FigureAsia Reporting · Asia Leaders

Nikesh Arora Made Palo Alto Networks Cybersecurity’s Consolidator. Now He Has to Make the Stack Work as One

Nikesh Arora turned Palo Alto Networks into cybersecurity’s leading consolidator. CyberArk and Chronosphere now make integration—not another acquisition—the defining test of his platform strategy.

Palo Alto Networks has spent more than $24 billion adding identity and observability to its security platform. Nikesh Arora has assembled the industry’s broadest consolidation thesis; the next test is whether CyberArk, Chronosphere and the core franchise can operate as one system without sacrificing product quality or financial discipline.

Nikesh Arora arrived at Palo Alto Networks in 2018 as an outsider to the industry he was being hired to reshape. He had run Google’s commercial machine, served as president of SoftBank and spent much of his career turning technical capability into global distribution. What he had not done was rise through the unusually insular world of cybersecurity, where product loyalties are fierce, architectural debates become articles of faith and buyers tend to distrust any promise that sounds too comprehensive.

That distance proved useful. Arora saw that Palo Alto Networks’ most important limitation was not the quality of its technology. It was the unit in which the company competed. The business was still understood primarily through the firewall, a category it had helped reinvent. Arora wanted it judged by the proportion of an enterprise’s security architecture it could absorb.

The transformation has been substantial. Palo Alto Networks produced $2.3 billion of revenue in fiscal 2018. By fiscal 2025, revenue had reached $9.2 billion. In the third quarter of fiscal 2026, it generated $3 billion in three months, with next-generation security annual recurring revenue of $8.1 billion and remaining performance obligations of $18.4 billion.

But the latest numbers describe a company that has changed more profoundly than the top line suggests. Palo Alto Networks now spans network security, cloud protection, security operations, artificial-intelligence security, identity and observability. It has moved from selling a powerful control point to proposing an operating architecture for much of the corporate security estate.

Arora calls the strategy platformization. The word is inelegant, but the commercial idea is precise. Large organisations have accumulated dozens, sometimes hundreds, of security tools. Each product may solve a specific problem, yet the resulting stack creates its own vulnerabilities: fragmented data, conflicting policies, slow investigations, expensive specialist teams and gaps between vendors. Palo Alto Networks offers to replace that fragmentation with a smaller number of connected platforms drawing on common telemetry.

The proposition has become more ambitious—and much more expensive. Palo Alto Networks completed its acquisition of CyberArk in February 2026 for total consideration of $21.1 billion, overwhelmingly funded with stock. Two weeks earlier, it had completed the purchase of observability company Chronosphere for roughly $3 billion. Smaller deals for Koi and Portkey extended the company into agentic endpoint security and the control layer through which artificial-intelligence systems communicate.

These transactions have given Arora most of the pieces he wanted. They have also changed the nature of his assignment. He no longer needs to prove that Palo Alto Networks can assemble a broad portfolio. He needs to prove that breadth produces an integrated system rather than a federation of acquired products, overlapping sales teams and accounting adjustments.

Cybersecurity has spent years rewarding companies for being indispensable at one control point. Arora is wagering that the next era will reward the company that connects them all. The risk is that, in trying to own the architecture, Palo Alto Networks becomes harder to understand, more difficult to integrate and more dependent on the very complexity it promises to remove.

The outsider changed the unit of competition

When Arora took charge, Palo Alto Networks was already one of the most respected companies in enterprise security. Its next-generation firewall had displaced older architectures by inspecting applications and users, not merely ports and protocols. Founder Nir Zuk had built a product culture around the conviction that legacy vendors were too slow and too willing to preserve obsolete technology.

Arora did not discard that inheritance. He widened it. His first strategic insight was that the firewall’s value came not only from prevention but from its privileged position in the network. A product sitting inline with corporate traffic sees behaviour, enforces policy and generates data that can improve other security decisions. The more control points Palo Alto Networks could connect, the more useful the entire system would become.

That logic led to an acquisition campaign across cloud security, endpoint protection, attack-surface management, automation and security operations. Many of the businesses were relatively small. Rather than preserve each one as an independent division, Palo Alto Networks folded their capabilities into larger product families such as Prisma and Cortex.

