(upbeat music) From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. RSA Conference takes place in the last week of April this year at a time when the industry is at a crossroads. Once hopeful that the security industry would be shielded from macroeconomic conditions, the past year has been painful for many investors, with some exceptions, most notably Palo Alto Networks and Fortinet. And that said, Q1 saw a rebound in tech, and for the most part, cyber lag tech largely attributable to a rally in semis, which is oftentimes a leading indicator in normal times, but we did see a bounce back from names like CrowdStrike. But look, these aren't normal times, and RSA gives us a nice opportunity to assess the situation in the market. Hello and welcome to this week's Wikibon CUBE Insights: powered by ETR. In this Breaking Analysis, we'll update you in the latest trends in the market and what to expect at RSA this year.

And we'll also share the latest ETR spending data and drill into the areas of cybersecurity that are seeing the most action. As always, we'll highlight those companies with the strongest and some of the weakest momentum and close with a look at some of the emerging technology players in security that might be ripe for acquisition. And to do all this, we once again, welcome in our colleague Erik Bradley from ETR. Erik, good to see you. Great to see you to you, Dave. I always enjoy collaborating with you. And we've got some fresh data for you. We just closed a week ago, so all the data we'll be going over today is brand new. Awesome. Let me just do a quick rundown of some of the themes that we expect this year at RSA. As we intimate at the top, no sector safe from the economic headwinds. I want you to weigh in on zero trust, Erik, because, you know, we're hearing a lot from CISOs that this is now a thing, not just a bunch of marketing mumbo jumbo. You know, RSA, it is going to hammer AI, but the reality is AI is going to be embedded in platforms. And while there's going to be a lot of focus on automation, it's unclear how foundation models like GPT are going to be deployed, but most certainly, everyone's expecting more sophisticated phishing techniques, increasingly clever evasion methods, and, you know, adversaries, as we know, are going to use AI to better target assets. But RSA is going to be... I'm going to be really interested at how the industry will respond to this never ending escalation.

