PANW's current strategy is "platformization" - to be a one-stop shop for anything cybersecurity. The CYBR acquisition fills large product holes in the current PANW portfolio, with little overlap.
The $25B price doesn't reflect a multiple on $1B, exactly. It represents potential sales of the CYBR product portfolio to current PANW customers, plus potential sales of the PANW portfolio to CYBR customers, at a multiple of ARR, negotiating a portion of which to current CYBR shareholders, which is above the market price for CYBR shares, representing the risk that such upsells may not succeed in practice.
Where the acquisition gets interesting is in what CYBR's identity products mean for PANW's portfolio, once integrated. SOAR gets to be much more deterministic if your SIEM knows all of the system's trusted principal identities instead of trying to piece it together based on network research, voluntary reports, and heuristics. In theory, an integrated product will deliver better security. But the question remains whether PANW will succeed at such integration or not. PANW has a long history of successful acquisitions, so, there's that...
Agree strongly that historical integrations were great. But cortex platformization of all the things has not been well received. But PANW is doubling down on it.
It's also curious because their firewall platform seems/feels totally separate from the rest of cortex still.
I will say, they do have a ton of coverage, more so than any other single vendor I can think of.
Sure, Palo Alto can acquire Cyberark and then use its sales organization to up-sell its customers on CyberArk's offering.
I've seen this at Microsoft where acquiring startups that provide capabilities and then incorporating them into Azure or Defender led to the usage of those capabilities skyrocketing and those particular acquisitions (not going to specifics because NDA) ended up being profitable.
Even moreso when you take into account that CyberArk is not exactly a beloved product because it involves a lot of hassle. At 5-6B it may have been reasonable or simply a portfolio add that's cheap because of shared ownership/refinance but for 25B they could have bought Okta, which would have added much more value to their portfolio...
And this is the continued path to "enshittification" we're on through the continued growth forever. Companies aren't buying products, they're buying customers.
I worked for PAN back in the days where the sentiment, directly from Nir Zuk (founder), was: innovators dilemma. There's a relatively recent article [0] on the early days that does a nice job of laying out how that was a core tenant of how PAN operated. At the time I was there Mark McLaughlin was leading the charge as CEO and was the right person to drive PAN to $100M ARR.
But as you see the company shift after Mark you really start to see less of an engineering mindset of bringing new and disruptive technology to the landscape. Nikesh doesn't know how to do that. He's an ex-Googler and a finance background to boot. PAN is no longer disruptive in the technical sense. They're now disruptive to fresh ideas and good technology, which is bad for everyone.
I work now in a segment that competes with PAN in a small niche of their product set and I've displaced their points solution dozens of times in the last year. The product we're displacing is a product that PAN acquired in early 2019. The customers on that platform constantly complain about how the product has not evolved in years and support at PAN is horrendous. The last point, support, used to be a shining light for PAN. They had exceptional support - but, as with all things, scaling high quality is hard. It's why you won't find an In-N-Out too far off the Pacific coast. It's because of quality and their commitment to it. PAN is chasing stock prices and revenue, they aren't committed to their customers as they once were.
In-N-Out has a huge footprint in DFW btw. I agree with you on their commitment to quality but as I understand it their growth is slow because they don't take outside investment or loans and they need enough capital to open a regional footprint of stores because they do their own distribution.
> If Palo Alto Networks was going to do identity, they had to do it big.
> Commercially, there was no way they were going to build a successful identity business if they had just picked up a bunch of small companies and tried to put them together. They needed to bootstrap their entry into the market, so a scaled acquisition made sense.
> The identity market is at a completely different level of maturity compared to the situation when Palo Alto Networks built its cloud security business by stitching together smaller companies. That approach worked because the cloud security market was still forming. There essentially was no market leader to acquire.
> Identity has been through multiple generations of market leaders (Sun, IBM, CA, Oracle, and others. The market has already gone through multiple phases of disruption and M&A. For the most part, we've seen it all.
