December 3, 2022

niagaraonthemap

Simply Consistent

AWS re:Inforce marks a summer checkpoint on cybersecurity

After a two-year hiatus, Amazon Web Services Inc.’s re:Inforce is back on as an in-person event in Boston next week. Like the All-Star break in baseball, re:Inforce gives us an opportunity to evaluate the cybersecurity market overall, the state of cloud security and what AWS is up to in the sector.

In this Breaking Analysis, we’ll share our view of what has changed since our last cyber update in May, we’ll look at the macro environment, how it’s affecting cybersecurity plays in the market, what the ETR data tells us and what to expect at next week’s AWS re:Inforce.

Reading the Wall Street tea leaves

We start this week with a checkpoint from Breaking Analysis contributor and stock trader Chip Symington. We asked for his assessment of the market generally and cyber stocks specifically. We summarize below.

We’ve kind of moved on from the sky is falling to the glass is half-empty but before today’s big selloff it was looking more and more like glass half-full. The Snap Inc. miss has dragged down many of the big names that comprise the major indexes.

Earnings season always brings heightened interest and this time we’re seeing many crosscurrents. It starts as usual with the banks and money centers. With the exception of JPMorgan Chase, the numbers were pretty good. Investment banks were not so great with Morgan Stanley and Goldman Sachs missing estimates but in general pretty positive outlooks. In big tech, however, the market shrugged off IBM Corp.’s growth and social media is getting hammered today.

The question, says Symington, is no longer recession or not… but rather how deep the recession will be. And today’s PMI data was the weakest since the start of the pandemic. Bond yields continue to weaken and there’s a growing consensus that fed tightening may be over after September as commodity prices weaken.

Although gas prices are still high, they’ve come down. Tesla Inc., Nokia Corp. and AT&T Inc. all indicated that supply issues were improving, which will also help with inflation.

So it’s no shock that the Nasdaq has done well lately as beaten-down tech stocks started to look oversold.

But… AT&T and Verizon Communications Inc. blamed their misses in part on people not paying their bills on time. Snap’s huge miss, even after guiding lower, and then refusing to offer future guidance, took that stock down nearly 40% today. And other social media stocks are off on sympathy – Meta Platforms Inc. and Google LLC owner Alphabet Inc. were off around 7% midday. And Google, Meta and Twitter Inc. have said they’re freezing new hires.

So as Symington points out, we’re starting to see for the first time in a long time the lower-income, younger generation feeling the pinch of inflation — along of course with struggling families that have to choose food and shelter over discretionary spend.

Back to the Nasdaq for a moment

As we’ve been reporting, in mid-June, the Nasdaq was off nearly 33% year to date and has since rallied – it’s down about 25% year to date as of midday today. But it has been breaking the downward trend we’ve talked about where the highs are lower and the lows are lower – that’s started to change… for now anyway. We’ll see if it holds. But chip stocks, software stocks and cyber names have broken those downtrends and have been trading above their 50-day moving averages for the first time in around four months, according to Symington. We’ll see if that holds.

Remember back on June 24, we recorded a Breaking Analysis and talked about Qualcomm trading at a 12X multiple with an implied 15% growth rate as an example of what looked like an oversold stock. On that day the stock was at 124 and it surpassed 155 this month – that was a great call by Symington.

Now looking at the performance of some cyber players on the chart above, SailPoint Technology Holdings Inc. is of course the anomaly with the Thoma Bravo $7 billion acquisition holding that stock up. But the Bug ETF comprised of cyber stocks has improved, When we last reported on cyber in May, CrowdStrike Holdings was off 23% year to date, and it’s now off 4%. Palo Alto Networks Inc. has held steady. Okta Inc. is still underperforming its peers as it works through the fallout from the breach and the ingestion of Auth0.

Meanwhile, while they’re shown above, Zscaler Inc. and SentinelOne Inc., the highfliers, are still well off year to date, with Ping Identity Corp. and CyberArk Inc. not getting hit as hard as their valuations hadn’t run up as much.

But virtually all these tech stocks generally and cyber issues specifically are breaking their downtrend. So it will now come down to earnings guidance in the coming months.

Is Snap a wrench in the works?

But the Snap reaction is quite stunning. The environment is slowing, we know that. Ad spending gets cut in that type of market. We know that. So it shouldn’t be a huge surprise that Snap missed, but as Chip Symington says:

The Snap reaction shows that sellers are still in control here, so it’s going to take a while to work through that, despite the positive signs we’re seeing.

