This is the time to step up cybersecurity: Fmr. VMWare COO

Sanjay Poonen, Former VMWare COO, discusses the White House's 2-day virtual ransomware summit.

Video Transcript

AKIKO FUJITA: Welcome back to "Yahoo Finance Live." It is day two of a two-day White House virtual summit focused on ransomware attacks. This marks the largest gathering of its kind here in the US. But there is one key country that's missing, that's Russia. Let's bring in Sanjay Poonen, former VMware COO.

And Sanjay, I know this is a space that you watch very closely. The White House clearly concerned about the ramp-up that we've seen in these attacks. Talk to me about what you see right now and how these attacks are evolving and whether, in fact, governments are keeping up?

SANJAY POONEN: Yeah, Akiko, thank you for having me on. And cybersecurity is a hot topic in boardrooms today. It's a top area of spend because people are concerned. And this is something that really freaks out a lot of boards. So there is definite interest in many companies in investing it. And chief security officers have to step up their game.

But I think this is the time where, just like there's a lot of talk about infrastructure, this is digital infrastructure that needs to be secure. And I think we have the smartest minds in security in this country.

So it's important that we get the FBI and CIA's help to track down these nation-state actors. And many of the previous, whether it's Wannacry, Petya, the Colonial Pipeline, JBS, many of these have nation-state actors, whether it's Russia, China, North Korea, Iran, whoever it is. There's clear--

And then there's e-crime, combined often with ransomware. Often people are looking for payments in Bitcoin. It's something that I believe that, if been able to track down Osama bin Laden, it's time that we get the FBI and CIA really involved in retaliatory steps to many of these places. And it requires a coalition across many of these key countries.

AKIKO FUJITA: Yeah. I mean, how do we go about doing that? I'm looking at the losses totaling last year from ransomware attacks. $74 billion is what we're looking at. How much of that responsibility lies on the public side, the government's, and how much of that is private sector?

SANJAY POONEN: I think it's a combination of both working very together. Like I said, I think we have some of the smartest names. You talked about some of the big names, whether it's Crowdstrike, Palo Alto, Fortinet, OKTA, Zscaler. Collectively, these companies represent $14-$15 billion in revenue and about $300 billion market cap. So these are great companies.

And this is the first time you have some really powerhouses in security. But on the government side, listen, again, I compare this to terrorism. And you have to think about this as seriously as terrorism.

In the 1980s, I grew up in India. There was an incident in Bhopal around Union Carbide where there was a lot of chemical spills. And thousands, tens of thousands of people were killed. Today, people are just worried about cybercrime affecting digital systems. But Colonial Pipeline was one of the first times where it hit operational systems. And if one of these cybersecurity systems hit a nuclear plant or hit something that actually affected chemical spills, lives will be cost.

And that's why I think it's super-important. And the way in which we've combated regular terrorism is sharing information, first within the country, the Department of Homeland Security, and then across NATO-friendly countries. And as a result, we've been able to keep the world safer.

I think the same type of principles. And then there needs to be places by which there isn't cyber-shaming of companies to come up earlier. Barring gross negligence and criminal activity, companies should be encouraged to come-- we should not allow companies to have insurance that allows them to pay for ransomware so easily.

The average ransomware attack-- you had the total up there-- it's probably about 5 to 10 million. And this requires now a lot more of a concerted effort across the private and the public sector.

ZACK GUZMAN: And Sanjay, I mean, when we talk about it as investors looking at the opportunities there, you know that a lot of money is going to be pouring into some of these companies. You look at Zscaler, Crowdstrike, the ones you mentioned there, up 600% since the March 2020 lows. A lot of investors who may have been in the cybersecurity names walking around thinking they're hot doo-doo here because it's easy, right, when we knew that this trend was coming. But I think moving forward, it's going to get a lot more difficult to pick winners and losers.

In your notes, you're kind of looking at a valuation basis here. So which ones really, I guess, stand out in terms of showing that they got the goods in this next chapter when we kind of get a little bit more into the defenses and companies out there trying to protect themselves?

SANJAY POONEN: Yeah, Zack. I think you have to think about this in the broader scheme of about $1 trillion of IT spend that's moving from-- some substantial part of that from on-premise world to the cloud world. And as a result, many of these sort of previous-era systems have been replaced by more modern, cloud-native solutions.

And each of these have those players that I've tracked. And if you follow me on Twitter, I actually took many of these six or seven players that I track, posted their Yahoo Finance growth the last year to date. And you'll see their performance in the charts that I've kind of played out on my Twitter page.

But in essence, what I see happening is many of these folks, as they replace many of the older systems, have a lot of headroom ahead of them, because if you look at, whether it's endpoint or firewalls or identity or content delivery networks, many of these folks are producing a more modern way to do it. So I'm still very--

Of the seven names that I listed there, I still think six of them have a tremendous run ahead of them. The one that seems to be lagging a little bit is Splunk. They're certainly a leader in that category but have stumbled a little bit. So we'll see what's happening.

But every one of those seven names, I think, have enormous potential. And each of them have a large customer base that they can continue to grow within their customer base and also land and expand new customers. So I think there's a lot of potential for them.

And then there's a whole bunch of new private companies. If you look at the Cloud 100 list from a couple of these the track that, there are companies like Snyk in developer security. There's whole new of waves of new ones that are focusing in areas which the other six or seven that I named are not focused on.

So I think this is going to be a $50 billion to $100 billion market that's going to continue to get investment and hopefully as we combat the bad guys.

AKIKO FUJITA: And Sanjay, the ranking that we put up there, you're looking specifically at revenue. But from a technology standpoint, whether it's a company that's listed publicly or somebody that is private, who do you think is leading the pack when it comes to getting ahead of the threats that we're seeing?

SANJAY POONEN: Well, I typically tend to look at the Gartner Magic Quadrant or Forrester Wave. And typically, those industry analysts do a pretty good job of assessing these. And many of those players that I named in those six or seven are top right leaders in their industry category. So they're the best of breed in their category.

And probably the one realization I probably had in the last year is there's not going to be one company that owns the platform end-to-end. I think these six or seven players are best of breed in the cat. So they've all got good technology in that category. For example, Palo Alto in firewalls, Crowdstrike in endpoints, Zscaler in web gateways, OKTA in identity and so on and so forth.

But then these newer areas, like I mentioned one, developer security, application security, there's going to be a new breed of companies because SolarWinds, for example, was a sort of software supply chain. This was something that was deep in the code. And often, much of this code today is open source code in the cloud world. That's places where companies like Snyk and so on come in that are doing great work. And there's many more.

So I'm watching the space. There's going to be a collection of great public companies. And the good news for investors is there's going to be a collection of private companies coming on the scene, some of whom will go public, that you can invest in.

AKIKO FUJITA: Sanjay, it's always good to get your insight. Good to have you back on the show today. Sanjay Poonen, former VMware COO.