The $25B price doesn't reflect a multiple on $1B, exactly. It represents potential sales of the CYBR product portfolio to current PANW customers, plus potential sales of the PANW portfolio to CYBR customers, at a multiple of ARR, negotiating a portion of which to current CYBR shareholders, which is above the market price for CYBR shares, representing the risk that such upsells may not succeed in practice.
Where the acquisition gets interesting is in what CYBR's identity products mean for PANW's portfolio, once integrated. SOAR gets to be much more deterministic if your SIEM knows all of the system's trusted principal identities instead of trying to piece it together based on network research, voluntary reports, and heuristics. In theory, an integrated product will deliver better security. But the question remains whether PANW will succeed at such integration or not. PANW has a long history of successful acquisitions, so, there's that...
It's also curious because their firewall platform seems/feels totally separate from the rest of cortex still.
I will say, they do have a ton of coverage, more so than any other single vendor I can think of.
I've seen this at Microsoft where acquiring startups that provide capabilities and then incorporating them into Azure or Defender led to the usage of those capabilities skyrocketing and those particular acquisitions (not going to specifics because NDA) ended up being profitable.
That’s illegal of course but we stopped enforcing those laws somewhere in the early 2000s so here we are.
https://strategyofsecurity.com/p/the-case-for-and-against-pa...
From the article:
> If Palo Alto Networks was going to do identity, they had to do it big.
> Commercially, there was no way they were going to build a successful identity business if they had just picked up a bunch of small companies and tried to put them together. They needed to bootstrap their entry into the market, so a scaled acquisition made sense.
> The identity market is at a completely different level of maturity compared to the situation when Palo Alto Networks built its cloud security business by stitching together smaller companies. That approach worked because the cloud security market was still forming. There essentially was no market leader to acquire.
> Identity has been through multiple generations of market leaders (Sun, IBM, CA, Oracle, and others. The market has already gone through multiple phases of disruption and M&A. For the most part, we've seen it all.
> Currently, we've landed with a handful of specialist identity players — some public, some owned by private equity firms. You know them: CyberArk, Okta, SailPoint, and Ping Identity. And then there's Microsoft. We'll get to that.
> Palo Alto Networks had zero chance of competing with those four companies (plus Microsoft and the other incumbents who still hold material market share) by building, buying, and partnering their way to a coherent identity offering.
> If there was one market where a massive deal had to be done, identity had to be it.
My read of that is basically they are buying a fast growing, big player in workforce identity that they can integrate in with their next generation security platform.
If anything, this might make us stick with PA longer as they are the "niche" in our environment and presumably we will want to combine the contracts.
2. Large shared customer base,
3. Most enterprises need Identity SPM which Cyberark does pretty well at.
4. Vendor Rationalization is the name of the game. Security teams want to reduce spend significantly in both headcount and tooling, so PANW aquiriring Cyberark makes it easier to defend identity, cloud, networking, and other security spend as well as displace competitors. This is why platformization is becoming so popular.
Governments need taxes to a) keep the circus going and b) paying interests on the growing debt (a good chunk of it is held by the central bank).
2. Use the remaining billions to purchase a military force
3. Declare yourself sovereign
4. Export your goods and services at reasonable prices.
5. Be recognized by international organizations
6. You're literally a country for less than $24B
25B might not be a whole country, but it's definitely a whole country's phone network and internet infrastructure.
Some countries are just left behind.
No one really trusts the Indian outsourcer with their internal systems. But they sure are cheaper, so the risks get mitigated by micromanaging and recording access to everything.
This then spreads to all employees, even those with skin in the game, and then nobody is productive any more. Not just the contractors.
It was expensive but worth every penny in my opinion, and it was literally everywhere. In enterprise IT it was just what you did, there was never really much of a question.
Nutanix will eventually eat the lunch that Broadcom doesn’t even care to try to eat.
