According to The Wall Street Journal, Palo Alto Networks is in advanced talks to acquire identity and access management leader CyberArk in a deal exceeding $20 billion. This potential acquisition would mark a strategic leap for Palo Alto.
First, it aligns with the company’s ongoing “platformization” strategy by extending its reach beyond network, cloud, and endpoint security into the critical area of identity security—a current blind spot. Strengthening this segment would enhance Palo Alto’s ability to compete with integrated cybersecurity giants like Microsoft.
Second, the acquisition would give Palo Alto significant exposure to machine identity, an emerging and fast-growing segment within cybersecurity (see our recent report). Machine identity refers to digital credentials assigned to non-human entities, enabling secure authentication and communication between machines.
As AI agents and automated systems proliferate, machine identities are expected to outnumber human identities by 10–20x in the coming years. This has made securing machine identities a top enterprise priority, with global spending projected to grow from $5 billion in 2023 to $10 billion+ over the next few years, reflecting a 25–30% CAGR.
If finalized, the CyberArk deal would represent a major pivot from Palo Alto’s typical focus on smaller, tuck-in acquisitions. The reported valuation—15x projected 2026 revenue—is significantly above the sector average of 6–8x, underscoring both the strategic value of identity security and the scarcity of high-quality assets in the space.
This development could spark broader interest in identity players like Okta and SailPoint from cybersecurity and cloud vendors looking to round out their platforms.
While the size of the deal poses some execution risk and may not drive immediate financial gains, we believe the long-term strategic upside—especially the ability to pursue larger enterprise contracts with a more complete platform—makes this a transformative opportunity for Palo Alto.