And Erik, we all hate passwords. You know, they got to go. I know you've done some work on XDR and hearing more from the community on that front. And the other thing is security's moved beyond the boardroom and is now like a whole house thing, the whole company has to care about it. We're going to talk about the emerging security companies. And finally, you know, identity remains a sub-segment, but it begs the question, is the industry facing an identity crisis? Erik, comment on some of these highlights. Anything you want to add on whether it's XDR or AI or what are you expecting? Yeah, I can go through all of them, but I'll start with just the first one you mentioned, which is the zero trust. You and I have been doing this long enough that we know that it started as a marketing buzzword and that eventually turned in from marketing into, well, "Zero Trust is a philosophy." And then now what we're seeing is it's not a philosophy, it's an actual application, it's a software defined approach to security, and it's going all the way from the boardroom, all the way down into the DevOps, the shift left all the way through. And zero trust is no longer hype, it is real, it is the number one priority among our community. And it begs the question now with open generative AI and large language models. Now, right now, is it hype, is it headlines? Maybe. But just like we saw with zero trust, I'm fairly certain that this is going to work its way into security as well. All right, let's kick things off with some spending data, eh? Erik, it keeps getting worse. We entered 2023 expecting 5.6% spending growth, we're now down to 3.6% overall, Q2 is looking pretty tepid. You know, the good news is ETR's technology spending intention survey had about 1,700 respondents this quarter, a new record. The bad news is the data is probably better than it's ever been, Erik. Yeah, what's your take on the latest data? Right, the more people we survey, the worse it gets, right? Yeah, really interesting. You know, so I know Gartner came out recently with a 5.5%. Our data's showing more about 3.6% across the board. But one of the things that we can do that they can't is we can break this down by all separate demographics, whether that's region, whether that's industry vertical, or size. And something that's interesting to point out here is that the bigger the company, the less you plan on spending. So the highest spend for next year is actually with small organizations where the Fortune 100 respondents are planning on growing less than 1% of their budget. And I think it's just really interesting to note. And I don't know if that's because smaller players are catching up or larger companies are just being a little bit more cautious. But it is interesting to note. And in addition, we're also seeing that energy and utilities, you know, the type of industry that we used to call a, you know, a dividend stock or a conservative type of name, they are the highest spenders as well. So even though the data's coming down across the board on an aggregate basis, there are some pockets of spend, most importantly, in the small organizations. All right, let's take a look at the sector positions, Erik, because ETR has a taxonomy, and I love the fact that it's consistent every quarter. We can go back and look at, you know, how it did on a time series basis. This chart shows net score or spending momentum on the vertical axis and the presence in the dataset, the pervasiveness on the horizontal axis. Every single sector is down, including cloud and cyber, which is shown with the squiggly lines indicating the position over the last several surveys. There are some bright spots though. As you said, the small and mid-size businesses, energy, and of course, the government continues to spend. But healthcare, tech, retail, and financials are all below the mean. Erik. Anything you'd add? Yeah, a couple of things. I mean, also on the government side, right? I mean, we're passing legislation that they have to catch up on security. So that spend is also going to help, there's no doubt about it. And on the sector basis, it really is kind of scary, because it's across the board. Generally in years past, we've lived through a lot of tough times and we'll see one or two areas, but nothing seems immune to the current environment right now. Normally cloud spending is immune, normally security spending is immune, and even though our data shows them as the highest priorities, the overall spending still coming down. Yeah, Andy Jassy's letter at the shareholders, his annual letter, talked about, you know, being a tough year and they're still able to innovate, but he basically said it's, you know, things are slowing down. And we've reported on this quite extensively. Clouds still significantly outpacing on-prem, you know, by quite a wide margin. But it's down, certainly down from the 30% growth levels down in the, you know, mid to high teens. In that letter, he specifically called out, you know, AWS too, not just across the board, but you know, true cloud services as the real problem. It was an interesting letter, yeah. Yep, absolutely. And we talked earlier about zero trust. And this is a new data point, I'm really excited that you guys added this to the survey. Let's talk through this chart. What is this telling us? Zero trust being now the number one initiative? Sure, first of all, shout out to you, Dave, because I remember about six months ago you said, "You know, you keep running the same question and every single year, security is number one. I don't even want to show this anymore." So because of that conversation you and I had, we actually decided to change this question up a little bit. And this is based on a top trends interview series that I conducted back in January where we took 10 CIOs and CISOs, asked them what their top trends were. We could all see that on the ETR platform if you want. But what we did is we took those top trends and then put them as the ranking order. But lo and behold, security was number one. Again, this time, zero trust security. And then we also dug down a little bit deeper later in this survey to find out exactly which aspects of security were of the most important and the highest priority, which we can dig into. But again, to your earlier point, this is not hype, this is not a philosophy, this is real application that CISOs are employing. All right, Erik, let's double click now on that security piece. We know security is the number one priority, but then what you guys did, which was great, was you double clicked on that and said, "Okay, what areas of security are you really focused on?" Take us through this chart please. Yeah, it was interesting. So we decided to say, let's go one level deeper on this one. And we know security is the number one priority, but that data point was just getting stale. No really, no one was really interested in hearing about it anymore. So we decided to say, "Okay, let's figure out which ones there are." And identity access management number one was not surprising. What was surprising and jumped off this page to me was vulnerability management being tied for number one priority. We think of that as just basic hygiene. That's security scanning, patching, that's not something that we think of as the highest priority and the sexiest. But right now in all the conversations I'm having, constantly vulnerability management is coming up. And I'd love to talk about it a little bit deeper if we could, but one of the things we're also seeing is right next to it is the EDR moving into XDR. And this is probably the biggest trend, and I expect to hear a lot about it at RSA.

This EDR moving to XDR can really be disruptive to everything. It can be disruptive to vulnerability management, it can be disruptive to log management, like SIEM and the observability players, like Elastic and Datadog. If you are doing XDR properly, all of that data telemetry is going to be coming into that and therefore they can disrupt a lot. You can take a lot of budget out. I've heard some CISOs tell me that CrowdStrike and SentinelOne have come to them and said, "Get rid of Qualys, get rid of Tenable, get rid of Rapid7, I can do it for you." Now they're not ready to go ahead and do that, but that's the rhetoric that's happening in the marketplace right now. So it's something to really keep an eye on. Yeah, you know, and the CISOs have told us that if it weren't for their, you know, compliance requirements, they'd love to get rid of their SIEM, right? That's sort of what you're talking about here. Explain the EDR to XDR because a lot of companies are sort of jumping on that XDR bandwagon and it's become kind of, a lot of marketing confusion around that. Help us cut through that. There's definitely marketing confusion around it. But basically what's happening here is we had old school endpoint, we had old school antivirus and endpoint, then the endpoint kind of moved and moved and moved, identity became the endpoint. And now what we're seeing is just throw the word X in front of anything, right? Because now what we're saying is it's not just the endpoint, it's anything that's out there in the perimeter we can now gather information from, we can take data telemetry from it and bring it in. And the real key here is not just about bringing it in and throwing it into your logging machine, it's about automating that response. What do I do with it? This way, your CISO has a playbook, this way you don't have a million SOC analysts, fatigued and tiring and looking at every single alert that comes through. It's really about the detection and response part. So it's the D and the R that's more important than the X in XDR.

