Cyber Investing Summit 2018
May 15, 2018, New York, USA
Cyber Investing Summit 2018
Request Q&A
Video
Cybersecurity Equities Performance Analysis
Available
In cart
Free
Free
Free
Free
Free
Free
Add to favorites
151
I like 0
I dislike 0
Available
In cart
Free
Free
Free
Free
Free
Free
  • Description
  • Transcript
  • Discussion

About speakers

Olivia Voznenko
Reporter at Modern Wall Street
Howard Smith
Managing Director at First Analysis
Kenny Talanian
Equity Trader at Evercore ISI
Gur Talpaz
Equity Research Analyst at Stifel Financial

About the talk

Cyber Investing Summit 2018 panelists take a look at cybersecurity equity performance and investment strategies

00:40 Cyberattacks

04:46 An eye-opening moment

09:06 Cloud-based vendors

14:19 Buyer is becoming more intelligent

19:30 Appliance based model

24:15 Cybersecurity

29:34 Microsoft secure

31:40 Amazon store

Share

Yes, I like them Suzy azzam. Alright. Hello everyone. I'm Olivia voznenko. I'm a reporter for modern Wall Street and before introduce you to our lovely panelist. I like to let you know that we're going to take a couple minutes after the panel to answer audience questions. So we're not going to hold you behind a firewall. Make sure you get some good ammo for these guys are right. Now, let's go down the line it introduced everyone. This is Howard Smith with first analysis.

All right. Thank you gentleman all the time. But what happens when a major one like one by enter the headlines in the overall Market react? So I can I think in general the markets become less reactionary to breeches versus where was maybe a few years ago you go back to Sony pictures or Anthem Blue Cross Blue Shield. Nothing posted the tax yourself pretty sharp reaction in inside sucks. And I think it's reflecting something else happening in the industry. I think you'll get them buying patterns for security out their security spending in as

reactionary. I didn't used to be I got to go spend a ton database security going to go buy a ton of them forever business these days that being said singular events, like a wannacry are not pet you can post on a crime not touch it because guess what this in the foundation getting the basic done is really important in solving ransomware. I'll just add that there is a delay a lot of people think well, I'm going to buy the stock because they must be seen a surgeon orders and when an attack

happens what we hear is the sea Susan how the people in this room can speak better to that. I need to do that. I'm not worried about spending and how I'm going to prevent the next attack. So there is a delay even in the direct products that can solve the specific issue. So a lot of times there's this well, it's not this quarter its next quarter and I think that's part of what is smooth the reactionary front from the investor has a reaction to the investor. They don't buy it that right away. And so there

is that lack, but I absolutely think it does driving environment at or die sensitivity for security stocks and we're seeing that in Spades this year. I think some of the attacks Target Sony all that their accumulated And you're seeing in the stock market particularly this year? I think just the add-on. It's important to think about that big breach. 2014-15 where people did spend a lot of money and spent in 2016 and forward trying to rationalize a lot of that spending you couple that with a desire to reduce the vendor account. I think you have to think about

how those folks are going to go to market again. The next time of renewal comes up and I think that's what you're seeing more now than you are necessarily a reaction. But the next time they come to the table this it will why didn't we prevent this right and differences? For cyber security option. I think if you look at a lot of the insurance policies today, and if the Actuarial tables aren't built for cyber risk what they're built for is if you get breached, can I call out mandiant FireEye

and have them come in dear friends at work? Can I do some cleanup? Can I try to prevent the loss of customers write something that's my lot more tangible. But if there isn't a true full life policy on the part of the buyer we're used to be if I spend more I can prevent breaches. Now when we talked to Steve shows at the at the seat at the c-suite level isn't so much. Can I prevent being breech you it's all problems. What can I have deployed to mitigate and reduce my risk profile right to go black and white prevention towards risk management.

