 From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. While by no means a safe haven, the cybersecurity sector has outpaced the broader tech market by a meaningful margin. That is up until very recently. Cybersecurity remains the number one technology priority for the C-suite, but as we've previously reported, the CISO's budget has constraints, just like other technology investments. Recent trends show that economic headwinds have elongated sales cycles, pushed deals into future quarters, and just like other tech initiatives, are pacing cybersecurity investments and breaking them into smaller chunks. Hello and welcome to this week's Wikibon Cube Insights, powered by ETR. In this Breaking Analysis, we explain how cybersecurity trends are reverting to the mean and tracking more closely with other technology investments. We'll make a couple of valuation comparisons to show the magnitude of the challenge and which cyber firms are feeling the heat, which aren't. There are some exceptions. We'll then show the latest survey data from ETR to quantify the contraction and spending momentum and close with a glimpse of the landscape of emerging cybersecurity companies, the private companies that could be ripe for acquisition, consolidation, or disruptive to the broader market. First, let's take a look at the recent patterns for cyber stocks relative to the broader tech market as a benchmark as an indicator. Here's a year-to-date comparison of the BUG ETF, which comprises a basket of cybersecurity names, and we compare that with the tech-heavy NASDAQ composite. Notice that on April 13th of this year, the cyber ETF was actually in positive territory while the NAS was down nearly 14%. Now by August 16th, the green turned red for cyber stocks, but they still meaningfully outpaced the broader tech market by more than 950 basis points. As of December 2nd, that delta had contracted. As you can see, the cyber ETF is now down nearly 25%. Year-to-date while the NASDAQ is down 27% and change. Take a look at just how far a few of the high profile cybersecurity names have fallen. Here are six security firms that we've been tracking closely since before the pandemic. We've been tracking dozens, but let's just take a look at this data and subset. We show, for comparison, the S&P 500 and the NASDAQ, again, just for reference, they're both up since right before the pandemic. They're up relative to right before the pandemic. And then during the pandemic, the S&P shot up more than 40% relative to its pre-pandemic level around February is what we're using for the pre-pandemic level. And the NASDAQ peaked at around 65% higher than that February level. They're now down 85% and 71% of their previous. So they're at 85% and 71% respectively from their pandemic highs. You compare that to these six companies, Splunk, which was and still is working through a transition is well below its pre-pandemic market value. And it's 44% of its pre-pandemic high as of last Friday. Palo Alto Networks is the most interesting here in that it had been facing challenges prior to the pandemic related to a pivot to the cloud, which we reported on at the time. But as we said, at that time, we believe the company would sort out its cloud transition and its go-to-market challenges, its sales compensation issues, which it did, as you can see, and its valuation jumped from 24 billion prior to COVID to 56 billion and it's holding 93% of its peak value. Its revenue run rate is now over six billion with a healthy growth rate of 24% expected for the next quarter. Similarly, Fortinet has done relatively well holding 71% of its peak COVID value with a healthy 34% revenue guide for the coming quarter. Now, Okta has been the biggest disappointment. A darling of the pandemic, Okta's communication snafu with what was actually a pretty benign hack combined with difficulty absorbing its $7 billion off zero acquisition, knocked the company off track. Its valuation has dropped by 35 billion since its peak during the pandemic and that's after a nice beat and bounce back quarter just announced by Okta. Now, in our view, Okta remains a viable long-term leader in identity. However, its recent fiscal 24 revenue guide was exceedingly conservative at around 16% growth. So either the company is sandbagging or has such poor visibility that it wants to be like super cautious or maybe it's actually seeing a dramatic slowdown in its business momentum. After all, this is a company that not long ago was putting up 50% plus revenue growth rates. So it's one that bears close watching. CrowdStrike is another big name that we've been talking about on breaking analysis for quite some time. It like Okta has led the industry in a key ETR performance indicator that measures customer spending momentum. Just last week, CrowdStrike announced revenue increased more than 50% but new ARR was soft and the company guided conservatively. Not surprisingly, the stock got absolutely crushed as CrowdStrike blamed tepid demand from smaller and mid-sized firms. Many analysts believe that competition from Microsoft is one factor along with cautious spending amongst those mid-size and smaller customers. Notably large customers remain active. So we'll see if this is a longer term trend or an anomaly. Zscaler is another company in the space that we've reported having great customer spending momentum from the ETR data. But even though the company beat expectations for its recent quarter, like other companies, its outlook was conservative. So other