 From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. Top security pros indicate that the solar winds hack on top of the pandemic have further heightened a change in how they think about security. Not only must CISO secure an increasingly distributed workforce and network infrastructure, but they now must be wary of software code coming from reputable vendors, including the very patches designed to protect them against cyber attacks. Hello everyone and welcome to this week's Wikibon Cube Insights powered by ETR. In this Breaking Analysis, we'll summarize CISO sentiments from a recent ETR VEN session and provide our quarterly update of the cybersecurity sector. Now, in an upcoming episode, we'll be inviting Eric Bradley of ETR to provide deeper analysis and insights on these trends, but we wanted to give you a preliminary preview of what's happening in the sector as we start off 2021. Now, the solar winds attack was like nothing we've ever seen before. It's been covered quite widely in the press, but in case you don't know the details, Solar Winds is a company that provides software to monitor many aspects of largely on-prem infrastructure, including things like network performance, log files, configuration data, storage, servers and the like. Now, as with all software companies, Solar Winds sends out regular updates and patches. Hackers were able to infiltrate the update and trojanize the software, meaning when customers installed the updates, the malware just went along for the ride. Now, the reason this is so insidious is that often hackers, they're going to target installations that haven't installed patches or updates and identify vulnerabilities in the infrastructure that haven't been addressed, doors that are open that haven't been closed, if you will. Now here, the very code designed to protect against the breach actually facilitated that breach. Now, according to the experts, this was quite a sophisticated attack that most believe was perpetrated by the Russian hacker group Cozy Bear and advanced persistent threat or APT as classified by the US government. Now, it's suspected that somehow they fished their way into a GitHub repo and stole username and password access to allow them to penetrate the supply chain of software that's delivered over the internet. But public information on this attack, it's still spotty, people are still learning. Now, what is known is that the attackers have been lurking since March of last year and they exfiltrated lots of information from the US government and many other high profile companies. Now, here's what the CISOs and the ETRVN had to say about it. Let me just read some of the quotes. The impact of this breach is profound. It really turned a lot of heads and conventions about cybersecurity. I don't think this threat has been exaggerated in the media. We're now in a situation where we have to monitor the monitors. This attack didn't have any signatures of a previous attack. So you got down to the code level. 80 to 90% of that code is being downloaded from the internet. It's bringing DevOps security processes and making us rethink how to reinvent security. And I'll add, my business friend Val Bercovici said to me on Twitter last year that he thinks the government hack is going to have permanent implications on how organizations approach cybersecurity. It seems these CISOs agree. Now, the one question is, what can be done about this? And when you talk to security pros, they'll definitely tell you they're rethinking security practices, but look, there's only so much you can do. Here's a tag cloud summarizing some of what we hear in the CUBE community and in the Venn from ETR practitioners. You hear a lot about zero trust. Many CISOs are really leaning into identity access management and PAM and mandates around two-factor authentication. We've talked a lot about firms like Okta, SailPoint, cyber arc software, and Microsoft is coming up more and more in this conversation, especially as Okta is seen as setting a price umbrella. There's definitely some frustration amongst CISOs about Okta's pricing strategies. And Auth0, which does authentication as a service. That's hitting our radar as well. Now, of course, endpoint security is something we've talked a lot about as the work from home trend hit during the pandemic. It's become much, much more important. And you can see in the growth of CrowdStrike, and as you see in a moment, we're getting some traction with VMware and Carbon Black and the survey data. And of course, Tainium is another company that we've talked about. CISOs, look, they're not just going to rip out what they have. So companies like Cisco, especially with Umbrella and Duo, they come up in the conversation. As does Palo Alto Networks, we've said many times, Palo Alto is seen as a thought leader. CISOs like them. They also like Fortinet, especially those that may be more cost-conscious. We see that a lot in the mid-market and so on. With analytics, micro segmentation, cloud security with Zscaler, and even RPA to automate certain tasks. UiPath has come up in the conversation more and more in a security context. So you look at this tag cloud, and there's no one answer. It's often the case with cybersecurity. Lots of tools, lots of disciplines, and a very capable adversary who has learned to, as they say, live off the land using your own infrastructure and tooling against you. Now the common narrative is that security is a top priority with CISOs and CISOs and budgets are gonna be up. So let's take a look at that. Well, kind of. Here's a chart that shows the net scores or spending momentum for various sectors of the ETR taxonomy, and we've highlighted the information security segment. Yes, it's up relative to the October survey, but it really doesn't stand out. I mean, everything's up as we've reported, coming off a down year in tech spending, minus 4% last year, and we're forecasting a plus six to 7% increase this year, really depending on the pace of their recovery. But the point is, cyber is one of many budget organizations, and organizations, they're simply not gonna open up a blank check to the CISO. Now, part of the reason is they're heavily invested in cyber. This graphic shows several sectors in context, and we've highlighted security in the red box. The vertical axis, that shows spending velocity, and the horizontal axis is market share, or presence in the data set. And you can see the security, it's got a big presence. It's pervasive, of course, but it lags some of the top sectors in terms of spending velocity, because look, organizations, they got lots of priorities. And as you'll see in a moment, this space, like most mature markets, has some companies with off-the-chart spending patterns and others that lag. So let's dig into that a little bit. Here you see that same X, Y graphic, and we've plotted a number