Increase but the average cost of a minion of reach 3.8 million dollars by two years ago by 2.8 million dollars this year before Target was with someone and I opening moment and eat you can ensure some of the cost of remediation and the system. You can't insure the market value of your own stock from the reputational hit that you take from a breach and having to disclose an Equifax and others and that that is an uninsurable risk Board Room attention at

Borden Focus. So you're not in the headlines really has has come to the fore. Regulation is not forcing disclosure. You think about Equifax or Yahoo! I think that's disclosure. I think you were really were a lot more about the overall Market by how is the public Cloud effect of the cybersecurity market? I can see I can start on that. I think I think there's two different things as a customer about your roadmap to the public lap for some companies that made me do jumping directly to that

for most though. I think it means having a hybrid Cloud right you have on premise and you have public cloud in coming and having to be able to manage between the two I think from a stock perspective. Look at companies like checkpoint for and at Palo Alto they're constantly asked about the cloud because they make firewall firewall is going on premise data centers and that's considered a threat to those businesses over the next five years. You have that hybrid environment people continue to buy firewalls, maybe not as many units as they might have in the

past and then we we bridge the gap between the that on Prime wall to the cloud and it slowly would probably move more and more there. Hannah conditional on-premise vendor translate into that environment or do you need new functionally native birth party solutions to support that environment and I think what you seem like a pretty interesting native cloud-based fire one environment extending the reach now the perks of Evan. IO, but I keep winning with their first party virtualized firewalls and my channel sex in the last 6 months alone it now with public and

hybrid called Prodigy is centralized management functionally holistic about security more broadly one more Silo so I can bring that into the next. What time factor in nature addressing one is a spot where I would have thought it would be really exposing that alarm. I think you're seeing a bit of the opposite at least go back a few years. There was a perception that a lot of companies were not going to move their most critical data to the cloud. I think in large part that has been debunked and there is a widespread view on Wall Street debt that it's all moving over time to the cloud

will still be hybrid environments. They're still going to be in on friend Park, but there's nothing that sacred that you're not going to put in the cloud. So it it has created an urgency to make sure that cloud is secure and I think there is a perception that native Cloud Solutions can do a better job. Protecting the cloud then I'm from migrating. And that is a perception being put forth while the cloud-based vendors and want to support that. I think the evidence is still young

quite out with some historically on print solutions having great success in extending that to the cloud and get their two more points and I want to make about public Publix on right now. It's multi-cloud. It's fragmented. You may you may have an AWS you may have some Azure you may have some gcp or something else what can be that centralization that that layer that kind of permit across all three of those including your own from infrastructure, whether it's big Iron physical or virtualized know we see a lot of times that they

look now wherever you go You can have this unification layer like a Palo Alto that permeates across all aspects of your infrastructure. That's actually the second point. I think we have an address. What does the port authority mean for capacity into the actual traditional on from Data Center and home office and firewalls and network security. Capacity for 2 and 1/2 x fold increase in network traffic as a result of the push to cloud and it's a SAS drive

to the need for greater capacity firewalls at least very hectic with an SSL traffic. Most of the application most the public cloud is encrypted data that requires a more powerful through yet made you go by and at 5 to send from your firewall, but if you want to do one thing that can function and we're seeing more of that as well. So what's funny about all this is that that we think there was a fire with at Kingwood and public Cloud at the same time. They're clear drivers in the unfriendly to drive more growth and traditional. I just don't want him or not to but it

is an important topic. What does Microsoft Amazon and Google do in terms of native Security in the cloud and how does that affect the Pure Play companies to date? They have offerings that I think are viewed as inferior to that but you'll get when you buy so dedicated things what we hear a lot is also no one's going to be purely an AWS or purely another you're going to have a multi Cloud environment and you need an overlay architecture that works with all of them, but conceptually, I think it would be very disruptive to the market if you were to see Google or Amazon

or or or Microsoft specifically for cloud making major 30 40 billion dollar acquisition when the leading security players publicly traded that wouldn't that could take up the market? Readycloud spaced holes even more it seems like but aside from that, where do you see growth in the cybersecurity space expanding the brief types of becoming more sophisticated? I think what's happening here? So we're to fold a nature right? We're seeing growth and demand for cyber

