 From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. Cyber security stocks have been sending mixed signals as of late, mostly negative, like much of tech. But some, such as Palo Alto Networks, despite a tough go of it recently, have held up better than most tech names. Others like CrowdStrike had been out performing broader tech in March, but then flipped in May. Octa's performance was pretty much tracking along with CrowdStrike for most of the past several months, little bit below, but then the Octa hack changed the trajectory of that name. Cscaler has crossed the critical billion dollar ARR revenue milestone, and now sees a path to five billion dollars in revenue, but the company stock fell sharply after its last earnings report and has been on a downtrend since last November. Meanwhile, CyberArk's recent beat and raise was encouraging and the stock acted well after its last report. Security remains the number one initiative priority amongst IT organizations, and the spending momentum for many high-flying cyber names remains strong. So what gives in cybersecurity? Hello and welcome to this week's Wikibon Cube Insights, powered by ETR. In this Breaking Analysis, we focus on security and we'll update you on the latest data from ETR to try to make sense out of the market and read into what this all means in both the near and long-term for some of our favorite names in cyber. First, the news. There's always something happening in security news cycles. The big recent news is new president, Rodrigo Chavez, declared a national emergency in Costa Rica due to the preponderance of Russian cyber attacks on the country's critical infrastructure. Such measures are normally reserved for natural disasters like earthquakes, but this move speaks to the nature of today's cyber threats. Of no surprise is modern superpower warfare, even for a depleted power like Russia almost certainly involves cyber warfare as we continue to see in Ukraine. Privately held Arctic Wolf Networks hired Dustin Williams as its new CFO. Williams has taken three companies to IPO including Nutanix in 2016, a very successful IPO for that company. Whether AWN chooses to pull the trigger this year or we'll wait until markets are less choppy or obviously remains to be seen but it's a pretty clear sign that company is headed to IPO at some point. Now a big point of discussion this week at Red Hat Summit in Boston and the prior week at Dell Technologies World was security. In the case of Red Hat, securing the digital supply chain was the main theme and from Dell building many security features into its storage arrays and cyber resilience services into its as a service offering called Apex. We're seeing a trend where buyers want to reduce the number of bespoke tools they use if they in fact can. Here's IDC's Jim Mercer sharing data from a recent survey they conducted on the topic. Play the clip. Interestingly we did a survey I think around last August or something and one of the questions was around where do you want your security, right? Where do you want to get your DevSecUp security from? Do you want to get it from individual vendors, right? Or do you want to get it from like your platforms that you're using and deploying changes in Kubernetes? Great question, what would they say? The majority of them, they're hoping they can get it built into the platform. That's really what they want. Now whether that's actually achievable is debatable because you have so much innovation and investment going on from the likes of startups and for instance Lacework or Sneak and security companies that are, you see them trying to build platforms. You've got CrowdStrike, Okta, ZScale or many others trying to build security platforms and put it all under their umbrella. Now the last point we'll hit here is there was a lot of buzz in the news about Okta. The reaction to what was a relatively benign hack was pretty severe and probably overblown but Okta's stock is paying the price of what is generally considered a blown communications plan versus a technical failure. Remember identity is not an easy thing to rip and replace and Okta remains a best of breed player and leader in the space. So we're going to look at some ETR data later in this segment to try and make sense of the recent action in the market and certain names. Speaking of which, let's take a look at how some of the names in cybersecurity have fared relative to some of the indices and relative indicators that we like to look at. Here's a Google finance comparison for a number of stocks and names in the bottom there. You can see we plot the hack ETF which tracks security stocks. This is a year to date view. And so we don't show it here but the tech heavy NASDAQ is off around 26% year to date whereas the cyber ETF that we're showing is down 18%. So cyber holding up a little bit better than broader tech as we've reported earlier was actually much better and still seems to be a gap there but the data are mixed. You can see Okta is way off relative to its peers. That's a combination of the breach that we talked about but also the run up in the stock since COVID. CrowdStrike was actually faring better but broke this month. We'll see how its upcoming earnings announcements are received when it announces on June 2nd after the close. A Palo Alto in the light blue has done better than most and until recently was holding up quite well. And of course, sale point is another identity specialist that's kind of off the charts here because it's going private with the acquisition by Tomor Bravo at nearly $7 billion. So you see some mixed signals in cyber these past several months and weeks and so we're trying to understand what that all means. So let's take a look at the survey data and see how spending momentum is holding up as we've reported IT spending forecast at the macro level they've come off their 8% highs from the end of the year the ETR's December survey but robust tech spending is still there. It's expected at nearly 7% and this is amongst 1200 ETR respondents. Here's a picture from the ETR survey of the cybersecurity landscape. That Y axis that's net score or a measure of spending momentum and that horizontal axis is overlap. We used to talk about it as a market share which is a measure of pervasiveness in the data set that dotted red line at 40% indicates an elevated spending momentum level on the vertical axis and we filtered the names and limited to only those with a hundred or more responses in the ETR survey and the picture still pretty crowded as you can see. You get lots of companies above the red dotted line including Microsoft which is up and to the right they're so far off the chart it's just amazing but also Palo Alto and Octa Auth0 which of course is now owned by Octa you get Zscaler cyber arc is making moves sale point and cloud flare they're all above that magic 40% line. Now you look at Cisco it shows a very large presence in the horizontal axis in the data set and it's got pretty respectable momentum and you see Splunk doing okay, no before and tenable just below that 40% line and a lot of names in the very respectable 20% zone and we've included some legacy names just for context that fall below the 0% line with a negative net score and that means a larger proportion that negative net score means a larger proportion of their customers in the survey are spending less than those that are spending more. Now typically for these legacy names you're going to have a huge proportion of customers who have flat spending that kind of fat middle and that's why they sort of don't have that highly elevated score but you know they're