ETR’s take on the market

We also turned to our friend Erik Bradley from Enterprise Technology Research, who follows these markets quite closely to get his take. Here’s what ETR is saying today:

As we’ve reported, while chief information officers and information technology buyers have tempered spending expectations since December and early January, when they called for 8%plus spending growth, they’re still expecting a 6% to 7% uptick in spend this year.

Security remains the No. 1 priority and also is the highest-ranked sector in the ETR data set in terms of pervasiveness in the study. Within security, endpoint detection and extended detection and response, along with identity and privileged account management, are the subsectors with the most spending momentum.

When you exclude Microsoft Corp., which is just dominant across the board in so many sectors, CrowdStrike has taken over the No. 1 spot in terms of ETR’s Net Score metric, with CyberArk and Tanium Inc. showing very strong as well.

Okta has seen a big drop in Net Score from 54% last survey to 45% in July, as customers put a pause on new Okta adoptions in this survey. Okta is still elevated but not in the dominant leadership position it once held in spend velocity.

Year on year, Tenable and Elastic are seeing the biggest jumps in spending momentum. With SailPoint, Tanium, Varonis Systems Inc., CrowdStrike and Zscaler seeing the biggest jump in new adoptions since the last survey.

On the downside, SonicWall Inc., Symantec Corp., Trellix (McAfee), Barracuda Networks Inc. and Trend Micro Inc. are seeing the highest percentage of defections and replacements.

Visualizing the cyber spending landscape

Let’s take a deeper look at what the ETR data tells us about the cybersecurity market.

The above graphic depicts Net Score, or spending momentum, on the Y axis and Overlap, or pervasiveness in the data, on the X axis. The data that dictates the dot positions on the inserted table.

It’s important to note that this data is filtered for firms with at least 100 Ns in this survey. The red dotted line at 40% indicates highly elevated spending momentum and there are several firms above that mark. That includes, of course, Microsoft, which is literally off the charts on both dimensions – quite incredible, actually.

But for the rest of the pack, CrowdStrike has now taken back its No. 1 Net Score position in the survey, with CyberArk, Okta, Zscaler, Cloudflare and Auth0 (now Okta) all above the 40% mark.

You can stare at the data at your leisure, but here are three quick points: 1) Palo Alto Networks continues to impress and is steady as she goes; 2) The cyber market is still very crowded and complicated; and 3) There’s lots of spending in different pockets, with 12 companies having more than 100 responses and a Net Score above 30%. This market has too many tools and will continue to consolidate.

Drilling deeper into Okta, CrowdStrike, Zscaler and CyberArk

Let’s now dig into four firms’ Net Scores and pick out some of the pure plays that are leading.

The series of charts above shows the Net Score or spending velocity granularity for Okta, Crowdstrike, Zscaler and CyberArk. Four of the top pure plays in the ETR survey with over 100 N. The colors represent the following – bright red is defections, pink is spending less, gray is flat spend, forest green is spending more and lime green is adding new. The red dotted line is at the 40% Net Score mark. All four are elevated above that target. The blue line is the Net Score and the yellow line is pervasiveness in the data. The data represented by the bars goes back 10 surveys to January 2020.

First, let’s point out that all four are seeing downtrends in spending momentum as the overall market is off.

Okta is being hurt by fewer new adds to the platform, which is why we highlighted that area in the upper right of the Okta chart (note the lime green). And the gray for Okta – flat spending – is noticeably up. So it feels like people are pausing a bit and taking a breath. And as we said earlier, perhaps with the breach earlier this year and the ingestion of Auth0, the company is seeing some friction in its business. Now, having said that, you can see Okta’s yellow line or presence in the data continues to grow – and is a good proxy for market presence. Okta remains a leader in identity.

Again you can digest the data at your leisure, but despite some concerns on declining momentum, there’s very little red at these companies when it comes to the ETR survey data.

Charting the four-star cybersecurity firms

We have one more data slide which brings us to our four-star cyber firms.

We started a tradition a few years ago where we sort the ETR data by Net Score – that’s the lefthand side of the chart; and on the right we sort by Shared N or presence in the data set. Again, this is filtered by companies with at least 100 N. And we’ve excluded Microsoft just to level the playing field.

