 From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. Over the past 150 days, virtually everybody that I know in the technology industry has become an expert on COVID in some way, shape, or form. We've all lived the reality that COVID-19 is accelerated by at least two years, many trends that were in motion well before the virus hit. The cybersecurity sector is no exception. And one of the best examples where we have witnessed the accelerated change. Hello everyone and welcome to this week's episode of Wikibon, CUBE Insights powered by ETR. In this Breaking Analysis, we'll update you on the all-important security sector, which remains one of the top spending priorities for organizations. And I want to give you a shout out to my colleague, Eric Bradley from ETR who gave me some really good data and some macro insights, as well as some anecdotal data from CISOs for this episode. Let's take a look at the big picture first. Now for many years, we've talked about the shifting patterns in networking, moving from what's often referred to as a North-South architecture, meaning a hierarchical network that supports an age-old organizational structures. Well, today the network is flattening into what they often refer to as an East-West model. And the moat or perimeter has been vaporized. The perimeter is now wherever the user is and users are at home or they're at their beach houses thanks to COVID. Now this is a bad actor's dream as the threat surface has expanded by orders of magnitude. And as we've said in the past, the adversary is well-funded, extremely capable and highly motivated because the ROI of infiltration and ex-filtration is outstanding. The CISOs job quite simply stated is to lower that return on investment. Now the other big trend that we see is that the cloud and SAS are reducing reliance on hardware-based solutions like traditional firewalls because so many workers are now at home and they're accessing sensitive data, identity and endpoint security are exploding. XDR or extended detection and response and zero trust networks are on the rise. Organizations are increasingly relying on analytics and automation to detect and remediate threats. You know, alerts just don't cut it anymore. I need action. And so to do so, they're turning to a number of best-of-breed point products that have the potential to become the next great security platforms. And this is setting up an epic battle between hot startups that are growing very, very quickly and entrenched incumbents that really aren't going to go down without a fight. Finally, while security is clearly a top spending priority, customers and their CFOs continue to be somewhat circumspect with respect to how much they allocate toward security budgets, especially in the context of a shrinking IT spending climate that we have said is dropping between five and 8% in 2020. Now security is critical, but even in these times, spending is governed by these tight budgets. While cyber remains a top category in ETR taxonomy in terms of its presence in the dataset, what this chart tells us is that CIOs and IT buyers have other priorities that they have to fund. This data shows a comparison of net scores over three survey dates, October of last year, April and July. Net score, remember, is an indicator of momentum, which is calculated by subtracting the percent of customers spending less on a technology from those spending more. It's more complicated than that, but that's the basics. And you can see that at a 29% net score, the security sector is just one of many priorities that IT buyers face. Now remember, this is the July survey and it's asking customers, are you planning to spend more or less in the second half of 2020 relative to the first half? And it's a forward-looking metric. So what may be happening here is that the height of the lockdown in the US anyway, and the pivot to work from home, organizations were spending heavily and are now fine-tuning those investments and maybe addressing other digital priorities. Let's look back and do some pre- and post-COVID assessments of various players within the ETR dataset. I'm gonna go fairly quickly through these next slides, but I want to give you a perspective as to how the security landscape and the vendor momentum has changed in the past eight months. First, I'm gonna take you back to the January dataset. We actually originally did this exercise last year and then we updated it right at the beginning of 2020. The chart shows the top-ranked cybersecurity companies based on two metrics. The left-hand side sorts the data and ranks companies based on net score or spending momentum. And the right-hand side shows the ranking by shared N, which is a measure of the pervasiveness of a company in the dataset, i.e. the number of mentions that they get in the sector. And what we did is we gave four stars to those companies that showed up in the top of both of those rankings and two stars to those that were close. So you can see that Microsoft's Splunk Palo Alto and Proofpoint as well as Okta and CrowdStrike, and then we added Zscaler in January as new and then CyberArk software, all got four stars. And then we gave Cisco and Fortinet two stars. Now this next chart shows the same thing at the height of the US lockdown. Now you may say, okay, what's the difference? Is still Microsoft Palo