of security players. So there's a couple of points here that we want to make. First, Microsoft, as usual, is off the charts to the right, and amazingly has a net score of 48%, so highly elevated. Okta continues to lead this pack in net score as it has the last several surveys. It's got a net score of 61.5% up from last quarter's survey. Okta, CrowdStrike, CyberArk, Fortinet, ProofPoint, and Splunk are all up nicely from last quarter's survey. We also really want to highlight Carbon Black. The company's net score last quarter was 23.9% with 134 mentions. In this quarter, its net score shot up to nearly 38%, so a very meaningful and noticeable move for VMware's $2.1 billion acquisition that it made in the summer of 2019. So a number of companies that have momentum, which stems from a rebound in tech spending, but also a shift in security spend that we've highlighted. And you can see a couple of legacy security firms that are also there in the chart losing momentum. We've highlighted FireEye and RSA. Okay, so now let's dig deeper into the data in the vendor performance. Here's a view of the data that we first showed you in 2019. It shows the net score in the shared N, which identifies the number of mentions within the sector, and it's an indicator of presence in the marketplace. The leftmost chart is sorted by net score and the right hand chart is sorted by shared N. So to make this chart, you had to have at least an N of 50 in the survey. Again, you can see Okta and SailPoint lead in net score and Microsoft has the biggest presence in the right hand side along with Cisco and Palo Alto. And something we started two years ago was if a vendor shows up in the top 10 for both net score and shared N, we anointed them with four stars. So these are the four star companies, Microsoft, Palo Alto, Okta and CrowdStrike, which CrowdStrike, by the way, fell off, but it's back on. And I think that was probably a survey anomaly because based on the company's financials, there has been no loss of momentum for CrowdStrike. And we give two stars to those companies that make the top 20 in both categories. So Cisco, because of Umbrella and Duo, Splunk, Proofpoint, Fortinet, Zscaler, Cybroc and Carbon Black, VMware. Carbon Black is new to the two star list due to its rapid rise in net score that we just talked about. Now, just a quick aside on Carbon Black, at VMworld 2019, Pat Gelsinger told John Furrier and me that he felt like he got a great deal picking up Carbon Black for $2.1 billion. Now his logic was in part based on the valuation of CrowdStrike at the time, which is of course a Carbon Black competitor. CrowdStrike, as you can see on this chart had a valuation that was nine times higher than that of Carbon Black. And you can see from the trailing 12 month revenue that CrowdStrike was a significantly larger company by more than $100 million in revenue. So the real story though was the company's growth. CrowdStrike at the time was growing much, much faster than Carbon Black at more than 100% compared to Carbon Black's 22% roughly. Now, in VMware's recent earnings call, they said that Carbon Black had good bookings performance. So who knows exactly what that means. But if it were more than 22%, my guess is that VMware would have been more effusive in its commentary. So let's assume that since the acquisition, Carbon Black growth has been flat-ish, maybe down, maybe up, but probably flat. So VMware, they're figuring out how to integrate the company. And we think that as it does that, it's going to use its channel of distribution and global presence to really drive Carbon Black sales. Now, nonetheless, we would still peg Carbon Black's valuation of having increased pretty substantially since the time of the acquisition, perhaps in the three to five billion range. We don't know for sure. So, but a nice pickup in our view for VMware and the likely grow from here, based on the ETR data that's very encouraging for Carbon Black. Now, let's look at how the valuations in this sector have changed since before COVID. Here's an updated view of our valuation matrix since just before the pandemic hit in the U.S. As you can see, the S&P is up 16% from that timeframe. The NAS composite up 43%, wow. Now, look at the others. Only Splunk really hasn't seen a huge uptick in valuation, but the others have either risen noticeably like Proofpoint, CyberArk, SailPoint. They bounced up like Palo Alto or Fortinet or exploded like CrowdChat, Octa and Zscaler. You combine all these and you're talking about a $114 billion increase in market cap for these. So, one would think Carbon Black as a VMware asset has done pretty well along with these names. And we would expect that the tech spending rebound this year combined with the heightened concerns over the SolarWinds hack and the tectonic shifts from the accelerated work from home and digital business transformations will continue to bode well for many of these names for quite some time. All right, let's wrap it up with some of the things we're watching in this space. As we exit the pandemic and our experience of new digital reality, cyber threats have never been greater. Look, each January, if you look back on the prior year, you'd be able to say the same thing for the last couple of decades. And the reality is the budgets and spending on cyber, they're asymmetric to the economic risks. We just don't spend enough and probably can't spend enough to solve this problem. Now, CISOs, they have to balance their legacy install-based security infrastructure with the shift to zero trust, accelerated endpoint, new access management challenges, the ever-expanding cloud and dot, dot, dot. Lack of talent remains the single biggest challenge for organizations, which are stretched thin, making investments in automation a trend that is not going to abate anytime soon. In cyber, all the cliches apply. There is no silver bullet. There is no rest for the weary. The adversary, they're well-funded and extremely capable. And they only have to succeed once to create a business disaster for an organization that has to succeed every day, 24 hours a day. So expect more of the same with no end in sight in terms of complexity, fragmentation, and whack-a-mole approaches to fighting cyber crime. I hate to say this, but it just means the fundamentals for this sector just keep getting better and better. Sorry. Okay, that's it for this week. Remember, all these episodes are available as podcasts wherever you listen, so please subscribe. I publish weekly on wikibon.com and siliconangle.com and don't forget to check out etr.plus for all the survey data and the analytics. I appreciate the comments on my LinkedIn post. You can DM me at dvolante or email me at david.volante at siliconangle.com. This is Dave Vellante. Thanks for watching theCUBE Insights powered by ETR. Be well and we'll see you next time.