> Currently, we've landed with a handful of specialist identity players — some public, some owned by private equity firms. You know them: CyberArk, Okta, SailPoint, and Ping Identity. And then there's Microsoft. We'll get to that.
> Palo Alto Networks had zero chance of competing with those four companies (plus Microsoft and the other incumbents who still hold material market share) by building, buying, and partnering their way to a coherent identity offering.
> If there was one market where a massive deal had to be done, identity had to be it.
My read of that is basically they are buying a fast growing, big player in workforce identity that they can integrate in with their next generation security platform.
Same story with Cisco buying Splunk for $28 billion. Numbers makes not sense to pedestrians like me. But as always people on top think they know better (until they don't)
Sure, they know they can 2x to 5x the revenue of Cyberark with integration to their clients/offerings, maybe more. And build a stronger moat at the same time.
3. Most enterprises need Identity SPM which Cyberark does pretty well at.
4. Vendor Rationalization is the name of the game. Security teams want to reduce spend significantly in both headcount and tooling, so PANW aquiriring Cyberark makes it easier to defend identity, cloud, networking, and other security spend as well as displace competitors. This is why platformization is becoming so popular.
AFAIK since incomes are stagnant, tax revenue is very dependent on capital gains. Governments and central banks can't afford to let the stock and real estate bubbles pop.
Governments need taxes to a) keep the circus going and b) paying interests on the growing debt (a good chunk of it is held by the central bank).
Good luck with that. No one has been able to do it for decades on unclaimed land like Sealand or Liberland. And you want to essentially annex another country's territory by force and be recognized? That's pure fantasy.
There are lots of countries smaller and/or poorer than Sweden.
There are a number of very small countries with GDPs in the hundreds of millions of USD range. If you could buy a country for say 10× GDP you are looking at the low billions in GDP which is Bhutan or Zanzibar sized economies.
The problem is that countries are not often openly up for sale. You need military or political backing to actually get one. So you cannot literally buy a country.
On the other hand, I think it is reasonable to say that this amount of money is the value of an entire small economy, or of the entire stock market of a somewhat bigger one.
>On the other hand, I think it is reasonable to say that this amount of money is the value of an entire small economy, or of the entire stock market of a somewhat bigger one.
Yes. I think it's plausible to believe that it's a ridiculous valuation. That whatever the company has can be replicated for less money.
That's probably true for many companies, but seeing as Palo Alto Networks probably has some kind of software arm, it seems reasonable to expect that they'd actually have the capacity to get what they want for less.
The VMWare merger is easily the worst tech disaster in my career. VMWare was the market leader basically since they started and they never really stopped innovating and making their product better (I’m talking specifically about vSphere not the desktop products).
It was expensive but worth every penny in my opinion, and it was literally everywhere. In enterprise IT it was just what you did, there was never really much of a question.
Nutanix will eventually eat the lunch that Broadcom doesn’t even care to try to eat.
The second-rate identity provider that used to be Centrify and then IDAptive and now Cyberark Identity will now become its fourth rendition in six years; meanwhile, nobody will ever create a Terraform provider for it
It's very hard to square the activity in the real economy vs the valuations in the stock market. As a stark example, look at the revenues of AAPL for 2019 vs 2024, then compare the market caps for EOY 2019 vs 2024. It's astounding. What's causing this? ZIRP, which is now gone, but lower rates ahead it seems, and the trillions in money printing. Little of the helicopter money ended up in consumers hands as evidenced by AAPL's revenue growth. Almost all of it ended up in the hands of the investor class.
This gives me Wiz vibes (https://www.wiz.io/blog/wiz-joining-google), although CyberArk is much older (though despite being old, it is still unprofitable). In both cases, it seems the product is rather simple/basic but is being sold at insane margin to government(s).
