ETR Insights presents a panel discussion between enterprise security leaders regarding Palo Alto Networks’ plan to acquire CyberArk, part of Palo’s bid to become a full-stack security platform. Panelists see the logic, question the price, and warn that integration quality will determine value, citing past deals like Demisto and Twistlock that were slower to harmonize than hoped. There is potential upside if Palo Alto can truly converge network and identity controls for zero trust. However, these executives worry that multi-cloud flexibility could shrink, on-premises security may be sidelined, and any promised “single pane of glass” may turn out to be little more than a jumbled menu of disparate tools. Panelists are watching to see whether Palo Alto keeps the breadth of CyberArk’s portfolio, how it brands and prioritizes capabilities, and how rivals respond, all while balancing the lure of consolidation against lock-in and the need for vendor-agnostic architectures.
Ultimately, these companies want integration depth without lock-in, and architectures that preserve switching power. Read on to learn more about the convergence of network and identity for zero trust, sales complexity and cross-sell gaps, how branding and product prioritization choices could signal Palo Alto’s intent, and bundle pricing dynamics that may widen the lane for startups and mid-market alternatives.
Vendors Mentioned: Amazon (AWS) / BeyondTrust / Cisco (Splunk) / CrowdStrike / CyberArk (Cora AI), Cyera, Dig Security / ForgeRock / Google (GCP) / IBM (QRadar) Keeper Security / Microsoft / Okta (Auth0) / Oracle / Palo Alto Networks (Demisto, Twistlock, Precision AI) / Ping Identity / SailPoint / Zscaler
Palo Alto Networks’ planned acquisition of CyberArk fits the company’s long-running push to become a one-stop security platform, but our panelists see it as possibly overvalued and warn of integration risk. “I knew Palo was going to eventually make a move,” says the CISO for a large financials insurance enterprise. “They’ve been ideating and exploring identity in PAM, and a bunch of other plays, and they’ve been primarily executing that through channel and partnerships.” The Field CISO for one technology enterprise fears Palo Alto’s broader reach could dilute product focus. “They’re trying to become everything to everyone. I worry about the technology losing its exceptionalness, and that it will start to become very average and expensive.” Panelists also flag Palo Alto’s mixed record on stitching past purchases into its platform, recalling slower-than-hoped integrations of Demisto and Twistlock. Still, some see strategic upside if network and identity controls truly converge. A CISO from a large energy utility: “I like it, because this kind of brings in that tighter integration for zero trust and access controls.” They are, however, apprehensive at the unusual scale of the merger. “[Palo] is much more of a kind of buying-a-startup company, than investing this amount of money into a huge player in the space.”
Will this “single pane of glass” amounts to stitched-together screens, rather than a genuinely integrated system? “When companies do a lot of acquisitions, it [often looks like] a bunch of separate products that are pasted into one menu. Each past product still has different labels, and a different look and feel.” One CISO, not particularly invested in Palo Alto tools, worries that benefits could be gated to full subscribers; they also doubt Palo’s sales organization’s ability to communicate value. “I found it very complex, dealing with their sales hierarchy, their overlays, and the gap in knowledge when they try to cross-sell and resell.”
Some panelists note that today’s PAM products already integrate effectively with major hyperscalers via APIs, so “more integration” isn’t inherently valuable unless it reduces complexity. “I’m not seeing that there needs to be a tighter integration, because if there is, we sort of lose that value of the product working with multiple clouds, right? It becomes something that might only work for one environment and not be suitable.”
Several panelists questioned whether Palo would keep all of CyberArk’s capabilities, or cherry-pick a subset. “What is it that Palo was really after with CyberArk? Is it just the name? Do they want that name recognition along with theirs? I think how they do the branding will matter. I think what tools or what product they pull out of CyberArk and integrate faster will indicate what they’re after.” Of particular concern is ongoing support for on-prem assets. “As with when IBM sold some of their QRadar customer base, and Palo acquired that and moved it over to XSIAM, Palo only was interested in the cloud-native customers. What is that going to do for my support, and the integration simplicity, as I’m still going to be maintaining on-prem assets for a while?”
