The acquisition of Israeli cybersecurity firm CyberArk by U.S.-based Palo Alto Networks ranks among the largest deals in the history of the cybersecurity sector, and is the second-largest in Israeli tech history, trailing only Google’s $32 billion purchase of WIZ.
It marks a seismic moment for the cyber world, merging two global powerhouses in a deal expected to produce a force greater than the sum of its parts and establish the undisputed industry leader for years to come.
Palo Alto Networks has been racing to grow and innovate rapidly in recent years. Under the leadership of Chairman and CEO Nikesh Arora, the company has invested nearly $5 billion in about 20 acquisitions since 2018, positioning itself as the dominant player in cloud cybersecurity.
The results are evident: today, it is the world’s largest pure-play cybersecurity company—second only to Microsoft, whose cybersecurity division is just one part of its broader business. Still, Palo Alto is aware that this lead may be temporary and is aiming to widen the gap decisively. That ambition, it seems, can only be realized through a mega-deal with a top-tier competitor—such as CyberArk, ranked seventh globally in the sector.
The company’s growth strategy has evolved. Previously, Palo Alto focused on piecing together a puzzle of dozens of niche technologies through smaller acquisitions—each adding specialized capabilities. This approach allowed the firm to rapidly integrate innovation without hiring teams from scratch or investing years in R&D. Funding for these deals came initially from capital raises and later from growing profits. In the classic “build vs. buy” dilemma, Palo Alto consistently favored “buy.”
But that approach is now shifting. Until recently, Palo Alto primarily acquired startups with cutting-edge tech, often steering clear of more established firms with large customer bases.
In August 2022, Arora told investors that the company’s strategy was to find great development teams that complement its capabilities rather than pursue large acquisitions. This philosophy was reflected in the deal sizes, which generally stayed in the hundreds of millions, not billions.
But now the question appears to have shifted entirely. Arora said the long-fragmented identity security market is now ripe for platform consolidation. The “fragmented structure” he referred to describes the current cybersecurity landscape, where thousands of companies offer hundreds of narrowly focused technologies, each addressing a specific problem. Many Israeli cybersecurity firms operate within this fragmented model, founded by veterans of elite military tech units like Unit 8200. While they offer excellent technology, their solutions are often limited in scope. As a result, it’s difficult for most Israeli companies to scale into global giants.
This fragmentation forces chief information security officers (CISOs) at corporations and organizations to purchase dozens of different security products, sometimes simultaneously. Managing them all effectively becomes a challenge, giving rise to yet more companies focused solely on integrating the others. As industry insiders say, “the chaos feeds itself.”
Arora’s call for consolidation reflects a growing trend: major cybersecurity conglomerates are emerging through acquisitions across different domains, offering comprehensive end-to-end solutions. Several Israeli companies acquired in recent years for tens or hundreds of millions of dollars are part of this shift.
Palo Alto Networks Chairman and CEO Nikesh AroraPhoto: Yuval ChenFrom the customer’s perspective, it’s easy to see why a large enterprise might prefer a unified security suite from giants like Palo Alto Networks, CrowdStrike or Fortinet over a patchwork of smaller, specialized vendors, however advanced each may be.
That’s where the Palo Alto–CyberArk deal takes on deeper significance. It’s not just another step in industry consolidation; it’s a strategic pivot for both companies. CyberArk’s technology is distinctive and market-leading, but CyberArk itself is no small player. It has spent years acquiring other firms and expanding its reach. This deal signals a joint ambition to build a merged global leader. What Palo Alto offers CyberArk isn’t just a generous stock valuation, though that alone would be hard to refuse, but the opportunity to shape the future of global cybersecurity leadership.
A turning point in cybersecurity
What’s driving these mega-deals in the cybersecurity sector? The answer is clear: the U.S. economy, and the Western world at large, is under relentless cyberattack. There is hardly a company today that hasn’t fallen victim to at least one breach, and in many cases, multiple attacks. Some are forced to pay millions in ransom.
The fear of a crippling cyberattack and the personal liability faced by corporate board members has prompted businesses to pour massive sums into cybersecurity defenses. This demand has created a booming market, fueling unprecedented investment and intensifying competition among cybersecurity firms.
Daniel Ives, an analyst at Wedbush Securities, described the potential Palo Alto–CyberArk merger as “a turning point in the cybersecurity landscape.” If completed, the deal is expected to exceed $20 billion. CyberArk’s current market capitalization on the Nasdaq stands above $21 billion.
By comparison, in the recent WIZ–Google deal, the buyer paid a significant premium over WIZ’s valuation at the time. If that pattern holds, CyberArk’s sale price could reach $25 billion or more, particularly given Palo Alto’s eagerness and CyberArk’s deliberation, which may drive the price even higher.
Though CyberArk currently generates about 20% of Palo Alto’s revenue, its growth rate is substantially faster. In the most recent quarter, CyberArk’s sales jumped 43% year-over-year to $221.6 million. By contrast, Palo Alto reported $2.3 billion in quarterly revenue, a 15% increase from the same period in 2024.
If the deal goes through, it would be Palo Alto’s largest acquisition to date among more than 20 previous purchases. However, it likely won’t surpass the largest cybersecurity acquisition ever; that distinction still belongs to Google’s $32 billion buyout of WIZ, which is expected to receive regulatory approval soon.
Palo Alto Networks was founded in 2005 in Santa Clara, California, in the heart of Silicon Valley, by Israeli entrepreneur Nir Zuk, along with Rajiv Batra, Fengmin Gong, Dave Stevens and Youming Mao.