What are you talking about? CyberArk is enterprise privileged access management. It’s not an app you install and forget about for 1-2 years. It’s certainly not something you just uninstall because you found out very basic information about the vendor on HN, because you almost assuredly run it because auditors require you to, and uninstalling it without a like replacement would be an extremely bad idea.
In 2024 Cyberark had $1 billion in revenue. Can anyone comment on how this $25B number makes sense for Palo Alto?
PANW's current strategy is "platformization" - to be a one-stop shop for anything cybersecurity. The CYBR acquisition fills large product holes in the current PANW portfolio, with little overlap.
The $25B price doesn't reflect a multiple on $1B, exactly. It represents potential sales of the CYBR product portfolio to current PANW customers, plus potential sales of the PANW portfolio to CYBR customers, at a multiple of ARR, negotiating a portion of which to current CYBR shareholders, which is above the market price for CYBR shares, representing the risk that such upsells may not succeed in practice.
Where the acquisition gets interesting is in what CYBR's identity products mean for PANW's portfolio, once integrated. SOAR gets to be much more deterministic if your SIEM knows all of the system's trusted principal identities instead of trying to piece it together based on network research, voluntary reports, and heuristics. In theory, an integrated product will deliver better security. But the question remains whether PANW will succeed at such integration or not. PANW has a long history of successful acquisitions, so, there's that...
Agree strongly that historical integrations were great. But cortex platformization of all the things has not been well received. But PANW is doubling down on it.
It's also curious because their firewall platform seems/feels totally separate from the rest of cortex still.
I will say, they do have a ton of coverage, more so than any other single vendor I can think of.
Sure, Palo Alto can acquire Cyberark and then use its sales organization to up-sell its customers on CyberArk's offering.
I've seen this at Microsoft where acquiring startups that provide capabilities and then incorporating them into Azure or Defender led to the usage of those capabilities skyrocketing and those particular acquisitions (not going to specifics because NDA) ended up being profitable.
I would sort of naively imagine that that would work at a smaller price tag but at $25 billion it would be tough to make it pencil out.
Even moreso when you take into account that CyberArk is not exactly a beloved product because it involves a lot of hassle. At 5-6B it may have been reasonable or simply a portfolio add that's cheap because of shared ownership/refinance but for 25B they could have bought Okta, which would have added much more value to their portfolio...
I'm not buying a revenue synergies argument. Has to be more.
1. These synergies are hard to deliver, let alone 25x.
2. Paying 25x revenue implies you're forecasting way more (+30x?) in value.
The Silicon Valley playbook for the last few decades has just been to acquire monopolies and then exploit them.
That’s illegal of course but we stopped enforcing those laws somewhere in the early 2000s so here we are.
And this is the continued path to "enshittification" we're on through the continued growth forever. Companies aren't buying products, they're buying customers.
I worked for PAN back in the days where the sentiment, directly from Nir Zuk (founder), was: innovators dilemma. There's a relatively recent article [0] on the early days that does a nice job of laying out how that was a core tenant of how PAN operated. At the time I was there Mark McLaughlin was leading the charge as CEO and was the right person to drive PAN to $100M ARR.
But as you see the company shift after Mark you really start to see less of an engineering mindset of bringing new and disruptive technology to the landscape. Nikesh doesn't know how to do that. He's an ex-Googler and a finance background to boot. PAN is no longer disruptive in the technical sense. They're now disruptive to fresh ideas and good technology, which is bad for everyone.
I work now in a segment that competes with PAN in a small niche of their product set and I've displaced their points solution dozens of times in the last year. The product we're displacing is a product that PAN acquired in early 2019. The customers on that platform constantly complain about how the product has not evolved in years and support at PAN is horrendous. The last point, support, used to be a shining light for PAN. They had exceptional support - but, as with all things, scaling high quality is hard. It's why you won't find an In-N-Out too far off the Pacific coast. It's because of quality and their commitment to it. PAN is chasing stock prices and revenue, they aren't committed to their customers as they once were.
