 From the SiliconANGLE Media office in Boston, Massachusetts, it's theCUBE. Now, here's your host, Dave Vellante. Hello everyone and welcome to this week's WikibonCube Insights powered by ETR. In this breaking analysis ahead of the RSA conference, we want to update you on the cybersecurity sector. This year's event is underlined by coronavirus fears. IBM has pulled out of the event and cited the epidemic as the reason. And it also brings to the front the sale of RSA by Dell to STG Partners, a private equity firm. Now in our last security drill down, we cited several mega trends in the security sector. These included the ever escalating sophistication of the attacker, the increased risk from the data economy, the expanded attack surface with the huge number of IP addresses that are exploding out there, and the lack of skills and the number of cyber tools that are coming to the market. Now, as you know, in these segments, we'd like to share insights from theCUBE and I want you to listen to two American statesmen and what they said on theCUBE. Here's General Keith Alexander, who's the former director of the NSA, along with Dr. Robert Gates, who's the former director of the CIA and former secretary of defense. Play the clip. When you think about threats, you think about nation states, so that you can go to Iran, Russia, China, North Korea, and then you think about criminal threats with all the things like ransomware. Some of the nation state actors are also criminals at night, so they can use nation state tools. And my concern about all the evolution of cyber threats is that the attacks are getting more destructive. I think cyber and the risks associated with cyber and IT need to be a regular part of every board's agenda. So you hear General Alexander really underscore the danger as well, Dr. Gates is articulating what we've said many times on theCUBE that cybersecurity is a board level agenda item. Now the comments from both of these individuals represent what I would consider tailwinds for cyber technology companies. Now we're going to drill into some of those today, but it's not all frictionless. There are headwinds too in this market space. Cloud migration, the shift from North South to East West network traffic, it's pressuring traditional appliance based perimeter security solutions, increased complexity and lack of skills and other macro factors, including questions on ROI. CFO saying, hey, we spend all this cash, why aren't we more secure? Now, I want you to hear from two chief information security officers on both the challenges that they face and how they're dealing with them. Roll the clip. Lack of talent. I mean, we're starving for talent. Cyber security is the only field in the world with negative unemployment. We just don't have the actual bodies to actually fill the gaps that we have. And in that lack of talent, ceaseless are starving. I think that the public cloud offers us a really interesting opportunity to reinvent security, right? So if you think about all of the technologies and processes and many of which are manual over the years, I think we have an opportunity to leverage automation to make our work easier in some ways. Now I've featured Brian Lozada and Katie Jenkins before in breaking analysis segments. And you can hear it from these cyber leaders. We lack the talent and cloud computing and automation are areas we're pursuing. So this challenges security companies to respond. But at the end of the day, companies have no choice. In other words, organizations buying security solutions. The sophistication of the attacker is very high and the answer to my CFO and ROI is fear-based. If you don't do this, you might lose billions in market cap. Now I want you to take a listen to these CUBE alum talking about the attacker sophistication and the importance of communication skills in order to fund cyber initiatives really to keep up with the bad guys. Please play the clip. The adversary is talented and they're patient, they're well-funded. Okay, that's where it starts. And so, why bring an interpreter to a host when there's already one there? Why write all this complicated software distribution when I can just use yours? And so that's where the game starts. And the most advanced threats aren't leaving footprints because the footprints are already there. They'll get on a machine and behaviorally they'll check the cache to see what's hot. And what's hot in the cache means that behaviorally it's a path they can go. They're not cutting a new trail most of the time, right? So living off the land is not only the tools that they're using, your automation, they're using against you, but it's also behavioral. That's why the most important talent or skill that a security professional needs is communication skills. If you can articulate technical risk into a business risk to fund your program, it's very hard for you actually to be successful in security. Now, the really insidious thing about what TK Kianini just said is the attackers are living off the land, meaning they're using your tools and your behaviors to sneak around your data unnoticed. And so as Brian Lazada said, as a security pro, you need to be a great communicator in order to get the funding that you need to compete with the bad guys. Which brings me to the RSA conference. This is why you as a security practitioner attend. You want to learn more, you want to obtain new skills, you want to bring back ideas to your organization. Now, one of the things I did to prepare for this segment is to read the RSA conference content agenda, which was co-authored by Britta Glade. And I read numerous blogs and articles about what to expect at the event. And from all that, I put together this word cloud, which conveys some of the key themes that I would expect you're going to hear at the shows. Look at skills that jump right out. Just like Brian was saying, the human element is going to be a big deal this year. IOT and the ITOT schism. Everyone's talking about the Olympics and seeing that as a watershed event for cyber. How to apply machine learning in AI is a big