Operator: Our next question comes from the line of Hamza Fodderwala with Morgan Stanley. Please go ahead.
Hamza Fodderwala: Tomer, you talked a lot about Singularity Data Lake in your prepared remarks. I was wondering if you could maybe just rough sense help us sort of size that business. And what you’re seeing in terms of the opportunity for SIEM replacements in light of recent M&A in the space? Thank you.
Tomer Weingarten: Sure. We don’t disclose, obviously, the exact size of the business. It grew more than triple-digit on a standalone basis. It’s definitely one of our fastest growing modules right now. It’s a complete product line. It consists of really pricing by data ingestion. So, it’s a very different motion than the seat based motion that we see in endpoint. It takes us about $20 billion. If you bundle that with data analytics, it becomes about $40 billion of a target opportunity. The dominant vendors in that market, you mentioned that competitor getting acquired and a bunch of others, these are technologies that have been developed probably about 15 years ago. So, if you can kind of think today about the data scale that most enterprises need to deal with, obviously, it calls for something new.
If we can, with Singularity Data Lake, provide something to customers that is twice the speed and half the cost, obviously, that’s a very palatable offering for them. And obviously, if you couple that with unique capabilities like generative AI, Purple AI on top of an enterprise-wide data lake, then you start to realize that you get compounded value by switching into an all inclusive platform that is not focused just on endpoint and maybe some generative AI and chatbots for endpoint, but really a broad based capability, where you can ingest any type of data, both structured and unstructured, no need to index, up and running in minutes. This is a revolution in data analytics. And that’s why we believe that the disruption for the SIEM market, for security analytics is really impending.
We foresee in the next 24 months or so major shift in that market. And it’s not about replacing the SIEM, it’s about coming with a whole new offering, with a modernized platform that can do much beyond the SIEM was ever designed to do. And that’s why we’re incredibly excited by that opportunity.
Operator: Our next question comes from the line of Alex Henderson with Needham. Please go ahead.
Alex Henderson: I actually want to do two follow-up solutions to questions that were already asked. The first one being on the data lake structure. So it’s pretty clear that you guys get a lot of telemetry data off of your endpoints. But if I think about the merger between Splunk and Cisco, their primary value there is adding not just the traditional SIEM data, but adding it to the data networking content and telemetry information that historically has been in titration and the like, as well as the observability functionality that’s been in AppDynamics. So I guess the question is to what extent do you need to reach out to third parties to add some of those type of incremental data to your data lake to get beyond just indications of attack and indications of compromise that are captured in the initial data lake architecture?
Tomer Weingarten: Yes. Look, our data lake is built on being totally open, and that is the key to all of it. We don’t, lean on any one specific vendor. And actually, in many cases, and even with deals that we’ve done last quarter, we ingest data even when we’re not the endpoint provider. So to us, it’s really about being fully open and having the ability to ingest data directly from a network provider, from the email provider, from an authentication provider, much like Splunk. Splunk did not own any one of these assets. They were leaning on integration into their platform. We do it with OCSF. It’s a complete open format. We’re one of the founding members in that alliance. And that allows us complete flexibility in ingesting data from any ecosystem product that you have in your enterprise.
With that said, typically, within a classic SIEM environment, 60% to 70% of the data that you find in the SIEM is actually generated from EDR products. I’ve been saying that for years, which was really one of the reasons why we thought it makes a whole lot of sense to actually start embedding the other components in enterprise into that same data lake, infusing it with the endpoint data. Moreover, we’re not talking just about threat indicators. We’re talking about fully fledged log analytics. What we ingest into Data Lake is all pieces of data, not just curated threat indicators, but any log line, any event can be ingested. I think that’s one of the keys in an era where keeping logs becomes this requirement that is becoming more and more important, keeping logs for longer.
If you need to retain your logs for a year worth of time, doing it with any one of these incumbent platforms is going to be a highly cost prohibitive practice. That’s why when we look at the potential for security data lake, it’s not XDR, it’s not a SIEM, it’s built to be a vast petabyte scale log ingestion mechanism to put all logs. We don’t discriminate logs, we want all of them in and that’s what we believe can also allow for better AI utilization. Once you’re able to feed all that data and expose it to AI algorithms, you’ll be able to get to much more accurate results versus just putting threat events into these different data stores.
Alex Henderson: If I could just throw one last question, and it’s really a play off of what has already been said. The PinnacleOne opportunity, it strikes me that this is very much like the managed services environment where once you have a customer in that pipeline and working with PinnacleOne, ultimately that generate significant potential downstream revenues after the fact. Is it reasonable to think that for every dollar of PinnacleOne revenue that there’s $5 or $6 worth of ARR that will accrue from it in the following periods?
Tomer Weingarten: We definitely hope so. Even though, look, our North Star is just to help customers. And obviously, the KSG Group comes with their own customer base. Obviously, to us, it’s about putting the best security consulting business that we can in that advice in the hands of customers. Whether that results in further revenue and more product sales, perhaps, obviously, we hope so. But to us, we just feel like there is a dire need and a big gap in actually designing security beyond just deploying sporadic products into environments, and that’s what we’re trying to solve here. So, it’s customers first. And then yes, if we can help with technology, obviously, that will fuel into that.
