{"id":4173,"date":"2025-07-30T14:10:52","date_gmt":"2025-07-30T14:10:52","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=4173"},"modified":"2025-07-30T14:10:52","modified_gmt":"2025-07-30T14:10:52","slug":"palo-alto-networks-to-buy-cyberark-for-25b-as-identity-security-takes-center-stage","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=4173","title":{"rendered":"Palo Alto Networks to buy CyberArk for $25B as identity security takes center stage"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Palo Alto Networks is making what could be its biggest bet yet by agreeing to buy Israeli identity security company CyberArk for around $25 billion. The companies announced they had reached an agreement on Wednesday.<\/p>\n<p>The deal will mark a seismic shift for an industry that\u2019s been consolidating at breakneck speed. More importantly for security chiefs, it signals that the days of managing dozens of different security tools are numbered.<\/p>\n<h2 class=\"wp-block-heading\">Why Palo Alto is breaking its own rules<\/h2>\n<p>Here\u2019s what makes this deal fascinating: Palo Alto Networks has spent years deliberately avoiding the identity management business. And for good reason \u2014 asking customers to rip out and replace their identity systems is like asking them to rewire their entire digital nervous system.<\/p>\n<p>\u201cPalo Alto avoided identity management for years because of its deep integration demands,\u201d said Akshat Tyagi, associate practice leader at HFS Research. \u201cUnlike firewalls or endpoint tools, identity systems tie into HR databases, cloud platforms, legacy infrastructure, and application access layers, making them complex to deploy and harder to monetize at scale.\u201d<\/p>\n<p>But that\u2019s exactly what CEO Nikesh Arora is now willing to tackle with this massive acquisition, as he explained in <a href=\"https:\/\/www.paloaltonetworks.com\/ceo-shareholder-letter\" target=\"_blank\" rel=\"noopener\">a letter to shareholders<\/a> on Wednesday. The math is simple: if you can\u2019t beat the complexity, buy the company that\u2019s already solved it.<\/p>\n<p>CyberArk isn\u2019t just any identity company. It\u2019s become the go-to choice for organizations trying to manage \u201cidentity sprawl\u201d \u2014 the explosion of digital identities that need protection. According to <a href=\"https:\/\/www.crowdstrike.com\/en-us\/cybersecurity-101\/identity-protection\/machine-identity-management\/\" target=\"_blank\" rel=\"noopener\">CrowdStrike research<\/a>, machine identities now outnumber human identities by 45 to 1, with <a href=\"https:\/\/www.cyberark.com\/state-of-machine-identity-security-report\/\" target=\"_blank\" rel=\"noopener\">CyberArk\u2019s own 2025 research<\/a> showing 79% of organizations expect machine identities to spike by as much as 150%.<\/p>\n<h2 class=\"wp-block-heading\">The identity crisis driving this deal<\/h2>\n<p>Walk into any CISO\u2019s office these days, and they\u2019ll tell you the same story: hackers don\u2019t need to break down the front door anymore. They just steal legitimate credentials and walk right in.<\/p>\n<p>\u201cToday, most breaches originate not from malware or misconfigured ports but from stolen or misused credentials,\u201d Tyagi noted. \u201cAttackers gain access by impersonating users, escalating privileges, and pivoting through cloud and on-premise environments using real-looking identities.\u201d<\/p>\n<p>CyberArk has positioned itself at the center of this challenge, generating over <a href=\"https:\/\/www.cyberark.com\/press\/cyberark-announces-record-fourth-quarter-and-full-year-2024-results\/\" target=\"_blank\" rel=\"noopener\">$1 billion in revenue in 2024<\/a> \u2014 a 33% year-over-year increase \u2014 by expanding beyond traditional privileged access management through strategic <a href=\"https:\/\/www.csoonline.com\/article\/1298623\/top-cybersecurity-ma-deals-for-2024.html?utm=hybrid_search\">acquisitions, including Venafi<\/a> ($1.54 billion) for machine identity management and Zilla ($165 million) for identity governance.<\/p>\n<h2 class=\"wp-block-heading\">Will the integration work?<\/h2>\n<p>\u201cIf integration happens effectively, focusing on security posture improvement, ensuring consolidated interfaces, operational optimization, intel event sharing, and proactive identification of threats, it will be a great story,\u201d said Sunil Varkey, advisor at Beagle Security.