security and that's being offset by increasing number of supply of Endor. So depending on who you ask him any given day. You may get two thousand pennies make a 2700 you make it a little bit less or more a lot of vendors in the spins a lot of competition and that put some measure pricing pressure out there. So far is supply and demand or Supply know that you put pressure on Friday in Racine that too for example and endpoint what you think is good growth in that market but the average cost for

endpoint and prevention is To let them $5 at today and it still going down we've heard of guilds be done at $2 a seat, for example, because of all that competition. So there's a lot of girls out there, but all the competition that exist out there as well. I think I may speak to some of the earlier points are in this conference is there is a large amount of enders targeting a finite amount of pain and I think there is an expanding area of cybersecurity when you think about going into securing Thrones securing iot or industrial where there are new markets that are growing right? And so I

think those are from a private company in a public company stand Point higher growth areas because a lot of a lot of traditional areas so it can you have a good point earlier, which is that a business put your consolidation Reddit happening across the space. Can you get argue that it was a rising tide in most ships were lifted in that environment. If you look out right now, for example, you're seeing names like checkpoint declining on license over 10% per year. Palo Alto

for dinner executing well and then space and I think what's happening is the budget is there is being better folks that have been fired becoming more intelligent more security than actually better security. I'm going to focus my best around the people. I like run the vins like I bring the Benders I trust and so I think the Warriors are winning more and losses are perhaps losing more and I'll just add anything you perverted seeing today. Yo, there aren't enough people to do the work anything that automates takes people out of the process makes you more effective with less

Personnel is getting a lot of attention to look for when analyzing a company besides the old p ratio. Personally, I cash flows came for me. I mean, I think it depends on if you're just starting. It's a land grant when you're selling the Enterprises go out and get as many customers as you can and then eventually you can tell back broke that expensive in the earlier stage companies that it's important to watch that growth. But as you get towards that later stage the the cash flow generation capabilities relative to its peers tend to be the best metric most

publicly traded companies. I want a few public analyst who also run adventure fun and invest in the private side and I approach it from a similar lens with David watts of this morning as if it's pretty much what I look for in the public companies as well. And that is what is sales and marketing execution. I look at that more than the latest R&D Pipeline and development pipeline, but the ability to create a sustainable path to the customer that is effective undifferentiated and then to to the extent there is a moat in terms of

competition coming in. I like spaces unlike endpoint where there's lots of venture, coming in a lots of challenges that's counterintuitive a little bit and it's not the focus of the up-and-comers. It's not what Sandhill Road is investing in right now. So those are the two things I look for. Things I look for a recurring Revenue to me. That's really really important. The most important ratio to me is LTV to CAC. That's the that's the most important role in growth mode settings. I look for for example, Arendelle renewal birthday feed the hundred percent

consistently that matters a lot to me contractor is matter a whole lot to me as well. I think to me recurring revenue is King at the end of the day and insecurity think it's really interesting ride because actually work your product don't work. I'm going to turn them off as we move past them validation of that solution. I think I digitally I sell your firewall firewall. So I really cared about was that refresh think about recurring revenue and software-as-a-service and cybersecurity have to deliver by to you

every single day if I if I don't Turn off my solution and eye renewal dip those things matter a lot to me. For his outright sales. In the public space companies, but the every new company coming out functionally is a recurring revenue or subscription company in Lathrup. Stop biting the last vestiges of getting out there either hybrid model or license plate model that I think we're pretty much done with that as we're going forward. I love that model is behind the broader software universities to cover SAS. And remember you're covering Stiebel and sell sports team around

trying to measure of disruption was I was virtually impossible for a vendor like that. I think to be his name is now happening in the in the cybersecurity landscape. I think it's the model of the future probably a model to present today model the future. I think the capital markets like it creates unpredictability. I don't have an issue. There's Fiber Arts company. I like quite a bit and it's a pure perpetual-license maintenance model. And I think it works and they go in and do they they sell a portion of the solution and they go back and they expand year after year and sell more to

that same customer. So I don't have a problem with either you think there is some real fallacy in terms of well, the other recurring makes it that much more predictable it does but then is an investor the sensitivity around small changes in the recurring flow as opposed to a Perpetual where you can see wide variations in Wall Street has more tolerant of that it it just Niro's the window for air in my opinion. I think it also creates a different Dynamic with the customer right? If you if you want to listen to a lot of companies that are switching over from or

