WEBVTT 1 00:00:06.930 --> 00:00:09.060 Anna Delaney: Hello, and thanks for joining us for the ISMG 2 00:00:09.060 --> 00:00:11.670 Editors' Panel. I'm Anna Delaney, and this is a weekly 3 00:00:11.670 --> 00:00:15.000 show which examines the top cyber and information security 4 00:00:15.000 --> 00:00:19.050 news stories. The ISMG editors joining me this week are Tom 5 00:00:19.050 --> 00:00:22.260 Field, senior vice president of editorial; Marianne Kolbasuk 6 00:00:22.260 --> 00:00:25.410 McGee, executive editor for HealthcareInfoSecurity; and 7 00:00:25.410 --> 00:00:28.950 Michael Novison, managing editor for ISMG business. Great to see 8 00:00:28.950 --> 00:00:29.370 you all. 9 00:00:30.030 --> 00:00:31.230 Tom Field: Great to be seen as always. 10 00:00:31.560 --> 00:00:32.580 Marianne McGee: Thanks for having us. 11 00:00:33.180 --> 00:00:33.930 Michael Novinson: Thanks for having me. 12 00:00:34.530 --> 00:00:36.750 Anna Delaney: Tom, you look like you're having fun. Tell us about 13 00:00:36.750 --> 00:00:36.900 it. 14 00:00:37.590 --> 00:00:39.720 Tom Field: This is the annual Windsor fare in Maine. It's a 15 00:00:39.720 --> 00:00:42.270 fare I've attended since I was six years old. I'd been away for 16 00:00:42.270 --> 00:00:45.000 about 17 years and went to it with my family over the weekend. 17 00:00:45.840 --> 00:00:46.500 It was lovely. 18 00:00:47.950 --> 00:00:50.350 Anna Delaney: And Marianne, you're out with the seagulls. 19 00:00:50.770 --> 00:00:55.210 Marianne McGee: Yeah, I mean at Scituate harbor in New England. 20 00:00:55.330 --> 00:00:58.570 You know, one of these typical seaside New England towns. 21 00:00:59.590 --> 00:01:02.110 Anna Delaney: Beautiful! Also outside, Michael, with a with a 22 00:01:02.110 --> 00:01:03.040 gorgeous sunset. 23 00:01:03.810 --> 00:01:05.970 Michael Novinson: Indeed I am. I am at the Seekonk Swimming and 24 00:01:05.970 --> 00:01:10.260 Tennis Club in my hometown of Seekonk, Massachusetts. Though 25 00:01:10.530 --> 00:01:13.470 sunset is not always part of the experience. But certainly it is 26 00:01:13.470 --> 00:01:16.740 nice taking a dip. My daughter, who's three now, loves swimming 27 00:01:16.740 --> 00:01:19.410 in the pool. So certainly a fun way to spend the summer. Just 28 00:01:19.500 --> 00:01:22.650 wish it were still open this week. We're going up to the 90s, 29 00:01:22.680 --> 00:01:26.610 or what 34 degrees celsius. I checked tomorrow. So wish we can 30 00:01:26.610 --> 00:01:27.270 still get in there. 31 00:01:27.750 --> 00:01:29.880 Tom Field: Anna is warmer than we are. I checked out earlier. 32 00:01:30.270 --> 00:01:30.900 It 33 00:01:31.050 --> 00:01:34.800 Anna Delaney: Occasionally happens. Well, last weekend, I 34 00:01:34.800 --> 00:01:37.740 paid a visit to a London art house cinema called The Garden 35 00:01:37.740 --> 00:01:41.280 Cinema , which had a mystery screening of a Hitchcock film. 36 00:01:42.870 --> 00:01:45.120 Well, it was called Frenzy. Have you seen it? 37 00:01:45.630 --> 00:01:46.020 Tom Field: Of course. 38 00:01:46.500 --> 00:01:47.850 Anna Delaney: Ninteen seventy two. I think it's his 39 00:01:48.000 --> 00:01:52.050 penultimate. It was set in London, which is always fun, but 40 00:01:52.050 --> 00:01:55.920 it's about a serial murderer who strangles women with a necktie. 41 00:01:55.920 --> 00:02:00.120 So, rock and roll Friday. Joyous Friday, but really nice to be in 42 00:02:00.120 --> 00:02:05.790 an old school movie cinema. So love that. Well, Tom, I believe 43 00:02:05.790 --> 00:02:07.650 we are starting on a positive note this week. 44 00:02:07.000 --> 00:02:09.490 Tom Field: As opposed to the strangler? Yes. 45 00:02:11.610 --> 00:02:14.130 Anna Delaney: What a contrast! We're discussing your interview 46 00:02:14.130 --> 00:02:17.520 recorded at BlackHat, with Alberto Yepez at Forgepoint 47 00:02:17.520 --> 00:02:20.760 Capital, who seemingly remains optimistic about the 48 00:02:20.760 --> 00:02:24.090 cybersecurity market in the face of recession fear. So tell us 49 00:02:24.090 --> 00:02:24.510 about it. 50 00:02:24.840 --> 00:02:26.460 Tom Field: Yeah, indeed, Michael and I had the opportunity to 51 00:02:26.460 --> 00:02:29.280 speak with many people at BlackHat over a month ago or a 52 00:02:29.280 --> 00:02:32.430 few weeks back. And one of the people I spoke was Alberto 53 00:02:32.430 --> 00:02:35.580 Yepez, as you say he is the co-founder and managing director 54 00:02:35.580 --> 00:02:38.610 of Forgepoint Capital. And it was an opportunity to check in 55 00:02:38.610 --> 00:02:41.310 for the first time