theme as is cloud with containers and serverless, phishing, zero trust in frameworks, frameworks for privacy, frameworks for governance, and compliance. The 2020 election and weaponizing social media with deep fakes and expect to hear a lot about the challenges of securing 5G networks, open source risks, supply chain risks, and of course the need for automation. And it's no surprise there's going to be a lot of talk about cyber technology, the products, and of course the companies that sell them. So let's get into the market and unpack some of the ETR spending data and drill into some of these companies. The first chart I want to show you is spending on cyber relative to other initiatives. What this chart shows is the spending on cybersecurity highlighted in the green in relation to other sectors in the ETR taxonomy. Notice the blue dot. It shows the change in spending expected in 2020 versus 2019. Now, two points here. First is that despite the top of my narrative that we always hear, the reality is that other initiatives compete for budget and you just can't keep throwing cash at the security problem. As I've said before, we spend like 0.014% of our global GDP on cyber. So we barely scratch the surface. The second point is there's a solid year on year growth quite high at 12% for a sector that's estimated at $100 to $150 billion worldwide according to many sources. Now, let's take a look at some of the players in this space who are going to be presenting at the RSA conference. You might remember to my 2020 predictions in that breaking analysis, I focused on two ETR metrics, net score, which is a measure of spending velocity and market share, which measures pervasiveness in the data set. And I anointed nine security players as four-star players. These were Microsoft Cisco Palo Alto Network Splunk Proof Point, Fortinet, Okta, CyberArk, and CrowdStrike. What I'm showing here is an update of that data with the January survey data. My four-star companies were defined as those in the cybersecurity sector that demonstrated both net scores or spending momentum, that's the left-hand chart, and market share or pervasiveness on the right-hand chart. Within the top 22 companies, why did I pick 22? Well, it seemed like a solid number and it fit nicely in the screen and allowed more folks in. So a few takeaways here. One is that there are a lot of cybersecurity companies in the green from the standpoint of net score. Number two is that Fortinet and Cisco fell off the four-star list because of their net scores. While still holding reasonably well, they dropped somewhat. Also, some other companies like Veronis and Veracode and Carbon Black jumped up on the net score rankings. But Cisco and Fortinet are still showing some strength in the market overall, I'm going to talk about that. Cisco's security business was up 9% in the quarter and Fortinet is breaking away from Palo Alto and networks from a valuation perspective, which I'm going to drill into a bit. So we're going to give Cisco and Fortinet two stars this survey period. But look at Zscaler, they made the cut this time. Their net score or spending momentum jumped from 38% last quarter to nearly 45% in the January survey, with a sizable shared in at 123. So we've added Zscaler to the four-star list. They have momentum and we're going to continue to watch that quarterly horse race. Now, I'd be remiss if I didn't point out that Microsoft continues to get stronger and stronger in many sectors, including cyber. So that's something to really pay attention to. Okay, I want to talk about the valuations a bit. Valuations of cyber security space are really interesting and for reasons we've discussed before, the market's hot right now. Some people think it's overvalued, but I think the space is going to continue to perform quite well relative to other areas in tech. Why do I say that? Because cyber continues to be a big priority for organizations. The software and annual recurring revenue contribution ARR continues to grow. M&A is going to continue to be robust in my view, which is going to fuel valuations. So let's look at some of the public companies within cyber. What I've compiled in this chart is eight public companies that were cited as four-star or two-star firms as I defined earlier. Now I've ranked this by market value. In the columns, we show the market cap and trailing 12-month revenue in billions. The revenue multiple and the annual revenue growth. Now I've highlighted Palo Alto Networks and Fortunet because I want to drill into those two firms as there's a valuation divergence going on between those two names. And I'll come back to that in just a minute. But first I want to make a few points about this data. Number one is there's definitely a proportional relationship between the growth rate and the revenue multiple or premium being paid for these companies. Generally growth ranges between one and a half to three times the revenue multiple being paid. CrowdStrike, for example, has a 39x revenue multiple and is growing at 110%. So they're at the high end of that range with a growth at 2.8 times their revenue multiple today. Second and related is you can see a wide range of revenue multiples based on these growth rates with CrowdStrike, Okta and now Zscaler as the standouts in this regard. And I have to call it Splunk as well. They're both large and they have high growth. Although they are moving beyond security, they're going into adjacencies and big data analytics, but you have to love the performance of Splunk. The third point is this is a lucrative market. You have several companies with valuations in the double digit billions and many with multi-billion dollar market values. Cyber chaos means cash for many of these companies and of course for their investors. Now Palo Alto throws some of these ratios out of whack, i.e. why the lower revenue multiple with that type of growth and it's because they've had some execution issues lately and this annual growth rate is really not the best reflection of the stock price today. That's really being driven by quarterly growth rates