What Palo Alto’s Acquisition of CyberArk Says About Cloud Network Security

This year was marked by some major acquisitions in the network security space: first, Google’s $32 billion acquisition of Wiz, and now Palo Alto’s $25 billion acquisition of CyberArk. As we explored a few months ago, the Wiz acquisition spoke to the critical importance of securing the cloud and AI workloads, and how organizations have lost many of their traditional security tools in this environment. Now, the CyberArk acquisition tells a complementary story about the value of identity in network security.  

Palo Alto was born into the network security space: securing traffic that is going to and from the Internet—the most important trust boundary for any private organization, and across private corporate networks. Their first product, the next generation firewall, was transformation for network security, released in 2006-2007. That core technology still makes up the bulk of their revenue.  

However, the distributed, complex, and huge attack surface of the cloud makes security a very different challenge than it was in 2007. Most of the major cybersecurity agencies and compliance organizations are transitioning from legacy, perimeter-based models of security to the zero trust approach of “never trust, assume breach.”  

What You’ll Learn:  

• How Palo Alto’s acquisition of CyberArk signals their adoption of zero trust principles 

• The three core components of cloud network security 

• The acquisition’s involvement in Palo Alto’s vendor consolidation strategy 

Palo Alto is Moving Towards Zero Trust Adoption by Integrating Identity

As a security mindset, zero trust changes the way we think about everything. Palo Alto’s core product focused on blocking malicious traffic: they would detect whether something on the network was good or bad, and if it was bad, they would block it.  

Think of it this way: Palo Alto worked like a security team at a concert who uses a metal detector and X-ray to check to make sure no bad stuff is coming in. Until now, they didn’t check IDs or tickets.  

Zero trust goes much deeper than just detecting and blocking bad stuff. It incorporates identity into security, specifically workload identity, with a mindset of least-privilege access that doesn’t assume anyone in the network is safe. It’s checking metaphorical IDs and name badges to make sure everyone on the network is authorized to be there.  

CyberArk has made its name in identity security and access management. By acquiring CyberArk, Palo Alto fills a huge gap in their portfolio around incorporating identity and applying the principles of zero trust.  

The Three Pillars of Runtime Security: Your Last Line of Defense

Runtime security—also known as inline security—represents the critical moment when threats meet your defenses in real-time. Unlike preventive measures that try to stop attacks before they happen, runtime security actively protects your systems while they're operating. It's your last line of defense, and it can mean the difference between a thwarted attack and a devastating breach. 

Every enterprise needs three essential pillars working in concert to achieve effective runtime security. Missing even one creates a vulnerability that sophisticated attackers will exploit. 

1. Network Security: Your Digital Perimeter

Think of network security as intelligent traffic control for your digital highways. It continuously monitors and filters data flows, distinguishing legitimate business traffic from malicious attempts to infiltrate your systems. Modern network security goes beyond simple firewalls—it uses behavioral analysis and machine learning to detect anomalies in real-time. 

2. Endpoint Security: Protecting Every Access Point

Every device, application, and system in your network represents a potential entry point for attackers. Endpoint security ensures that these access points remain uncompromised, preventing attackers from establishing persistence in your environment. This includes everything from employee laptops to IoT devices to cloud workloads—each requiring protection tailored to its unique vulnerabilities. 

3. Identity Security: Trust, But Verify

In today's zero-trust world, identity verification is crucial. This pillar ensures that every user, workload, and device is authenticated and authorized before accessing your resources. It's not just about passwords anymore—it's about continuous verification, contextual access controls, and adaptive authentication that responds to risk signals in real-time. 

The identity piece matters because in a cloud network, identity can be fluid: for example, the identity determined by an IP address can change in a Kubernetes cluster that rapidly consumes and discards IP addresses. 

Most of the iconic brands in cybersecurity are built on at least one of these pillars, sometimes two. Checkpoint, Zscaler, CloudFlare, Netscope, Fortinet – all Network Security. Crowdstrike – endpoint.  Microsoft Defender (endpoint) and Entra (Identity). Few cover all three. And rarely are they effectively integrated. 

Palo Alto is now trying to bridge the gap, acquiring CyberArk gave them that critical third component. 

In short, Palo Alto’s acquisition of CyberArk validates the need to incorporate identity deeply into network security.  It’s difficult to integrate after the fact, however.  Incorporating identity into network security was a foundational pillar when we launched our Cloud Native Security Fabric. 

Palo Alto is Moving Toward Cybersecurity Vendor Consolidation

The cybersecurity industry faces a paradox: while organizations struggle to manage relationships with up to 60 different security vendors, the complexity of modern threats demands specialized expertise. Palo Alto's acquisition of CyberArk represents more than just adding identity to their portfolio—it's a strategic move toward the platformization that enterprises need, albeit in a walled garden. 

But consolidation comes with risks. Cybersecurity isn't simply about compliance or checking boxes—it's fundamental to the success and resilience of our digital society. As vendors merge and platforms expand, we must ensure that innovation doesn't become a casualty of convenience. The best ideas often come from focused, independent companies pushing boundaries in their specific domains. 

The path forward requires balance. Yes, we need platforms that can deliver the three pillars of runtime security in an integrated fashion. But we also need an ecosystem where: 

• Established platforms remain open to best-of-breed solutions 

• Startups can still challenge incumbents with innovative approaches 

• All vendors prioritize interoperability over vendor lock-in 

• Integration becomes a feature, not an afterthought 

Whether through consolidation or collaboration, the cybersecurity industry must work as a unified front against increasingly sophisticated threats. The stakes are too high for anything less than our collective best effort. In the end, it's not about how many vendors you have—it's about how effectively they work together to protect what matters most.  

Learn more about cloud network security: 

• Learn more about the new Cloud Native Security Fabric (CNSF) category and how it incorporates network security, endpoint security, and identity.  

• Explore how Aviatrix’s partnership with Wiz unlocks network visibility and security policy enforcement. 

• Watch an on-demand webinar about Aviatrix’s State of Cloud Network Security: 2025 report, which revealed slow zero trust adoption and other key insights.