Formerly known as Wikibon

Breaking Analysis: AWS re:Inforce marks a summer checkpoint on cybersecurity

After a two year hiatus, AWS re:Inforce is back on as an in-person event in Boston next week. Like the all-star break in baseball, re:Inforce gives us an opportunity to evaluate the cybersecurity market overall, the state of cloud security and what AWS is up to in the sector. 

In this Breaking Analysis, we’ll share our view of what’s changed since our last cyber update in May, we’ll look at the macro environment, how it’s impacting cybersecurity plays in the market, what the ETR data tells us and what to expect at next week’s AWS re:Inforce. 

Reading the Wall Street Tea Leaves

We start this week with a checkpoint from Breaking Analysis contributor and stock trader Chip Symington. We asked for his assessment of the market generally and cyber stocks specifically. We summarize below.

We’ve kind of moved on from the sky is falling to the glass is half empty but before today’s big selloff it was looking more and more like glass half full. The SNAP miss has dragged down many of the big names that comprise the major indexes. 

Earnings season always brings heightened interest and this time we’re seeing many cross currents. It starts as usual with the banks and money centers. With the exception of JP Morgan, the numbers were pretty good. Investment banks were not so great with Morgan & Goldman missing estimates but in general pretty positive outlooks. In big tech, however, the market shrugged off IBM’s growth and social media is getting hammered today. 

The question, says Symington, is no longer recession or not…but rather how deep the recession will be. And Today’s PMI data was the weakest since the start of the pandemic. Bond yields continue to weaken and there’s a growing consensus that fed tightening may be over after September as commodity prices weaken. 

While gas prices are still high, they’ve come down. Tesla, Nokia & AT&T all indicated that supply issues were improving, which will also help with inflation. 

So it’s no shock that the Nasdaq has done well lately as beaten down tech stocks started to look oversold. 

But…AT&T and Verizon blamed their misses in part on people not paying their bills on time. SNAP’s huge miss, even after guiding lower…and then refusing to offer future guidance, took that stock down nearly 40% today. And other social media stocks are off on sympathy – Meta & Google were off around 7% midday. And Google, Meta & Twitter have said they’re freezing new hires. 

So as Symington points out, we’re starting to see for the first time in a long time the lower income, younger generation feeling the pinch of inflation. Along of course with struggling families that have to choose food and shelter over discretionary spend.   

Back to the Nasdaq for a Moment

As we’ve been reporting, in mid-June, the Nasdaq was off nearly 33% YTD and has since rallied – it’s down about 25% YTD as of midday today. But it has been breaking the downward trend we’ve talked about where the highs are lower and the lows are lower – that’s started to change…for now anyway– we’ll see if it holds. But chip stocks, software stocks and cyber names have broken those downtrends and have been trading above their 50 day moving averages for the first time in around four months according to Symington. We’ll see if that holds. 

Remember back on June 24th, we recorded a Breaking Analysis and talked about Qualcomm trading at a 12X multiple with an implied 15% growth rate as an example of what looked like an oversold stock. On that day the stock was at 124 and it surpassed 155 this month – that was a great call out by Symington. 

Now looking at the performance of some  cyber players on the chart above, Sailpoint is of course the anomaly with the Thoma Bravo $7B acquisition holding that stock up. But the Bug ETF comprised of cyber stocks has improved, When we last reported on cyber in May, Crowdstrike was off 23% YTD, it’s now off 4%. Palo Alto has held steadily. Okta is still underperforming its peers as it works through the fallout from the breach and the ingestion of Auth0. 

Meanwhile, while they’re shown above, Zscaler & SentinelOne, the high-fliers, are still well off YTD with Ping Identity and CyberArk not getting hit as hard as their valuations hadn’t run up as much. 

But virtually all these tech stocks generally and cyber issues specifically are breaking their downtrend. So it will now come down to earnings guidance in the coming months. 

Is SNAP a Wrench in the Works

But the SNAP reaction is quite stunning. The environment is slowing, we know that. Ad spending gets cut in that type of market. We know that. So it shouldn’t be a huge surprise that SNAP missed, but as Chip Symington says: 

The SNAP reaction shows that sellers are still in control here, so it’s going to take a while to work through that; despite the positive signs we’re seeing.