And does it sound like hype? It does, but it's not. The CISOs I talk to are extremely excited about it. Everybody's chasing it. CrowdStrike's the leader, SentinelOne's still out there trying to get their way, Cisco is working on one, Palo Alto's got it, Fortinet, which we call Fortieverything, does it as well. And you know, Fortinet, I just want to call 'em out, because we saw that the small organizations are spending the most, and Fortinet's really doing the best with them. It's actually the only security leader in our data that has a net score that's up year over year, the only one. And it might have something to do with the fact that they're so big in small and mid-size organizations. And you know, it's interesting when you look at the, you know, the cyber stock index, generally it's down, certainly down over the past year, year-to-date, it's done a little bit better, but it's performed below the NASDAQ. But no question, two companies stand out over the downturn, it's Palo Alto and Fortinet. Fortinet actually has done done quite well. CrowdStrike got hit, of course, came back. And your point about small business is interesting, 'cause two quarters ago, they cited softness in the small business, they had a really good quarter last quarter, and they did a deal with Dell, which is obviously very strong in small business. So that's going to be interesting to see if small businesses sort of gravitate toward that play or they go toward like a managed service, you know, security provider like an Arctic Wolf or someone like that. That's going to be really interesting to see how that plays out. Interesting that you bring up Arctic Wolf, I think we have that data. So I'll save that comment. >> Okay, all right. They're one of the best in our emerging technology survey. And I really do believe these managed service security providers are having a big impact in the space right now and we're going to hear more about 'em. All right, so before we get there, let's drill into some of the leaders in the security space. Here's that same XY two dimensional graphic that we talk about all the time, spending momentum over net score on the y axis and overlap within the dataset, or really the X axis is plotted based on the shared number of mentions. That Red dotted line, that's sort of an indicator of a highly elevated spending velocity on a platform. And on the insert in the bottom right, we've pasted those companies that are near or above that net score of 40%, Microsoft, Auth0, CrowdStrike, CyberArk, Okta, which also owns Auth0. So if you could add those up, it's pretty impressive. And then SailPoint and Zscaler. So Erik, you know, fewer names above the 40% level today than we've seen in the past, you know, a couple of years. What's your view on the competitive action in the market? Well, we've got a very crowded marketplace, there's no doubt about it. And so many of these people are viewed as niche or point solutions and they could be best-of-breed, but I want to call out just that one name that's hiding in the top right corner there, Microsoft. Now are they the best at everything? No, they're not. But they're getting pretty good, they're getting good enough. And I had one CISO recently to told me, "Obviously, I'd love to have something like Splunk or Elastic or Sentinel, but if I just need a workman's like job, I'm going to go to Microsoft, because it's better for me from a cost perspective, it's better for me from a human management perspective." And Microsoft just continues to do the job well. And now with generative AI and large language models, I'm really interested to see what they do. They're still going to be a dominant factor in security. But overall spending is coming down, that's the backdrop.

