Analysts: Krista Case, Fernando Montenegro
Publication Date: July 30, 2025
Palo Alto Networks has announced its planned acquisition of CyberArk in a landmark $25 billion deal, signaling a major shift toward identity-first security in the AI era. The move reflects growing demand for unified, platform-based approaches that integrate identity with cloud, endpoint, and network security to defend against increasingly complex threats. As both companies prepare for integration, ultimate success will depend on how this expanded vision will play out across innovation, execution, and customer alignment.
What is Covered in this Article:
- Palo Alto Networks announced its intent to acquire CyberArk for $25 billion, marking one of the largest cybersecurity deals to date. The transaction is expected to close in the first half of 2026.
- The acquisition signals a shift toward identity-first security in the AI era, as identity becomes a core attack vector, particularly with the rise of autonomous agents introducing dynamic and complex access patterns.
- CyberArk has evolved from a PAM leader into a broader identity security platform, with strategic acquisitions like Zilla and Venafi to support IGA and machine identity security at scale.
- The deal marks a material change in Palo Alto Networks’ M&A strategy, moving beyond smaller tech tuck-ins to a large-scale integration requiring careful execution across product, culture, and go-to-market operations.
- The competitive landscape is intensifying, with peers such as Cisco, CrowdStrike, Google Cloud, and Microsoft, among others, offering varying degrees of identity integration. Platform cohesion and customer trust are key to the success of the combined entity.
The News: Palo Alto Networks has announced its planned acquisition of CyberArk, valued at approximately $25 billion. The transaction, expected to close in the first half of 2026, marks one of the largest cybersecurity acquisitions to date. Pending regulatory approvals, both companies will continue to operate independently until the deal is finalized.
Palo Alto Networks Makes Bold $25B Identity Play with CyberArk Deal
Analyst Take: Palo Alto Networks’ planned acquisition of CyberArk reflects the critical need for an identity-first, Zero Trust-driven security posture spanning multi-hybrid cloud environments. Identity is the critical attack vector. Palo Alto Networks CEO Nikesh Arora noted that 88% of ransomware attacks occur via credential theft. The urgency and complexity of securing identities intensifies as autonomous AI agents interact with systems and data on users’ behalf, introduce dynamic access patterns, and expand the attack surface.
Futurum agrees with Arora’s stance that the identity security market is at an inflection point. Core and historically fragmented identity-facing capabilities like privileged access management (PAM), Identity Governance and Administration (IGA), and IAM need to converge to address these evolving threat vectors through unified, adaptive control. Platformization is arriving. At the same time, this converged and modern identity security layer needs to intersect in areas such as cloud, endpoint, and network security, as well as DSPM, to facilitate holistic, context-aware protection that consistently enforces access controls and data safeguards.
CyberArk Bridges Entrenched PAM History with Forward-Looking Innovation
For its part, CyberArk has been steadily stitching together a comprehensive identity platform geared towards addressing the challenges of securing machine and AI agent identities at scale. It is first important to note that CyberArk’s core competencies in privileged access management (PAM) position it intrinsically well, as we sit on the precipice of the advent of AI agents – all of which must be treated as privileged users. At the same time, CyberArk has been making moves, including its acquisitions of Zilla and Venafi for IGA and machine identity management capabilities, respectively, to unify access and privilege, and coverage of human, machine, and AI identities alike. In the words of Matt Cohen, CyberArk’s CEO, the objective is to visualize risk and posture comprehensively while also having dynamic controls.
The market for identity security may be fragmented, but as Arora notes, identity providers are well-entrenched in their customers’ environments, and they enjoy a long tail of adoption. In fact, it is for this reason that Palo has shied away from the identity space to date. To Palo, CyberArk would bring an entrenched customer base of well over 8,000, and an equally rich history in the space dating back to 1999. Tackling operating and go-to-market integration points at scale, and ensuring consistent execution across joint product visions, will be important to the ultimate success of the combined entity.
