 From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. After a two-year hiatus, AWS reinforces back on as an in-person event in Boston next week. Like the all-star break in baseball, reinforce gives us an opportunity to evaluate the cybersecurity market overall, the state of cloud security and cross-cloud security, and more specifically what AWS is up to in the sector. Welcome to this week's Wikibon Cube Insights powered by ETR. In this Breaking Analysis, we'll share our view of what's changed since our last cyber update in May. We'll look at the macro environment, how it's impacting cybersecurity plays in the market, what the ETR data tells us and what to expect it next week's AWS reinforce. We start this week with a checkpoint from Breaking Analysis contributor and stock trader Chip Simington. We asked for his assessment of the market generally in cyber stocks specifically. So we'll summarize right here. We've kind of moved on from a narrative of the sky is falling to one where the glass is half empty, and before today's big sell-off, it was looking more and more like glass half full. The snap miss has dragged down many of the big names that comprise the major indices. Earning season always brings heightened interest and this time we're seeing many cross currents. It starts as usual with the banks and the money centers. With the exception of JP Morgan, the numbers were pretty good according to Simington. Investment banks were not so great with Morgan and Goldman missing estimates, but in general, pretty positive outlooks. But the market also shrugged off IBM's growth and of course social media because a snap is getting hammered today. The question is no longer recession or not, but rather how deep the recession will be. And today's PMI data was the weakest since the start of the pandemic. Bond yields continue to weaken and there's a growing consensus that Fed tightening may be over after September as commodity prices weaken. Now gas prices of course is still high but they've come down. Tesla, Nokia and AT&T all indicated that supply issues were getting better which is also gonna help with inflation. So it's no shock that the NASDAQ has done pretty well as beaten down as tech stocks started to look oversold despite today's sell-off. But AT&T and Verizon, they blame their misses in part on people not paying their bills on time. Snaps huge miss even after a guiding lower and then refusing to offer future guidance took that stock down nearly 40% today and other social media stocks are often sympathy. Meta and Google were off over 7% at midday. I think at one point it hit 14% down and Google, Meta and Twitter have all said they're freezing new hires. So we're starting to see according to Simonton for the first time in a long time, the lower income, younger generation really feeling the pinch of inflation along of course with struggling families that have to choose food and shelter over discretionary spend. Now back to the NASDAQ for a moment as we've been reporting in back in mid June the NASDAQ was off nearly 33% year to date and has since rallied it's now down about 25% year to date as of midday today. But as I say, it had been much deeper back in early June. But it's broken that downward trend that we talked about where the highs are actually lower and the lows are lower. That started to change for now anyway, we'll see if it holds. But chip stocks, software stocks and of course the cyber names have broken those down trends and have been trading above their 50 day moving averages for the first time in around four months. And again, according to Simonton we'll see if that holds, if it does that's a positive sign. Now remember on June 24th we recorded a breaking analysis and talked about Qualcomm trading at a 12X multiple with an implied 15% growth rate. On that day the stock was 124 and it surpassed 155 earlier this month. That was a really good call by Simonton. So looking at some of the cyber players here, sale point is of course the anomaly with the Toma Bravo $7 billion acquisition of the company holding that stock up but the bug ETF of basket of cyber stocks is definitely improved. When we last reported on cyber in May CrowdStrike was off 23% year to date. It's now off 4%. Palo Alto has held steadily. Okta is still underperforming its peers as it works through the fallout from the breach and the ingestion of its off zero acquisition. Meanwhile, Zscaler and Sentinel-1 those high flyers are still well off year to date with ping identity and cyber rock not getting hit as hard as their valuations hadn't run up as much. But virtually all these tech stocks generally in cyber issues specifically they've been breaking their downtrend. So it will now come down to earnings guidance in the coming months but the snap reaction is quite stunning. I mean, the environment is slowing. We know that. Ad spending gets cut in that type of market. We know that too. So it shouldn't be a huge surprise to anyone but as Chip Simonton says this shows that sellers are still in control here. So it's gonna take a little while to work through that despite the positive signs that we're seeing. Okay, we also turn to our friend, Eric Bradley from ETR who follows these markets quite closely. Frequently interviews CISOs on his program on his roundtables. So we asked to get his take and here's what ETR is saying. Again, as we've reported while CIOs and IT buyers have tempered spending expectations since December and early January when they call for an 8% plus spending growth they're still expecting a 6% to 7% uptake and spend this year. So that's pretty good. Security remains the number one priority and