So I'm not so concerned to see these net scores dipping below the 40% level. The ones that you consider best-of-breed are still up there. You know, obviously the CrowdStrikes, the Zscalers, the Oktas, the SailPoints, they're still up at that level. And I think if we see budgets return, we'll see those debt scores go back up as well. I'm not as worried about the drop. It really is something that you shouldn't expect in the spending environment and the concerns we have on a macro basis. And, you know, Okta and Auth0 are interesting. I mean, I loved that acquisition. I never liked the price, it was a $7 billion price tag, but I love the fact that, you know, Okta had the enterprise sewed up, Auth0 in Okta was missing, it was a gap for developers, and that's really what Auth0 had. Yeah. And then two things happened to Okta, they had that benign hack and it was just, they kind of misplayed the communications on it and that hurt 'em a little bit and then they never figured out to go to market with Auth0, they thought they had it and they made a move and it just didn't work. And so I've always... But I've always been sanguine about Okta long term. I like the company, they're... Everywhere you go, people talk about them as best-of-breed. So I think once they finally figure that out, that, you know, the five year outlook, if you will, for Okta is really positive. What do you think? If we have a moment? Yeah, I'd love to touch upon that, 'cause I know we're going to go to this potential targets disruptors model. So a couple of years back, if I would cross reference the emerging technology security plays with Okta's accounts, Auth0 was up and to the right, they were number one in Okta's accounts. So it wasn't that surprising to me to say Okta went out and said, "You know what? This is our number one competitor." If you just want out of the box integrations, you're using Okta, but if you need some actual development, people are going Auth0. And I agree with you, it was a really smart acquisition. Now the integration of it, maybe not, 'cause it seems as if right now, they're just letting Auth0 be Auth0. It's not really integrated. But both of them have incredibly high net scores. And, you know, provision is creeping up more and more for Auth0 and Okta's an incredibly pervasive vendor. So agree with you on that point. All right, let's have a look at what we call the four star security companies. This is kind of something we came up with a few years ago that underscores the capability of the ETR data platform. It's simple, but it's really powerful. What we're doing here is we're taking the top 20 companies in the survey with an n of at least 100 and we're sorting them on the left hand side by net score, that's spending momentum, and the right hand side is the number of n, number of mentions in the dataset. And that red dotted line is the top 10 for each of the cuts. And if a company makes the top 10 in both spending momentum and presence in the data, I.E. shared n, we give 'em four stars. And we've given two stars like for honorable mention if the company makes the top 20 in both. And so Microsoft, Palo Alto, CrowdStrike, and Okta get four stars and that's Okta even without including Auth0.

Fortinet just missed. So sometimes it gets four stars, you know, we probably should give it three stars here, but KnowBe4 is right there, Zscaler, and CloudFlare as well, and CyberArk is also strong. CyberArk, you know, has 45% net score. It just needs a bit more market presence to get that four star level. Erik, what do you think of the simple methodology and any takeaways that you have? First of all, I love it. I play with this data all day long and I've never done this before, so I might be stealing it from you Dave. I think it's fantastic. Couple of names here that really jump out. I think KnowBe4 needs to get an honorable mention as well. They're just doing fantastic work and people are using them for the training aspect. And as we all know with all of these attacks, it almost always comes down to some human miss. Training is imperative and KnowBe4 is in a great spot for that training. So I think they deserve a quick call out. The other one here that we have to talk about is CloudFlare. I mean, CloudFlare is just absolutely amazing. They're in great position, because people are already using them. If you have any application, if you have any web application presence, they're already being used, and they are just across the board. So they've got also denial distribution of service, they've got the DDoS, they've got web access firewall, they've got balancing, they've got bot protection, and everything we hear about CloudFlare are the people that are using them are extremely pleased with the service and they just kind of keep adding more and more and more security.

And they're really one of these names that just, you can't give 'em enough credit. They're becoming more pervasive in the enterprise, their net score, their spending is off the charts. And I think they're going to be more inquisitive going forward. You know, last summer, one of the folks that watches Breaking Analysis emailed me and said, I won't tell you who it is, but it was somebody at one of the hyperscalers, I'll tell you that, and said, "Dave, you know, I love Breaking Analysis. Do you know much about CloudFlare?" And I was like, "Eh, I don't really follow 'em, you know? That's not a company I'm tuned into." And this individual said, "You got to. You got to check em out." So I did and I did a Breaking Analysis on them. Of course the first thing I did is I went to the ETR data set and I went, "Wow." And then I started getting into the financials and watching some videos and, you know, their CEO, I think, you know, really interesting. They put forth their investor day. It was extremely impressive. And my conclusion was this is what multi-cloud should have been. You know, they basically have the super cloud as we talk about sometime, and so.