transactional Perpetual our plans based model to something more recurring we'll talk about building a customer success function within the organization know what that really means. They know that every year. Usually they have to go back to the customer and justify why they're paying them. It becomes much more of a collaborative sale versus in a few were to go back and look at it. I don't take on Oracle. I'm going to pick on Oracle and people don't like that. Don't worry Axelrod billions

conversation. How are companies using hackers as a tool? How do you hack into the tool? I mean, I mean any good come people pentest there any other infrastructure? I think anyone should include in cybersecurity companies. I think that's fundamentally foundational. I think if you're not texting your networking constantly, then you run the risk of of the operations funny. I was talking to a Fortune 500 C. So like 2 weeks ago in Maryland. What is this go shopping and that's the case for now in Perfect 2 and 1/2.

Do you run white to kind of do pentesting and why would I do that? Not understand about his own data by Amazon Customer job in two years if that's going to be as mentality. You have to evolve what you have Packers always changing always evolving. So it's it's it's it's for you but of what any good. Any one thing to eat you may be referring to is your there are some hackers that are now using the platform to notify companies that their issues but also to use that knowledge

for the investment side. I prefer if I'm going to be first let me know but if you're going to do it do it to hit my stock rather than you'll sell that information to the Chinese or something that that's going to steal. My my entire seen. A lot of that is being used by Hutch books and other things to really get insight into vulnerabilities companies, but I know what's out there. I did a thing. I was at is a few of the larger companies offer bug Bounty programs. And essentially it's a way of crowdsourcing vulnerability

management if you're talented hacker and you can find a problem and there's a substantial monetary reward for that. So what would you like to see these evelop in the space? What do you want to see companies events and bring to the table in cyber security security at the market. We have to block everything defend against everything the attacker has unlimited attempts effectively to get it to your network in that equation put you at a disadvantage. I'd like to see and

evolution of more offensive tools personally as regular as regulatory issues at the market but I like working like deception are going to go pick somebody breeches your network that's going to keep blocking them and let them think I'm going to mess with them would take away their time. I'm going to make it harder for them know it it's kind of dark but I like that approach. I mean like you're dealing with a human at the end of the day and the equation is on their side either caught in there is nothing. So how do you change that? Found how to change out a question? How do we change that?

Dynamic in cybersecurity? I think I think there's a way to evolve the tool set and to that direction and then I like to see it go. I agree completely with that answer and I'll just add for internet of things which I spent a lot of time. Unfortunately Wireless be using satellite cellular, you know where devices are out in the field. I think there's a perception that we're going to apply the traditional network type Securities across a broader Tax Service surface that includes mobile and iot and I think the type of assets from the operating systems they run on to

the processing power they have to to run systems to keep them from attack or just fundamentally different. So you heard about that a little this morning thing, but I think there has to be some new paradigms coming up for the the infrastructure for the iot world and that's something I'm focused on. I did not know one thing I would add is similar with girl had to say a lot of the problem we have in cyber-security today is lack of talent. You can't find enough people to use the tools that you bought or no skill people I think in the future we're going to Trend towards more of a machine

versus machine hacking and I don't think we've quite Advanced to the point where the defensive tools are that good. A lot of people like to talk about AI or machine learning, but if you really drove down to what the content of that is, it's a very simple algorithm if then if then if that so I think that's where we need to see more advanced. I think you know we spent so much time in the pastor is on things like prevention and then detection but we thought we suck at responding were terrible attitude nasty So Yesterday Ms. Response mechanism is a quarantine the machine and then I

just I just delete the image and reinstall a new image the terrible response back adjusted to dealing with a breech that's, that's that's that's really supposed to be on there better. Be safe. It's hard to swipe it out. We've been so little work on the response elements of it would focus 90% of our dollars on detection on prevention because it's sexy responses in this holy SXT, buy things really really really really really important. I think it's definitely one more piece of think. It's really important. What is the value of their data Thunder by the underlined look at

6:30 today? The most secure is either at the proper level or on the endpoint. Why should security be brought closer to the actual data layer itself? What's happening at the data level who is accessing it were they doing with it? Manipulating it what's happening there in the day why security sings so far away from that data layer? Okay, because we have to like I said, we're not going to keep our audience behind a firewall. We are ready for some newer questions.