also is the highest ranked sector in the ETR dataset when you measure in terms of pervasiveness in the study. Within security endpoint detection and extended detection and response along with identity and privileged account management are the sub sectors with the most spending velocity. And when you exclude Microsoft which is just dominant across the board in so many sectors, CrowdStrike has taken over the number one spot in terms of spending momentum in ETR surveys with cyber arc and Tainium showing very strong as well. Okta has seen a big drop off in net score from 54% last survey to 45% in July as customers maybe put a pause on new Okta adoptions that clearly shows in the survey. We'll talk about that in a moment. Look, Okta still elevated in terms of spending momentum but it doesn't have the dominant leadership position at once held in spend velocity. Year on year, according to ETR, Tenable and Elastic are seeing the biggest jumps in spending momentum with SailPoint, Tainium, Veronis, CrowdStrike and Zscaler seeing the biggest jump in new adoptions since the last survey. Now on the downside, Sonicwall, Symantec, Trelik which is McAfee, Barracuda and Trend Micro are seeing the highest percentage of defections and replacements. Let's take a deeper look at what the ETR data tells us about the cybersecurity space. This is a popular view that we like to share with net score or spending momentum on the Y axis and overlap or pervasiveness in the data on the X axis as a measure of presence in the dataset we used to call it market share. With the data that plots the dot positions see that little inserted table, that's how the dots are plotted. It's important to note that this data is filtered for firms with at least 100 ends in the survey. That's why some of the other ones that we mentioned might have dropped off. The red dotted line at 40% that indicates highly elevated spending momentum and there are several firms above that mark including of course Microsoft which is literally off the charts in both dimensions in the upper right. It's quite incredible actually. But for the rest of the pack, CrowdStrike has now taken back its number one net score position in the ETR survey. In CyberArk and Okta and Zscaler, Cloudflare and Auth0, now Okta to the acquisition, they're all above the 40% mark. You can stare at the data at your leisure but I'll just point out, make three quick points. First Palo Alto continues to impress and is steady as she goes. Two, it's a very crowded market still and it's complicated space and three, there's lots of spending in different pockets. This market has too many tools and will continue to consolidate. Now I'd like to drill into a couple of firms net scores and pick out some of the pure plays that are leading the way. This series of charts shows the net score or spending velocity or granularity for Okta, CrowdStrike, Zscaler and CyberArk. Four of the top pure plays in the ETR survey that also have over a hundred responses. Now the colors represent the following. Bright red is defections, we're leaving the platform. The pink is we're spending less, meaning we're spending 6% or worse. The gray is flat spend plus or minus 5%. The forest green is spending more, i.e. 6% or more and the lime green is we're adding the platform new. That red dotted line at the 40% net score mark is the same elevated level that we like to talk about. All four are above that target. Now that blue line you see there is net score. The yellow line is pervasiveness in the data. The data shown in each bar goes back 10 surveys all the way back to January, 2020. First, I want to call out that all four again are seeing downtrends in spending momentum with the whole market. That's that blue line. They're seeing that this quarter again, the market is off overall. Everybody is kind of seeing that downtrend for the most part, very few exceptions. Okta is being heard by fewer new additions, which is why we highlighted in red that red dotted area that square that we put there in the upper right of that Okta bar. That lime green, new ads are off as well. And the gray for Okta flat spending is noticeably up. So it feels like people are pausing a bit and taking a breather for Okta. And as we said earlier, perhaps with the breach earlier this year and the ingestion of the off zero acquisition, the company is seeing some friction in its business. Now having said that, you can see Okta's yellow line or presence in the dataset continues to grow. So it's a good proxy for market presence. So Okta remains a leader in identity. So again, I'll let you stare at the data if you want at your leisure, but despite some concerns on declining momentum, notice this very little red at these companies when it comes to the ETR survey data. Now, one more data slide, which brings us to our four star cyber firms. We started a tradition a few years ago where we sorted the ETR data by net score. That's the left hand side of this graphic. And we sorted by shared N or presence in the dataset. That's the right hand side. And again, we filtered by companies with at least 100 N. And oh, by the way, we've excluded Microsoft just to level the playing field. The red dotted line signifies the top 10. If a company cracks the top 10 in both spending momentum and presence, we give them four stars. So Palo Alto, CrowdStrike, Okta, Fortinet, and Zscaler all made the cut this time. Now, as we pointed out in May, if you combined Auth0 with Okta, they jumped to the number two in the right hand chart in terms of presence, and they would lead the pure plays there. Although it would bring down Okta's net score somewhat. As you can see, Auth0's net