The approach reflected Arora’s commercial background. At Google, he helped turn a superior search product into a global advertising business with enormous distribution. The lesson was not that every technology market behaves like digital advertising. It was that technical advantage compounds when it is paired with a scalable route to customers, a common commercial system and a product that becomes more useful as adoption expands.

Cybersecurity offered a similar opportunity with a crucial difference: trust is more fragile. A search advertiser can test a new channel with limited consequence. A bank replacing its security operations centre or a government standardising network controls is making a decision that affects operational continuity, regulatory exposure and national security. The sale is larger, the implementation deeper and the cost of failure much higher.

Arora therefore shifted Palo Alto Networks from a product-led cadence towards strategic account management. The company began asking chief information security officers not which individual tool they planned to buy, but which parts of the security estate they were prepared to consolidate. That changed the size of contracts, the duration of commitments and the level at which the company entered customer conversations.

It also changed the competitive field. Palo Alto Networks no longer competes only with firewall vendors. It confronts cloud-security specialists, endpoint companies, identity providers, observability platforms and the security businesses embedded inside Microsoft, Google and Cisco. The addressable market is larger, but so is the number of incumbents whose customer relationships Arora must displace.

His achievement has been to make Palo Alto Networks a credible consolidator across those boundaries. His next task is to show that consolidation is a durable product advantage, not simply a formidable sales strategy.

Platformization is a financial model disguised as architecture

The technical case for platformization is straightforward. Security tools perform better when they share data. A suspicious identity event becomes more meaningful when it can be connected to an endpoint process, a cloud workload and network traffic. Automation becomes faster when enforcement does not require a handoff between vendors. Artificial intelligence becomes more accurate when it has access to broad, high-quality telemetry.

The financial case is equally important. A customer that standardises on a platform is harder to dislodge than one buying a point product. Contracts become larger and longer. The vendor gains more opportunities to expand within the account, while the customer faces higher switching costs because data, workflows and policies have been built around one architecture.

Palo Alto Networks ended its fiscal third quarter with roughly 2,280 platformized customers. These accounts showed net retention of about 120 per cent and churn in the single digits. The company added 110 net new platformizations during the quarter and expects to exceed 4,000 by fiscal 2030, supporting a target of $20 billion in next-generation security annual recurring revenue.

Those figures reveal what Arora is really building: a portfolio of deeply embedded enterprise annuities. Remaining performance obligations of $18.4 billion represent contracted revenue extending into future periods. Subscription and support revenue now dominates the income statement. Even the product line increasingly contains recurring software, rather than relying exclusively on appliance sales.

Yet platformization contains an unresolved commercial tension. The simplest way to persuade a customer to replace several vendors is to make the combined offer economically irresistible. That can mean free periods, credits, bundled products or concessions while existing contracts expire. Palo Alto Networks has argued that these incentives accelerate a transition that produces stronger economics later.

The strategy can work if customers adopt the products fully, retire competitors and expand over time. It becomes less attractive if discounted bundles create nominal platform wins while individual modules remain underused. A security platform is valuable because its components reinforce one another. Shelfware does not produce better telemetry, faster response or durable renewal behaviour.

Arora must therefore demonstrate that platformization is more than vendor consolidation in the procurement department. The measure is operational: fewer alerts, shorter response times, lower infrastructure cost and better protection. Palo Alto Networks says many customers using its XSIAM security-operations platform now respond to threats in under ten minutes, compared with processes that previously took days or weeks. Outcomes of that kind justify architectural commitment. A lower vendor count on its own does not.

The deeper test will come at renewal. The first platform deal can be driven by executive urgency, migration incentives and the promise of simplification. The second is priced against actual usage and results. Arora’s model becomes truly powerful only when customers conclude that leaving would reduce their security capability, not merely increase administrative inconvenience.

CyberArk changes Palo Alto Networks more than any previous deal

CyberArk is not another tuck-in. It is a company-defining transaction that places identity security alongside network, cloud and security operations as a central pillar of Palo Alto Networks. The purchase consideration of $21.1 billion included about $2.3 billion in cash, 112 million Palo Alto Networks shares valued at $18.5 billion and replacement awards allocated to the transaction.

