Palo Alto Networks, Inc. (Palo Alto) is a public (NYSE: PANW), Santa Clara, California-based cybersecurity company founded in 2006. With nearly 14,000 employees, it has US$6.893 billion in annual revenue, essentially tied with Cisco (post-Splunk acquisition). Palo Alto has 70,000 customers spanning over 150 countries, making it the world’s fourth-largest cybersecurity products and services company, behind Microsoft, IBM, and AWS.
Should the Talon Cyber Security and Dig Security acquisitions be consummated, Palo Alto will have made 20 acquisitions since 2008, investing a little over US$5 billion to bolster its cybersecurity product and services portfolio. The company has historically paid 5.9 times multiples of VC investment for these companies, averaging US$254.4 million per acquisition. This analyst estimates Palo Alto will invest over US$1 billion to acquire both companies, offering US$280 million to US$320 million for Dig Security and US$700 million to US$800 million for Talon Cyber Security. The offers will likely include cash, replacement equity awards, and certain purchase price adjustments.
The investment thesis of Palo Alto generally is to acquire companies that are four years old, have raised about US$41 million, and have 50 or more employees. Fifty-five percent of its acquired companies come from the U.S. and 45% from Israel. Its acquisitions have been astutely relevant to contemporary threats, including application security, cloud security, data security posture management, API security, attack surface management, and browser security. Its smallest deal was its first in 2014, where it paid US$6 million to malware attack detection company Morta Security. Its largest to date was US$800 million paid to acquire the attack surface management company Expanse in 2020. Palo Alto comes in strong on acquisition offers, thwarting those considering swooping in with a superior offer.
Where will Palo Alto turn its acquisition attention to next? Palo Alto has purposefully positioned itself as a broad cybersecurity product and services portfolio company. Maintaining its competitive posture with Cisco, CrowdStrike, and others will require successive acquisitions to keep pace. Areas where we could see Palo Alto invest include risk management, software supply chain, AI-SecOps, and encryption solutions. A broad proprietary cybersecurity portfolio is antithetical to universal posture management, something the industry needs. To combat this, Palo Alto will need to invest to be the top one or two providers in most of its portfolio segments to keep customers from looking at the next new shiny toy.