The red dotted line signifies the top 10. If a company cracks the top 10 in both categories, we give them four stars. Palo Alto, CrowdStrike, Okta, Fortinet Inc. and Zscaler made the cut this time. As we pointed out in May, if you combine Auth0 with Okta, they jump to No. 2 on the righthand chart and would lead the pure plays there, although it would bring down Okta’s Net Score somewhat if you combined them.

The other point we’ll make is that Proofpoint Inc. and Splunk Inc. both dropped off the four-star list this time as they both saw marked declines in Net Score.

Re:Inforce is back, in person

We’re going to close on what to expect at re:Inforce this coming week.

Re:Inforce is AWS’ security event. It first held it in Boston back in 2019, dedicated to cloud security. The past two years has been virtual and it announced at re:Invent 2021 that it would take place in Houston in June… which was crazy and it postponed the event, thankfully, and it’s back in Boston starting Monday.

Stephen Schmidt had been the face of AWS security at all these previous events as the chief information security officer. He has dropped the “I” from his title and is now the chief security officer at Amazon.com Inc., going with Amazon Chief Executive Andy Jassy to the mother ship, presumably dropping the I because he deals with physical security now too, such as at the warehouses. Not that he didn’t have to worry about physical security at AWS data center, but he and CJ Moses, the new CISO at AWS, will be keynoting along with some others, including MongoDB Inc. CISO Lena Smart.

If you’ve been following AWS, you’ll note it likes to break things down into identity, detection and response, and data protection/privacy/GRC and we would expect a lot more talk on container security this year. So you’ll hear product updates on services such as GuardDuty (threat detection with machine learning), Security Hub (which centralizes views and alerts and automates security checks), Detective (root cause analysis) and tools to mitigate denial-of-service attacks. AWS will likely talk about security for Nitro and isolation of hardware resources… and again you’ll hear some updates on container security because it’s the hottest thing going right now.

You’ll also get a lot of best practice advice from AWS – i.e., they’ll share the AWS dogfooding playbooks with you. AWS, like all good security practitioners, understands that they keys to a successful security strategy don’t start with the technology. Rather, they are about the methods and practices that you apply to solve security challenges, and a top-to-bottom cultural approach to security awareness, designing security into systems and training for continuous improvement.

So we’re going to get heavy doses of really strong best practices.

You’re also going to hear and see partners. They’ll be very visible at re:Inforce. AWS is all about ecosystem enablement and the event will host close to 100 security partners. This is key because AWS can’t and doesn’t do it all. They have to apply the shared responsibility model, not only with customers but partners as well in order to fill gaps and provide deeper problem-solving. And we expect the partners to be talking a lot about ransomware protection.

And you’ll hear a lot of positivity around how great cloud security is, and can be if done well. But the truth is this stuff is still incredibly complicated and challenging for practitioners, who are understaffed when it comes to top talent.

And finally, theCUBE will be at re:Inforce… in force. John Furrier will be co-hosting two days of broadcasts. Do stop by if you’re in Boston and say hello. We’ll have a chat, share some data and our overall impressions of the event, the market and what we’re seeing, learning and worrying about in this dynamic space.

Keep in touch

Thanks to Alex Myerson, who does the production, podcasts and media workflows for Breaking Analysis. Special thanks to Kristen Martin and Cheryl Knight, who help us keep our community informed and get the word out, and to Rob Hof, our editor in chief at SiliconANGLE.

Remember we publish each week on Wikibon and SiliconANGLE. These episodes are all available as podcasts wherever you listen.

Email [email protected], DM @dvellante on Twitter and comment on our LinkedIn posts.

Also, check out this ETR Tutorial we created, which explains the spending methodology in more detail. Note: ETR is a separate company from Wikibon and SiliconANGLE. If you would like to cite or republish any of the company’s data, or inquire about its services, please contact ETR at [email protected]

Here’s the full video analysis:

All statements made regarding companies or securities are strictly beliefs, points of view and opinions held by SiliconANGLE media, Enterprise Technology Research, other guests on theCUBE and guest writers. Such statements are not recommendations by these individuals to buy, sell or hold any security. The content presented does not constitute investment advice and should not be used as the basis for any investment decision. You and only you are responsible for your investment decisions.

Disclosure: Many of the companies cited in Breaking Analysis are sponsors of theCUBE and/or clients of Wikibon. None of these firms or other companies have any editorial control over or advanced viewing of what’s published in Breaking Analysis.