The balance-sheet consequences are as striking as the strategic rationale. Preliminary accounting assigned $14.8 billion of the purchase price to goodwill and $6.3 billion to identifiable intangible assets. That goodwill represents expectations about talent, integration and future commercial synergies rather than a separable asset that can be sold. Arora has paid in advance for a great deal of execution.

The strategic argument is compelling. Identity has become the connective tissue of modern computing. Employees, contractors, applications, machines and increasingly autonomous software agents all require permissions. Attackers often seek credentials because a trusted identity can move through systems more effectively than an obvious intrusion.

CyberArk built its reputation in privileged-access management, protecting the powerful accounts that can change infrastructure, reach sensitive data or administer critical systems. Palo Alto Networks wants to extend that discipline across a much larger universe of human, machine and agentic identities. Its new Idira platform is intended to combine CyberArk’s authority in identity with signals and enforcement from the broader Palo Alto Networks estate.

If the integration works, identity will improve every other platform. A network alert can be prioritised according to the privileges of the user or agent involved. Security operations can automate a response with greater confidence. Cloud protection can connect workload behaviour to the permissions that enabled it. Artificial-intelligence systems can be governed not only by what they generate but by what they are authorised to do.

The commercial opportunity is equally clear. Palo Alto Networks can introduce CyberArk into more than 70,000 customer organisations; CyberArk’s relationships provide a route for Palo Alto Networks to sell network, cloud and security-operations products. Within the first quarter after closing, the two sales organisations had initiated roughly 1,000 joint engagements.

But CyberArk also creates integration risk on a scale Palo Alto Networks has not previously carried. The acquired company has its own products, partners, sales incentives and customer loyalties. Identity buyers may not want their most sensitive control system tied too closely to a broader security vendor. Channel partners can become wary if platformization appears to reduce their role or favour Palo Alto Networks’ direct sales motion.

There is also a cultural question. CyberArk was valuable because it possessed specialist credibility. Absorbing it too aggressively could weaken the focus that produced that value. Leaving it too independent would limit the data, product and go-to-market synergies used to justify the purchase price.

Management says CyberArk is ahead of its integration plan and expects its profitability to converge with Palo Alto Networks’ level within 12 to 18 months, three to six months earlier than initially anticipated. That target matters, but cost alignment is only the first stage. The acquisition succeeds when identity becomes technically inseparable from the rest of the platform without making CyberArk less trusted in its own market.

Chronosphere stretches the boundary of a security company

Chronosphere presents a different strategic question. Observability is the practice of understanding what is happening across applications and infrastructure by collecting and analysing metrics, logs, traces and other telemetry. It is adjacent to cybersecurity, but it is also a large software category with its own buyers, economics and established competitors.

Palo Alto Networks agreed to acquire Chronosphere in November 2025 for $3.35 billion in announced consideration. The final purchase accounting placed the transaction near $3 billion. At the time of the announcement, Chronosphere reported annual recurring revenue above $160 million and triple-digit growth. By Palo Alto Networks’ third fiscal quarter, observability annual recurring revenue had surpassed $300 million.

The attraction is not difficult to see. Modern cloud applications and artificial-intelligence workloads generate enormous volumes of operational data. The same telemetry used to diagnose performance can help identify an attack. The same infrastructure required to process logs at scale can support both reliability and security analysis. Joining observability with Cortex creates the possibility of detecting a problem, deciding whether it is malicious and remediating it through one data architecture.

Chronosphere also places Palo Alto Networks inside the operating environment of artificial-intelligence companies. One leading frontier laboratory accounted for more than $200 million in annual recurring revenue as it migrated demanding training and inference workloads to the platform. That relationship gives Palo Alto Networks visibility into the infrastructure patterns that may define the next generation of enterprise computing.

Yet observability broadens the company beyond a category where security urgency naturally supports premium spending. Buyers often scrutinise observability cost because data volumes can expand faster than application revenue. The business requires disciplined ingestion economics, sophisticated usage controls and a product experience attractive to developers and site-reliability engineers, not only security teams.

Competition is also intense. Datadog, Dynatrace, Splunk inside Cisco, cloud providers and open-source technologies all occupy parts of the market. Palo Alto Networks cannot assume that security integration will compensate for any weakness in the core observability experience. Developers will not accept a poorer diagnostic tool because the parent company has an excellent firewall.