still viable as they get the recurring revenue each year. But the bottom line is that spending remains robust for some of the top names that we've talked about earlier despite their rocky stock performance. Now let's filter this data a bit more to make it a little bit easier to read. So to do that we take out Microsoft because they're just so dominant we cherry pick some names to make the data more consumable and scannable. The other data point we've added is Octus net score breakdown the multicolored rows there that row in the bottom right. Net scores it measures the percent of customers that are adding the platform new that's the lime green at 18% for Octa. The forest green is at 42% that's the percent of customers in the survey that are spending 6% or more. The gray is flat spending that's 32% for Octa this past survey. The pink is customers that are spending less that's 3% so they're spending 6% or worse in the survey. It's only 3% for Octa and the bright red at 3% is decommissioning the platform you subtract the reds from the greens and you get a net score well into the 50s for Octa and you can see we highlight Octa here because it's a name that we've been following for quite some time and customers have given us really solid feedback on the technology and up until the hack their affinity to Octa but that seems to be continuing we'll talk more about that but this recent breach to Octa has caused us to take a closer look and you may recall we reported with our ETR colleague Eric Bradley the breach was announced right in the middle of ETR collecting data in the last survey and while we did see a noticeable down tick right after the announcement the exposure of the hack in Octa's net score just after the breach was disclosed you can see the combination of Octa and Auth0 remains very strong. I asked Eric Bradley this morning what he thought about Octa and he pointed out that you can't evaluate this company on its price to earnings ratio but its forward sales multiple is now below seven X and while attractive, these high flyers at some point Eric says they got to start making a profit so you're going to hold that thought we'll come back to that. Now another cut of the ETR data to look at our four star security names here a while back we developed a methodology to try and cut through the noise of the crowded security sector using the ETR data to evaluate two key metrics net score and shared net score again is spending momentum the latter is an indicator of presence in the data set which is a proxy for market presence. Okay, we assigned those companies that cracked the top 10 in both net score and shared in we give them four stars if they make the top 10 this chart here shows the April survey data for those companies with an N that's greater than equal to a hundred responses so again we filtering on those with a hundred or more responses. The table on the left that you see there that's sorted by net score, okay so we're sorting by spending momentum and then the one on the right is sorted by shared in so the presence in the data set. Seven companies hit the top 10 for both categories Palo Alto network, Splunk, CrowdStrike, Octa, Proofpoint, Fortinet and Zscaler. Now, remember, take a look Octa excludes Auth0 and this little methodology that we came up with because Auth0 didn't make the cuts but it hits the top 10 for net score so if you add in Auth0's 112 and there that you see on the right you add that into Octa we put Octa in the number two spot in the survey on the right most table with a shared end of 354 only Cisco has a higher presence in the data set and you can see Cisco on the left lands just below that red dotted line that's the top 10 in security so if we were to combine Octa and Auth0 as one Cisco would make the cut and earn four stars. Now some other notables are CyberArch which is just below the red line on the right most chart an impressive 177 shared end and again if you combine Auth0 and Octa CyberArch makes the four star grade because it's in the top 10 for net score on the left and SailPoint is another notable with net score above 50% and it's got a shared end of 122 which is respectable. So despite the market's choppy waters we're seeing some positive signs in the survey data for some of the more prominent names that we've been following for the last couple of years. So what does this mean for the markets going forward? You know as always when we see these confusing signs we like to reach out to the network and one of the sharpest traders out there is Chip Simington, we've quoted him before and we like to share some of his insights and so we're going to highlight some of that here. So technically almost every good tech stock is oversold and as such he suggested we might see a bounce here. We certainly are seeing that on this Friday the 13th but the right call tactically has been to sell into the rally these past several months so we'll see what happens on Monday. The key issue with the name like Octa and some other momentum names like CrowdStrike and Zscaler is that when money comes back into tech it's likely going to go to the Fankstocks the Facebook, Apple, Amazon, Netflix, Google and of course you put Microsoft in there as well. We'll see about Amazon by the way it's kind of out of favor right now as everyone's focused on the retail side of the business and meanwhile it's cloud business is booming and that's where all the profit is we think that should be the real focus for Amazon but the point is for these momentum names in cybersecurity that don't make money they face real headwinds as growth is slowing overall and interest rates rise that makes the net present value of these investments much less attractive. We've talked about that before but longer term we agree with Chip Simington that these are excellent companies and they will weather the storm and we think they're going to lead their respective markets and in cyber we would expect continued M&A activity which could act as a booster shot in the arms of these names. Now in 2019 we saw the ETR data it pointed to CrowdStrike, Zscaler, Octa and others in the security space some of those names that really looked to us like they were moving forward and the pandemic just created a surge in these names and admittedly they got out over their skis but the data suggests that these leading companies have continued momentum and the potential for staying power unlike the solar winds hack it seems at this point anyway that Octa will recover in the market and for the reasons that we cited investors you know they might stay away for some time but longer term there's a shift in CISO security strategies that appear to be permanent. They're really valuing cloud based modern platforms and these platforms will likely continue to gain share and carry their momentum forward. Okay that's it for now thanks to Stephanie Chan who helps with the background research and with social. Kristen Martin and Cheryl Knight helped get the word out and do some great work as well. Alex Myerson is on production and handles all of our podcasts. Alex, thank you. And Rob Hough is our editor-in-chief at Silicon Angle. Remember all these episodes they're available as podcasts. You can pop in the headphones and listen to search breaking analysis podcast. I publish each week on wikibon.com and siliconangle.com. Don't forget to check out etr.ai best in the business for real customer data. It's an awesome platform. You can reach me at david.volante at siliconangle.com or at dvolante. You can comment on our LinkedIn posts. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching and we'll see you next time.