since we'd spoken last at RSA Conference 56 00:02:41.310 --> 00:02:44.820 about, okay, what is the state of the cybersecurity economy 57 00:02:44.820 --> 00:02:48.300 right now. HeI spoke about lots of encouraging signs, including 58 00:02:48.300 --> 00:02:53.880 the cybersecurity investment tourists leaving the market and 59 00:02:53.880 --> 00:02:57.840 things getting back more to normal. And he talked about the 60 00:02:57.840 --> 00:03:01.230 marketplace realigning and I asked him what he meant by 61 00:03:01.230 --> 00:03:03.330 realignment, I'm going to share an excerpt of this interview so 62 00:03:03.330 --> 00:03:05.010 you can see what he had to say about that. 63 00:03:05.480 --> 00:03:08.645 Alberto YĆ©pez: I will say we're coming back to normal. I always 64 00:03:08.711 --> 00:03:12.867 say people said, well, thank you for using the word realignment 65 00:03:12.933 --> 00:03:16.692 because other people know the markets are down. No, we're 66 00:03:16.758 --> 00:03:19.990 going back to pre pandemic times, where you know, 67 00:03:20.056 --> 00:03:23.947 fundamentals were strong and companies that were delivering 68 00:03:24.013 --> 00:03:27.641 real value were value at specific, you know, multiples. 69 00:03:27.707 --> 00:03:31.664 And so for us as a fun, we've been very, very disciplined in 70 00:03:31.730 --> 00:03:35.885 the way we underwrite our deals, always investing with one, the 71 00:03:35.951 --> 00:03:39.579 exit in mind, because it's important, there are certain 72 00:03:39.645 --> 00:03:43.932 dynamics about the cybersecurity market where most exits happened 73 00:03:43.998 --> 00:03:48.153 with M&A. Let's spark that for a moment. So we can discuss that 74 00:03:48.219 --> 00:03:52.440 later. But more importantly, our business is to return multiples 75 00:03:52.506 --> 00:03:56.662 of capital. So you invest in my fund, you know, you give me $1, 76 00:03:56.727 --> 00:04:00.685 hopefully can give you three, four or five in return. But if 77 00:04:00.751 --> 00:04:04.510 when the valuations become so high, the ability to return 78 00:04:04.576 --> 00:04:08.006 capitals is very, very difficult. So we've been very 79 00:04:08.072 --> 00:04:11.831 disciplined in the way we underwrite. We say the price of 80 00:04:11.897 --> 00:04:15.591 entry determines the multiple vaccine. So I guess, short 81 00:04:15.657 --> 00:04:19.680 answer to your question. We're coming back to normal. And now 82 00:04:19.746 --> 00:04:23.967 that bid ask is still; there is a gap, but it's coming together. 83 00:04:24.033 --> 00:04:28.255 And we're not seeing these mega variations in that many unicorns 84 00:04:28.320 --> 00:04:32.476 in the market anymore, because you can justify. Sometimes those 85 00:04:32.542 --> 00:04:35.840 variations that they were being given at the time. 86 00:04:35.000 --> 00:04:38.420 Tom Field: So there you go. Realignment back to normal. I 87 00:04:38.420 --> 00:04:40.970 would say that matches what I see in the marketplace. I'm 88 00:04:40.970 --> 00:04:43.310 curious about Michael's take on that as well. He gets to speak 89 00:04:43.310 --> 00:04:47.450 to lots of CEOs and talking about their earnings reports in 90 00:04:47.450 --> 00:04:50.390 seeing what's happening, but I think we are seeing lots of 91 00:04:50.390 --> 00:04:53.360 encouraging signs in the market that economically we're starting 92 00:04:53.360 --> 00:04:58.370 to rightsize again, and we can look forward to growth in areas 93 00:04:58.370 --> 00:05:03.110 such as OT security and critical infrastructure and privacy by 94 00:05:03.110 --> 00:05:05.270 design and our old friend generative AI. 95 00:05:05.000 --> 00:05:06.843 Michael Novinson: I think certainly there's been a 96 00:05:06.900 --> 00:05:10.068 rationalizing or, as Alberto said, a rebalancing of the 97 00:05:10.126 --> 00:05:13.582 public markets. We've seen stock prices up almost across the 98 00:05:13.639 --> 00:05:16.922 board for everybody since hitting a low in January. Since 99 00:05:16.980 --> 00:05:20.205 the public markets have totally rationalized, it's still 100 00:05:19.370 --> 00:06:33.620 Tom, what do you think the expectations for the future of 101 00:05:20.263 --> 00:05:23.777 trickling its way down through the startup landscape. I mean, 102 00:05:23.834 --> 00:05:27.232 one notable data point would be Checkpoint's acquisition of 103 00:05:27.290 --> 00:05:30.861 Perimeter 81 last month. They were valued at a billion dollars 104 00:05:30.919 --> 00:05:34.087 in June of 2022. Last month, they got acquired for $490 105 00:05:34.144 --> 00:05:37.658 million. So I think startups and the people who fund them are 106 00:05:37.715 --> 00:05:41.459 accepting the difficult medicine that the company is not worth as 107 00:05:41.517 --> 00:05:45.146 much as people are saying 18, 24 months ago, so as folks accept 108 00:05:45.203 --> 00:05:48.889 more reasonable valuation in the current economic environment, I 109 00:05:48.947 --> 00:05:52.115 think there will be the potential for more deal making. 