A Material Change to Palo Alto Networks’ Acquisition Playbook
The point about integration of CyberArk, both as product offerings as well as a company, can’t be stressed enough. In the seven years that he’s been at the helm of Palo Alto Networks, CEO Nikesh Arora has built an efficient acquisition strategy that has, until now, focused primarily on smaller acquisitions. Only two acquisitions had a price tag over $1 billion – Expanse in 2020 and the QRadar assets from IBM in Q3 2024. In acquiring CyberArk for an estimated $25 billion, this deal puts Palo Alto Networks in rarified air, with Cisco/Splunk at $28 billion and Google/Wiz, still pending, at approximately $32 billion as larger transactions in cybersecurity M&A.
The Security Platform Conversation Becomes Even More Strategic
Palo Alto Networks indicated that, more strategically, this deal fits into its worldview, which envisions cybersecurity as consisting primarily of sensors, enforcement points, and a shared analytics layer. The company positions XSIAM as its primary data lake and analytics layer, with different components contributing to this shared intelligence of the cybersecurity landscape. Arora mentioned that they’ve done this with Secure Access Service Edge (SASE), extended detection and response (XDR), and can now do with identity security as well. CyberArk CEO Matt Cohen highlighted that the complementary nature of their offerings means that the interplay between CyberArk’s identity security capabilities and Palo Alto Networks’ enforcement capabilities can be of particular interest to customers.
An Important Addition When Squaring Off Against Competitors
The interplay between identity security and broader security operations will be critical for the company to navigate the competitive landscape. Here, we see Palo Alto Networks running into strong competition from Microsoft, Cisco, Google Cloud, CrowdStrike, SentinelOne, and others. Notably, all of these vendors have different levels of support for one or more facets of identity security, from Microsoft’s tight grip on corporate identity via Active Directory and Entra ID, Cisco’s positioning of Duo with MFA capabilities and more, Google’s Identity Platform, to CrowdStrike’s Falcon Identity Platform or Sentinel One’s Singularity Identity Detection and Response. More than a specific technical capability, this deal is likely to better position Palo Alto Networks as a “one-stop shop” for the key pillars of cybersecurity, with identity security being an integral part of a more comprehensive cybersecurity strategy.
What to Watch:
- How will Palo Alto Networks deal with a much larger acquisition? This deal is far from the technology tuck-ins or smaller strategic acquisitions it typically executes. Navigating company culture integration, product roadmaps, go-to-market, and more will be critical.
- Innovation in Identity Under PANW. As CyberArk is integrated into Palo Alto Networks, a key question is how the combined entity will continue to innovate across identity domains like PAM, IGA, secrets management, and machine identity. Maintaining CyberArk’s focus while aligning with Palo Alto Networks’ broader AI-driven platform strategy will be critical to delivering on customer expectations for unified, adaptive identity security.
- Customer Alignment and Confidence. Customer response to the shared vision will hinge on whether the combined offering simplifies or complicates their identity and security architecture. Buyers will be closely watching for clear integration roadmaps, continued product investment, and assurance that the identity-first principles that drove CyberArk’s growth will remain front and center.
- Will this deal encourage more strategic acquisitions in the near term? This transaction gives Palo Alto Networks momentum to position itself as a more strategic vendor for its prospects. While both Microsoft and Cisco already have broad portfolios with identity security components, does this mean CrowdStrike and SentinelOne, among others, need to respond with improved capabilities? Do they compete in a different space? Could, hypothetically, CrowdStrike move closer to network security, for example? Netskope, Cato Networks, and others come to mind.
For additional details, please see Palo Alto Networks’ press release.
Disclosure: Futurum is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The lead author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum as a whole.
Other Insights from Futurum:
CyberArk Impact 2025 Articulates a Possible Future of Identity-Driven Security
Can Identity Security Vendors Keep Pace with Platformization and AI-Driven Threats?
Palo Alto Networks Q3 2025 Results Indicate Sustained Platform and AI Momentum
Author Information
Krista Case brings over 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.
Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity & Resilience at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice's growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.
Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.
Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.