than Palo Alto went to a lesser extent, Fortinet, these companies and others that we're not showing here are feeling the economic pinch and it shows in the compression of value. CrowdStrike, for example, had a $70 billion valuation at one point during the pandemic. Zscaler top 50 billion, Okta 45 billion. Now, having said that, Palo Alto Networks, Fortinet, CrowdStrike and Zscaler are all still trading well above their pre-pandemic levels that we tracked back in February of 2020. All right, let's go now back to ETR's January survey and take a look at how much things have changed since the beginning of the year. Remember, this is obviously pre-Ukraine and pre-all the concerns about the economic headwinds, but here's an XY graph that shows a net score or spending momentum on the Y-axis and market presence on the X-axis. The red dotted line at 40% on the vertical indicates a highly elevated net score. Anything above that, we think is super elevated. Now, we filtered the data here to show only those companies with more than 50 responses in the ETR survey. It's still really crowded. Note that there were around 20 companies above that red 40% mark, which is a very high number. It's a crowded market, but lots of companies with positive momentum. Now, let's jump ahead to the most recent October survey and take a look at what's happening. Same graphic, plotting, spending momentum and market presence and look at the number of companies above that red line and how it's been squashed. It's really compressing. It's still a crowded market, still plenty of green, but the number of companies above 40%, that key mark has gone from around 20 firms down to about five or six and it speaks to that compression and IT spending. And of course, the elongated sales cycles, pushing deals out, taking them in smaller chunks. I can't tell you how many conversations with customers I had last week at Reinvent underscoring this exact same trend. The buyers are getting pressure from their CFOs to slow things down, do more with less and prioritize projects to those that absolutely are critical to driving revenue or cutting costs. And that's rippling through all sectors, including cyber. Now let's do a bit more playing around with the ETR data and take a look at those companies with more than a hundred citations in the survey this quarter. So n greater than or equal to a hundred. Now remember, the followers of Breaking Analysis know that each quarter we take a look at those, what we call four-star security firms. That is, those that hit the top 10 for both spending momentum, net score and the end, the mentions in the survey, the presence, the pervasiveness in the survey and that's what we show here. The leftmost chart is sorted by spending momentum or net score and the right-hand chart by shared end or the number of mentions in the survey, that pervasiveness metric. That solid red line denotes the cutoff point at the top 10 and you'll note we've actually cut it off at 11 to account for OTH zero, which is now part of OCTA. And it's going through a go-to-market transition with the company. They're kind of restructuring sales so they can take advantage of that. So starting on the left with spending momentum, again, net score, Microsoft leads all vendors. Typical Microsoft, very prominent. Although it hadn't always done so. For a while CrowdStrike and OCTA were taking the top spot, now it's Microsoft. CrowdStrike is still always near the top but note that cyber arc and cloud flare have cracked the top five and OCTA, which as I just said was consistently at the top, has dropped well off its previous highs. You'll notice that Palo Alto Networks with a 38% net score, just below that magic 40% number is healthy, especially as you look over to the right-hand chart. Take a look at Palo Alto with an N of 395. It is the largest of the independent pure play security firms and has a very healthy net score. Although one caution is that net score has dropped considerably since the beginning of the year, which is a case for most of the top 10 names. The only exception is Fortinet. They're the only ones that saw an increase since January in spending momentum as ETR measures it. Now this brings us to the four star security firms. That is those that hit the top 10 in both net score on the left-hand side and market presence on the right-hand side. So it's Microsoft, Palo Alto, CrowdStrike, Octa, still there, even not accounting for Auth0, just Octa on its own. If you put in Auth0, it's even stronger, adding then in Fortinet and Zscaler. So Microsoft, Palo Alto, CrowdStrike, Octa, Fortinet and Zscaler. And as we've mentioned since January, only Fortinet has shown an increase in net score since that time. Again, since the January survey. Now again, this talks to the compression in spending. Now one of the big themes we hear constantly in cybersecurity is the market is overcrowded. Everybody talks about that, me included. The implication there is there's a lot of room for consolidation. And that consolidation can come in the form of M&A or it can come in the form of people consolidating onto a single platform and retiring some other vendors and getting rid of duplicate vendors. We're hearing that as a big theme as well. Now as we saw in the previous chart, this is a very crowded market and we've seen lots of consolidation in 2022 in the form of M&A. Literally hundreds of M&A deals with some of the largest companies going private. SailPoint, NoB4, Barracuda, Mandiant, Fordruck, these multi-billion