Cybersecurity stocks have been sending mixed signals as of late…Mostly negative like much of tech. But some, such as Palo Alto Networks, despite a tough go of it recently, have held up better than most tech names. Others like CrowdStrike had been outperforming broader tech in March but then flipped in May. Okta’s performance was somewhat tracking along with CrowdStrike for most of the past several months but then the Okta hack changed the trajectory of that name. Zscaler has crossed the critical $1B ARR revenue milestone and sees a path to $5B, but the company’s stock fell sharply after its last earnings report and has been on a downtrend since last November…Meanwhile CyberArk’s recent beat and raise was encouraging and the stock acted well after its last report. 

Security remains the #1 initiative priority amongst IT organizations and the spending momentum for many high flying cyber names remains strong. So what gives in cybersecurity? In this Breaking Analysis we focus on security and will update you on the latest data from ETR to try and make sense out of the market and read into what this all means in both the near and long term for some of our favorite names in the sector. 

First…the News

There’s always something happening in security news cycles. 

Costa Rica. The big recent news is new president Rodrigo Chaves declared a national emergency in Costa Rica due to the preponderance of Russian cyber attacks on the country’s critical infrastructure. Such measures are normally reserved for natural disasters like earthquakes but this move speaks to the nature of today’s cyber threats. 

Cyber warfare. Of no surprise is that in modern superpower warfare, even for a depleted power like Russia, cyber weaponry is a given as we continue to see in Ukraine. 

Cybersecurity IPO? Privately held Arctic Wolf Networks hired Duston Williams as its new CFO. Williams has taken three companies to IPO including Nutanix in 2016. Whether AWN chooses to pull the trigger this year or will wait until markets are less choppy remains to be seen but it’s a pretty clear sign the company is headed to IPO at some point. 

Building security into platforms. A big point of discussion this week at Red Hat Summit in Boston and the prior week at Dell Technologies World was security. In the case of Red Hat, securing the digital supply chain and from Dell, building many security features into its storage arrays and cyber resilience services into its as-a-service offering, APEX.  We’re seeing a trend where buyers want to reduce the number of bespoke tools they use.

IDC’s Jim Mercer shared the following on theCUBE at Red Hat Summit:

Around last August, we ran a survey and asked, ‘where do you want to get your DevSecOps security from, do you want to get it from individual vendors? Or do you want to get it from your platforms that you’re using and deploying changes in Kubernetes?’

>> Great question. What did they say? 

The majority of respondents said they’re hoping they can get it built into the platform. That’s really what they want.

[Listen to IDC’s Jim Mercer share relevant data from a recent survey they conducted on the topic]. 

Now we can debate whether that vision is achievable, because you have so much innovation and investment going on from the likes of startups such as Lacework and Snyk…and security companies trying to build out platforms like CrowdStrike, Okta, Zscaler and many others. 

The last point we’ll hit is there’s some buzz in the news about Okta. The reaction to what was a relatively benign hack was severe and probably overblown. But Okta’s stock is paying the price of what is generally considered a blown communications plan versus a technical failure. Remember, identity is not an easy thing to rip and replace and Okta remains a best of breed player and leader in the space. So we’ll look at some ETR data later in this segment to try and make sense of the recent action in the market. 

The Market Sends Mixed Signals in Security

Let’s take a look at how some of the names in cybersecurity have fared relative to some of the indices and indicators. 

Above we show a Google Finance comparison for a number of names and their performance year to date. At the bottom 0f the list, for comparison, we plot the BUG ETF, which tracks security stocks. We don’t show it here but the tech heavy Nasdaq is off around 26% year to date whereas the security ETF is down 18%. But the data are mixed. For example, Okta is way off relative to its peers…that’s a combination of the breach but also the run up in the stock since COVID. CrowdStrike was faring better but broke this month. We’ll see how its upcoming earnings announcements are received on June 2nd after the close. 

Palo Alto Networks is the light blue line and has done better than most and until recently was holding up quite well. Of course SailPoint, another identity specialist, is going private with the acquisition by Thoma Bravo at nearly $7B. 

So we get mixed signals in cyber these past several months and weeks. 

Survey Data Shows Continued Spending Momentum for the Cyber Leaders

As we’ve reported, IT spending forecasts at the macro level have come off their 8% highs from the end of the year surveys, but robust tech spending is still expected at nearly 7% within the base of 1200 ETR respondents. Let’s take a look at the survey data and see how spending is holding up for security players.

The above graphic shows a picture from the ETR survey of the cyber landscape for the April survey. The Y axis is Net Score or spending momentum and the X axis is Overlap – formerly Market Share – which is a measure of pervasiveness in the data set. That dotted red line at 40% indicates highly elevated spending momentum and we’ve filtered the names to only those with 100 or more responses in the survey. The picture is still crowded nonetheless.

Note there are several companies above the red dotted line including, Microsoft which is up to the right. But also Palo Alto, Okta, Auth0, which is now owned by Okta, Zscaler, CyberArk is making moves, SailPoint and Cloudflare are all above the magic 40% line. With Cisco showing a large presence in the data on the X axis and respectable momentum. Splunk, KnowBe4 and Tenable are just below the 40% line. With plenty of names in the very respectable 20% zone. We’ve included some legacy names that fall below the 0% line with a negative Net Score. That means a larger proportion of their customers in the survey are spending less than those that are spending more. Typically for these legacy names you’ll have a huge proportion of customers who have flat spending and that pulls Net Score downward. 

The bottom line is that spending remains robust for some of the leading names we talked about earlier – despite their rocky stock performance. 