110 00:05:52.173 --> 00:05:55.398 I will point out as the interest rate, the interest rate 111 00:05:55.456 --> 00:05:58.912 environment that we've been operating for 15 years in an era 112 00:05:58.969 --> 00:06:02.483 of free money. So it made it really easy to take out loans to 113 00:06:02.540 --> 00:06:05.478 issue that but we now are the highest interest rate 114 00:06:05.535 --> 00:06:08.761 environment. We had a couple of decades here. So I think 115 00:06:08.818 --> 00:06:12.217 especially for some of the PE firms, as well as some of the 116 00:06:12.274 --> 00:06:15.615 smaller buyers, I think it's going to be harder to get the 117 00:06:15.673 --> 00:06:19.301 money to do acquisition. So we might see more conglomerates who 118 00:06:19.359 --> 00:06:23.045 have a lot of money on hand like Talos buying and purpose since. 119 00:06:23.103 --> 00:06:26.098 For them a couple billion dollars is a lot easier to 120 00:06:26.156 --> 00:06:28.460 swallow than for a smaller organization. 121 00:06:33.620 --> 00:06:35.180 the cybersecurity market are? 122 00:06:35.000 --> 00:06:37.640 Tom Field: Well, you've got to be bullish on it, you really 123 00:06:37.640 --> 00:06:41.540 have to, just given the demand. Cybersecurity remains one of the 124 00:06:41.540 --> 00:06:45.800 most critical human issues that we have in the world. It impacts 125 00:06:45.860 --> 00:06:50.300 everything we do, from business, to education, to retail to how 126 00:06:50.300 --> 00:06:54.650 we live in our homes, how we exercise our rights. 127 00:06:55.070 --> 00:06:57.200 Cybersecurity interests every part of that. So it has to 128 00:06:57.200 --> 00:07:01.130 continue to be a driving force. And I think that with the spate 129 00:07:01.130 --> 00:07:03.830 of regulation that we're seeing globally, right now, 130 00:07:04.160 --> 00:07:07.280 organizations are going to be asked to meet higher standards 131 00:07:07.280 --> 00:07:10.370 of cybersecurity, that's going to require investments. So I'm 132 00:07:10.370 --> 00:07:13.700 pretty bullish on it as well. I think that going into 2024, 133 00:07:13.880 --> 00:07:17.990 economically, we have rights to have much more optimistic view 134 00:07:17.990 --> 00:07:19.340 than we had even coming into this year. 135 00:07:20.390 --> 00:07:22.850 Anna Delaney: Very good. Well, thanks for sharing that segment 136 00:07:22.850 --> 00:07:25.670 with Alberto. It's always good to see him on our screens. 137 00:07:25.970 --> 00:07:27.950 Tom Field: And in an alligator shirt. That was a first 138 00:07:28.100 --> 00:07:31.430 Anna Delaney: Very good! Marianne, picking up on a story 139 00:07:31.430 --> 00:07:34.310 you brought to our attention a few weeks ago, and you've been 140 00:07:34.310 --> 00:07:37.580 covering recent developments, where the Federal Trade 141 00:07:37.580 --> 00:07:40.820 Commission and the Department of Health and Human Services have 142 00:07:40.820 --> 00:07:45.230 publicly named 130 hospitals and telehealth companies that were 143 00:07:45.230 --> 00:07:47.990 warned about potential violations of federal data 144 00:07:47.990 --> 00:07:51.320 privacy and security regulations due to their use of online 145 00:07:51.320 --> 00:07:54.890 tracking tools in their websites or mobile apps. So can you just 146 00:07:54.890 --> 00:07:58.040 bring us up to speed on this and in any highlights you'd like to 147 00:07:58.000 --> 00:08:01.307 Marianne McGee: Sure, as you said, the FTC and the Department 148 00:07:58.040 --> 00:07:58.430 share? 