dollar acquisitions are at least billion dollars and up and many of them multi-billion for these companies and hundreds more acquisitions in the cyberspace. Now, lest you think the pond is overfished, here's a chart from ETR of emerging tech companies in the cybersecurity industry. This data comes from ETR's Emerging Technologies Survey, ETS, which is this diamond in a rough that I found a couple of quarters ago and it's ripe with companies that are candidates for M&A. Many of these companies would have liked to gotten to the public markets during the pandemic but they couldn't get there, they weren't ready. So the graph, similar to the previous one, but different. It shows net sentiment on the vertical axis and that's a measurement of intent to adopt against a mind share on the X axis which measures the awareness of the vendor in the community. So this is specifically a survey that ETR goes out and fields only to track those emerging tech companies that are private companies. So some of the standouts in mind share our one trust, beyond trust, tanium, an endpoint, net scope, which we've talked about in previous breaking analysis, one password which has been acquisitive on its own in identity, the managed security service provider, Arctic Wolf Network, a company we've also covered, we've had their CEO are on, we've talked about MSSPs as a real trend, particularly in small and medium-sized business, we'll come back to that. Sneak, kind of high flyer in both app security and containers, and you can just see the number of companies in the space is huge and it just keeps growing. Now, just to make it a bit easier in the eyes, we've filtered the data on these companies and isolated on those with more than 100 responses only within the survey, and that's what we show here. Some of the names that we just mentioned are a bit easier to see, but these are the ones that really stand out in ETR's ETS survey of private companies. One trust, beyond trust, Tainium, NetScope, which is in cloud, one password, Arctic Wolf, Sneak, BitSight, Security Scorecard, Hacker One, Code 42, Exabeeam, and Sim, all of these hit the ETS survey with more than 100 responses by the IT practitioners. Okay, so these firms, you know, maybe they do some M&A on their own. We've seen that with Sneak, as I said, one password has been acquisitive as have others. Now, these companies, with the larger footprint, these private companies, will likely be candidate for both buying companies and eventually going public when the markets settle down a bit. So again, no shortage of players to affect consolidation, both buyers and sellers. Okay, so let's finish with some key questions that we're watching. CrowdStrike in particular on its earnings call cited softness from smaller buyers. Is that because these smaller buyers have stopped adopting? If so, are they more at risk or are they tactically moving toward the easy button, AKA Microsoft's good enough approach? What does that mean for the market if smaller company cohorts continue to soften? How about MSSPs? Will companies continue to outsource or pause on that as well as try to free up some budget? Adam Salipsky at re-invent last week said, if you want to save money, the cloud's the best place to do it. Is the cloud the best place to save money in cyber? Well, it would seem that way from the standpoint of controlling budgets with lots of optionality. You could dial up and dial down services. Or does the cloud add another layer of complexity that has to be understood and managed by devs, for example. Now, consolidation should favor the likes of Palo Alto and CrowdStrike as their platform players and some of the larger players as well, like Cisco. How about IBM and of course, Microsoft? Will that happen? And how will economic uncertainty impact the risk equation of particular concern is increased attacks on vulnerable sectors of the population, like the elderly? How will companies and governments protect them from scams? And finally, how many cybersecurity companies can actually remain independent in the slingshot economy? In so many ways, the market is still strong. It's just that expectations got ahead of themselves and now as earnings forecast come down and come down to earth, it's going to basically come down to who can execute, generate cash and keep enough runway to get through the knot hole. And the one certainty is nobody really knows how tight that knot hole really is. All right, let's call it a wrap. Next week we dive deeper into Palo Alto networks and take a look at how and why that company has held up so well and what to expect at Ignite, Palo Alto's big user conference coming up later this month in Las Vegas. We'll be there with theCUBE. Okay, many thanks to Alex Meyerson on production and manages the podcast Ken Schiffman as well as our newest addition to our Boston studio, great to have you Ken. Kristen Martin and Cheryl Knight helped get the word out on social media and in our newsletters and Rob Hoth is our EIC over at Silicon Angle. He does some great editing for us, thank you to all. Remember these episodes are all available as podcast. Wherever you listen, just search Breaking Analysis Podcast. I publish each week on wikibon.com and siliconangle.com or you can email me directly, david.volante at siliconangle.com or DM me at dvolante or comment on our LinkedIn posts. Please do check out etr.ai. They got the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching and we'll see you next time on Breaking Analysis.