Securing identities has always been an essential part of cyberdefense, but counterintuitively, it has often taken a backseat in the headlines and mainstream cybersecurity discourse. That all changed overnight when Palo Alto Networks (PANW) announced its intent to acquire CyberArk, a leading Identity Security company. Identity Security has already been gaining momentum over the last year, and PANW’s $25 billion acquisition of CyberArk further cements identity’s central role in modern cybersecurity.
The merger surprised industry analysts and Wall Street not only because of its scale, but also because it places identity at the core of the cybersecurity strategy. PANW is integrating CyberArk’s Identity Security and Privileged Access Management (PAM) with its own threat prevention stack to meet modern security challenges. PANW CEO Nikesh Arora stated, “Our market entry strategy has always been to enter categories at their inflection point, and we believe that moment for Identity Security is now.”
PANW aims to build an all-in-one enterprise cybersecurity platform. The deal is recognition that going forward, no enterprise cybersecurity strategy is complete without identity security as a key component, a sentiment echoed by commentary from Wedbush managing director and senior equity research analyst Daniel Ives, in coverage of the deal.
Why the merger matters
For decades, enterprise cybersecurity revolved around network perimeters, endpoint agents, and centralized access control. The shift to cloud services, hybrid work, and bring‑your‑own‑device (BYOD) policies has dissolved those boundaries.
Cyber adversaries now target who you are. In the context of current attack patterns, every human and machine identity is a vector that must be secured. This is why identity is called the new perimeter — and why modern identity controls must go far beyond static credentials.
The Futurum Group, an influential leader in research, media, and consulting servicing the technology industry, notes that Identity Security is now “the critical attack vector,” with 88% of ransomware attacks involving credential theft. The PANW–CyberArk deal validates these trends in the current threat landscape. CyberArk has already expanded beyond PAM, acquiring vendors like Zilla Security and Venafi to address identity governance and machine‑identity security. Combining these capabilities with PANW’s cloud security portfolio positions the new entity as a “one‑stop shop” for identity‑centric cybersecurity.
For identity professionals, the deal’s symbolism is just as important as its operational impact. It tells boards and CISOs that identity can no longer be an afterthought. Cyber adversaries increasingly target identity because a single compromised account can become a steppingstone to lateral movements or the deployment of ransomware.
Despite years of awareness campaigns, credentials remain the easiest way into an organization. The Verizon 2025 Data Breach Investigations Report (DBIR) paints a sobering picture, with most attacks involving stolen credentials. Earlier this year, in June 2025, a major breach exposed 16 billion login credentials. Even with two‑factor authentication (2FA) in place, cyber adversaries have found ways around SMS‑based one‑time passwords (OTP), including token theft, leveraging multi-factor authentication (MFA) fatigue, and adversary‑in‑the‑middle attacks.
These statistics demonstrate that traditional, credential‑centric identity controls are inadequate. Attackers know how to harvest credentials through phishing and social engineering. Simple user ID and password combinations are widely reused across services, making it trivial for criminals to pivot from one breach to another.
Meanwhile, identity proofing at account creation generally remains weak. Many organizations still rely on basic personal information, document uploads, or phone number possession checks that can be spoofed. Cybercriminals know how to exploit synthetic identities, create deepfakes and look‑alike documents to open accounts, and subsequently commit account takeover (ATO) or business email compromise (BEC) scams. Without robust identity proofing and modern threat detection signals, these fraudulent identities appear legitimate until the damage is already done.
Where the industry must go next
PANW’s acquisition of CyberArk is a milestone, but it should be viewed as step one rather than the finish line. With identity as the new perimeter, security teams must advance from basic credential validation and PAM to identity threat detection and risk mitigation (ITDR) based on live identity threat signals and contextual, multi‑layered proofing, and re-verification.
CISOs often feel overwhelmed by the sheer number of security vendors and threat types. When resources are limited, the most impactful move is to protect identities at the point of use. Microsoft’s Digital Defense Report shows that enabling MFA, patching systems, and educating users together protect against 98% of cyberattacks. Protecting identity at the endpoint is the simplest way to get security returns that outweigh their cost and accelerate Zero Trust adoption.
To change the game, organizations must combine identity proofing and verification, device trust, and behavioral analytics to spot anomalies across every user — employees, partners, and customers alike. Modern identity defenses must also ingest external threat intelligence (e.g. lists of known fraudulent phone numbers or compromised email domains) and update risk assessments in real time. Security operations centers should adopt ITDR tools that monitor identity infrastructure for risk, exposure of service accounts, and unusual privilege escalation. When suspicious activity occurs, automated workflows must be able to suspend tokens, force password resets, or lock down affected resources, reducing dwell time.
Moreover, identity proofing must be reconsidered at the start of the user lifecycle. Rather than relying on simple knowledge‑based authentication or document uploads, organizations should adopt multi‑source proofing, such as government ID scanning combined with authoritative database checks. Threat signals – like mismatched geolocations, high‑risk IP addresses, or device emulators – should trigger manual review, step-up authentication, or service denial.
With risk checks and conditional access in play, access decisions become smarter than just yes or no. A trusted laptop with strong authentication can log in smoothly, while a personal device from a new location might face extra checks or limited access.
This approach reflects the core of Zero Trust principles, where access decisions should be made as close to the end user as possible, often at the endpoint or, with this new approach, at the identity itself. In this model, identity becomes the foundation of cybersecurity.
Conclusion
The PANW–CyberArk acquisition underscores a profound shift: cyber adversaries increasingly aim at who we are rather than where we are. The National Institute of Standards and Technology (NIST) advocates adopting Zero Trust principles, placing trust checks as close to the user as possible – a principle that organizations are increasingly embracing. PANW’s $25 billion bet underscores that identity security is no longer a niche; it is central to any modern cybersecurity strategy.
But the merger is only the beginning. To truly safeguard digital businesses, we must move beyond passwords and weak, non‑phishing‑resistant 2FA. The path forward requires multi‑layered identity proofing and re-verification, integration of device and behavioral analytics, and continuous monitoring through ITDR.
By treating identity as the endpoint, enterprises can strengthen defenses against the modern kill chain and preserve digital trust.
