Identity · CyberArk

Identity Security
The Human + Machine + Agent Perimeter

The largest acquisition in Palo Alto Networks history brings identity to the platform — securing every human, machine, and agentic AI identity.

Acquisition

CyberArk Joins Palo Alto Networks

A $25 billion deal that makes identity the 4th core pillar of the platform.

$25B
Acquisition Value
Feb 11
2026 Close Date
4th
Core Platform Pillar
80:1
Machine-to-Human Ratio

Why this matters: The $25B CyberArk acquisition is the largest in Palo Alto Networks history — larger than all previous acquisitions combined. Identity has become the primary attack surface, with 80 machine identities for every human identity. CyberArk adds the identity governance and privileged access capabilities that complete the platform story. TASE dual-listing continues under ticker "CYBR".

Deep Dives

Platform Component Deep Dives

Click any component to explore detailed capabilities and market context.

CyberArk is the consistent Gartner Magic Quadrant Leader for PAM (2025). Automatic discovery of privileged accounts, credentials, IAM roles, and secrets across on-prem, multi-cloud, and OT/ICS environments. Available as PAM-as-a-Service (SaaS) or self-hosted.

Session Recording

Tamper-proof privileged session capture, monitoring, and real-time analytics for forensic audit trails

Just-in-Time Access

Ephemeral elevated privileges granted on-demand, automatically revoked after use — Zero Standing Privilege

Credential Vaulting

Tamper-proof Digital Vault with AI-driven (CORA AI) credential rotation and policy recommendations

Additional: On-Demand Privileges Manager (Unix/Linux privilege elevation) • Intelligent entitlement management • >90% gross retention rate • 400+ channel partners globally • ARR surpassed $1B (early 2025)

Modern secrets management for non-human credentials and application secrets. Three delivery options to fit any architecture:

Secrets Manager (SaaS)

Cloud-native centralized secrets for apps, workloads, DevOps pipelines

Conjur (Self-Hosted)

Enterprise open-source secrets manager, Kubernetes-native, policy-based API-driven

Secrets Hub

Bridges native cloud vaults (AWS Secrets Manager) with enterprise governance

Integrations: Kubernetes, CI/CD tools (Jenkins, GitHub Actions, GitLab), AWS, Azure, GCP, Terraform. Eliminates hardcoded credentials via Credential Providers.

CyberArk acquired Venafi for $1.54B (October 2024), establishing end-to-end machine identity security and expanding the total addressable market to ~$60B. Venafi is the category creator of machine identity management.

PKI & Certificate Lifecycle

SSL/TLS, SSH, code signing, IoT and mobile certificates — issuance, revocation, renewal

Workload Identity

Cloud-native workload identities via SPIFFE/SPIRE, Kubernetes service mesh integration

Secure Code Signing

Governs software signing processes with SSH key discovery, management, and rotation

Coverage: on-premises, multi-cloud (AWS, Azure, GCP), Kubernetes/containers, IoT devices, mobile, virtual environments. Post-quantum readiness for passwords, secrets, and keys.

CyberArk Identity provides enterprise SSO and adaptive risk-based MFA for all workforce users — adjusting authentication strength based on device posture, location, behavior patterns, and session context.

  • FIDO2/WebAuthn passwordless authentication, SAML, OIDC federation
  • Secure Remote Access for vendors, contractors, and third parties — no VPN required
  • CORA AI-powered anomaly detection for risky user behavior and session analytics

Full identity lifecycle management enhanced by the Zilla Security integration. AI-powered access recommendations speed up provisioning, streamline access reviews, and manage permissions. Only 6% of organizations have fully automated IGA — representing a massive greenfield opportunity.

  • Automated provisioning/deprovisioning from onboarding through offboarding
  • Automated access review campaigns with centralized auditing and evidence collection
  • Compliance reporting: SOX, GDPR, HIPAA, and universal app integration (cloud, homegrown, on-prem)

CyberArk's AI engine that powers intelligent identity security across the entire platform.

Detect Anomalies

Spots risky identity behavior patterns in real time

Audit Sessions Faster

AI-driven summaries of privileged sessions for rapid forensic review

Automate Confidently

Smart policy recommendations, troubleshooting, and onboarding automation

Palo Alto Ecosystem Integration Roadmap: CyberArk continues as a standalone platform — no disruption for existing customers. Key integration points: Cortex XSIAM + CyberArk (identity context in SOC alerts), Prisma Access + CyberArk (ZTNA 2.0 enriched with privilege controls), Cortex Cloud + CyberArk (CIEM + PAM enforcement), AgentiX + CyberArk vault (securing agent-to-agent communications, expected late 2026).

Nearly 90% of organizations have suffered an identity-centric breach • TAM expanded to ~$60B • NGS ARR target raised from $15B to $20B by FY2030 post-acquisition

Capabilities

The CyberArk Platform

Comprehensive identity security across every identity type.