149 00:08:01.380 --> 00:08:05.790 of Health and Human Services Office for Civil Rights in July 150 00:08:05.863 --> 00:08:09.758 had sent out 130 letters to hospital systems and also 151 00:08:09.832 --> 00:08:14.241 telehealth companies, warning that their use of web tracking 152 00:08:14.315 --> 00:08:18.357 tools in their websites and mobile apps are potentially 153 00:08:18.430 --> 00:08:23.060 being used in violation of the HIPAA, and also FTC data privacy 154 00:08:23.134 --> 00:08:27.690 and security regulations. The letters specifically alerted the 155 00:08:27.764 --> 00:08:32.100 organizations that their use of tracking tools such as Meta 156 00:08:32.174 --> 00:08:36.951 Pixel and Google Analytics could be sending sensitive patient and 157 00:08:37.024 --> 00:08:41.434 consumer information to third parties, such as marketing and 158 00:08:41.507 --> 00:08:45.917 social media companies without the individual's knowledge or 159 00:08:45.990 --> 00:08:50.032 consent, and that such disclosures can reveal sensitive 160 00:08:50.106 --> 00:08:54.074 information, including individuals' health conditions, 161 00:08:54.148 --> 00:08:58.190 their diagnoses, their medications, medical treatments, 162 00:08:58.263 --> 00:09:02.746 frequencies of visits to their healthcare providers, where an 163 00:09:02.820 --> 00:09:07.376 individual is seeking treatment, and many more private details 164 00:09:07.450 --> 00:09:11.860 that most people wouldn't want to necessarily be shared with 165 00:09:11.933 --> 00:09:16.490 other companies, such as social media companies. Those letters 166 00:09:16.563 --> 00:09:20.899 strongly urged each of those entities to review how they're 167 00:09:20.973 --> 00:09:25.309 using these tracking tools. But now, the FTC is letting the 168 00:09:25.382 --> 00:09:29.718 public know who exactly got these letters. When the FTC and 169 00:09:29.792 --> 00:09:34.054 HHS in July announced that they had sent 130 letters, they 170 00:09:34.128 --> 00:09:38.096 didn't say who got these letters. But that all changed 171 00:09:38.170 --> 00:09:42.359 late in the day on Friday, just before the long labor day 172 00:09:42.432 --> 00:09:46.181 weekend in the U.S. In an unusual move, both of the 173 00:09:46.254 --> 00:09:50.149 agencies posted on their websites a 387 page PDF that 174 00:09:50.223 --> 00:09:54.706 contained copies of each of the letters that they sent to the 175 00:09:54.779 --> 00:09:59.042 130 organizations and to whom at each organization got the 176 00:09:59.115 --> 00:10:03.010 letter. Interestingly, the agencies did not bother to 177 00:10:03.084 --> 00:10:07.273 publish a concise list of the 130 organizations receiving 178 00:10:07.346 --> 00:10:11.903 letters. The public has to sort of sift through this joint PDF 179 00:10:11.976 --> 00:10:16.459 to see who got the letters. But when you look at the letters, 180 00:10:16.533 --> 00:10:20.722 you'll see a very wide variety of organizations that were 181 00:10:20.796 --> 00:10:25.426 targeted with these warnings and they range from specialty care 182 00:10:25.499 --> 00:10:29.762 telehealth firms such as acne treatment, and mental health 183 00:10:29.835 --> 00:10:34.245 providers that cater to college students to well-known large 184 00:10:34.318 --> 00:10:38.875 healthcare organizations in the U.S. such as Johns Hopkins. In 185 00:10:38.948 --> 00:10:43.211 any case, the public disclosure from FTC and HHS about who 186 00:10:43.284 --> 00:10:47.253 received the letters is interesting on several fronts. 187 00:10:47.326 --> 00:10:51.515 One is that it's a peek into who the FTC and HHS might be 188 00:10:51.589 --> 00:10:55.704 investigating for possible enforcement actions involving 189 00:10:55.778 --> 00:11:00.335 the use of web trackers. But it also provides fodder for civil 190 00:11:00.408 --> 00:11:04.818 litigation attorneys to sort of pluck out organizations that 191 00:11:04.891 --> 00:11:09.374 they might want to pursue for class action lawsuits involving 192 00:11:09.448 --> 00:11:13.563 data privacy and security disputes. But the diverse list 193 00:11:13.637 --> 00:11:18.193 also shows how far ranging the FTC and HHS are in terms of the 194 00:11:18.267 --> 00:11:22.382 types of telehealth and healthcare entities that they're 195 00:11:22.456 --> 00:11:26.645 scrutinizing right now, which provides a heads up for any 196 00:11:26.718 --> 00:11:31.128 organization in the healthcare sector that did not receive a 197 00:11:31.201 --> 00:11:35.243 letter but also uses web trackers. It kind of shows how 198 00:11:35.317 --> 00:11:40.020 prickly this whole subject is to regulators right now. So, as of 199 00:11:40.094 --> 00:11:44.797 now, the FTC has already issued a handful of enforcement actions 200 00:11:44.871 --> 00:11:49.134 against telehealth organizations that have been accused of 201 00:11:49.207 --> 00:11:53.323 potentially violating FTC regulations, including the FTC 202 00:11:53.396 --> 00:11:57.806 Act and the FTC Health Breach Notification Rule in their use 203 00:11:57.879 --> 00:12:02.509 of trackers. Meanwhile, HHS OCR, which enforces HIPAA, has been 204 00:12:02.583 --> 00:12:06.698 hinting for several months now that they are very active 205 