They have good balance sheets and strong management teams and we think they'll be leading companies in the future ZScale or CrowdStrike, Okta, Sentinel-1, CyberArk, SailPoint. Over time joining the ranks of billion dollar cyber firms like when they say billion dollar, billion dollar revenue like Palo Alto Networks, Fortinet and Splunk if it doesn't get acquired these independent firms that really focus on security. Which underscores the pressure and consolidation and M&A in the whole space. It's almost assured with the fragmentation of companies and so many new entrants fighting for escape velocity that this market is going to continue with robust M&A and consolidation. Okay, that's it for today. Thanks to my colleague, Stephanie Chan who helped research this week's topics and Alex Meyerson on the production team. He also manages the breaking analysis podcast. Kristen Martin and Cheryl Knight who get the word out. Thank you to all. Remember these episodes are all available as podcasts wherever you listen, all you do is search breaking analysis podcast. Check out ETR's website at ETR.ai. We also publish a full report every week on wikibon.com and siliconangle.com. You can email me at david.volante at siliconangle.com at dvolante is my DM. Comment on our LinkedIn posts. This is Dave Vellante for theCUBE Insights powered by ETR. Have a great week. Be safe, be well and we'll see you next time.