CyberArk’s recent expansions into MFA, machine identity (via Venafi) and IGA (via Zilla) broaden the stakes, and competitors like as BeyondTrust, Zscaler and Okta may feel pressure to answer. “They’re going to start looking at that, and they’re going to be saying, okay, should we be doing something like this, too?” Our guests are weighing the lure of a single-vendor platform against the operational risks of lock-in, wherein integration benefits can mask subpar
capabilities. See: Microsoft. “‘One vendor to rule them all,’ we want that, but sometimes when we get it, then it doesn’t work the way we want it to.”
A cautionary case study: While Okta remains the default gateway for broad MFA integrations, SailPoint, BeyondTrust and Zscaler are winning on responsiveness and value. Palo Alto could face similar pushback if the CyberArk integration leads to higher bundled costs. “[Okta] – like Splunk – outpriced themselves, to a point where people were just looking at that and saying, ‘Hey, you’re just charging too much for what you’re asking for. I’m going to go find a competitor that will do it the right way.’” Palo’s “Bugatti”-like premium positioning is widening the lane for mid-priced “Toyota” alternatives. “[Palo] is a fancy vehicle with a lot of capabilities, but not a lot of people can afford one. It’s opening up the market to alternatives.”
Non-human identity and digital trust are priorities, pushing demand for tighter certificate and key management. Here, several panelists questioned Palo Alto’s ability to maintain CyberArk’s development pace. “I was really gung ho about where CyberArk was going, but now I’m a little more worried with this acquisition.” However, one CISO did point to Palo’s earlier acquisition of Dig to argue that Palo Alto can now fuse data lineage and access visibility with CyberArk’s identity stack, for richer, near-real-time signals for operations and analytics. “In a world where they continue investing in CyberArk, and you can overlay some of the identity investments that CyberArk has made that encompassed the IGA, the machine identity, and looking across that, you now have this unique opportunity where they can blend together the notion of all types of identities. The personas, the identity mapping, and the visual mapping, and being able to tie in the data piece from Dig.”
Palo Alto’s acquisition of CyberArk is not merely a consolidation play, but potentially transformative within AI-driven cybersecurity. “I think we’re in a very volatile position right now with, regarding [AI-driven malicious] activity. Everyone’s struggling and researching, and we’re all looking for different ways to address these issues.” ETR survey data shows that 10% of customers were already using CyberArk’s Cora AI, and 64% are in some stage of evaluation; Palo Alto’s infrastructure, coupled with CyberArk’s expertise in identity and access management, presents the potential for smarter, more autonomous threat detection and response. “The more that Palo can help level up and help customers make accurate decisions based on the data visibility, and then double down and leverage the intelligence from the CyberArk acquisition, that’s going to be, I think, a great force multiplier.” The most immediate traction for agentic AI is in the SOC. “We are definitely adopting agentic AI in the security operations context: triaging alerts, the initial investigation, and that kind of work. It looks like Palo has invested well in the agentic AI security for operations perspective; if they can bring some of that know-how overt to the identity side, I think that actually would be useful.”
ETR Data: ETR’s AI Product series tracks CyberArk Cora AI and Palo Alto Networks Precision AI. Among vendors with embedded AI features, both screen among the highest (current) evaluation rates or plans to evaluate in the next six months. This data is from the JAN25 AI Product Series; for the first time, survey-over-survey comps will be available later this week for premium level subscribers.
Broadly, our panelists emphasize integration quality and vendor-agnostic architectures to preserve switching power, including deeper alliances among major providers. “If I can synergize the integrations and leverage the information from my vendor to my internal systems, it makes it less difficult to switch and to replace. I think it’s going to cause a renewed focus for integration quality and integration ease, so that we’re a little less insulated from the big players. You’ll continue to see that consolidation, but at the same time, disruption, which I’m excited for. Bring on the innovation.” More nimble startups will continue to force incumbents like Palo to rethink their product road maps. “I can certainly see a world where your Oktas, your Pings, and your ForgeRocks take a look at some of those up-and- coming startups, augmenting, moving faster, doing things in ways that Palo cannot move, to further separate them. I’m hoping it lights a fire [under them].”