Palo Alto Networks acquisitions show how one of the world’s leading cybersecurity companies used targeted M&A to expand from network security into cloud security, identity security, security operations, data protection, incident response, attack surface management and AI-era cyber defense.
Between 2017 and 2025, Palo Alto Networks completed 16 recorded acquisitions with a total disclosed deal value of about $29.7 billion. The average disclosed deal size was approximately $1.9 billion. That average is heavily influenced by the company’s largest transaction: CyberArk, announced in July 2025 for about $25.0 billion and completed in February 2026.
The company’s M&A activity has focused overwhelmingly on cybersecurity. Cyber security accounts for 14 of the 16 recorded deals, while cloud security appears in seven, security in four, information technology in four and enterprise software in three.
That concentration reveals a disciplined strategy. Palo Alto Networks has not used acquisitions to diversify away from cybersecurity. Instead, it has used M&A to deepen and broaden its security platform as enterprise threats moved from the network perimeter into cloud environments, software pipelines, identities, endpoints, data assets and distributed workforces.
What Is Palo Alto Networks?
Palo Alto Networks is a global cybersecurity company that provides security solutions for organizations. Its business includes network security, cloud security, security operations, threat intelligence and related services.
The company’s broader market strategy is often described through the idea of cybersecurity platformization. Palo Alto Networks defines platformization as the consolidation of multiple security tools and processes into a unified platform, moving from isolated point solutions toward a centralized ecosystem designed to improve visibility, efficiency and protection.
That concept matters because it explains much of the company’s acquisition strategy. Palo Alto Networks has bought companies that fill product gaps, strengthen technical depth or extend its platform into fast-growing security categories.
Its acquisitions have targeted cloud-native security, container protection, infrastructure visibility, incident response, secure access, software supply-chain security, data security and identity controls. In other words, the company has used M&A to follow where enterprise risk is moving.
Why Palo Alto Networks Acquisitions Matter
Palo Alto Networks acquisitions matter because cybersecurity has become more complex. Enterprises no longer protect only office networks and corporate devices. They must secure cloud infrastructure, remote workers, code pipelines, APIs, software supply chains, privileged identities, sensitive data and internet-exposed assets.
This shift created an opening for platform companies. Many organizations became tired of managing dozens of separate cybersecurity tools. They wanted fewer vendors, better integration, faster response and more automation.
Palo Alto Networks has responded with both product development and acquisitions. The company’s deal history shows a clear pattern:
It acquired LightCyber to improve behavioral attack detection.
It bought Evident.io, RedLock, Twistlock, Aporeto and Bridgecrew to build cloud and cloud-native security.
It acquired Demisto, SECDO and The Crypsis Group to strengthen security operations and incident response.
It bought Expanse to improve attack surface visibility.
It acquired Cider Security and Dig Security to address software supply-chain and cloud data risks.
It acquired Talon Cyber Security to support secure distributed work.
It acquired CyberArk to move deeply into identity security.
The result is a company trying to build a comprehensive security platform rather than a narrow firewall vendor.
Full List of Palo Alto Networks Acquisitions
The table below highlights the recorded Palo Alto Networks acquisitions with available transaction values, announced dates, main categories and strategic value.