Arora is effectively arguing that observability and security are converging around the economics of data. If enterprises must collect vast telemetry to operate artificial-intelligence systems, they will increasingly want the same data foundation to support performance, resilience and protection. That thesis could expand Palo Alto Networks’ strategic importance well beyond the security budget.

It could also blur the company’s identity. The larger the platform becomes, the more product excellence must be preserved across distinct user communities. Integration is valuable only when it sharpens the individual product. Otherwise, breadth becomes a tax paid by every team.

Artificial intelligence is a demand engine—and a demanding alibi

Every major technology company now explains itself through artificial intelligence. Palo Alto Networks has a stronger claim than most. AI changes both sides of the security market: attackers can discover vulnerabilities, write malicious code and adapt campaigns faster, while defenders can analyse telemetry, automate investigations and enforce policy at machine speed.

The transition from conversational systems to autonomous agents makes the problem more consequential. An assistant that produces text is one kind of risk. An agent that can access databases, invoke software tools, change configurations and transact with other systems is an identity with operating authority. It must be observed, constrained and stopped when its behaviour departs from policy.

Arora has organised much of the enlarged portfolio around that premise. Prisma AIRS is intended to secure models, applications, data and agents. CyberArk contributes identity controls. Chronosphere observes infrastructure and application behaviour. Koi extends protection to coding agents and autonomous tools at the endpoint. Portkey adds an AI gateway through which requests can be monitored and governed.

Prisma AIRS has become the fastest-growing product in the company’s history. It passed 300 customers in the fiscal third quarter, three times the previous quarter’s count, and management expects it to approach $100 million in annual recurring revenue within the following several quarters. A large consulting company signed a transaction exceeding $20 million to secure AI applications and agents processing more than two trillion tokens a month.

AI is also reviving parts of the franchise that investors once regarded as mature. More model training, inference and agent-to-agent communication generate more network traffic. That traffic must be inspected in real time. Palo Alto Networks recorded its strongest hardware quarter in a decade, with next-generation firewall bookings rising nearly 40 per cent. New buyers include AI laboratories, data-centre operators and sovereign infrastructure providers.

The opportunity is real, but AI can become a convenient umbrella under which almost any acquisition or product extension appears strategically inevitable. Arora must distinguish between capabilities customers need now and those that merely fit the narrative of an AI security platform. The company’s capital allocation will be judged by adoption, retention and margins, not by the number of new categories it can name.

There is a further paradox. The value of a security platform increases with the data it can see, but enterprises are becoming more cautious about concentrating sensitive telemetry. Regulatory regimes, sovereignty requirements and internal risk policies may limit where data can be processed and how widely it can be shared. Palo Alto Networks must make the platform more connected while giving customers confidence that control remains local and explicit.

AI strengthens the economic case for common telemetry. It also raises the cost of architectural failure. When automated systems act at machine speed, an inaccurate decision can disrupt production as quickly as a malicious attack. Arora is selling automation into a market that cannot tolerate blind faith in it.

The old firewall business is financing the new empire

Palo Alto Networks’ strategic language has moved far beyond appliances, but network security remains the economic anchor. It accounts for roughly 70 per cent of total revenue. Hardware itself represents about 10 per cent, yet the installed base creates an enduring route for subscription sales, software firewalls, secure access and threat-prevention services.

The firewall is not being displaced by the cloud so much as reproduced across new forms. Physical appliances inspect data-centre and campus traffic. Software firewalls protect cloud workloads. Secure access service edge products apply network and security policy to distributed users. Browser controls are becoming an enforcement point as employees interact with corporate applications and AI tools.

In the third quarter, secure access service edge annual recurring revenue reached $1.6 billion, up 40 per cent. Software-firewall annual recurring revenue rose 25 per cent. The secure browser reached 11 million licences. Customers now attach an average of more than four advanced subscriptions to each device in the installed base.

This matters because Arora’s platform is not being built on an abstract software layer. It is anchored in control points that already sit inside large enterprises. Each firewall, endpoint agent, cloud sensor and identity integration expands the telemetry available to the system. Palo Alto Networks says its global footprint exceeds 125 million sensors and processes more than 17 petabytes of data each day.