And then as you learn more about them, it's pretty impressive. They've announced, you know, an object store, they get databases, and you know, it's early days, but I think they've got big ambitions. And I think with the distributed computing happening, they're in a good position. Yeah, I mean it's fantastic. It's a play that was really simple. It started off with, I think we could take share from Akamai on content delivery, right? We're cloud native, they're not, let's just start there. And then they just kept growing and growing and growing. And with their global pop network being right out there on the edge, they're in the right spot, they're going where the puck is headed. I just think they're fantastic and they keep adding more security. This is actually the first time we track them as a true cloud computing player and they're already in line with Google, with GCP. They've got the same net score as GCP in our cloud computing sector, which just blew me away. Yeah, it's funny, I said I didn't know who they were, but then actually, my VPN is 1.1.1.1. And so I was like, "Oh wow, that is CloudFlare. All right." Let's turn to some of the emerging tech companies in cyber, ETR. I love this survey. It accelerated its investment in emerging technology survey, ETS, over the past year. And this is a treasure trove of data. Erik, these are privately held companies that you guys specifically survey with IT decision makers. And we're talking about a survey with more than 1,400 respondents and this is the cyber segment. It's actually mind boggling, isn't it? That in such a crowded market, there's still so much room for many emerging companies and as well, so many that are well known based on this net sentiment data on the vertical axis, which is really an intent to engage, and then the mind share on the X axis. So a couple names really stand out. But over to you Erik, maybe explain this in more detail. Yeah, certainly. So for historically, real quickly, everyone knows that ETR was launched really as a financial services research company. So we started off researching the public tech companies, but obviously privates and the, you know, venture capital became so big that we needed something for them as well. And now it's really just more about the enterprise tech companies themselves needing this competitive intelligence data. So you're right, we really have doubled down on this emerging side. What really jumps out to me is I have a different view over here on my screen I'm looking at, which is just the overall plans to evaluate. And the number one and number two name are both the same, they're both Snyk. And that's because we follow them in container security and application security. And the reason I want to bring it up is because we talked earlier about vulnerability management, the XDR players trying to encroach on them, the other issue with vulnerability management was they weren't born cloud native, they were born with, you know, more old-fashioned type of network and on-prem stuff.

These guys are cloud native, these guys work in containers, these guys work in cloud architectures. I don't think they're going away. There's a lot of names on this list that I just think are just dominating in their space. It's only a matter of time before they either get taken out or go public themselves. So there's a lot of data here and this data can be predictive. We've predicted acquisitions before by crossing this data with the public thesis data and really seeing where the overlap is with the end user base. Okay, so I had never done that before, but I did it this time, I took a stab at it, tell me how I did. So this next chart unveils, which is an amazing capability in ETR's data. So what we're doing here is we're taking, as Erik just said, the privately held companies in the ETS data and then we pick some possible acquiring companies from the TSIS. And I kind of loaded up here, Erik. I thought, "Okay, well I got CloudFlare, Fortinet, Palo Alto, Cisco, IBM, CrowdStrike, Zscaler, Microsoft, Google, AWS, CyberArk, and Okta as possible acquires, so. But this data's telling us is the overlap, correct me if I'm wrong, between these publicly traded companies in the TSIS, Technology Spending Intention Survey, and crossing them with the emerging technology companies to highlight possible acquisitions. Erik, is that right? And what does this data tell you? That is 100% accurate. So what you're looking here on the left side is of those 870 people, that's people that took the TSIS and cited spending for these companies over there on the left. Then among those 870 we say, "Okay, which companies on the emerging or private side are best positioned?" Therefore basically whether it's tech stack alignment or disruption, for some reason, there's a very strong correlation in their accounts, meaning you have the same customers basically. So they're either disrupting you or there's some actual sort of, you know, contingency there where the tech stack alignment, you know, benefits each other and they correlate together. So when we actually look at the numbers here, again, Snyk jumps out at me, Snyk jumps out right away. A name like Salt Security that does API security, so important right now, they jump out at me.

Abnormal is an email security. We haven't seen email security change in so long and we're still using Proofpoint. And right now, as you mentioned earlier in the show, I truly expect generative AI to increase the efficacy of phishing campaigns. All of us need to ratchet up our email filters. So these are all names that should be looked at and I think the big companies with cash are looking at 'em 'cause there's another factor at play, SVP just failed, private equity funding isn't what it used to be, we're in a bad macro environment. If these guys need cash, they're not just going to go back and do a series D at the same valuation, that world is over for right now. But you know who does have the cash? Some of the public companies, they're sitting on it. And there's people out there that are used to acquiring like a Palo, like a Cisco, like others. They are used to making acquisitions, they have cash, and there's a lot of great companies out there for the taking.