Zuk, a former Check Point employee who left the company following a dispute with its CEO Gil Shwed, was determined to prove that better cybersecurity technology could be built. After months of groundwork, much of it carried out at the offices of venture capital firms Greylock and Sequoia, the company launched its first product and entered the market.
Zuk, a co-founder and the company's original CTO, is currently listed on Palo Alto’s website as a chief evangelist and senior advisor. As the only one of the original founders still involved, he remains a symbolic figure in the company. Today, Palo Alto Networks is led by Arora, with William Jenkins serving as president. The company's market capitalization stands at $129.25 billion.
Over the years, Palo Alto Networks has expanded aggressively through a long series of acquisitions—so many, in fact, that even Zuk himself might struggle to name them all. Its buying spree began with the purchase of Morta Security in January 2014 and continued most recently with the acquisition of Protect AI in April of this year. Several of those acquired firms were Israeli, including Twistlock, Dig Security, Talon, Cyvera, Demisto and Cider Security.
Earlier this month, reports suggested Palo Alto was eyeing another Israeli firm, SentinelOne, but that deal ultimately fell through. Now, all eyes are on CyberArk.
CyberArk was founded in 1999 by Udi Mokady and Alon Cohen. Mokady led the company as CEO from 2005 until last year, when he transitioned to executive chairman. Matt Cohen succeeded him as CEO. CyberArk’s global headquarters and main R&D center are located in Israel, with an additional executive office in the United States. The company currently employs around 4,000 people.
In a November 2024 interview with Ynet, Mokady predicted the company was on the verge of a major breakthrough. He credited its momentum to two factors: identifying key future growth areas and acquiring companies that helped advance those goals, and shifting its business model to a subscription-based revenue structure, which was already boosting income.
What Mokady didn’t anticipate at the time was that just months later, the company would be on the verge of being acquired.
Get the Ynetnews app on your smartphone: Google Play: https://bit.ly/4eJ37pE | Apple App Store: https://bit.ly/3ZL7iNv
You said many smaller cybersecurity firms would eventually be acquired by larger players. Weren’t you worried CyberArk might be one of them?
“I love that question. We didn’t mark 25 years since our founding and 10 years as a public company just for fun. Our goal has always been to build a sustainable company that’s the acquirer, not the acquired, and one that continues to grow. At the same time, we’re not trying to be a one-stop shop. We aim to specialize in identity security.”
Does CyberArk aspire to become as big as industry giants like Check Point or Palo Alto Networks?
“We absolutely aim to reach that scale, and we’re on track. Who would have thought CyberArk would one day be talking about $1 billion in annual recurring revenue? The identity space is vast, and I believe we can continue building a massive company in it. One day, people will be asking other companies whether they hope to be as big as CyberArk.”
‘CyberArk’s AI-driven cybersecurity may handle 5,000 threats a day’
For years, CyberArk has specialized in securing and managing privileged accounts; those with broad access to organizational IT systems and highly vulnerable to cyberattacks. In 2020, the company expanded into identity management, now a central pillar of cybersecurity, and has since become one of the industry’s leading players.
CyberArk Senior Vice President for AI, Data and Research Avichai Natan: 'Saying you do AI in cyber sounds great, but the reality is very different. It’s like looking for a needle in a haystack, except the haystack is buried in the ocean'
In recent months, CyberArk has shifted significant focus toward artificial intelligence, aiming to develop tools not only for traditional cybersecurity but also to defend against AI-powered attacks.
A recent visit to the company’s Petah Tikva headquarters revealed the scale of its R&D efforts: hundreds of engineers and researchers, many in AI, working across multiple floors and labs to build new tools and study emerging threats.
“The AI capabilities we’re developing are what set us apart,” said Chief Product Officer Peretz Regev. “Udi Mokady calls this his dream job. We’re building AI to help clients be more secure and more efficient. A traditional cybersecurity center might handle 100 incidents a day, but with AI, it can process 5,000. That’s what truly secured operations look like.”
Leading the AI push is Avichai Natan, Senior Vice President for AI, Data and Research. He cautions that while AI in cybersecurity is a hot topic, it's far more complex than headlines suggest. “Saying you do AI in cyber sounds great, but the reality is very different. It’s like looking for a needle in a haystack, except the haystack is buried in the ocean. The data volume is enormous, and attack signals are faint. Our advantage is that we’ve worked with huge datasets and clients for years, allowing us to detect threats in context.”
Earlier this year, CyberArk announced a major expansion of its AI and data center in Israel and began hiring dozens of specialists. The move aims to accelerate development of AI-powered products, like intelligent agents and AI agent protection, at a time when the risks and capabilities of AI are still only partially understood, even by those working in the field. What’s clear is that enterprise clients are increasingly aware of the threats, and AI-driven cybersecurity is emerging as one of the industry’s fastest-growing sectors.
This technological edge is also a key driver behind the proposed Palo Alto–CyberArk merger. According to U.S. research firm Jefferies, the acquisition is strategically sound: “AI remains the next major growth frontier and a category Palo Alto must lead—or at least finish in the top three,” analysts wrote in a recent report. “We believe this deal will further solidify Palo Alto Networks’ position as the go-to cybersecurity platform for customers.”
While Palo Alto does have its own identity protection product, identity management has never been a core focus. Executives in the past have said the effort to onboard customers into that segment would be too great. CyberArk, already a leader in the space, brings not only proven technology, but also an established customer base. For Palo Alto, the merger could be the most efficient way to expand into identity security and close the AI gap.