ETR’s Take on the Market

We also turned to our friend Erik Bradley from ETR who follows these markets quite closely to get his take. Here’s what ETR is saying today: 

As we’ve reported, while CIOs and IT buyers have tempered spending expectations since December and early January, when they called for 8%+ spending growth, they’re still expecting a 6-7% uptick in spend this year. 

Security remains the #1 priority and also is the highest ranked sector in the ETR data set in terms of pervasiveness in the study. Within security, endpoint detection and extended detection and response along, with identity and privileged account management, are the sub-sectors with the most spending momentum. 

When you exclude Microsoft, which is just dominant across the board in so many sectors, Crowdstrike has taken over the #1 spot in terms of ETR’s Net Score metric, with CyberArk and Tanium showing very strong as well. 

Okta has seen a big drop in Net Score from 54% last survey to 45% in July, as customers put a pause on new Okta adoptions in this survey. Okta is still elevated but not in the dominant leadership position it once held in spend velocity. 

Year on year, Tenable and Elastic are seeing the biggest jumps in spending momentum. With SailPoint, Tanium, Varonis, CrowdStrike and Zscaler seeing the biggest jump in new adoptions since the last survey. 

On the downside, SonicWall, Symantec, Trellix (McAfee), Barracuda and TrendMicro are seeing the highest percentage of defections and replacements. 

Visualizing the Cyber Spending Landscape

Let’s take a deeper look at what the ETR data tells us about the cybersecurity space.

The above graphic depicts Net Score, or spending momentum, on the Y axis and Overlap, or pervasiveness in the data, on the X axis. The data that dictates the dot positions on the inserted table. 

It’s important to note that this data is filtered for firms with at least 100 N’s in this survey. The red dotted line at 40% indicates highly elevated spending momentum and there are several firms above that mark. Including of course Microsoft, which is literally off the charts on both dimensions – quite incredible actually. 

But for the rest of the pack, Crowdstrike has now taken back its #1 Net Score position in the survey. With CyberArk, Okta, Zscaler, Cloudflare & Auth0 (now Okta) all above the 40% mark. 

You can stare at the data at your leisure but here are three quick points: 1) Palo Alto Networks continues to impress and is steady as she goes; 2) The cyber market is still a very crowded and complicated space; and 3) There’s lots of spending in different pockets, with 12 companies having more than 100 responses and a Net Score above 30%. This market has too many tools and will continue to consolidate.

Drilling Deeper into Okta, Crowdstrike, Zscaler and CyberArk

Let’s now dig into four firms’ Net Scores and pick out some of the pure plays that are leading.

The series of charts above shows the Net Score or spending velocity granularity for Okta, Crowdstrike, Zscaler & CyberArk. Four of the top pure plays in the ETR survey with over 100 N. The colors represent the following – bright red is defections, pink is spending less, gray is flat spend, forest green is spending more and lime green is adding new. The red dotted line is at the 40% Net Score mark. All four are elevated above that target. The blue line is the Net Score and the yellow line is pervasiveness in the data. The data represented by the bars goes back 10 surveys to Jan 2020. 

First let’s point out that all four are seeing downtrends in spending momentum as the overall market is off. 

Okta is being hurt by fewer new adds to the platform which is why we highlighted that area in the upper right of the Okta chart (note the lime green). And the gray for Okta – flat spending – is noticeably up. So it feels like people are pausing a bit and taking a breath. And as we said earlier, perhaps with the breach earlier this year and the ingestion of Auth0, the company is seeing some friction in its business. Now having said that, you can see Okta’s yellow line or presence in the data continues to grow – and is a good proxy for market presence. Okta remains a leader in identity. 

Again you can digest the data at your leisure, but despite some concerns on declining momentum, there’s very little red at these companies when it comes to the ETR survey data. 

Charting the Fourstar Cybersecurity Firms

We have one more data slide which brings us to our fourstar cyber firms.

We started a tradition a few years ago where we sort the ETR data by Net Score – that’s the left hand side of the chart; and on the right we sort by Shared N or presence in the data set. And again this is filtered by companies with at least 100 N. And we’ve excluded Microsoft just to level the playing field. 

The red dotted line signifies the top 10. If a company cracks the top 10 in both categories, we give them four stars. Palo Alto, Crowdstrike, Okta, Fortinet and Zscaler made the cut this time. As we pointed out in May, if you combine Auth0 with Okta they jump to #2 on the right hand chart and would lead the pure plays there; although it would bring down Okta’s Net Score somewhat if you combined them. 

