Palo Alto Networks Acquires CyberArk: What It Means for European IAM

The $25 Billion Deal That Reshapes Privileged Access Management

In February 2026, Palo Alto Networks officially closed its $25 billion acquisition of CyberArk Software – the largest cybersecurity deal in history. First announced in July 2025, this move brings one of the world’s leading Privileged Access Management (PAM) vendors under the umbrella of a network security giant.

For IT security leaders across Europe, this is not just another tech M&A headline. It fundamentally changes the dynamics of identity security – and it raises questions every CyberArk customer should be asking right now.

What Happened

CyberArk, founded in 1999 in Israel and publicly traded on NASDAQ (CYBR), has been a dominant force in PAM for over two decades. With approximately $1 billion in annual revenue (2024), 3,800+ employees, and an Identity Security Platform used by financial services, healthcare, energy, and government organisations worldwide, it was the gold standard in privileged access.

Palo Alto Networks – primarily known for firewalls, SASE, and cloud security – announced the acquisition on July 30, 2025. The deal closed in February 2026.

What followed immediately was sobering: layoffs affecting over 10% of CyberArk’s global workforce, both in Israel and internationally. Palo Alto also announced plans for a dual listing on the Tel Aviv Stock Exchange.

Key facts:

• Deal value: $25 billion
• Announced: July 30, 2025
• Closed: February 2026
• Immediate impact: 10%+ workforce reduction at CyberArk
• Strategic rationale: Palo Alto fills its identity security gap; CyberArk gets access to Palo Alto’s enterprise sales machine

CyberArk’s Acquisition Spree Before the Acquisition

It’s worth noting that CyberArk itself was on an aggressive buying spree before being acquired:

• Venafi (October 2024) — machine identity management, $1.54 billion from Thoma Bravo
• Zilla Security (February 2025) — Identity Governance and Administration (IGA), $165 million
• Idaptive (2020) — Zero Trust identity, $70 million

CyberArk was clearly building a comprehensive identity security platform. Now all of this — PAM, IGA, machine identity, workforce identity — sits inside Palo Alto Networks.

What This Means for European Organisations

1. Vendor Consolidation Risk

Palo Alto’s strategy is clear: platformisation. They want customers buying firewall, SASE, SOC, and identity from one vendor. For CyberArk customers, this means increasing pressure to adopt the full Palo Alto stack — or face deprioritisation as a standalone PAM customer.

2. European Data Sovereignty Concerns

Both CyberArk and Palo Alto Networks are US-Israeli companies. In the context of NIS2, DORA, and growing European data sovereignty requirements, having your privileged access management controlled by a US-headquartered mega-vendor raises compliance questions that boards and DPOs need to evaluate.

3. Product Roadmap Uncertainty

Post-acquisition integrations typically take 18–24 months. During this period, expect:

• Feature freeze or slowdown on standalone CyberArk products
• Integration of CyberArk into Palo Alto’s Cortex/Prisma ecosystem
• Potential sunsetting of overlapping capabilities
• Pricing model changes as products get bundled

The 10%+ layoffs are already a signal: Palo Alto is restructuring, and some institutional knowledge will be lost.

4. The Open-Source Alternative Exists

The acquisition highlights a broader industry trend: commercial IAM vendors are consolidating, creating larger, more complex, and more expensive platforms. Meanwhile, a mature open-source identity stack already exists:

• midPoint (Identity Governance & Administration) — full IGA platform: identity lifecycle, RBAC, provisioning, audit. Developed by Evolveum in Slovakia, licensed under EUPL.
• Keycloak (Access Management) — enterprise SSO, federation, MFA, OAuth2/OIDC. Developed by Red Hat, Apache 2.0 licence.
• Apache Guacamole (Privileged Session Management) — clientless remote desktop gateway via web browser, supporting RDP, VNC, and SSH. Provides session recording, access control, and audit trails — directly comparable to CyberArk’s Privileged Session Manager. Apache 2.0 licence, maintained by the Apache Software Foundation.

Together, these three projects cover the core of what CyberArk (now Palo Alto) offers across IGA, AM, and privileged session management — without vendor lock-in, with full source code transparency, and at a fraction of the cost.

Key advantages of the open-source stack:

• No vendor lock-in — EUPL and Apache 2.0 licences guarantee perpetual access
• European development — midPoint is developed in Slovakia, Keycloak and Guacamole are Apache Foundation projects with global contributor communities
• Full transparency — source code is auditable, critical for regulated industries under NIS2 and DORA
• Lower TCO — no per-user licensing fees, no platform bundling pressure
• Modular architecture — use what you need, replace what you don’t. No all-or-nothing platform commitment

CyberArk’s credential vaulting technology remains strong — but with Guacamole handling privileged sessions, midPoint managing identity governance, and Keycloak securing access, European organisations have a credible, fully open-source path that covers the vast majority of identity security use cases.

What Should CyberArk Customers Do Now?

1. Audit your CyberArk dependency. Understand exactly which CyberArk products you use, what your contract terms are, and when renewals come up.

2. Evaluate your IAM architecture holistically. PAM is one piece. If you’re also relying on CyberArk (now Palo Alto) for IGA or workforce identity, consider whether that concentration of risk is acceptable.

3. Assess open-source for IGA and AM. midPoint and Keycloak are production-ready, enterprise-grade platforms deployed across European financial institutions, government agencies, and universities. They can coexist with CyberArk PAM while reducing single-vendor dependency.

4. Watch the pricing. Post-acquisition pricing changes are inevitable. Lock in terms now if you can, and build optionality into your architecture.

5. Plan for NIS2 and DORA. Both regulations emphasise supply chain risk and ICT third-party management. A $25 billion acquisition of your PAM vendor by a US network security company is exactly the kind of event your risk assessment should cover.

How Inalogy Can Help

At Inalogy, we specialise in building identity infrastructure on open-source foundations — midPoint for Identity Governance, Keycloak for Access Management, and Apache Guacamole for Privileged Session Management. We’ve developed our own connector between midPoint and Keycloak, enabling deep integration between the two platforms.

As an Evolveum Silver Partner and a European IAM implementor with ISO 27001 certification, we help organisations:

• Build a vendor-independent IAM architecture using proven open-source platforms
• Migrate away from proprietary IAM solutions — including CyberArk — where it makes sense
• Deploy Guacamole as a transparent, auditable alternative to commercial privileged session management
• Meet NIS2 and DORA compliance requirements with full control over your identity infrastructure

The identity security landscape just changed. If you’re re-evaluating your IAM strategy, we’d be happy to help.

Talk to our IAM experts →