| Acquiree | Announced Date | Price | Main Category | Strategic Value |
|---|---|---|---|---|
| CyberArk | Jul 29, 2025 | $25.0B | Identity and Cloud Security | Added identity security and intelligent privilege controls across the identity lifecycle. |
| Talon Cyber Security | Nov 6, 2023 | $625.0M | Cybersecurity and Secure Browser | Strengthened security for distributed workforces. |
| Dig Security | Oct 31, 2023 | $350.0M | Cloud Data Security | Added real-time visibility, control and protection of cloud data assets. |
| Cider Security | Nov 17, 2022 | $195.0M | Software Supply-Chain Security | Added CI/CD security orchestration and application security capabilities. |
| Bridgecrew | Feb 16, 2021 | $156.0M | Cloud Security Engineering | Added codified cloud security and infrastructure-as-code protection. |
| Expanse | Nov 11, 2020 | $800.0M | Attack Surface Management | Added external visibility into internet-connected assets belonging to organizations. |
| The Crypsis Group | Aug 24, 2020 | $265.0M | Incident Response | Added breach response, risk management and security advisory capabilities. |
| Prisma SD-WAN | Mar 31, 2020 | $420.0M | Cloud Security and Network Infrastructure | Added software-defined wide area networking capability. |
| Aporeto | Nov 25, 2019 | $150.0M | Cloud-Native Security | Added security for containers and microservices. |
| ZingBox | Sep 4, 2019 | $75.0M | IoT Security | Added security for internet-of-things infrastructure. |
| Twistlock | May 29, 2019 | $410.0M | Cloud-Native Cybersecurity | Added container and cloud-native security capabilities. |
| Demisto | Feb 19, 2019 | $560.0M | Security Operations Automation | Added security orchestration, automation and response technology. |
| RedLock | Oct 3, 2018 | $173.0M | Cloud Security | Added visibility and security for dynamic cloud environments. |
| SECDO | Apr 10, 2018 | $100.0M | Incident Response and Network Security | Added technology to reduce incident response time. |
| Evident.io | Mar 14, 2018 | $300.0M | Public Cloud Security | Added continuous public cloud security, risk detection and compliance monitoring. |
| LightCyber | Feb 28, 2017 | $105.0M | Behavioral Security Analytics | Added high-confidence attacker detection and security visibility. |
Palo Alto Networks Acquisitions Timeline
2017: Behavioral Detection With LightCyber
Palo Alto Networks’ listed acquisition activity begins in 2017 with LightCyber, acquired for $105.0 million.
LightCyber provided security visibility and high-confidence alerts designed to detect attackers that other tools might miss. This acquisition strengthened Palo Alto Networks’ ability to identify suspicious behavior inside enterprise environments.
The deal fit an important market shift. Security teams were becoming overwhelmed by alerts, and many organizations needed better detection tools that could separate real threats from noise.
2018: Cloud Security and Incident Response
In 2018, Palo Alto Networks acquired Evident.io, SECDO and RedLock.
Evident.io, acquired for $300.0 million, provided continuous security for public clouds. It helped organizations detect and remediate risks, vulnerabilities and compliance issues.
SECDO, acquired for $100.0 million, developed technology that helped security operations teams reduce incident response time.
RedLock, acquired for $173.0 million, provided infrastructure security visibility for dynamic cloud environments.
Together, these deals marked a major push into cloud security and security operations. They also helped Palo Alto Networks build the foundation for what later became a broader cloud security strategy.
2019: Cloud-Native Security, Automation and IoT Protection
The year 2019 was one of Palo Alto Networks’ most active acquisition periods. The company acquired Demisto, Twistlock, ZingBox and Aporeto.
Demisto, acquired for $560.0 million, added security orchestration, automation and response capabilities. Twistlock, acquired for $410.0 million, strengthened cloud-native and container security. ZingBox added internet-of-things security. Aporeto added cloud-native protection for containers and microservices.
This year showed a clear strategic pivot. Palo Alto Networks was moving beyond traditional network security into the environments where modern applications run: containers, microservices, cloud workloads and connected devices.
2020: SD-WAN, Incident Response and Attack Surface Management
In 2020, Palo Alto Networks acquired Prisma SD-WAN, The Crypsis Group and Expanse.
Prisma SD-WAN, acquired for $420.0 million, added software-defined wide area networking capability. The Crypsis Group, acquired for $265.0 million, brought security advisory, breach response and risk management capabilities. Expanse, acquired for $800.0 million, added visibility into internet-connected assets belonging to organizations.
Expanse was especially important because many companies do not have a complete view of their public-facing digital assets. Attackers often exploit forgotten servers, exposed services and misconfigured systems. Expanse helped Palo Alto Networks address that visibility problem.
2021: Codified Cloud Security With Bridgecrew
In 2021, Palo Alto Networks acquired Bridgecrew for $156.0 million.
Bridgecrew developed a codified cloud security platform that helped organizations deploy cloud security engineering. The deal strengthened infrastructure-as-code security and supported teams that wanted to detect problems earlier in the software development lifecycle.