00:12:06.772 --> 00:12:11.328 investigating these cases. So it seems like it might be just a 206 00:12:11.402 --> 00:12:15.958 matter of time before they issue their first HIPAA enforcement 207 00:12:16.032 --> 00:12:20.221 action against one of these entities that are using these 208 00:12:20.294 --> 00:12:24.190 web trackers. So we'll have to see what happens next. 209 00:12:24.930 --> 00:12:28.170 Anna Delaney: Marianne, you said it was unusual for the FTC and 210 00:12:28.170 --> 00:12:33.780 HHS to publicly release the names of letter recipients and 211 00:12:33.780 --> 00:12:37.200 copies of the warning letters. Why is this unusual? And also, 212 00:12:37.200 --> 00:12:40.440 what sort of message does this send to the healthcare industry 213 00:12:40.440 --> 00:12:40.920 as a whole? 214 00:12:41.710 --> 00:12:44.770 Marianne McGee: Well, first of all, you know, I reached out to 215 00:12:44.770 --> 00:12:49.300 FTC and HHS about why did you publish this letter, you know, 216 00:12:50.020 --> 00:12:56.380 this collection of letters. HHS did not get back to me. FTC, all 217 00:12:56.710 --> 00:13:02.020 they said was, they pointed me to their freedom of information 218 00:13:02.020 --> 00:13:07.450 act site. And on that site, on there is a note that says that 219 00:13:07.450 --> 00:13:14.290 when the FTC receives Freedom of Information Act requests of more 220 00:13:14.560 --> 00:13:17.560 than three for certain things, not for everything, that they 221 00:13:17.560 --> 00:13:20.170 get these requests for them, but for certain things, they will 222 00:13:20.170 --> 00:13:25.630 then respond by posting, you know, information. And, you 223 00:13:25.630 --> 00:13:32.200 know, that's where this showed up on the FTC's website for HHS, 224 00:13:32.230 --> 00:13:36.640 this list or this giant PDF appeared on their HIPAA, you 225 00:13:36.640 --> 00:13:41.560 know, site. So, again, you know, I think FTC kind of picks and 226 00:13:41.560 --> 00:13:45.490 chooses what information they will make public in terms of 227 00:13:45.490 --> 00:13:49.270 Freedom of Information Act requests, but I think overall, 228 00:13:49.300 --> 00:13:52.240 you know, based on what I hear from experts, it's sort of a 229 00:13:52.240 --> 00:13:55.120 warning to, you know, everyone out there who's using these web 230 00:13:55.120 --> 00:13:59.080 trackers that in this time, you know, with a lot of, you know, 231 00:13:59.080 --> 00:14:01.630 scrutiny over you know, reproductive health services, 232 00:14:01.630 --> 00:14:05.080 but mental health of college students, all sorts of different 233 00:14:05.080 --> 00:14:09.460 sensitive issues that have come to light, you know, since the 234 00:14:09.460 --> 00:14:12.280 overturning of Roe versus Wade to the pandemic, where, you 235 00:14:12.280 --> 00:14:15.130 know, people are locked in their houses and had all sorts of 236 00:14:15.130 --> 00:14:18.370 issues perhaps that, you know, sensitive information like this 237 00:14:18.370 --> 00:14:22.060 should not necessarily unless the patient says it's okay to be 238 00:14:22.060 --> 00:14:25.450 shared with social media and, you know, marketing companies. 239 00:14:25.540 --> 00:14:29.140 And, you know, that's what these regulators are trying to tell, 240 00:14:29.170 --> 00:14:30.790 you know, the industry at large. 241 00:14:30.000 --> 00:14:35.460 Anna Delaney: Never a dull moment in the healthcare infosec 242 00:14:35.460 --> 00:14:38.850 sector. Thank you so much, Marianne. Well, Michael, you 243 00:14:38.850 --> 00:14:42.540 have a two part saga for us this week, which involves a potential 244 00:14:42.540 --> 00:14:46.350 acquisition by with a relatively young startup with SentinelOne 245 00:14:46.560 --> 00:14:50.550 more established cybersecurity vendor. And then the response 246 00:14:50.550 --> 00:14:54.150 made by SentinelOne's CEO about the rumors of this potential 247 00:14:54.150 --> 00:14:55.950 acquisition. So what happened? 