Move into identity security space will also boost Agentic AI protection offering.
Palo Alto Networks has entered into a definitive agreement to acquire CyberArk for approximately $25 billion.
Calling the move a “strategic combination” to mark Palo Alto Networks' formal entry into the identity security space, combining CyberArk's standing in Identity security and privileged access management (PAM) with Palo Alto Networks' AI-powered security platforms to extend privileged identity protection to all identity types including human, machine, and the new wave of autonomous AI agents.
In a statement, Nikesh Arora, chairman and CEO of Palo Alto Networks, said: "Our market entry strategy has always been to enter categories at their inflection point, and we believe that moment for Identity security is now. This strategy has guided our evolution from a next-gen firewall company into a multi-platform cybersecurity leader.
“Today, the rise of AI and the explosion of machine identities have made it clear that the future of security must be built on the vision that every identity requires the right level of privilege controls, not the 'IAM fallacy'. CyberArk is the definitive leader in Identity Security with durable, foundational technology that is essential for securing the AI era. Together, we will define the next chapter of cybersecurity."
Converging
The companies said that as identity and security are converging, the integration of CyberArk's Identity Security Platform with Palo Alto Networks will also provide security for Agentic AI: as organisations adopt autonomous Agentic AI, they are deploying the ultimate privileged users.
Enforcing just-in-time access and least privilege principles ensures that AI agents are granted only the permissions they need, for the exact moment they need them, providing the critical oversight necessary to secure AI-driven automation at scale.
Udi Mokady, founder and executive chairman of CyberArk, said: "This is a profound moment in CyberArk's journey. From the beginning, we set out to protect the world's most critical assets, with a relentless focus on innovation, trust, and security.
“Joining forces with Palo Alto Networks is a powerful next chapter, built on shared values and a deep commitment to solving the toughest identity challenges. Together, we'll bring unmatched expertise across human and machine identities, privileged access, and AI-driven innovation to secure what's next.”
Different Animal
In an email to SC UK, Charlie Winckless, VP analyst at Gartner said that with Palo Alto Networks having a history of acquisition, these have been small startups that are more in-line with existing lines of business that they have been able to integrate these into their existing lines of business and expand the capabilities of these platforms.
“CyberArk is a different animal, and comes with a different price tag and different expectations,” he said. “At the current time, they’re the largest privileged access management player by far, and that is adjacent to Palo Alto’s SSE business, especially Remote Privileged Access. They offer machine identity capabilities (and have in turn acquired Venafi, a machine identity vendor), and that is adjacent to Palo Alto’s CNAPP business.
“This acquisition is a large move into a very different market and one that allows for potential horizontal growth to accelerate and offset earnings for Palo Alto that have been slowing over time. It also supports Palo’s efforts to grow their security platform and aligns with their message, especially if they tie machine identity to agentic AI systems that will require delegated identities, rather than just inheriting the permissions and identity of the human initiator.
“For Palo, this presents a new product line, and an ability to cross sell and upsell. For CyberArk, it presents similar cross sell opportunities, as well as their ability to be represented by the larger sales force. Both are commonly seen in large enterprises.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