This acquisition reflected a broader shift in cybersecurity: security needed to move left, closer to developers and cloud engineers, before risky infrastructure reached production.
2022: CI/CD Security Through Cider Security
In 2022, Palo Alto Networks acquired Cider Security for $195.0 million.
Cider Security provided a way for security teams to orchestrate and implement end-to-end CI/CD security. This was strategically important because software supply-chain attacks had become a major concern.
By acquiring Cider, Palo Alto Networks strengthened its ability to secure the application development process, not just deployed infrastructure.
2023: Cloud Data Security and Distributed Workforce Protection
In 2023, Palo Alto Networks acquired Dig Security and Talon Cyber Security.
Dig Security, acquired for $350.0 million, provided real-time visibility, control and protection for cloud data assets. That mattered because cloud security is not only about protecting infrastructure. Organizations also need to know where sensitive data lives, who can access it and how it is being used.
Talon Cyber Security, acquired for $625.0 million, provided cybersecurity solutions for distributed workforces. This reflected the rise of hybrid work, remote access and browser-based enterprise activity.
2025: CyberArk and the Identity Security Pivot
In July 2025, Palo Alto Networks announced an agreement to acquire CyberArk for about $25.0 billion. CyberArk is a security company focused on intelligent privilege controls across the identity lifecycle. The deal was completed in February 2026.
This was the largest acquisition in Palo Alto Networks’ history. It also marked a major strategic move into identity security.
The logic is clear. In modern cybersecurity, identity has become a primary attack surface. Users, machines, applications, cloud services and AI agents all require access. Securing that access is central to enterprise defense.
Biggest Palo Alto Networks Acquisitions by Deal Value
Palo Alto Networks’ largest acquisitions show how the company’s M&A strategy evolved from targeted technology tuck-ins to a transformational identity security transaction.
| Rank | Acquiree | Announced Date | Deal Value | Strategic Area |
| 1 | CyberArk | Jul 29, 2025 | $25.0B | Identity security and privileged access |
| 2 | Expanse | Nov 11, 2020 | $800.0M | Attack surface management |
| 3 | Talon Cyber Security | Nov 6, 2023 | $625.0M | Secure browser and distributed workforce security |
| 4 | Demisto | Feb 19, 2019 | $560.0M | Security operations automation |
| 5 | Prisma SD-WAN | Mar 31, 2020 | $420.0M | Software-defined networking and cloud security |
| 6 | Twistlock | May 29, 2019 | $410.0M | Container and cloud-native security |
| 7 | Dig Security | Oct 31, 2023 | $350.0M | Cloud data security |
| 8 | Evident.io | Mar 14, 2018 | $300.0M | Public cloud security and compliance |
| 9 | The Crypsis Group | Aug 24, 2020 | $265.0M | Incident response and advisory services |
| 10 | Cider Security | Nov 17, 2022 | $195.0M | CI/CD and software supply-chain security |
CyberArk dominates the ranking. At about $25.0 billion, it is larger than all other listed Palo Alto Networks acquisitions combined. That makes it a transformational deal rather than a typical product acquisition.
Most Common Acquisition Categories
Palo Alto Networks’ acquisition categories show a company focused almost entirely on cybersecurity.
| Category | Number of Deals | Strategic Meaning |
| Cyber Security | 14 | Core acquisition focus across detection, cloud, data, identity, incident response and automation. |
| Cloud Security | 7 | Strengthened protection for cloud infrastructure, containers, data and development pipelines. |
| Security | 4 | Added broader security capabilities across operations, network defense and response. |
| Information Technology | 4 | Supported enterprise infrastructure visibility, workforce security and technical operations. |
| Enterprise Software | 3 | Added software platforms that expand security operations and cloud protection. |
The category mix shows strong strategic discipline. Palo Alto Networks has not used M&A to move into unrelated technology markets. It has used acquisitions to fill out a cybersecurity platform.
Strategic Lessons From Palo Alto Networks Acquisitions
Cloud Security Became the First Big Expansion Area
The company’s 2018 and 2019 deals show an aggressive push into public cloud and cloud-native security. Evident.io, RedLock, Twistlock, Aporeto and Bridgecrew all supported this direction.