248 00:14:57.010 --> 00:14:58.330 Michael Novinson: Absolutely, and thank you for the 249 00:14:58.330 --> 00:15:02.620 opportunity. So this saga all began about two and a half weeks 250 00:15:02.620 --> 00:15:05.830 ago now when Reuters put out a report saying that SentinelOne 251 00:15:05.830 --> 00:15:08.770 had brought on a financial advisor and was looking to sell. 252 00:15:08.980 --> 00:15:12.520 So a bit of background on that. They went public in mid 2021, 253 00:15:12.550 --> 00:15:16.000 very heady economic times, biggest cybersecurity IPO of all 254 00:15:16.000 --> 00:15:18.910 time, valued at nearly $10 billion. And then they really 255 00:15:18.910 --> 00:15:21.460 took it on the chin and 2022 because they were one of those 256 00:15:21.460 --> 00:15:24.790 companies that was high growth, but highly unprofitable, and 257 00:15:25.090 --> 00:15:28.150 come 2022 with the focus on profitability, that's not what 258 00:15:28.150 --> 00:15:30.760 investors are looking for. So major stock price decline in 259 00:15:30.760 --> 00:15:34.180 2022. The sense was, maybe some of their investors are getting a 260 00:15:34.180 --> 00:15:37.360 little bit antsy wanted an exit. So Reuters put out their report 261 00:15:37.360 --> 00:15:39.490 two and a half weeks ago, then a couple days later, Bloomberg 262 00:15:39.490 --> 00:15:42.130 follows up and says, not only are private equity firms 263 00:15:42.130 --> 00:15:44.950 interested, which we would have guessed, but Wiz might be 264 00:15:44.950 --> 00:15:47.740 interested in the acquisition. So this is really notable 265 00:15:47.740 --> 00:15:51.100 because Wiz is much, much smaller than SentinelOne. They 266 00:15:51.100 --> 00:15:54.940 have not even half the employees, not even a third of 267 00:15:54.940 --> 00:15:58.030 the annual recurring revenue. The company was just founded 43 268 00:15:58.060 --> 00:16:01.060 months ago, but pretty much fastest growing startup of all 269 00:16:01.060 --> 00:16:03.550 time in cybersecurity, but still, at this point, pretty 270 00:16:03.550 --> 00:16:07.270 small. So that certainly got a whole lot of attention. And what 271 00:16:07.270 --> 00:16:10.510 was interesting here, so I was speaking to follow journalists, 272 00:16:10.510 --> 00:16:13.180 when you start to hear reports of things that you've got to the 273 00:16:13.180 --> 00:16:15.910 company, you ask hey, do you have any comment? In the 274 00:16:15.910 --> 00:16:18.100 business world, there's a statement we get all the time. 275 00:16:18.100 --> 00:16:21.280 We do not comment on rumors or speculation. I'm guessing Tom, 276 00:16:21.280 --> 00:16:23.500 Marianne, Anna, you might have heard that one once or twice. 277 00:16:23.980 --> 00:16:27.310 What's interesting here is that's not what was said when I 278 00:16:27.310 --> 00:16:29.260 and when other members of the media went to Wiz and asked, 279 00:16:29.260 --> 00:16:31.990 hey, what about the SentinelOne reports, they instead said that 280 00:16:31.990 --> 00:16:34.780 they were openly discussing the possibility of acquisition. 281 00:16:34.990 --> 00:16:37.150 They'd been following SentinelOne's growth journey for 282 00:16:37.150 --> 00:16:39.940 the past several years, and that the company has a strong 283 00:16:39.940 --> 00:16:44.500 cybersecurity offering. So that really helped fan the flames and 284 00:16:44.500 --> 00:16:47.470 got a whole lot more press coverage around these reports. 285 00:16:47.740 --> 00:16:51.370 So fast forward a couple days. Few days later, media reports 286 00:16:51.370 --> 00:16:54.430 come out that the two companies had been working closely 287 00:16:54.430 --> 00:16:56.500 together. They had announced the partnership back in March, 288 00:16:56.500 --> 00:17:01.480 actually, a soft draft report to CEO of Wiz Tomer Weingarten, CEO 289 00:17:01.480 --> 00:17:03.040 of SentinelOne, who were actually doing joint interviews 290 00:17:03.040 --> 00:17:07.990 together during RSA Conference in April, given their company's 291 00:17:07.990 --> 00:17:11.830 relationship. So a few days after Wiz-SentinelOne 292 00:17:11.830 --> 00:17:16.810 acquisition reports that no one terminates a reseller agreement 293 00:17:16.810 --> 00:17:20.800 with Wiz and their comms folks who had been pretty quiet up 294 00:17:20.800 --> 00:17:22.660 until that point, said, essentially, Wiz wasn't 295 00:17:22.660 --> 00:17:24.550 delivering any value, they weren't fulfilling their 296 00:17:24.550 --> 00:17:28.540 commitments. So then SentinelOne was in what's called the quiet 297 00:17:28.540 --> 00:17:31.900 period. So their fiscal quarter ended at the end of July, and 298 00:17:31.900 --> 00:17:34.930 then they had an earnings call on August 31. So companies do 299 00:17:34.930 --> 00:17:38.020 tend to try not to say much in that window, particularly 300 00:17:38.290 --> 00:17:40.660 anything that could be construed as a forward looking financial 301 00:17:40.660 --> 00:17:42.790 statement. They want to wait until they put out their 302 00:17:42.790 --> 00:17:47.410 earnings from the quarter. So that happened on August 31. And 303 00:17:47.410 --> 00:17:50.950 they certainly had a lot to say. So terms of these Wiz 304 00:17:50.980 --> 00:17:53.800 acquisition reports, they call them a head scratcher far from 305 00:17:53.800 --> 00:17:58.210 fact, pure speculation on their purposes, CEO Tomer Weingarten. 