And in the past, we've actually predicted, just to name two of them, Palo Alto taking out Twistlock and Okta taking out Auth0 through this exact screen that you did. I give you an A+ on this screen, Dave. You did a great job on this model. Thank you. Yeah, bring it back up. Thank you Ken. So, you know, I want to, and I've not really studied this, you mentioned two companies where it was predictive, I would think, Erik, that companies like Snyk, OneTrust, we didn't talk about Arctic Wolf, but they're really showing up consistently. >> Yep, they're up there, yeah. You know, they got a lot of money in, I think they have sort of desires to go public. However, you know, who knows when the IPO market's going to come back. But also I would think there's some gems in the lower left here, companies that don't have the mind share, maybe they don't have the go to market, but there's maybe some good tech in there that a company... Like I think about like an acquisition that VMware made in Carbon Black, right? I mean you had a company like CrowdStrike, had a huge valuation during the pandemic, and they picked up Carbon Black for I think a couple billion dollars. You know, good technology, but didn't really have that same momentum, brought it into their fold. You know, you look at Carbon Black in the ETR service, it doesn't have a huge amount of momentum, but I still think VMware has a pretty strong security story. But so I would think some of the lower left there might be really interesting candidates for M&A, especially if they don't have a lot of runway. Yeah, I think you're right about that, because they're going to be the ones that dry up first, right? Because they don't have the momentum so they're not going to get the valuation. So they're the ones who are going to be more likely to go looking for that type of partner or takeout. The Armor is one of them, has great technology, but really hasn't had the momentum in enterprise tech. I'd have to look at it a little bit more to come out with a couple of more names, but I think it's a very astute point that it's not just the ones on the top right, it could be the ones on the lower left based on their technology and the funding that might be drying up for them more quickly than the others. Yeah, cool. All right, one more because I just can't resist talking about ChatGPT in the latest ETR drill down survey. You asked decision makers if their firms are evaluating large language models, and if so, for what purpose? And Erik, the first thing that struck me as odd is half the samples said they're not evaluating, which is surprising, but I'll bet someone at their firm is looking at it. But the more interesting stats or of course the use cases, chat bots, of course summarizing texts, both strengths of ChatGPT, writing code and documentation, sales and marketing copy, they should throw in writing poetry, it's amazing at that. (Erik laughs) Not so much happening in the context of cybersecurity is there based on the initial scan of the market? No, we've done a bunch of work on this. Immediately in early March when it came out, I was fortunate enough to get called by a fantastic journalist at the Wall Street Journal and worked with him on a report. We did a flash survey. And what we found out with that flash survey was right now, it's more hype than anything. People are scared of it. Even my own company had to come out with a policy telling our employees, "Hey, you're not allowed to throw our data on there, because once you throw your data on there, it's not ours anymore." So people are still really concerned about the guardrails around it. Now the issue is you're not going to avoid this buzz. This is the ultimate shadow application. People are going to go and try it and use it, it's going to creep in. Therefore, I believe large enterprises are going to trust a partner more than going to a straight up ChatGPT-type of OpenAI.

I think they'd rather see it worked in with Microsoft, they'd rather see it worked in with Salesforce, or AWS, or GCP. And we're hearing more and more announcements about that. I think that's the way it's going to get into the enterprise. But I do want to state that also when we did the ETS, OpenAI had the largest ever debut score on people saying they plan to evaluate it, the highest ever. So if they can convert that plan to evaluation into actual customers, it'll be really interesting to see in the next ETS. I want to see if that number moves. But specifically to this drill down, what we're seeing here is it's really more about customer support than it is about creating its own. We did not specifically ask about security in here, but I've had multiple people tell me, and I can even quote one, "Once we get more leverage out of AI into RPA, it's going to help close the gap in cyber risk models specifically.

Right now it's a buzzword, but the more and more intelligence we get in, it's going to become a true measure in terms of our risk management." That was a direct quote from a CISO at a global 2000 organization when I asked them about this in general. It's just a matter of time, Dave. It's going to happen. You know, the last 120 days or so, you know, with ChatGPT has just been amazing. You know, Bard, AWS announced yesterday its large language model strategy and I was reading about it on the AWS blog and I'm looking at a picture of it now. They have generative AI and there's three components, Amazon Bedrock, Bedrock's, like a, you know, foundation model-as-a-service. They got Trainium, which is their sort of Arm-based training silicon, and then they got Amazon CodeWhisperer, which is like an AI based code generator. And it was interesting to sort of juxtapose how Amazon is basically saying, "Here are the tools for the builders," versus, you know, what ChatGPT's doing, what Microsoft seems to be doing, sort of embedding it, as you say, into their software and maybe Google would search more consumer oriented versus enterprise with AWS.