Alto, Proofpoint, Okta, CyberArk, Zscaler, and CrowdStrike at four stars with Cisco and Fortinet having two stars, Splunk fell off, but that's it. Well, what's different is instead of making the cut the top 22, which we did last time, we narrowed it down to the top 10 in order for a company to make that grade. So if we had done that in January, Okta, CrowdStrike, Zscaler, and CyberArk, they wouldn't have made the cut, but in April they did as their presence in the dataset grew. And we strongly believe this is a direct result of the work from home pivot. CrowdStrike, Endpoint, Okta, Identity Access Management, Zscaler, Cloud Security, and they're disrupting traditional appliance-based firewalls. Now just to note, we placed Dell EMC, which was RSA, and IBM in the list just for context. Now let's take a look at the most recent July survey. Now I'm out on a limb a little bit here because many of these companies they haven't reported yet. So we don't have full visibility on their business outlook, but we show the same data for the most recent survey. The red line that you see there is the top 10 cutoff point, and you can see Splunk, which didn't make the cut in April is back on the four-star list. It's very possible buyers took a pause last quarter and focused attention on work from home, but Splunk continues to impress as it shifts toward the subscription model that we've talked about in the past. Splunk is a very strong hold on the sim space, but everyone wants a piece of Splunk, especially some of the traditional firewall companies who they're seeing their hardware business dying. So we're watching the competition from these players, but also some other players like Tenable. Now Proofpoint fell off the four-star list because its net score didn't make the top 10. CrowdStrike, CyberArk, and Zscaler also fell back because they dropped below the top 10 in shared end. But we still really like these companies and expect them to continue to do well. You know, could be some anomalies in the survey, but we're trying to be as transparent as possible with you, share the data, listen to it, interpret it, and really adjust our models accordingly each quarter. Now let me make a few points and try to interpret what might be happening here. First, I want to point out, OctaPops to the top of the net score ranking, overtaking CrowdStrike's momentum from the last survey. Now one customer in the financial services sector told Eric Bradley on a recent Venn, we're seeing amazing things from Octa, but the traditional firewall companies are stepping into identity. They may not be best of breed, but they have a level of integration, and that's appealing to this individual. This person also specifically called Palo Alto in Fortnett is trying to encroach on that space, so keep your eyes on that. Now CrowdStrike has declined noticeably, which surprised us. Zscaler is actually showing more momentum relative to the last survey, so that's a positive. Palo Alto and Microsoft are consistently holding serve and continue to be leaders. Proofpoint and CyberArch are showing a bit of a velocity drop, and SalesPoint and Tenable are also catching our attention in this survey. And of course, SalesPoint, which is identity management, had a great quarter and reinstituted its guidance, giving us the benefit of hindsight on its performance, so it was actually pretty easy to give them two stars. Now just a side note, by the way, we've cut the data here with those companies that have more than 50 mentions in the sector. We didn't do that the first time we did this. We allowed companies with less than 50, so we're trying to tighten that up a bit. So we still maintain strongly that you're seeing Cloud Endpoint and Identity as the big security themes here. CISOs need tools to be responsive. They don't want to just get an alert. SecOps Pros would rather immediately shut off access and risk pissing off a user than getting hacked. And companies are increasingly turning to AI to detect and they're relying on automation to remediate or protect and fence off critical resources. Let's now look at the two players or players in our two-dimensional view. Followers of this program know that we like to plot vendors within a sector across two of our favorite metrics, net score or spending momentum, which is a simple metric that tracks those spending more versus less on the technology. And market share, which measures a vendor's pervasiveness in the data set. And it's calculated by taking the number of mentions a vendor gets within a sector divided by the total responses. What we show here are the key security players that we've highlighted over the last several quarters. Let me start with Microsoft. Microsoft has consistently performed well in the security sector, as well as other parts of the ETR taxonomy, as you know. They have a huge presence in the survey, which is indicated on the horizontal axis. And you can see they have a very solid net score, which is shown in the Y-axis, impressive for a company their size. Now, one interesting thing is you don't see AWS in this chart. And it's because AWS and Microsoft at least so far have somewhat different strategies with respect to security. Microsoft with its long application software history and SaaS presence across Office 365 and SharePoint, et cetera, with Active Directory has been really focused on selling security