[0] https://94040.substack.com/p/disruption-in-the-firewall-the-...
In-N-Out has a huge footprint in DFW btw. I agree with you on their commitment to quality but as I understand it their growth is slow because they don't take outside investment or loans and they need enough capital to open a regional footprint of stores because they do their own distribution.
I like this article about the acquisition (disclosure, I know the author).
https://strategyofsecurity.com/p/the-case-for-and-against-pa...
From the article:
> If Palo Alto Networks was going to do identity, they had to do it big.
> Commercially, there was no way they were going to build a successful identity business if they had just picked up a bunch of small companies and tried to put them together. They needed to bootstrap their entry into the market, so a scaled acquisition made sense.
> The identity market is at a completely different level of maturity compared to the situation when Palo Alto Networks built its cloud security business by stitching together smaller companies. That approach worked because the cloud security market was still forming. There essentially was no market leader to acquire.
> Identity has been through multiple generations of market leaders (Sun, IBM, CA, Oracle, and others. The market has already gone through multiple phases of disruption and M&A. For the most part, we've seen it all.
> Currently, we've landed with a handful of specialist identity players — some public, some owned by private equity firms. You know them: CyberArk, Okta, SailPoint, and Ping Identity. And then there's Microsoft. We'll get to that.
> Palo Alto Networks had zero chance of competing with those four companies (plus Microsoft and the other incumbents who still hold material market share) by building, buying, and partnering their way to a coherent identity offering.
> If there was one market where a massive deal had to be done, identity had to be it.
My read of that is basically they are buying a fast growing, big player in workforce identity that they can integrate in with their next generation security platform.
Gotta be honest, after using their products extensively compared to other offerings I don’t know if stitching together cloud companies “worked”.
We currently use both vendors.
If anything, this might make us stick with PA longer as they are the "niche" in our environment and presumably we will want to combine the contracts.
Same story with Cisco buying Splunk for $28 billion. Numbers makes not sense to pedestrians like me. But as always people on top think they know better (until they don't)
There are plenty of Palo Alto customers who also use CyberArk. Perhaps the Palo Alto leadership believe vertical integration is very valuable?
Sure, they know they can 2x to 5x the revenue of Cyberark with integration to their clients/offerings, maybe more. And build a stronger moat at the same time.
1. Similar multiples to the Wiz acquisition
2. Large shared customer base,
3. Most enterprises need Identity SPM which Cyberark does pretty well at.
4. Vendor Rationalization is the name of the game. Security teams want to reduce spend significantly in both headcount and tooling, so PANW aquiriring Cyberark makes it easier to defend identity, cloud, networking, and other security spend as well as displace competitors. This is why platformization is becoming so popular.
Cyberark put AI into every slide in their investor deck
We're going to look back at these insane buys in a few decades as unreasonable, because they simply are. You can have an entire county for $24B.
Try to cash out that pile of stocks and instantly the bubble pops. The values are virtual
AFAIK since incomes are stagnant, tax revenue is very dependent on capital gains. Governments and central banks can't afford to let the stock and real estate bubbles pop.
Governments need taxes to a) keep the circus going and b) paying interests on the growing debt (a good chunk of it is held by the central bank).
[flagged]
No, we won't. As long as productivity continues to increase, so will market caps.
Some countries are just left behind.
Which country? (Not necessarily doubting you, just curious.)
1. Go shopping https://www.privateislandsonline.com
2. Use the remaining billions to purchase a military force
3. Declare yourself sovereign
4. Export your goods and services at reasonable prices.
5. Be recognized by international organizations
6. You're literally a country for less than $24B
You need to largely be self sustaining before step 3, otherwise, even with a military, you are exposed to blockades and attrition.
> 5. Be recognized by international organizations
Good luck with that. No one has been able to do it for decades on unclaimed land like Sealand or Liberland. And you want to essentially annex another country's territory by force and be recognized? That's pure fantasy.