Zooming Out on the Leaders

Let’s filter the data a bit more to make it easier to read. To do that we take out Microsoft because they’re so dominant and we cherry pick some names to make the data more consumable. The other data point we’ve added is Okta’s Net Score breakdown shown in the lower right of the chart below. 

Focusing for a moment on Okta’s net Score Breakdown. Net Score measure the percent of customers that are adding the platform new – that’s the lime green at 18% for Okta. The forest green at 42% is the percent of customers in the survey spending 6% or more. The gray is flat spending at 32% of respondents. The pink at 3% is the percent of customers spending less (6% or worse) and the bright red at 3% indicates customers decommissioning the platform. 

Subtract the reds from the greens and you get Okta’s Net Score solidly in the mid 50% range.

We highlight Okta because it’s a name we follow closely and customers have given us strong feedback on the company’s technology and consistent execution. But the recent breach has caused us to take a closer look and you may recall we reported with our ETR colleague Erik Bradley that the breach was announced right in the middle of collecting the latest survey data.  And while we did see a noticeable downtick in Okta’s Net Score right after the breach was disclosed, you can see above the combination of Okta and Auth0 remains very strong. 

We asked Erik Bradley what he thought about Okta at this point and he pointed out that you can’t evaluate this company on its PE ratio. But its forward sales multiple is now below 7X and while attractive, these high fliers have to start making a profit at some point. Hold that thought– we’ll come back there. 

Four Star Security Firms

Let’s take one more cut of the ETR data to look at our four star security names. A while back we developed a methodology to try and cut through the noise of the crowded security sector using the ETR data to evaluate two key metrics – Net Score and Shared N. The latter is an indicator of presence in the data set – a proxy for market presence. And the former is a measure of spending momentum. We assign four stars to those companies that crack the top 10 in both categories. 

The chart above shows the April survey data for those companies with an N greater than or equal to 100 responses. The table on the left is sorted by Net Score and the one of the right by Shared N. 

Seven companies hit the top 10 for both categories and earned four stars: Palo Alto Networks, Splunk, CrowdStrike, Okta, Proofpoint, Fortinet and Zscaler. Remember Okta excludes Auth0 which didn’t make the cuts but hits the top 10 for Net Score. So if you add Auth0’s 112 N to Okta, it would put Okta in the #2 spot in the survey on the rightmost table with a Shared N of 354. Only Cisco has a higher presence than Okta in the data set and you can see Cisco on the left lands just below the red dotted line in security. So if we were to combine Okta and Auth0 as one, Cisco would make the cut and earn four stars. 

Other notables are CyberArk, which is just below the red line on the rightmost chart with 177 Shared N. Again if you combine Auth0 and Okta, CyberArk makes the four star grade because it’s in the top 10 for Net Score. And SailPoint is notable with a Net Score above 50% and a respectable 122 Shared N. 

Despite the market’s choppy waters we’re seeing some positive signs in the survey data for the more prominent names in security.  

What’s the Outlook for Cyber Stocks Going Forward?  

As always when we see these confusing signs we like to reach out to theCUBE network and one of the sharpest traders out there, Chip Symington, who shared some insights with us that we highlight here. 

Good tech stocks are oversold. Technically, almost every good tech stock is oversold and as such we may see a bounce here. We’re certainly seeing that on this Friday the 13th. But the right call tactically has been to sell into the rally these past several months. 

Follow the money. The key issue with a name like Okta and some other momentum names like CrowdStrike and Zscaler is that when money comes back into tech, it’s going to go to the likes of Facebook, Apple, Amazon, Netflix, Google and Microsoft. We’ll see about Amazon by the way — it’s out of favor right now as everyone’s focused on retail — meanwhile its cloud business is booming and that’s where all the profit is. 

Profitless prosperity. For these momentum names that don’t make money they face real headwinds as growth slows and interest rates rise, making the net present value of these investments much less attractive. 

Quality wins long term. Longer term we agree with Symington. Many of these names will be great companies and they’ll weather the storm to lead in their respective markets. As well, expect continued M&A activity in cyber which could act as a booster shot in the arm of these names. 

In 2019 we saw the ETR data point to momentum for CrowdStrike, Zscaler and Okta in the security space, as well as some other names. The pandemic created a surge in these stocks and admittedly they got out over their skis from a valuation perspective. But the data suggests these leading companies have continued momentum and the potential for staying power. Unlike the brand impact of the SolarWinds hack, it seems at this juncture, that Okta will recover in the market. But for the reasons we cited, investors may stay away for some time. Longer term there’s a shift in CISO security strategies that appears to permanently value cloud-based, modern platforms that will likely continue to gain share and carry their momentum.  

Keep in Touch

Thanks to Stephanie Chan who researches topics for this Breaking Analysis. Alex Myerson is on production, the podcasts and media workflows. Special thanks to Kristen Martin and Cheryl Knight who help us keep our community informed and get the word out. And to Rob Hof, our EiC at SiliconANGLE.

Remember we publish each week on Wikibon and SiliconANGLE. These episodes are all available as podcasts wherever you listen.

Email | DM @dvellante on Twitter | Comment on our LinkedIn posts.

Also, check out this ETR Tutorial we created, which explains the spending methodology in more detail.

Watch the full video analysis:

Note: ETR is a separate company from Wikibon and SiliconANGLE. If you would like to cite or republish any of the company’s data, or inquire about its services, please contact ETR at

All statements made regarding companies or securities are strictly beliefs, points of view and opinions held by SiliconANGLE media, Enterprise Technology Research, other guests on theCUBE and guest writers. Such statements are not recommendations by these individuals to buy, sell or hold any security. The content presented does not constitute investment advice and should not be used as the basis for any investment decision. You and only you are responsible for your investment decisions.