Cloud biscuits It it doesn't think the one that might be more likely is probably Amazon and Amazon, but this is just my hypothetical scenarios. If they run into regulation issues. They might have to divest it Google created a corporate structure that might allow for divestment of assets my Google Cloud. I think speaking to Microsoft specifically as you're such a critical part of their go to their strategy going forward. I would be surprised to see them they messed that. I guess I would just say

from a security standpoint. And I think he may have a different opinion side baby curious. If you die, they see so much. They're responsible for for so much so many different corporate networks and data and things like that. They get a visibility in a scale. It's almost unprecedented in terms of what they see. So they're in a position to take some Action Security wise that you could be at least differentiated if not unique and I do think combining a company with that type of infrastructure with some of the

leading cyber security companies out there. As I said could be game-changing an interesting, you know that the Palo elbows to check points for some of those larger companies in the hands exclusively of an Amazon or Microsoft. Like the destructive to the industry in a you may have a different I do any different answer and it's funny. You know why I came right out of college in the fear then was at home. I kept pushing into endpoint is going to destroy the endpoint Market they're going to own it because they only OS

layers, of course, they're going to end the end fund marketing that never came to fruition time and time again, I think you seen large infrastructure and thought were going to try to put him security security. So fundamentally different problem. Then there really been all that successful in it and I might have to try to think of a variety of acquisition to die for a hundred million dollars. They bought an alarm for 300 million dollars and the stool in their side by Martin Luther cloud-based SSO

a person as your AG silver cars in applying. I mean like this like that, it's just it's so funny. They haven't even gotten there yet. So I think to me That part one is that the empirical evidence suggests is abroad history Mass execution for them in this day. I think secondarily is a broader notion amongst the Enterprise at why do you want the fox guarding the hen house and you should have a third party vendor doing your security. You really want that first party vendor doing both your security and your infrastructure. I think history shows. Let me know. You don't want that. You do want the

measure of finally won last ones that find me one computer to a standardized across one single stack. You won't find one really likes the new starter motor multi-cloud of nature most are fragmented across different pieces of them. Maybe you doing a little bit of my security nearest accent. Where you for AWS. What do you do for gcp in that environment? I think people want holistic security meditation those pain points put the less pressure on your people as we talked about already a limited resource. So I think they can't do that cuz they're

they're invested and pushing more their own products. Are there apple with the apps? Then I can tell you and me for Android that's just not there. I thought their business plan at the end of the day. So I think is a lot of factors that play that I can push. I think the third-party Market I think more aggressively in that direction funny two years ago. I was dead security groups and end up going to crush the cloud-based firewall Market. They're going to dominate with with these things. It's basic it. Does it does what you need the opposite actually in Palo Alto at the pricing my cousin go to

market in that space moving away from her house model for tomorrow holistic Ela Titan model it done quite well in that market. So that's a Buddhist and one more thing on that. I think if you look at Microsoft strategies for example and security they want people to move data into Office 365 and Azure that's their growth mechanism. Just want you to be secure enough that you're using that product is going to offer basic level security moved to the point where they want to sell you a separate SKU for Security products. Let me get the same for afraid

of you actually in design their data center people. So the underlying architecture there is very secure and then on top of that they offered some basic level functionality and then open it up till Marketplace of third-party vendors asgar explain that I have done quite well in there. So I I don't I don't quite see them moving to disrupted pure security vendors at this point, but get a channel Partners cuz I feel like they're being pushed out of the equation right? We can go to consume at security

service from a third-party ISP directly from the Amazon store. So I talked to a lot of retailers. They getting really freaked out about Amazon's doing a security SEC because they can be destructive as far as the selling motion and sixth recent one of those markets for the channel is your bread and butter in a lot of ways and they were lion security. So this thing we talked now free funny like they're they're evolving the National Bike hyper convert Storage Solutions, like like obesity and rubric and that's that's different than where was he worried about what's happening, but not because