<\/p>\n<p>That\u2019s the optimistic view. But cybersecurity acquisitions have a mixed track record at best. Under Arora\u2019s leadership, Palo Alto has been buying companies left and right, trying to build what he calls a \u201ccybersecurity supermarket.\u201d<\/p>\n<p>But this CyberArk deal is different. At $25 billion, it\u2019s roughly 25 times larger than Palo Alto\u2019s typical acquisitions. And identity management isn\u2019t just another security tool. It\u2019s foundational infrastructure that touches every corner of an organization.<\/p>\n<p>\u201cBut if this is purely to capture market share or to improve revenue share or lock in of customers, it will be a bad chapter,\u201d Varkey cautioned. \u201cIt may not be so easy considering different cultures, stakeholder segments, and sub-domains.\u201d<\/p>\n<h2 class=\"wp-block-heading\">The consolidation wave<\/h2>\n<p>\u201cSecurity buyers increasingly seek end-to-end platforms that offer integration, visibility, and faster response across cloud, identity, and endpoints,\u201d said Tyagi. \u201cThe emerging \u2018cybersecurity superpowers\u2019 are expanding their capabilities and positioning themselves as core layers of enterprise infrastructure.\u201d<\/p>\n<p>This deal marks cybersecurity\u2019s second-largest transaction this year, following <a href=\"https:\/\/www.infoworld.com\/article\/3852980\/google-acquires-wiz-a-win-for-multicloud-security.html\">Google\u2019s $32 billion Wiz acquisition<\/a>. Together, these mega-deals suggest the industry is moving toward comprehensive platform providers rather than specialized point solutions.<\/p>\n<p>\u201cMany will face challenges in maintaining relevance as customer budgets shift toward consolidated contracts and larger platforms that promise unified management and lower operational overhead,\u201d Tyagi warned regarding mid-tier cybersecurity vendors.<\/p>\n<p>If you\u2019re running security for a mid-sized company, this should grab your attention. The cybersecurity industry is rapidly splitting into two camps: massive platform providers like Palo Alto and specialized niche players fighting for scraps.<\/p>\n<p>However, the consolidation trend brings risks. \u201cBuyers will need to pay closer attention to how their security architectures evolve,\u201d Tyagi cautioned. \u201cMaintaining flexibility through modular designs, setting clear exit terms, and avoiding complete dependence on a single ecosystem will be critical to preserving long-term agility and control.\u201d<\/p>\n<h2 class=\"wp-block-heading\">The bigger picture<\/h2>\n<p>Strip away the financial details, and this deal is really about one thing: the recognition that identity security isn\u2019t a nice-to-have anymore\u2014it\u2019s table stakes for any organization serious about protecting itself.<\/p>\n<p>The old model of building walls around networks and hoping for the best is dead. The new model requires knowing exactly who and what is inside your systems at all times, and having the tools to respond instantly when something looks wrong.<\/p>\n<p>Whether Palo Alto can successfully integrate CyberArk\u2019s capabilities remains to be seen. But one thing is clear: the company is betting its future on the idea that customers want comprehensive security platforms, not collections of individual tools.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Palo Alto Networks is making what could be its biggest bet yet by agreeing to buy Israeli identity security company CyberArk for around $25 billion. The companies announced they had reached an agreement on Wednesday. The deal will mark a seismic shift for an industry that\u2019s been consolidating at breakneck speed. More importantly for security [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":4174,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-4173","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4173"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4173"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4173\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/4174"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4173"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4173"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4173"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}