Then of course, AWS has Alexa, which maybe could be their consumer play. But I got to tell you, so I had dinner last night with an, he's not so much an AI expert, but he knows AI deep, he's an expert on a lot of different things, but he's deep in the government and he was basically saying, "Look, this stuff has been around for a long time." He told me about something called Eliza, which was in the 1960s. They called it in the sixties a chatter bot. It was like one of the first chat bots. And people at the time were like, "Wow, this machine has feelings." And he was explaining to me, "Dave, these things do not have emotion, but I find myself saying 'thank you' to ChatGPT sometimes and, 'please can you,' and so." But his point was, "Look, this has been around for a long time. With ChatGPT, incredibly powerful, but it's been iterating over a long time with, you know, greater processing power, more data and now, you know, natural language processing and better search and more data. But his point was he sees like amazing potential if it's very narrowly applied. So kind of bringing it back to security, you've mentioned that hey, a lot of companies, you know, have been using, you know, machine intelligence for, you know, understanding telemetry, we've seen CrowdStrike make some acquisitions, near Zook of Palo Alto Networks last year at Ignite, said, "Within five years every job is going to be AI powered." So this is not anything that's like new to security companies, but it does feel like, you know, with a hype that we're entering, you know, a new era here. Yeah, it's not new. And I had a couple of CIOs say to me, in choice language, you know, "Bleep ChatGPT, this has been around forever." That's why I like prefer using that LLM, the large language model, right? Because let's just be honest about what this is. This isn't something that's new, right? This is just like you said, maybe just better application of something that's been around for a long time. Now for security, I think why we're going to see it's embedded a little bit into RPA first is because of SOC analyst fatigue. There's only so many alerts a human being can look at. So it's really, again, remember we talked about XDR, it's really more about that response aspect. I think we're going to be able to see more automation into these type of security vendors and services so we can kind of reduce some of that fatigue a little bit and determine what really needs attention and what doesn't.

And also just be a little bit quicker in their responses. That's where I think we're going to see it first. But yes, it's been around a long time, it's incredibly interesting, it's going to stay interesting, and I think we are going to hear a lot more about it in RSA, that's for sure. Well, speaking of RSA, we're going to wrap up. But before we do, just want to give you a little rundown of theCUBE at RSA. We were approved by the RSA conference as a media partner this year. So we're going to be on Media Row broadcasting from Moscone West. We've got CISOs, cyber experts, we've got analysts, and a lot of thought leaders. We're going to have a great show. I'm super excited to be there. We got a big crew, a lot of our editorial staff is going to be there so you can check out the action on siliconangle.com. We're going to have all the news there and announcements. CUBE.net will be broadcasting. Erik, I know you won't be there in person, but I hope you'll be watching and texting me all your insights so I can lay down some, you know, ideas in theCUBE and really appreciate your collaboration here. Yeah, me too. I always enjoy working with you, Dave. I'll be there anytime you need some support, you need some data, I'm the guy to call. All right. (laughs) We're going to leave it there for now. Thanks to Erik Bradley for his awesome contributions. As always, Alexander Myerson is on production and manages the podcast. Ken Schiffman running switching today, he must have lost the the coin toss as well. Kristen Martin and Cheryl Knight help get the word out on social media and in our newsletters. And Rob Hof is our editor-in-chief over at siliconangle.com, does some great work for us. Thank you. Remember, all these episodes are available as podcasts. Wherever you listen, just search Breaking Analysis podcast. We publish each week on wikibon.com and siliconangle.com. Check out all the videos on theCUBE.net and you can email me at David.Vellante@siliconangle.com, or dm me at DVellante, or comment on our LinkedIn posts. And please check out etr.ai, their survey data is unbelievable, it keeps getting better, focuses on enterprise tech, a phenomenal partnership, and more to come.

Okay, this is Dave Vellante for Erik Bradley. The CUBE Insights: powered by ETR. Thanks for watching and we'll see you next time on Breaking Analysis and at RSA conference at the end of the month. (upbeat music)