score is lower than Okta's. So when you combine them, it would drag that down a little bit but it would give them bigger presence in the dataset. Now, the other point will make us that proof point and Splunk both dropped off the four star list this time they both saw marked declines in net score or spending velocity. They both got four stars last quarter. Okay, we're gonna close on what to expect at Reinforce this coming week. Reinforce, if you don't know, is AWS's security event. They first held it in Boston back in 2019. It's dedicated to cloud security. The past two years has been virtual and they announced that Reinvent that it would take place in Houston in June, which everybody said, that's crazy. Who wants to go to Houston in June? And it turns out nobody did. So they postponed the event, thankfully. And so now they're back in Boston starting on Monday. And not that it's gonna be much cooler in Boston. Anyway, Stephen Schmidt had been the face of AWS security at all these previous events as the chief information security officer. Now he's dropped the eye from his title and is now the chief security officer at Amazon. So he went with Jassy to the mothership. Presumably he dropped the eye because he deals with physical security now too, like at the warehouses. Not that he didn't have to worry about physical security at the AWS data centers. I don't know. Anyway, he and CJ Moses, who was now the new CISO at AWS, will be keynoting along with some others, including MongoDB's chief information security officer. So that should be interesting. Now, if you've been following AWS, you'll know they like to break things down into a couple of security categories. Identity, detection and response, data protection slash privacy slash ERC, which is governance, risk and compliance. And we would expect a lot more talk this year on container security. So you're gonna hear also product updates and they like to talk about how they're adding value to services and they try to help customers understand how to apply services, things like guard duty, which is their threat detection that has machine learning in it. They'll talk about security hub which centralizes views and alerts and automates security checks. They have a service called detective which does root cause analysis. And they have tools to mitigate denial of service attacks. And they'll talk about security in Nitro which isolates a lot of the hardware resources. This whole idea of confidential computing which is at any point I was kind of become a buzzword. They take it really seriously. I think others do as well like ARM. We've talked about that on previous breaking analyses. And again, you're gonna hear something on container security because it's the hottest thing going right now and because AWS really still serves developers. And really that's what they're trying to do. They're trying to enable developers to design security in but you're also gonna hear a lot of best practice advice from AWS. I.e. they'll share the AWS dog-fooding playbooks with you for their own security practices. AWS like all good security practitioners understand that the keys to a successful security strategy and implementation don't start with the technology. Rather they're about the methods and practices that you apply to solve security threats and a top to bottom cultural approach to security awareness, designing security into systems. That's really where the developers come in and training for continuous improvements. So you're gonna get heavy doses of really strong best practices and guidance and some good preaching. You're also gonna hear and see a lot of partners that'll be very visible at reinforced. AWS is all about ecosystem enablement and AWS is gonna host close to 100 security partners at the event. This is key because AWS doesn't do it all interestingly. They don't even show up in the ETR security taxonomy. They just sort of imply that it's built in there but they even though they have a lot of security tooling. But so they have to apply the shared responsibility model not only with customers but partners as well. They need an ecosystem to fill gaps and provide deeper problem solving with more mature and deeper security tooling. And you're gonna hear a lot of positivity around how great cloud security is and how it can be done well. But the truth is this stuff is still incredibly complicated and challenging for CSOs and practitioners who are understaffed when it comes to top talent. Now finally, the cube will be at reinforced. John Furrier and I will be hosting two days of broadcast. So please do stop by if you're in Boston and say hello. We'll have a little chat, we'll share some data and we'll share overall impressions of the event, the market, what we're seeing, what we're learning, what we're worried about in this dynamic space. Okay, that's it for today. Thanks for watching. Thanks to Alex Meyerson who was on production and manages the podcast. Kristen Martin and Cheryl Knight, they helped get the word out on social and in our newsletters and Rob Hoef is our editor in chief over at siliconangle.com. He does some great editing, thank you all. Remember all these episodes, they're available as podcasts wherever you listen, all you do is search breaking analysis podcasts. I publish each week on wikibon.com and siliconangle.com. You can get in touch with me by emailing david.valante at siliconangle.com or DM me at dvalante or comment on my LinkedIn post. And please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE insights powered by ETR. Thanks for watching and we'll see you in Boston next week if you're there or next time on breaking analysis.