The other point we’ll make is that Proofpoint and Splunk both dropped off the fourstar list this time as they both saw marked declines in Net Score. 

re:Inforce is Back, in Person

We’re going to close on what to expect at re:Inforce this coming week.

re:Inforce is AWS’ security event. They first held it in Boston back in 2019. Dedicated to cloud security. The past two years has been virtual and they announced at re:Invent ’21 that it would take place in Houston in June…which was crazy and they postponed the event…thankfully and they’re back in Boston starting Monday. 

Stephen Schmidt had been the face of AWS security at all these previous events as the CISO. He’s dropped the “I” from his title and is now the Chief Security Officer at Amazon…went with Jassy to the mother ship…presumably dropping the I because he deals with physical security now too…like at the warehouses. Not that he didn’t have to worry about physical security at AWS data center…anyway…He and CJ Moses, the new CISO at AWS, will be keynoting along with some others including MongoDB’s CISO, Lena Smart. 

If you’ve been following AWS, you’ll note they like to break things down into identity, detection and response, data protection/privacy/GRC and we would expect a lot more talk on container security this year. So you’ll hear product updates on services like GuardDuty (threat detection with machine learning), Security Hub (which centralizes views and alerts and automates security checks), Detective (root cause analysis), and tools to mitigate denial of service attacks. AWS will likely talk about security for Nitro and isolation of hardware resources…and again you’ll hear some updates on container security because it’s the hottest thing going right now. 

You’ll also get a lot of best practice advice from AWS – i.e. they’ll share the AWS dogfooding playbooks with you. AWS, like all good security practitioners, understands that they keys to a successful security strategy don’t start with the technology. Rather they are about the methods and practices that you apply to solve security challenges. And a top to bottom cultural approach to security awareness, designing security into systems and training for continuous improvement. 

So we’re going to get heavy doses of really strong best practices. 

You’re also going to hear and see partners. They’ll be very visible at re:Inforce. AWS is all about ecosystem enablement and the event will host close to 100 security partners. This is key because AWS can’t and doesn’t do it all. They have to apply the shared responsibility model, not only with customers, but partners as well in order to fill gaps and provide deeper problem solving. And we expect the partners to be talking a lot about ransomware protection. 

And you’ll hear a lot of positivity around how great cloud security is, and can be if done well. But the truth is this stuff is still incredibly complicated and challenging for practitioners who are understaffed when it comes to top talent. 

And finally, theCUBE will be at re:Inforce…in force. John Furrier will be co-hosting two days of broadcasts. Do stop by if you’re in Boston and say hello. We’ll have a chat, share some data and our overall impressions of the event, the market, what we’re seeing, learning and worrying about in this dynamic space. 

Keep in Touch

Thanks to Alex Myerson who does the production, podcasts and media workflows for Breaking Analysis. Special thanks to Kristen Martin and Cheryl Knight who help us keep our community informed and get the word out. And to Rob Hof, our EiC at SiliconANGLE.

Remember we publish each week on Wikibon and SiliconANGLE. These episodes are all available as podcasts wherever you listen.

Email david.vellante@siliconangle.com | DM @dvellante on Twitter | Comment on our LinkedIn posts.

Also, check out this ETR Tutorial we created, which explains the spending methodology in more detail.

Watch the full video analysis:

Image: estherpoon

Note: ETR is a separate company from Wikibon and SiliconANGLE. If you would like to cite or republish any of the company’s data, or inquire about its services, please contact ETR at legal@etr.ai.

All statements made regarding companies or securities are strictly beliefs, points of view and opinions held by SiliconANGLE media, Enterprise Technology Research, other guests on theCUBE and guest writers. Such statements are not recommendations by these individuals to buy, sell or hold any security. The content presented does not constitute investment advice and should not be used as the basis for any investment decision. You and only you are responsible for your investment decisions.

Disclosure: Many of the companies cited in Breaking Analysis are sponsors of theCUBE and/or clients of Wikibon. None of these firms or other companies have any editorial control over or advanced viewing of what’s published in Breaking Analysis. 

Article Categories

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
"Your vote of support is important to us and it helps us keep the content FREE. One click below supports our mission to provide free, deep, and relevant content. "
John Furrier
Co-Founder of theCUBE Research's parent company, SiliconANGLE Media

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well”

You may also be interested in

Book A Briefing

Fill out the form , and our team will be in touch shortly.
Skip to content