PANW's current strategy is "platformization" - to be a one-stop shop for anything cybersecurity. The CYBR acquisition fills large product holes in the current PANW portfolio, with little overlap.
The $25B price doesn't reflect a multiple on $1B, exactly. It represents potential sales of the CYBR product portfolio to current PANW customers, plus potential sales of the PANW portfolio to CYBR customers, at a multiple of ARR, negotiating a portion of which to current CYBR shareholders, which is above the market price for CYBR shares, representing the risk that such upsells may not succeed in practice.
Where the acquisition gets interesting is in what CYBR's identity products mean for PANW's portfolio, once integrated. SOAR gets to be much more deterministic if your SIEM knows all of the system's trusted principal identities instead of trying to piece it together based on network research, voluntary reports, and heuristics. In theory, an integrated product will deliver better security. But the question remains whether PANW will succeed at such integration or not. PANW has a long history of successful acquisitions, so, there's that...
Agree strongly that historical integrations were great. But cortex platformization of all the things has not been well received. But PANW is doubling down on it.
It's also curious because their firewall platform seems/feels totally separate from the rest of cortex still.
I will say, they do have a ton of coverage, more so than any other single vendor I can think of.
But the offerings are like “jack of all trades” and “master of none”.
These days software owners like AWS, GCP, Azure has there own superior security solutions embedded with in there stack instead of relying on external companies.
I think the same will happen for these AI based companies like OpenAI where they will release security solutions embedded within the model instead of relying on different external providers.
In one way these external providers bring in new security risk. Most of these companies offshore stuff. Like PAN offshores to India and Israel. This is an additional risk. Citizens of those countries have access US and EU data. Which no one seems to worry about.
Thats the reason, long run things are not looking good for these independent security providers. With the advent of AI, it is easy to embed security functions in their respective software stack.