Palo Alto Networks’ M&A Strategy Just Keeps Paying Off: Analysis

The cybersecurity giant has made a lot of acquisitions in recent years—but its two latest deals may be its best yet, according to CEO Nikesh Arora.

For a company that has been aggressive on the M&A front for many years now, it’s notable that the two latest acquisition deals by Palo Alto Networks may actually be the cybersecurity giant’s best yet.

That is the case, at least, according to company leaders including Chairman and CEO Nikesh Arora. During the vendor’s quarterly call with analysts last week, Arora said the late 2023 acquisition of secure web browser startup Talon Cyber Security has led to “significant” customer adoption of the resulting Prisma Access Browser.

The capabilities have found a “surge in interest” from customers, which have purchased 1 million licenses for the secure browser since the Talon acquisition, he said. And with the browser included as part of the company’s SASE (secure access service edge) offering, Prisma Access, “we’ve seen a strong interest in this newly integrated capability,” Arora said.

Likewise, the $500 million acquisition by Palo Alto Networks of IBM’s QRadar SaaS assets has yielded highly promising results since the deal closed in September, according to the company.

So far, Palo Alto Networks has seen a total of more than $80 million in bookings from QRadar customers migrating onto the company’s Cortex XSIAM (extended security intelligence and automation management) platform, and the pipeline for future migrations is sizable, Arora said.

The QRadar SaaS acquisition—which is also aimed at luring on-premises IBM QRadar customers to XSIAM—will only accelerate Palo Alto Networks’ upward trajectory in the SIEM (security information and event management) market and its displacement of existing leaders, Arora contended.

“We believe that this deal will help us to become one of the top three players in the SIEM space over the upcoming years,” he said during the call last week.

All in all, Palo Alto Networks has completed at least 17 acquisitions since Arora’s arrival in June 2018. The deals have been key to the vendor’s efforts to assemble a comprehensive cybersecurity platform—forming the basis for the vendor’s “platformization” push focused around enticing consolidation on the Palo Alto Networks platform.

But the internal discussion among Palo Alto Networks leadership is that the latest deals have actually been the best of all, Arora mentioned during the quarterly call last week.

“We had our board meeting yesterday, and one of my board members and I had this debate about which deal is going to look like the best deal Palo Alto ever did,” Arora said. “My bet is on the IBM deal. He bet on the Talon deal.”

“Of course, I'd like both of them to be equally successful,” he added.

The bottom line here is that the leadership at Palo Alto Networks believes its M&A strategy has positioned it to be a player to beat not just in SASE—where it’s already considered the No. 1 vendor by research firm Gartner—but also in SIEM, where the company has more to prove.

Ultimately though, with Arora’s bold statements about displacing incumbents in SIEM, it’s clear that the battle between Palo Alto Networks and Cisco-Splunk is about to heat up.