solutions to directly protect its apps. They have offerings like Defender ATP, which is Advanced Threat Protection, Sentinel, which is Microsoft SIM cloud offering, Azure Identity Access Management. And the company's really going hard after this space. Now, AWS of course prioritizes security, but they don't show an ETR data set the same way Microsoft does. It's almost like AWS is hiding in plain sight. Look, AWS has always put a great deal of emphasis on security and securing its infrastructure, like the S3 buckets in its, you know, it announced IAM for EC2 way back in 2012. And last year at its reinforced conference, you saw an impressive focus on security and a burgeoning security ecosystem. In fact, when you think of getting started in AWS, you really think about three things, EC2, S3, and IAM. So I'd expect to see AWS really become more prominent over time in the data set. And I'll spend a minute talking about Okta. For the first time since we've been analyzing the security space with ETR data, Okta has the highest net score at 58%. It had consistently been CrowdStrike with this moniker and the momentum lead. The company though has dropped in this quarter survey and that's something that we're watching. And by the way, we're not implying that Okta and CrowdStrike are direct competitors, they're not. Now as you can see, nonetheless, that CrowdStrike, Zscaler, and SailPoint show very elevated net scores. And we've plotted tenable here, which is also showing some strength. So you can see the respective positions of Proof Point and Fortinet. These are more mature companies. They were founded in the early part of the century. So you'd expect them to have somewhat lower net scores given their history and maturity. And then there's Cisco. They got a huge presence in the data and big in security. Cisco's doing really well in that space. It consistently grows its security business in the double digits each quarter. And it's a real feather in the Cisco portfolio cap. This is important because Cisco's traditional hardware business continues to come under pressure. Splunk, we talked about a lot and it's no surprise at their leadership position. But I want to talk a little bit more about Palo Alto Networks. Here's a company that we've talked about quite a bit in the past. They are a tier one player in security. They got great service. CISOs want to work with them because they are thought leaders. They're like a gold standard and have an impressive portfolio of great solutions. But their traditional firewall business is coming under pressure for the reasons that we discussed earlier. Now Palo Alto has expanded its portfolio into the cloud and with Prisma, the company's suite of security services, it will maintain a leadership position in our view. But Palo Alto Networks, as we've discussed, had some missteps with its product transition, its sales execution, and some challenges with its pricing models. And it hurt their stock price. But we've always said that they would work through these issues and that was a buying opportunity. The other thing about Palo Alto is they're considered the expensive choice. You got to pay for that gold standard, but that's what customers will tell us. And so you're paying up for those top tier offerings, but that's a sort of two-edge sword for Palo Alto. Here's an example why. People often compare Fortinet to Palo Alto. And as we've shared in previous segments, the valuation divergence between Palo Alto and Fortinet, where the ladder was making a smoother transition to its future. And people often tell us that Fortinet, well, maybe it's considered not as elite as Palo Alto. They are a value choice. Their stuff just works. And Fortinet is a great alternative to Palo Alto. And that has served them very well. Now let's take a closer look at the valuations of some of these companies. We started off this segment by saying that the pandemic has affected every sector and especially cybersecurity. So the next chart that we're showing here is the progression of key valuation metrics since earlier this year. What we show are the valuations of nine of the companies in the sector since mid-February. The data tracks their respective valuations, their revenue multiples, their growth rates in both value and revenue. Revenue growth is shown in the last column for the most recent quarterly report. Now the companies in red have yet to report. They report any day now. So as I said, I'm flying a little bit blind here and we'll have to take a look after the earnings to see how the survey data aligns with the actual results. But let me make a few points here. First here's the S&P and NASDAQ performance. You see it in February and June and August pandemic. Recession, what are you talking about? You'd never know it looking at this data. The NASDAQ especially is up 14% since mid-February, which is quite astounding. Next, I want to come back to the discussion about Palo Alto and Fortinet. Fortinet already has reported this quarter and Palo Alto has not, but you can see based on the revenue multiples highlighted in red that the valuation divergence is starting to shrink a little bit and we'll see if that holds up after Palo Alto reports. Now the big eye popper in this chart is the valuation increases from February to August for Okta, CrowdStrike and Zscaler. 