of yourself because of that disaggregation now of the of that push and have that Marketplace, Yep, we do a ton of work on gdpr. I think it's functioning the most important mended. I've I've seen in my career. I'll be on hit fun. PCI any company sell them to Europe that that manages European customer data are European consumer data is responsible to comply with it. If you don't know what you did PR its function of punitive regulation that says if you get breaking you don't notify affected consumers within 3 days, you can be you can be a

pain like that before percentage of global revenue revenue. Your Global Revenue goes into effect right now post a Facebook Cambridge analytica in the US and there's a growing chorus now for gdpr like regulation in the US and I think by the way should exist because there is breach notification regulation on a state-by-state basis, but most States like Georgia, for example of the pork is equifax's base in Georgia. Do you have to notify the consumer? What you seem that different in the u.s. Proposed regulation vs. You're pretty to me as if it's one thing. It's not a fine. It's proposed jail time to

think it's really interesting that overall purpose of the European c-suite a few years ago was when the Sony Pictures CEO Hattery mother's supposed to cross the webinar play lost her job and became a c-suite concern exposure. That's a c-suite issue. And I think that's why I make cyber security. Can I would just add it will also cause some spending over time for some vendors that would do is not but perhaps non-core right? Everybody has firewalls. Everybody is endpoint. I think you're going to start to see more folks focus on things like cyber-ark Solutions or imperfect database security and in

some of the offerings from Verona. I think that there are actually beneficiaries as a function of GDP are also think of the regulation ends up shortly after goes into effect. I would not be surprised to see a large multi-national corporation get hit with a fine. They want to set an example and I think to some extent it's also an alternative tax for the Europeans couldn't get enough of antitrust suits to work. So I'll just elevated it to the c-suite. And much

like yeah, I think gdpr that that is something that the Executive Suite and the board's know about and it is causing a scrutiny and perhaps a change of focus on how security is bought and implemented that you wouldn't see without the regulation and I do think it will be a model for others to look and perhaps emulate overtime. So let's give a round of applause for a panelist. Thank you so much.

Cackle comments for the website

Buy this talk

Access to the talk “Cybersecurity Equities Performance Analysis”
Available
In cart
Free
Free
Free
Free
Free
Free

Access to all the recordings of the event

Get access to all videos “Cyber Investing Summit 2018”
Available
In cart
Free
Free
Free
Free
Free
Free
Ticket

Interested in topic “Banking, Finance and Fintech”?

You might be interested in videos from this event

June 1 - 3, 2020
Online
67
147
business, covid19, government, investment, law, metals, minerals, mining

Similar talks

Steve Cerveny
Founder and CEO at ConsenSys
+ 4 speakers
Joseph Lubin
Co-Founder & Founder at Ethereum & ConsenSys
+ 4 speakers
Jonas Hudson
Co-Founder at Greenfence Consumer
+ 4 speakers
Justo Ortiz
Chairman at Union Bank of the Philippines
+ 4 speakers
Available
In cart
Free
Free
Free
Free
Free
Free
Anant Kadiyala
Senior Director - Blockchain and IoT at Oracle
+ 2 speakers
Alpha Wang
Tencent BeST Architect at Tencent
+ 2 speakers
Hanumantha Rao Morusupalli
Global Head at Technology & Partnerships, TCS Blockchain Services Tata Consultancy Services
+ 2 speakers
Available
In cart
Free
Free
Free
Free
Free
Free
Jurgen Fuykschot
Principal Consultant (Mining) at SRK Consulting (UK)

Buy this video

Video

Access to the talk “Cybersecurity Equities Performance Analysis”
Available
In cart
Free
Free
Free
Free
Free
Free

Conference Cast

With ConferenceCast.tv, you get access to our library of the world's best conference talks.

Conference Cast
577 conferences
23231 speakers
8691 hours of content
Olivia Voznenko
Howard Smith
Kenny Talanian
Gur Talpaz