I’ve walked this path before. When Cisco acquired Splunk, I was a CISO managing a complex environment where Splunk was central. I faced vendor lock-in, visibility I couldn’t afford to lose, and a SOC team built around tools that were suddenly going to change in unpredictable ways. I’ve also been a customer of both CyberArk and Palo Alto. So when rumors of their potential merger started circulating, my first response wasn’t curiosity—it was triage.
This piece isn’t about the stock price, Wall Street implications, or strategic synergies. This is about what it means to those of us in the trenches: the CISO, the SOC lead, the IR analyst, and the architect who has to keep the lights on while the foundation shifts under our feet.
Let’s look plainly at what’s likely happening, what the risks are to your security program, and what you can do to stay in control.
A Strategic Merger, or a Panic Play?
The talk of Palo Alto acquiring CyberArk signals a major shift in how these companies view their futures. Palo Alto is a leading network security provider. CyberArk dominates the privileged access management market. If they merge, it’s not just about expanding their portfolios. It’s a strategic move to become the primary vendor across identity, endpoint, network, and cloud solutions.
Why would they do that? Because the market is shifting beneath them. CrowdStrike, Microsoft, and Okta are blurring the lines between identity and endpoint. Amazon is tightening its control over third-party vendors within its cloud. Customers are consolidating tools for cost savings and simplicity. This is less about synergy and more about survival.
And when survival is the main goal, CISOs must prepare for vendor churn, layoffs, product cannibalization, and strategy pivots that leave your current architecture vulnerable.
Vendor Stability Becomes a Risk Variable
When two companies merge, stability is usually the first thing to go. Roadmaps change. Executive priorities are redefined. Entire product lines disappear or get merged into less capable tools. If you’re currently using CyberArk for PAM and Palo Alto for your firewall or XDR, you’ve likely spent years tuning, integrating, and customizing these platforms. That investment becomes a liability until things settle down. If you are using Cisco you have a lot of homework ahead of you.
You should plan for the real possibility that the products you depend on will change direction, get bundled, rebranded, or priced differently. Contract negotiations might restart. Support SLAs could be adjusted. And if you’re in the middle of implementation? Be ready for delays.
This isn’t hypothetical. When Cisco acquired Splunk, support queues surged, engineers left, and licensing models underwent unexpected changes. The best approach is to consider vendor stability as a key part of your threat model. They are going to try to have you extend out, which may be much better for them than for you. A risky bet is realized risk a year later when the harm has been done.
Privileged Access Management May Get Diluted or Overextended
CyberArk isn’t just a PAM vendor; it’s the leading PAM vendor. They dominate this market because of their specialization. However, once integrated into Palo Alto’s broader product suite, the intense focus on deep, granular privilege controls may become less clear. Product managers will be motivated to seek “synergies” and “efficiencies” across overlapping platforms. This could lead to merging access control into firewall dashboards or identity modules designed for less mature environments.
The who: Product teams rushing to deliver integration value to justify the deal.
The what: Dilution of PAM feature sets, loss of advanced controls, and an over-indexing on bundled experiences that prioritize Palo Alto’s ecosystem.
The where: Cloud control planes, zero trust implementations, and enterprise identity governance, all of which depend on precision, not simplification.
You should proactively review where CyberArk is essential to your critical functions and consider whether an abstraction layer or control plane alternative provides greater resilience.
Risk of Forced Integration into Palo Alto’s Licensing Structure
One of the overlooked risks in M&A activity is licensing changes. Palo Alto has been steadily encouraging customers to move to its platform subscription models. If you’re a CyberArk customer with a perpetual or legacy license, you’re likely to be pushed into a new structure that increases your costs, reduces your flexibility, or penalizes you for not adopting other Palo Alto tools.
When Splunk was acquired by Cisco, many customers had to negotiate new contracts with Cisco resellers instead of their original Splunk representatives. Expect similar issues here. You should document your current licensing details now and begin legal reviews to understand what protections or exit options are available.
Toolchain Redundancy and Involuntary Overlap
Many Palo Alto customers already use other tools for PAM, often because they operate in hybrid or multi-cloud environments. If CyberArk gets acquired, they’ll likely end up paying twice for similar features. Worse, your internal procurement and finance teams may push you to consolidate—not for security reasons, but because they don’t want to justify paying two vendors for the same capabilities.
This isn’t a rational conversation; it’s about budgeting. You’ll need to document why you chose specific tools and what gaps appear if you’re forced to standardize under a merged portfolio.
As a CISO, you are a business executive. That means you need to monitor mergers and acquisitions involving your vendors and corporate partners. You have no excuse to ignore vendor M&A when it affects your environment. Partner closely with your CFO and General Counsel to discuss both near-term and long-term risks. Explore options like making changes now, delaying changes, or maintaining the status quo. Work with your IT engineering teams to identify integration points that might break because of the merger. Also, talk to your sales team because they will likely face questions since your vendor acts as a third party to your customers.
Loss of Specialized Expertise in Support and Engineering
One of the first casualties in any merger is human capital. Top CyberArk engineers may not stay. Institutional knowledge will leak. Support staff could be absorbed into generic pools. If your team depends on specific CyberArk workflows, tuning, or integrations, you’ll see degradation in support quality and longer resolution times.
I’ve seen this happen firsthand: support escalations that used to be resolved in a day now take weeks. Custom use cases get pushed aside for standardized playbooks. You’ll need to maintain your own internal SMEs or consider contracting out for specific expertise while it’s still available.
Security Architecture May Get Pulled Toward the Vendor’s New Strategy
Palo Alto has been proactive in positioning itself as a comprehensive single-vendor security platform. After the merger, anticipate strong marketing and sales efforts to pressure your organization into aligning your architecture with their vision. This may involve replacing best-of-breed components with Palo Alto-native versions—tools your team didn’t select and doesn’t yet trust.
The pressure will be unmistakable. Sales reps will promote bundles. Executives will make phone calls. Partner incentives will favor compliance over architecture. As a CISO, you’ll need to defend your design choices clearly and with evidence. If your team chose CyberArk because of its accuracy and depth, document that reasoning now. Be prepared to explain why a platform strategy introduces risk.
What Can You Do About It?
Start by conducting a comprehensive risk and dependency review throughout your environment. Map out where you rely on CyberArk and Palo Alto. Document any custom integrations, SLAs, licenses, or renewal timelines. Identify areas where tool overlap or vendor churn could affect performance or coverage.
Develop fallback plans. If CyberArk is rebranded or downsized, what’s your backup? If Palo Alto enforces a unified licensing model, how will that impact your budget or roadmap? You need these answers before the merger happens.
Talk to your vendors directly. Ask for their roadmap, merger strategy, and support guarantees. Make them put things in writing. Use this period of uncertainty as leverage in renewals and pricing discussions.
Brief your executive team. These changes won’t stay in the weeds. They’ll impact audits, compliance, and board-level metrics. Show that you’re thinking ahead, not reacting late.
Most importantly, don’t sit still. Mergers move fast, and security teams that wait for clarity usually find themselves caught flat-footed.
The Real Meaning for the CISO
This isn’t about tools. It’s about control.
When two major vendors collide, their internal politics, product strategies, and fiscal goals become part of your threat landscape. You didn’t choose this. But you’re on the hook for what happens next.
You’ve seen this before—maybe with McAfee, RSA, Symantec, or FireEye. The logos change. The risk doesn’t.
Your job now is to protect the integrity of your program. That means pushing back when your environment is treated like a line item in someone else’s merger model.
This road is familiar. Walk it with clear eyes.
About the Author