52%, 67% and 104% increase respectively. Now you can't say we didn't warn you that these companies were all well positioned when we reported last year and in our January episode, but I did say actually to be honest in the last episode that these three I thought were getting a little expensive. That was a couple of months ago and since then they've continued to run up. So if you've been waiting for an entry point based on my advice, well, I'm sorry for that, but look at the revenue multiples and look at the expansion in the orange. Okta goes from 34x to 52x, CrowdStrike from 39x to 66x, Zscaler 25x to 43x. I mean, wow, let's see what happens after these three report. By this time I would have hoped that they take a little breather maybe over the summer and you could have jumped in to these stocks but they just keep going up. And despite the decline in net score for CrowdStrike I still really like all three of these companies and feel that they're very well positioned from a product standpoint and customer feedback perspective. And finally, I want to mention SailPoint which we said last time was one to watch. SailPoint crushed its quarter bringing in some large deals and providing forward guidance. Nearly a 50% valuation increase since February and a revenue multiple expansion from last quarter where the street, last quarter wasn't really thrilled with the numbers but identity management is hot and so now is SailPoint from the street's perspective. The last thing I'll say here is watch the growth rates. Expectations are very high for some of these companies and the street will cream any of them that misses. Now that may be your opportunity to jump in because I like these companies. I think they're disruptors but as always do your research and watch out for the big whales trying to freeze the markets on these guys. All right, let's wrap up. We've covered a lot of ground today and surfed the landscape a little bit. So look, the trend is plain as day. The move to SaaS is entrenched and by the way, this isn't necessarily all good news for buyers, CIOs and CFOs tell me that the dark side of CapEx to OPEX is unpredictable bills but the flexibility and business value gained is outweighing the downside and every vendor in this space is transitioning into a SaaS and annual recurring revenue model. We believe the remote work trend is here to stay. Organizations are re-architecting their business around work from home and we think that they're seeing some real benefits. They've made investments and it's driving new modes of work and productivity. They're not just going to throw away those investments. Why should they? Just to go back to the old way, it's not going to happen. And as we've said previously, look the internet it's like the new private network so you've got a question, VPNs and SD-WAN they start to look like stop gaps and of course, the cloud endpoint security, cloud-based IAM, they are clearly winning in the marketplace. You know, we're also seeing new security regimes emerge where the CISO and the SecOps team are not this island. We've seen even some CISOs falling back under the CIO which used to be taboo, used to be thought of that's like the Fox guarding the henhouse but this idea of shared responsibility is not just between the cloud providers and the SecOps teams. Because security is a board level priority every one of the business is becoming more aware, more attuned and despite the millennials fascination with and undaunted courage when it comes to TikTok, I digress. Now, the last two points are interesting. I remember reading a post by John Oltsek who was an ESG security analyst and he predicted last year that integrated suites would win out over the buffet of point products on the market. And you know, generally I agreed with that assessment but look at least in the near term and probably midterm that doesn't seem to be happening as we've seen these hot companies really take off the ones that we've highlighted. Now, these companies have ambitions beyond selling products and they would bristle at me lumping them into point products. Their boards are going after platform plays. So they're on a collision course with each other and the big guys. This should be fun to watch because the big integrated companies are well funded. They got great cash flow. They got large customer bases and I've said they're not going down without a fight. So I would expect eventually there's going to be more of an equilibrium to what seems to be right now a bifurcated and unbalanced market today. So you're going to see more M&A activity, expect that. However, at these valuations, some of these companies that we've highlighted they're becoming acquisition proof. As such, they'd better keep innovating or they're going to be in big trouble. All right, that's it for today. Remember these episodes are all available as podcasts wherever you listen. So please subscribe. I publish weekly on wikibon.com. We've added in the wikibon menu bar a breaking analysis link that has all the episodes in there. I also publish on siliconangle.com. So check that out and please do comment on my LinkedIn posts. Don't forget to check out etr.plus for all the survey action. Get in touch on Twitter. I'm at dvalante or email me at david.valante at siliconangle.com. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching everybody. Be well and we'll see you next time.