It happens every decade: https://worldpopulationreview.com/country-rankings/newest-co...
25B is the market cap of Ericsson, which is probably responsible for something like 5% of Sweden's GDP.
25B might not be a whole country, but it's definitely a whole country's phone network and internet infrastructure.
There are lots of countries smaller and/or poorer than Sweden.
There are a number of very small countries with GDPs in the hundreds of millions of USD range. If you could buy a country for say 10× GDP you are looking at the low billions in GDP which is Bhutan or Zanzibar sized economies.
The problem is that countries are not often openly up for sale. You need military or political backing to actually get one. So you cannot literally buy a country.
On the other hand, I think it is reasonable to say that this amount of money is the value of an entire small economy, or of the entire stock market of a somewhat bigger one.
>On the other hand, I think it is reasonable to say that this amount of money is the value of an entire small economy, or of the entire stock market of a somewhat bigger one.
Yes. I think it's plausible to believe that it's a ridiculous valuation. That whatever the company has can be replicated for less money.
That's probably true for many companies, but seeing as Palo Alto Networks probably has some kind of software arm, it seems reasonable to expect that they'd actually have the capacity to get what they want for less.
As long as this goes better than the VMWare merger with Broadcom. What a mess (still)
The VMWare merger is easily the worst tech disaster in my career. VMWare was the market leader basically since they started and they never really stopped innovating and making their product better (I’m talking specifically about vSphere not the desktop products).
It was expensive but worth every penny in my opinion, and it was literally everywhere. In enterprise IT it was just what you did, there was never really much of a question.
Nutanix will eventually eat the lunch that Broadcom doesn’t even care to try to eat.
Let a thousand shitty obstacles to getting work done bloom.
The second-rate identity provider that used to be Centrify and then IDAptive and now Cyberark Identity will now become its fourth rendition in six years; meanwhile, nobody will ever create a Terraform provider for it
Both are legacy dinosaurs, it makes sense they start eating each other.
Palo Alto is a legacy dinosaur? Pretty sure they are the current market leader in both firewalls and SOAR.
There are market leaders in everything from DSL modems to tape drives. Most companies in 2025 don't own hardware firewalls. You're proving his point.
Are you thinking of Cisco or Juniper? Please link me to where Palo Alto sells DSL modems or Tape Drives.
I did not say they are; I said there are.
Doh, my bad.
I'm surprised Okta hasn't expanded in this direction
It's very hard to square the activity in the real economy vs the valuations in the stock market. As a stark example, look at the revenues of AAPL for 2019 vs 2024, then compare the market caps for EOY 2019 vs 2024. It's astounding. What's causing this? ZIRP, which is now gone, but lower rates ahead it seems, and the trillions in money printing. Little of the helicopter money ended up in consumers hands as evidenced by AAPL's revenue growth. Almost all of it ended up in the hands of the investor class.
In surprise news, Israelis in the tech industry have deep roots in Israeli military intelligence.
[flagged]
[dead]
[flagged]
This gives me Wiz vibes (https://www.wiz.io/blog/wiz-joining-google), although CyberArk is much older (though despite being old, it is still unprofitable). In both cases, it seems the product is rather simple/basic but is being sold at insane margin to government(s).
[flagged]
Thank you for the heads up, I just uninstalled that app. I had it from 1 or 2 years ago and havent used it since.
I feel like I'm being proven right that when selecting software, it should be open source and hosted on-site.
Even if this causes problems, the alternative seems riskier.
What are you talking about? CyberArk is enterprise privileged access management. It’s not an app you install and forget about for 1-2 years. It’s certainly not something you just uninstall because you found out very basic information about the vendor on HN, because you almost assuredly run it because auditors require you to, and uninstalling it without a like replacement would be an extremely bad idea.
Do you doubt that he never ever installed the thing? But it makes him feel important or something so let it be.
To that point is there an open source PIM you'd recommend?