306 00:17:58.570 --> 00:18:02.680 And then, when speaking about Wiz, he'd referred to them as, 307 00:18:02.740 --> 00:18:06.580 "a nice new startup," and that they have a "nice little set of 308 00:18:06.580 --> 00:18:09.670 customers," which are certainly some backhanded compliments, if 309 00:18:09.670 --> 00:18:15.160 I've ever heard any. So, certainly some strong pushback. 310 00:18:15.160 --> 00:18:17.560 And then in other press interviews, were talking about 311 00:18:17.560 --> 00:18:21.910 how they want to remain public and that they're not for sale. 312 00:18:22.660 --> 00:18:25.780 We shall see. I mean, I think I'm assigning things for sell at 313 00:18:25.780 --> 00:18:29.200 the right price. But the question is, when, if they have 314 00:18:29.200 --> 00:18:31.870 been knocking on doors, are they getting the offers? Are they 315 00:18:31.870 --> 00:18:33.670 getting offered the type of money that they think they're 316 00:18:33.670 --> 00:18:38.050 worth? I'll leave you with this final note here, which is, I 317 00:18:38.050 --> 00:18:40.420 know, there's been so much dialogue around consolidation 318 00:18:40.480 --> 00:18:43.600 across cybersecurity, not really sure we're seeing it across 319 00:18:43.600 --> 00:18:46.690 cybersecurity. But in the endpoint security market, the 320 00:18:46.690 --> 00:18:50.650 market share data from IDC tells a very interesting story. So if 321 00:18:50.650 --> 00:18:54.100 you look at the 19 leading endpoint security vendors, only 322 00:18:54.100 --> 00:18:57.010 four of them are gaining market share, the other 15 are losing 323 00:18:57.010 --> 00:18:59.560 market share. The four that are gaining market share are 324 00:18:59.560 --> 00:19:02.680 Microsoft, who's the biggest vendor; CrowdStrike, who's 325 00:19:02.680 --> 00:19:06.100 number two; Palo Alto Networks who moved into that space more 326 00:19:06.100 --> 00:19:09.700 recently; and SentinelOne. So that's obviously a good thing 327 00:19:09.700 --> 00:19:12.370 for SentinelOne that they're gaining share, but they're still 328 00:19:12.490 --> 00:19:16.060 in terms of size, far behind Microsoft and CrowdStrike and 329 00:19:16.060 --> 00:19:20.050 Palo Alto Networks. And I certainly, in the case of 330 00:19:20.050 --> 00:19:23.410 SentinelOne Tomer Weingarten objected to CrowdStrike 331 00:19:23.410 --> 00:19:25.600 referring to them as a point product, but they certainly 332 00:19:25.600 --> 00:19:28.900 don't have as broad of a platform as a Microsoft or as a 333 00:19:28.900 --> 00:19:33.250 CrowdStrike. Or is it Palo Alto Networks? So the question being 334 00:19:33.250 --> 00:19:36.970 is there the opportunity to combine what SentinelOne does 335 00:19:36.970 --> 00:19:40.270 really well around EDR and XDR with some other security 336 00:19:40.510 --> 00:19:43.630 technology, whether it's CNAP from Wiz or somewhere else, or 337 00:19:43.630 --> 00:19:45.820 something else to create a broader platform so that 338 00:19:46.780 --> 00:19:49.420 customers can consolidate that vendor footprint? 339 00:19:50.620 --> 00:19:52.750 Anna Delaney: That's a great explanation, Michael, but do we 340 00:19:52.750 --> 00:19:55.960 get a sense of how customers in the wider cybersecurity 341 00:19:55.990 --> 00:19:59.080 community are responding to these statements, these rumors 342 00:19:59.080 --> 00:20:00.160 and developments? 343 00:20:00.000 --> 00:20:06.180 Michael Novinson: I think there is a desire for folks to reduce, 344 00:20:06.300 --> 00:20:08.880 but that it does need to be done well. And that's really ... 345 00:20:09.090 --> 00:20:12.660 we've seen a cybersecurity company or a tech company buy 346 00:20:12.660 --> 00:20:15.600 another cybersecurity company. It doesn't always live up to the 347 00:20:15.600 --> 00:20:18.240 potential we can think of acquisitions like BlackBerry by 348 00:20:18.240 --> 00:20:23.130 of Cylance, VMware buying Carbon Black. And people had these 349 00:20:23.130 --> 00:20:26.100 visions, even going back to Intel buying McAfee more than a 350 00:20:26.100 --> 00:20:29.190 decade ago. When we tried to bring together disparate 351 00:20:29.190 --> 00:20:32.670 cybersecurity technologies on a single platform, it's not always 352 00:20:32.670 --> 00:20:36.900 easy to do the user experience suffers. When it's not ... maybe 353 00:20:36.900 --> 00:20:39.240 it's less of an area of focus that doesn't get the same level 354 00:20:39.240 --> 00:20:42.240 of investment and if you are a pure play company ... usually, 355 00:20:42.240 --> 00:20:44.490 when we see acquisitions in companies like Palo Alto 356 00:20:44.490 --> 00:20:47.220 Networks who do them well, it's usually they're buying a 357 00:20:47.220 --> 00:20:51.240 trucking company, a company that's Series A, Series B, a few 358 00:20:51.270 --> 00:20:53.490 100 employees, but really doesn't have much of a go-to 359 00:20:53.490 --> 00:20:56.370 market engine yet. And then that makes the integration easier. 