CyberArk's PAM goes beyond the narrow admin set — protecting privileged access for all users, not just IT admins. Capabilities include:

Vault & Session Management

Secure credential storage with session recording and monitoring

Just-in-Time Access

Ephemeral elevated privileges that auto-expire after use

Least Privilege Enforcement

Continuous right-sizing of permissions across all accounts

Centralized governance for all identity types. Automate access certifications, enforce segregation of duties, and maintain continuous compliance. Includes role mining, access request workflows, and audit-ready reporting for regulations like SOX, GDPR, and HIPAA.

Automated provisioning and deprovisioning across the entire identity lifecycle — from onboarding through role changes to offboarding. Integrates with HR systems, directories, and cloud platforms. Ensures no orphaned accounts or stale permissions persist after personnel changes.

Enterprise SSO with adaptive MFA that adjusts authentication strength based on risk signals — device posture, location, behavior patterns, and session context. Supports FIDO2/WebAuthn passwordless authentication, SAML, OIDC, and federated identity across multi-cloud environments.

With 80 machine identities for every human, this is the fastest-growing attack surface. CyberArk secures:

  • Service accounts and API keys across cloud and on-premises
  • Certificates, tokens, and secrets lifecycle management
  • IoT device identities and workload attestation
  • Kubernetes service mesh identity and SPIFFE/SPIRE integration

The newest frontier in identity security. As autonomous AI agents proliferate, each agent becomes an identity that needs governance. CyberArk enables: identity provisioning for AI agents, scoped permissions and trust boundaries, behavioral monitoring of agent actions, and revocation controls when agents deviate from expected behavior. This capability complements Prisma AIRS's AI Agent Security module.

80 : 1

Machine-to-Human Identity Ratio

For every human identity in a typical enterprise, there are 80 machine identities — service accounts, API keys, certificates, bots, and now AI agents. This is why identity became the 4th pillar.

Roadmap

Integration with PAN Ecosystem

How CyberArk identity capabilities integrate across Cortex and Strata.

Cortex Integration

  • XSIAM ITDR

    Identity threat signals feed into XSIAM for unified SOC detection

  • Cortex Cloud CIEM

    Cloud identity entitlements enriched with CyberArk governance data

  • AgentiX Automation

    Automated identity-based response playbooks via agentic AI

Strata Integration

  • NGFW User-ID Enrichment

    CyberArk identity context feeds NGFW policy enforcement

  • Prisma SASE Identity

    Unified identity-based access policies for ZTNA and GlobalProtect

  • Zero Trust Enforcement

    Continuous identity verification at every network access point

Scoping

Sizing the Identity Opportunity

Key dimensions to scope an identity security engagement.

Identity Count

Total identities: human users, service accounts, machine identities, API keys, and AI agents. Remember the 80:1 ratio — most orgs undercount machine identities by 5-10x.

Current IAM/PAM Tools

What are they using today? CyberArk (already), BeyondTrust, Delinea, SailPoint, Okta, Azure AD/Entra? Identify consolidation and upgrade opportunities.

Compliance Requirements

Which regulations mandate identity controls? SOX (privileged access), HIPAA (access logging), PCI DSS (authentication), GDPR (access rights), NIS2 (identity governance)?

Cloud Identity Federation

How are identities federated across cloud providers (AWS IAM, Azure AD, GCP IAM)? Multi-cloud identity sprawl is a key pain point CyberArk solves.

Discovery

Identity Security Discovery Questions

Uncover identity blind spots and build the business case.

Why ask: Most organizations only vault 20-30% of their privileged accounts. The rest — shared accounts, service accounts, emergency access — are unmanaged attack vectors.

Listen for: "We don't know" — discovery engagement. "Just our IT admins are managed" — broader PAM expansion.

Why ask: The 80:1 machine-to-human ratio means the real attack surface is non-human identities. Most orgs have no centralized inventory of machine identities.

Listen for: "We track them in spreadsheets" — major governance gap. "Each team manages their own" — silo problem that CyberArk unifies.

Why ask: Lifecycle management gaps are a top audit finding. Orphaned accounts with privileged access are among the most common breach vectors.

Listen for: "HR notifies IT and they disable accounts" — manual process with gaps. "We have a 30-day process" — 30 days is an eternity for attackers.

Why ask: Multi-cloud identity sprawl is the norm. Most orgs have separate IAM in each cloud plus dozens of SaaS apps with their own user directories.

Listen for: "We use Azure AD for SSO and each cloud has its own IAM" — federated identity opportunity. "It's a mess" — strong consolidation play.

Why ask: Agentic AI is the next identity frontier. AI agents need identities, permissions, and governance — but most orgs treat them as service accounts without proper controls.

Listen for: "Yes, our AI agents have service accounts" — validate governance. "Not yet" — get ahead of the wave with proper identity frameworks.

Why ask: Identity-based attacks account for 80%+ of breaches. The integration of CyberArk with XSIAM ITDR provides real-time identity threat detection and automated response.

Listen for: "We rely on failed login alerts" — reactive approach. "Our SIEM handles it" — show how XSIAM ITDR + CyberArk is purpose-built for identity threats.