This made strategic sense because enterprise workloads were moving to cloud platforms. Security vendors that stayed focused only on traditional networks risked becoming less relevant.
Security Operations Needed Automation
Demisto, SECDO and The Crypsis Group strengthened security operations and response. This reflects a major industry problem: security teams face too many alerts and too few skilled analysts.
Automation, response playbooks and expert services can help organizations investigate and contain threats faster.
Attack Surface Visibility Became Critical
The Expanse acquisition highlighted a simple but serious problem: organizations cannot protect assets they do not know exist.
As companies expand cloud use, remote access, subsidiaries and internet-facing systems, external attack surface management becomes more important.
Identity Became a Core Security Layer
The CyberArk deal shows that Palo Alto Networks now sees identity as central to cybersecurity. Privileged access, machine identities, workforce identities and application identities are increasingly important in cloud and AI environments.
This is especially relevant as AI systems and automation create new types of access and control relationships.
How Palo Alto Networks Acquisitions Fit Its Business Model
Palo Alto Networks’ business model is built around cybersecurity platforms. The company sells security products and services that help organizations prevent, detect and respond to cyber threats.
Acquisitions fit this model because cybersecurity threats evolve quickly. Building every capability internally can take too long. Buying specialist companies allows Palo Alto Networks to add technology, talent and product depth faster.
The company’s acquisition strategy also supports platformization. Palo Alto Networks argues that consolidating security tools into integrated platforms can reduce complexity and improve protection.
Each acquisition adds another layer to that platform:
Cloud security protects infrastructure and workloads.
Data security protects sensitive cloud information.
Identity security controls access.
Automation improves response.
Attack surface management improves visibility.
Incident response services help customers during breaches.
Together, these capabilities support a broader security platform that can compete against both specialist vendors and other large cybersecurity companies.
Financial and Ownership Context
Palo Alto Networks completed 16 recorded acquisitions from 2017 to 2025. Total disclosed deal value was about $29.7 billion, with an average disclosed deal size of approximately $1.9 billion.
That average is heavily shaped by CyberArk. Before CyberArk, most listed transactions were under $1 billion. The company typically bought specialized cybersecurity startups or mid-sized technology companies to strengthen product capabilities.
CyberArk changed the scale of the acquisition strategy. Palo Alto Networks announced the deal in July 2025 and completed it in February 2026. Under the agreement, CyberArk shareholders were entitled to receive $45.00 in cash and 2.2005 shares of Palo Alto Networks common stock for each CyberArk ordinary share.
This structure made the transaction a major financial and strategic commitment. It also created integration risk because CyberArk is a large company with its own customers, product portfolio and market identity.
Competitive Impact of Palo Alto Networks Acquisitions
Palo Alto Networks acquisitions have strengthened the company’s competitive position across several security markets.
In cloud security, acquisitions such as Evident.io, RedLock, Twistlock, Aporeto and Bridgecrew helped the company build a broader cloud-native security platform.
In security operations, Demisto improved automation and response capabilities.
In attack surface management, Expanse expanded visibility into internet-exposed assets.
In data security, Dig Security strengthened protection for cloud data.
In distributed workforce security, Talon added secure browser technology.
In identity security, CyberArk dramatically expanded Palo Alto Networks’ competitive reach.
This matters because cybersecurity buyers increasingly prefer platforms that reduce tool sprawl. Palo Alto Networks competes with both large platform vendors and specialist startups. Its acquisition strategy gives it more product coverage, but also increases pressure to integrate products into a coherent customer experience.
Advantages of the Acquisition Strategy
Faster Product Expansion
Cybersecurity changes quickly. Acquisitions allow Palo Alto Networks to add important capabilities faster than building every product from scratch.
Stronger Cloud Security Platform
The company’s cloud-focused acquisitions helped it build a more complete offering across public cloud, containers, microservices, infrastructure-as-code and cloud data.
Better Security Operations Capabilities
Demisto, SECDO and The Crypsis Group improved automation, response and advisory capabilities.
Broader Enterprise Relevance
By moving into identity security through CyberArk, Palo Alto Networks expanded into one of the most important security categories for modern enterprises.