360 00:20:56.370 --> 00:20:59.040 But when you're buying a large, mature platform, like 361 00:20:59.040 --> 00:21:01.530 SentinelOne, and then tried to bring that together with another 362 00:21:01.530 --> 00:21:04.560 large, mature platform, people have struggled to do that in 363 00:21:04.560 --> 00:21:07.830 practice, so it'll be interesting to see going forward 364 00:21:07.860 --> 00:21:10.770 if companies figure out ways to bring together disparate 365 00:21:10.770 --> 00:21:12.270 platforms more seamlessly. 366 00:21:13.500 --> 00:21:16.260 Anna Delaney: Excellent. Thanks so much, Michael. And finally, 367 00:21:16.260 --> 00:21:19.680 and just for fun, you have entered a cybersecurity-themed 368 00:21:19.680 --> 00:21:23.880 cooking competition, of course. What dish or recipe would you 369 00:21:23.880 --> 00:21:26.880 create that incorporates elements of hacking or 370 00:21:26.910 --> 00:21:27.870 cybersecurity? 371 00:21:28.470 --> 00:21:33.450 Tom Field: I got one for you right now. SOC soup. It's like 372 00:21:33.450 --> 00:21:37.230 vegetable soup but it's got more alerts than any human could 373 00:21:37.230 --> 00:21:41.010 consume in it. And it's up to you to figure out exactly how to 374 00:21:41.010 --> 00:21:42.150 manage all those alerts, 375 00:21:42.660 --> 00:21:44.370 Anna Delaney: Like a snack now, wonderful! 376 00:21:45.650 --> 00:21:49.280 Marianne McGee: My idea is, in the U.S., and I'm sure you know, 377 00:21:49.280 --> 00:21:52.940 in the U.K. and elsewhere, you know, groceries are really going 378 00:21:52.940 --> 00:21:58.280 up in price. So mine is a recipe on how you can make a high-end 379 00:21:58.310 --> 00:22:02.810 steak dinner with filet mignon and all the sides for less than 380 00:22:02.840 --> 00:22:07.730 $2 a person. But the only problem is that every bite of 381 00:22:07.730 --> 00:22:11.540 every dish, of every component of every dish tastes like fish. 382 00:22:12.230 --> 00:22:15.230 So kind of like your phishing games where your promise things 383 00:22:15.230 --> 00:22:18.290 that you're not going to get and you will get kind of screwed at 384 00:22:18.290 --> 00:22:18.740 the end. 385 00:22:19.190 --> 00:22:20.840 Tom Field: Never thought we're going to get managed services 386 00:22:20.840 --> 00:22:21.380 out of this 387 00:22:21.000 --> 00:22:25.770 Anna Delaney: To pay for that! Marianne, Michael? 388 00:22:26.620 --> 00:22:28.210 Michael Novinson: It's going to be hard to top that one but 389 00:22:28.420 --> 00:22:31.330 Malwarebytes was top of mind for me, but they had some layoffs 390 00:22:31.330 --> 00:22:33.190 last week. There's also some talk that they're going to be 391 00:22:33.190 --> 00:22:36.040 splitting their consumer and their enterprise businesses 392 00:22:36.040 --> 00:22:38.470 following in the footsteps of Symantec and McAfee a couple 393 00:22:38.470 --> 00:22:41.650 years back. So I was thinking about trying to make something 394 00:22:41.650 --> 00:22:44.350 sweet out of perhaps a little bitter situation in creating 395 00:22:44.350 --> 00:22:47.650 some Malwarebytes brownies. Because hey, who can say no to 396 00:22:47.650 --> 00:22:48.280 brownies? 397 00:22:48.730 --> 00:22:50.650 Tom Field: Well, Malwarebytes does sound like a small candy. 398 00:22:50.830 --> 00:22:51.430 When you think about it? 399 00:22:51.430 --> 00:22:53.050 Michael Novinson: It kind of does. 400 00:22:53.570 --> 00:22:55.100 Anna Delaney: Interesting that you went the sweet route. I've 401 00:22:55.100 --> 00:22:58.700 gone spicy and explosive. I am going for Firewall Stuffed 402 00:22:58.730 --> 00:23:05.660 Jalapeno Poppers. Well, Marianne, Michael and Tom, this 403 00:23:05.660 --> 00:23:07.730 has been excellent as always. Thank you so much. 404 00:23:08.360 --> 00:23:08.720 Tom Field: Thank you. 405 00:23:09.350 --> 00:23:09.770 Michael Novinson: Thank you. 406 00:23:10.130 --> 00:23:10.610 Marianne McGee: Thanks, Anna. 407 00:23:10.970 --> 00:23:12.920 Anna Delaney: And thanks so much for watching. Until next time!