“This is precisely why industry must change the paradigm,” Nikesh Arora said earlier this year. “Shifting away from today’s fragmented security landscape and towards consolidation.” That view now defines Palo Alto Networks’ latest move: the $25 billion acquisition of Israeli cybersecurity company CyberArk.
The transaction is the largest in Palo Alto’s history and the most expensive deal ever for an Israeli firm, exceeding even Intel’s $15.3 billion acquisition of Mobileye in 2017. CyberArk, a publicly traded leader in privileged access management (PAM), has built a position at the center of enterprise identity security, securing administrator credentials, service accounts, and machine identities across over 10,000 organizations worldwide.
Arora’s position has been consistent. He has said publicly that billion-dollar revenue companies should not remain independent. “They should be part of a bigger entity that allows for the leverage and scale required to create large amounts of cash flow and a high market cap.” The CyberArk acquisition reflects that belief, and it brings to Palo Alto a product suite that operates at a control point the company previously lacked—identity.
While Palo Alto has spent more than $1.5 billion over the past decade acquiring firms in cloud security, endpoint protection, SOAR, and AI model governance, identity has remained a gap in its platform. With CyberArk, it now adds privileged access management, identity access management, machine identity control, and identity governance capabilities to a product stack that already spans firewalls, SASE, EDR, CNAPP, and SIEM.
The acquisition gives Palo Alto a foothold in a domain that accounts for a significant share of cyber incidents. According to industry estimates, about 88 percent of breaches originate from stolen credentials or identity-based attacks.
CyberArk executive chairman Udi Mokady described the deal as “a profound moment” for the company. “Joining forces with Palo Alto Networks is a powerful next chapter, built on shared values and a deep commitment to solving the toughest identity challenges,” he said. “Together, we’ll bring unmatched expertise across human and machine identities, privileged access, and AI-driven innovation to secure what’s next.”
CyberArk’s approach differs from traditional IAM vendors. The platform stores sensitive credentials in encrypted digital vaults, grants access only after real-time verification, and automatically rotates credentials to prevent reuse. These controls have become increasingly important as organizations deploy AI agents and automated systems that interact across networks and cloud environments. Each non-human identity requires security controls comparable to human administrator accounts, a problem CyberArk’s architecture is built to manage.
Expansion Through Acquisitions
CyberArk’s identity platform was not built overnight. The company’s expansion beyond PAM has come through a series of targeted acquisitions over the past five years. It acquired Idaptive from Centrify and Thoma Bravo for $70 million to enter IAM. It later added machine identity firm Venafi, contributing $150 million in new ARR. Most recently, it acquired Zilla Security in 2025 to address IGA.
Analysts note that PAM alone would not have supported CyberArk’s current scale. “The core PAM space was never big enough for a $1 billion run rate,” said one identity-focused investor. “They stitched together enough of IAM, IGA, and machine identity to get there.”
Still, CyberArk’s brand remains strongest in PAM, a product category typically sold to CISOs in regulated sectors such as financial services and healthcare. That positioning contrasts with IAM vendors like Okta, which historically sold into IT teams or product organizations. As identity categories converge, the boundaries between those sales motions have begun to collapse.
The acquisitions have broadened CyberArk’s product footprint, but they also come with integration overhead. The company is still aligning product lines, messaging, and go-to-market strategies across its acquired units. This creates potential friction when integrated into Palo Alto’s broader portfolio, especially as Palo Alto’s acquisitions have tended to be smaller and more modular.
Identity as a Strategic Layer
With this deal, Palo Alto gains exposure to an identity architecture that starts from PAM and scales outward. This contrasts with other large vendors that have built from the IAM or IGA side. Okta, for instance, has its roots in IAM and added PAM and IGA capabilities only after years of internal development. SailPoint and Saviynt approach identity from a governance-first perspective.
Each vendor is now converging on a model that combines authentication, privilege enforcement, data telemetry, and risk analysis across human and machine users. CyberArk’s position in that architecture remains PAM-centric, which aligns with how CISOs evaluate risk. PAM tools tend to be deployed in environments with high compliance requirements and mission-critical workloads in industries like financial services, healthcare, and manufacturing.