Support for Platformization
Each acquisition can make the company’s platform broader and more useful, especially for customers seeking vendor consolidation.
Disadvantages of the Acquisition Strategy
Integration Complexity
Palo Alto Networks has acquired many companies in a short period. Integrating products, teams, roadmaps and customer support is difficult.
Product Overlap Risk
A broad cybersecurity portfolio can create overlapping capabilities. Customers may need clarity on which products will continue, merge or be retired.
High Valuation Risk
Cybersecurity assets can be expensive. The CyberArk deal created high expectations because of its size.
Cultural and Talent Retention Risk
Many acquired cybersecurity companies depend on specialized talent. Losing key engineers or founders can reduce deal value.
Execution Pressure After CyberArk
The CyberArk transaction is transformational. Palo Alto Networks must prove it can integrate identity security into its platform without disrupting existing customers.
Case Studies of Major Palo Alto Networks Acquisitions
CyberArk
CyberArk is the largest Palo Alto Networks acquisition by far. The deal was announced in July 2025 for about $25.0 billion and completed in February 2026. CyberArk focuses on identity security and intelligent privilege controls across the identity lifecycle.
This acquisition moved Palo Alto Networks into identity security at scale. The strategic logic is powerful because identity is now central to enterprise cybersecurity. Attackers often target credentials, privileged accounts and machine identities to move through systems.
The main risk is execution. Integrating a large identity security company into a broader platform requires careful product, customer and organizational alignment.
Expanse
Expanse was acquired in 2020 for $800.0 million. It provided organizations with an updated view of internet-connected assets.
The acquisition strengthened attack surface management. This capability helps companies find exposed systems, unknown assets and risky internet-facing infrastructure before attackers exploit them.
Expanse fit well with a platform strategy because visibility is the first step in cybersecurity. Organizations cannot defend what they cannot see.
Talon Cyber Security
Talon Cyber Security was acquired in 2023 for $625.0 million. It provided cybersecurity solutions for distributed workforces.
This acquisition addressed the reality of hybrid work. Employees increasingly access enterprise applications through browsers, personal devices and remote environments. Talon helped Palo Alto Networks extend protection closer to the user experience.
Demisto
Demisto was acquired in 2019 for $560.0 million. It provided a security operations platform combining automation and collaboration.
The deal strengthened Palo Alto Networks’ position in security operations. Automation is important because security teams often lack enough people to manually investigate every alert.
Demisto helped the company move from prevention and detection toward response and orchestration.
Twistlock
Twistlock was acquired in 2019 for $410.0 million. It focused on cloud-native cybersecurity for the modern enterprise.
The deal was important because cloud-native applications rely on containers, microservices and dynamic infrastructure. Traditional security tools often struggle in these environments.
Twistlock helped Palo Alto Networks build cloud-native protection into its broader platform.
Common Mistakes When Analyzing Palo Alto Networks Acquisitions
Looking Only at CyberArk
CyberArk is the largest deal, but the broader acquisition strategy began years earlier. Cloud security, automation and incident response deals built the foundation before the identity security move.
Treating Every Deal as a Standalone Product
Most Palo Alto Networks acquisitions should be viewed as platform components. Their value depends on how well they integrate with the broader product suite.
Ignoring Cloud Security Momentum
The company’s cloud security acquisitions were central to its evolution. Without them, Palo Alto Networks would have remained more exposed to traditional network security.
Underestimating Integration Risk
Buying strong technology is not enough. Product integration, customer migration and support quality determine long-term value.
Assuming Platformization Is Easy
Many companies want fewer security tools, but platform consolidation must still deliver strong performance. Customers will not accept weaker protection simply because a platform is broader.
Lessons for Business Owners and Investors
Palo Alto Networks’ acquisition history offers important lessons for cybersecurity founders, enterprise technology executives and investors.
First, M&A works best when it follows a clear strategic map. Palo Alto Networks repeatedly bought companies that strengthened cloud security, automation, data security, identity and platform consolidation.
Second, timing matters. The company moved into cloud-native security as enterprises were accelerating cloud adoption.