and less robust management guidance. So why don't we look into that a bit? What this chart shows is the one year relative stock prices of Palo Alto networks in the blue and compared to Fortinet in the red. Look at the divergence in the two stocks. Look how they traded in a range and then you saw the split when Palo Alto missed its quarter last year. So let me share what I think is happening. First, Palo Alto has been a very solid performer since an IPO in 2012. It's delivered more than four X returns to shareholders over that period. Now what they're trying to do is cloud proof their business. They're trying to transition more to an ARR model and rely less on appliance centric firewalls. Now firewalls are core part of their business and that has underperformed expectations lately. You can't just take legacy tech and cloud wash it and cloud native competitors like Zscaler are taking advantage of this and setting the narrative there. Now Palo Alto networks has also had some very tough compares in 2019 relative to 2018. That should somewhat abate this year. Also Palo Alto has said some execution issues during this transition especially related to sales and sales incentives and aligning that with this new world of cloud. And finally Palo Alto is in the process of digesting some acquisitions like Twistlock and PureSec and some others over the past year and that could be a distraction. Fortinet on the other hand is benefiting from a large portfolio refresh as capitalizing on the momentum that that's bringing. In fact all the companies I listed they may be undervalued despite of all the companies. Sorry that I listed. Fortinet may be undervalued despite the drop off from the four star list that I mentioned earlier. Fortinet is one of those companies with a large solution set that can cover a lot of market space. And while Fortinet faces similar headwinds as Palo Alto it seems to be executing better on the cloud transition. Now the last thing I want to share in this topic is some data from the ETR regression testing. What ETR does is their data scientists run regression regression models and fit a linear equation to determine whether Wall Street earnings consensus estimates are consistent with the ETR spending data. They sort of try to line those up and see what the divergence is. What this chart shows is the results of that regression analysis for both Fortinet and Palo Alto. And you can see the ETR spending data suggests that both companies could outperform somewhat expectations. Now I wouldn't run out and buy the stock based on this data as there's a lot more to this story but let's watch the earnings and see how this plays out. All right, I want to make a few comments about the sale of the RSA asset. EMC bought RSA for around the same number, roughly $2 billion that STG is paying Dell. So I'm obviously not impressed with the return that RSA has delivered since 2006. The interesting takeaway is that Dell is choosing liquidity over the RSA cybersecurity asset. So it says to me that their ability to pay down debt is much more important to Dell and their go forward plan. Remember for every $5 billion that Dell pays down in gross debt, it drops 25 cents to EPS. This is important for Dell to get back to investment grade debt, which will further lower its costs. It's a lever that Dell can turn. Now and also in thinking about this, it's interesting that VMware, which remember is acquiring security assets like crazy and most recently purchased carbon black and they're building out a security division. They obviously didn't pound the table fighting to roll RSA into that division. You know or maybe they did and the financial value of the cash to Dell was greater than the value of the RSA customers, the RSA product portfolio and of course the RSA conference. But my guess is Gelsinger and VMware didn't want the legacy tech. Gelsinger said many times that security is broken. It's his mission to fix it or die trying. So I would bet that he and VMware didn't see RSA as a path to fixing security. It's more likely that they saw it as a non-strategic shrinking asset that they didn't want any part of. Now for the record, and I'm not even going to bother showing you the data, but RSA and the ETR dataset is an unimpressive player in cybersecurity. Their market share or pervasiveness is middle of the pack, so it's okay, but their net score spending velocity is in the red and it's in the bottom 20th percentile of the dataset. But it is a known brand certainly within cyber. It's got a great conference and it's probably better than a PE company owns them than being a misfit toy inside a Dell. All right, it's time to summarize. As we've been stressing in our breaking analysis segments and on theCUBE, the adversaries are very capable and we should expect continued escalation. Venture capital is going to keep pouring into startups and that's going to lead to more fragmentation. But the market's going to remain ripe for M&A with valuations on the rise. The battle continues for best-of-breed tools from upstarts like CrowdStrike and Okta and Zscaler versus suites from big players like Cisco, Palo Alto Networks and Fortinet. Growth is going to continue to drive valuations and so let's keep our eyes on the cloud. It remains disruptive and for some provides momentum and for others provides friction. Security practitioners will continue to be well-paid because there's a skill shortage and that's not going away despite the push toward automation. Now we didn't talk about machine intelligence but AI and ML, those tools, they're two-edged sword as bad actors are leveraging installed infrastructure both tools and behaviors to so-called live off the land upping the stakes in the arms race. Okay, this is Dave Vellante for Wikibon's Cube Insights powered by ETR. Thanks for watching this breaking analysis and remember these episodes are all available as podcast at Spotify or wherever you listen. Connect with me at david.vellante at siliconangle.com or comment on my LinkedIn. I'm at D.Vellante on Twitter. Thanks for watching everybody. We'll see you next time.