This orientation differs from Okta’s developer-first focus. In AI-heavy environments, where machine agents act autonomously, CyberArk’s PAM capabilities may offer a more appropriate framework for controlling access. But as identity platforms converge, customer expectations around usability, extensibility, and integration also rise. CyberArk, while trusted in high-security environments, does not yet have the developer ecosystem or self-service design of Okta or Microsoft Entra ID.
A Record Deal and Market Reaction
Palo Alto will pay $45 per share in cash and 2.2005 shares of its own stock for each share of CyberArk. The blended consideration represents a 29 percent premium to CyberArk’s last trading price before the deal leaked. The transaction values the combined business at more than $8 billion in projected annual revenue, though Palo Alto shareholders reacted cautiously. The stock declined 5 percent following the formal announcement. CyberArk shares rose 13 percent on the news.
Analysts expect most early synergy to come from sales. “PAM sells to CISOs, and Palo Alto already has deep CISO relationships,” one said. “You’ll see financial engineering—discounts, bundling, cross-sell motion.”
Protect AI, acquired in July 2025, gave Palo Alto tools to secure AI pipelines and models across the development lifecycle. Talon brought secure enterprise browsers for hybrid workforces. Dig strengthened Palo Alto’s data security posture management capabilities within Prisma Cloud. Each acquisition filled a discrete technical gap. CyberArk, by contrast, brings an entire platform that intersects with every other layer of the stack.
Execution Risks and Integration Challenges
The integration risk is not trivial. CyberArk is itself a company still digesting recent acquisitions. Its employees with over 4,000 globally, with more than 1,200 in Israel span PAM, IAM, IGA, and machine identity teams. CyberArk’s core strength lies in security engineering, but it has not fully matured into a developer-first identity platform.
Palo Alto will likely keep CyberArk operating independently for some time to protect product roadmaps and retain key technical talent. Sources familiar with the deal say product and GTM functions will remain intact during the transition, while back-office functions such as finance and HR may be consolidated into Palo Alto’s broader operations.
GTM synergy may be the easier lift. PAM sells primarily to CISOs—Palo Alto’s strongest customer base. Analysts expect bundled deals and platform incentives across SASE, cloud, and endpoint security to accelerate adoption. But in identity governance and IAM, the customer base often overlaps with Okta and SailPoint. Convincing these enterprises to displace existing identity infrastructure will take time, especially when CyberArk’s newer capabilities are not yet battle-tested at the same scale.
One identity investor summarized the competitive dynamic: “If you are buying just PAM, CyberArk is the market leader. But if you want a full converged identity stack, customers still look to Microsoft and Okta. CyberArk’s growth vector may now depend on how well Palo Alto can elevate the rest of the platform.”
Political and Geopolitical Implications
The transaction also highlights the continued strategic role of Israel in Palo Alto’s product roadmap. Despite the ongoing conflict with Hamas and broader instability across the region, Palo Alto has increased its investment in Israeli startups over the past 12 months. Following the October 2023 conflict, Palo Alto acquired Talon Cyber Security and Dig Security in rapid succession. Now, CyberArk becomes the cornerstone of its identity platform.
“Although there is war, although there is conflict, although there is negative sentiment, Israel is seen as a sustainable place that yields great technology,” said Demi Ben-Ari, Chief Strategy Officer of Panorays.
All CyberArk employees will remain in Israel post-acquisition, according to company statements. This maintains continuity for the company’s engineering and product development teams and affirms Israel’s central role in the global cybersecurity innovation ecosystem.
Competitive Response and Market Outlook
The deal puts pressure on every other identity player. Okta recently announced plans to expand into PAM and IGA after years of resisting the shift. SailPoint and Saviynt will face new competition in governance. Microsoft, still dominant in IAM, now contends with a broader security platform bundling identity as part of a larger suite.
The convergence across identity subcategories, IAM, PAM, IGA, and ITDR has reached an inflection point. Every major vendor is now building toward telemetry-rich platforms that can enforce Zero Trust and contextual access controls across all users and systems. CyberArk proposed a model where PAM is the anchor. There is also pressure on other security vendors. As Arora said, billion-dollar security businesses will increasingly need to be part of larger platforms. Palo Alto understood that earlier than most. Hats off to Arora.