Third, platform companies need both breadth and depth. Customers want integrated tools, but they also expect best-in-class protection.
Fourth, large acquisitions raise the stakes. CyberArk gives Palo Alto Networks a major identity security platform, but it also creates significant integration expectations.
Finally, cybersecurity value depends on trust. Customers must believe acquired products will improve under new ownership, not disappear into a confusing portfolio.
Key Takeaways
- Palo Alto Networks acquisitions span from 2017 to 2025.
- The company completed 16 recorded acquisitions during the period.
- Total disclosed deal value was about $29.7 billion.
- The average disclosed deal size was approximately $1.9 billion.
- Cybersecurity is the dominant category, with 14 deals.
- Cloud security appears in seven acquisitions.
- CyberArk was the largest acquisition at about $25.0 billion.
- CyberArk was announced in July 2025 and completed in February 2026.
- Palo Alto Networks used M&A to expand into cloud security, identity, data protection, automation and incident response.
- The strategy supports cybersecurity platformization.
- The main risks include integration complexity, product overlap, valuation pressure and talent retention.
- Palo Alto Networks acquisitions show how cybersecurity platforms are being built through targeted technology deals.
Frequently Asked Questions
What are Palo Alto Networks acquisitions?
Palo Alto Networks acquisitions are companies bought by Palo Alto Networks to expand its cybersecurity platform across cloud security, identity, data security, automation, network security and incident response.
How many acquisitions has Palo Alto Networks made?
Palo Alto Networks completed 16 recorded acquisitions between 2017 and 2025.
What is the total value of Palo Alto Networks acquisitions?
The total disclosed value of Palo Alto Networks acquisitions is about $29.7 billion.
What is Palo Alto Networks’ average acquisition size?
The average disclosed acquisition size is approximately $1.9 billion, mainly because the CyberArk deal was much larger than the company’s earlier acquisitions.
What was Palo Alto Networks’ most recent listed acquisition?
The most recent listed acquisition was CyberArk, announced in July 2025 for about $25.0 billion and completed in February 2026.
What is Palo Alto Networks’ largest acquisition?
CyberArk is the largest Palo Alto Networks acquisition, valued at about $25.0 billion.
Why did Palo Alto Networks acquire CyberArk?
Palo Alto Networks acquired CyberArk to expand into identity security and privileged access controls, which are increasingly important in cloud and AI-era cybersecurity.
Which sectors does Palo Alto Networks acquire most often?
The company acquires most often in cybersecurity, cloud security, security, information technology and enterprise software.
How do these acquisitions support platformization?
The acquisitions add capabilities that can be integrated into a broader security platform, reducing tool sprawl and improving visibility, automation and protection.
What are the risks of Palo Alto Networks acquisitions?
The main risks include integration complexity, product overlap, high valuations, talent retention and the challenge of making acquired products work together smoothly.
Conclusion
Palo Alto Networks acquisitions show how a cybersecurity company can use M&A to evolve with the threat landscape. The company started with network security strength, then used acquisitions to expand into cloud security, automation, incident response, attack surface management, software supply-chain security, cloud data protection, distributed workforce security and identity security.
The 16 recorded acquisitions from 2017 to 2025 carried total disclosed deal value of about $29.7 billion. CyberArk was the defining transaction, transforming the company’s acquisition profile and giving Palo Alto Networks a major position in identity security.
The strategy is clear. Palo Alto Networks wants to build a broader cybersecurity platform that helps organizations reduce complexity while improving protection across modern environments. That ambition is powerful, but it also carries risks. Large portfolios must be integrated well, customers need clarity, and expensive acquisitions must deliver measurable value.
For business owners, cybersecurity executives and investors, Palo Alto Networks acquisitions offer a timely lesson: in cybersecurity, strategic M&A is no longer only about buying tools. It is about building platforms that can defend enterprises across cloud, data, identity, applications, networks and AI-driven threats.
Disclaimer: This article is for informational and educational purposes only. It is not investment advice, financial advice, or a recommendation to buy or sell any security. Always conduct your own research and consider speaking with a qualified financial adviser before making investment decisions.
Read Also: PAI Partners Acquisitions: How PAI Built Its Business Through M&A
