Update, 3:50 PM: Palo Alto Networks has now officially confirmed it is buying CyberArk. The acquisition fee has turned out to be higher than previously thought at 25 billion dollars. This makes the deal the largest security acquisition since Cisco bought Splunk for 28 billion dollars last year.
Original article, 9:34 AM:
The biggest security acquisition of the year appears to be heading our way. Palo Alto Networks could become the proud owner of Israeli company CyberArk this week for a reported $20 billion. Initial reactions are positive. Why is that?
Palo Alto Networks offers a diverse range of products, from firewalls to SecOps via Cortex XSIAM. In the field of identity security, it provides a Cloud Identity Engine, but it understands that third-party integrations are necessary for things like access management. Privileged Access Management (PAM) tools “precisely target and secure access to sensitive systems and data that require elevated permissions,” according to Palo Alto itself.
This is the area CyberArk specializes in. IAM and PAM are the pillars on which this security company’s offering rests. At least 10,000 customers use it. CyberArk has also looked beyond organic growth for its current platform: in 2024, Venafi was acquired for more than $1.5 billion, while Zilla Security was recently acquired to expand identity governance.
“Watershed moment”
A deal between Palo Alto Networks and CyberArk would be a “watershed moment,” according to an analyst quoted by CRN. Jefferies analysts speak of “significant merits” for an actual deal. It must be said: there is currently no takeover announced to confirm these reports. Nevertheless, the announcement could come as early as this week, and it seems a credible possibility. Jefferies is convinced that a takeover would “only further strengthen” Palo Alto, with customers benefiting from a consolidated cyber solution that provides ease-of-use and simplicity.
There it is again: the consolidated solution, or the famous security platform. Although integrations will always be necessary to cover new security areas for IT vendors, an ultimate consolidation provides greater satisfaction for end users. Ideally, an MSP should have as few disparate parts to glue together as possible if the solution it purchases already does everything it needs to cover for customers. Smooth integrations are obviously necessary where the likes of Okta, Microsoft and other large vendors are at play, but gradually moving away from a well-established best-of-breed landscape saves headaches in plenty of areas. Palo Alto Networks hopes to capitalize on this with the acquisition of CyberArk as a major step in the right direction.
Previous deals
Palo Alto Networks has already closed several deals in recent years. In May 2024, it acquired the SaaS components of IBM QRadar, whose customers switched to Cortex XSIAM in September. In April of this year, it followed up with a half-billion-dollar acquisition of Protect AI, which, unsurprisingly, was a specialist in AI security. Specifically, this acquisition is aimed at strengthening Palo Alto Networks’ knowledge of AI model security.
The question now is how long it will take to complete the deal. If there is indeed white smoke this week for a $20 billion (or thereabouts) takeover, it will be up to the competition authorities to grant approval. Given that there is no significant overlap between the two parties (CyberArk does not do many things that Palo Alto does), we can cautiously assume that this will not be a major issue. However, it is expected that Palo Alto will have to make commitments to allow competitors to continue to integrate in the areas of IAM and PAM. That should not be a major problem, although it will soon be much more attractive for customers to consider a consolidated solution.
Read also: The security platform: what is it and what does it deliver?