Scale can create a genuine learning advantage. More observations improve detection; better detection makes the platform more valuable; wider adoption produces more data. But the flywheel works only if customers permit information to be combined and if product teams translate volume into better outcomes. Data quantity is not intelligence by default.

The continued strength of network security also provides a useful check on the acquisition story. Organic next-generation security annual recurring revenue grew 28 per cent in the latest quarter, and organic remaining performance obligations rose 22 per cent. Those rates show that the core business retains momentum even after excluding CyberArk and Chronosphere.

Arora needs that durability. The established franchise supplies cash, customer access and credibility while the company integrates newer categories. If firewall growth weakens before identity, observability and AI security achieve scale, the platform will appear less like an expanding system and more like a collection assembled to offset maturity.

The headline growth comes with acquisition footnotes

Palo Alto Networks’ third-quarter results were impressive at first reading. Revenue rose 31 per cent to $3 billion. Next-generation security annual recurring revenue increased 60 per cent to $8.1 billion. Remaining performance obligations advanced 36 per cent to $18.4 billion. Adjusted free cash flow reached $910 million, and the trailing twelve-month adjusted margin rose to 38.5 per cent.

The numbers also require separation. CyberArk and Chronosphere contributed $388 million of quarterly revenue, $1.63 billion of next-generation security annual recurring revenue and $1.8 billion of remaining performance obligations. Excluding them, the growth rates remained strong but materially lower: 28 per cent for annual recurring revenue and 22 per cent for remaining performance obligations.

This does not diminish the quarter. Acquired revenue is real, and the purpose of a transaction is to enlarge and strengthen the business. But Arora has chosen to accelerate Palo Alto Networks’ growth through capital allocation, and investors must judge the returns on that capital separately from the performance of the existing portfolio.

The accounting gap is particularly important. Palo Alto Networks reported a GAAP operating loss of $183 million and a net loss of $177 million, compared with operating and net profits a year earlier. Non-GAAP operating income was $814 million and non-GAAP net income was $684 million. The difference reflects stock-based compensation, acquisition costs, amortisation and other exclusions.

Stock-based compensation reached $684 million in the quarter, or 17 per cent of revenue, driven in part by the acquisitions. The CyberArk deal alone brought replacement equity awards with substantial future compensation expense. Management expects stock-based compensation as a share of revenue to return to pre-acquisition levels within 12 to 18 months.

That timetable will be closely watched. Paying with shares protects cash and allows a fast-growing company to make a transformative purchase. It also transfers part of the acquisition cost to existing shareholders through dilution. Palo Alto Networks spent $1 billion repurchasing stock during the quarter, but buybacks do not erase the economic cost of equity issued for deals and compensation.

Arora’s financial defence is free cash flow. The company has built one of the strongest cash-generation profiles in software and is targeting a 40 per cent adjusted free-cash-flow margin in fiscal 2028, even after integrating CyberArk and Chronosphere. Scale should lower cloud-hosting costs, reduce duplicate vendors, consolidate real estate and spread research and sales spending across a larger revenue base.

Management has already identified more than 300 information-technology vendors for rationalisation and is reviewing more than 40 facilities added through acquisitions. Those savings are tangible. They are also the easiest part of integration. A company can cancel software contracts and close offices more quickly than it can unify product architecture or reshape sales behaviour.

The financial test is therefore not whether Palo Alto Networks can produce attractive adjusted margins while excluding acquisition effects. It is whether the enlarged company can preserve organic growth, reduce dilution and return to consistent GAAP profitability without starving the products it bought.

Arora now owns the product culture as well as the strategy

Nir Zuk’s retirement in 2025 marked the end of an unusual balance inside Palo Alto Networks. Zuk embodied the founder’s technical authority and competitive instinct; Arora supplied commercial scale, capital allocation and organisational ambition. Their partnership allowed the company to broaden without entirely losing the impatience that had made it disruptive.

Lee Klarich, the longtime product chief, has taken on the chief technology role and joined the board. His continuity matters. Palo Alto Networks now needs a product architecture capable of absorbing major acquisitions while maintaining the speed expected in a market where attack techniques and computing models change continuously.

The organisational challenge is larger than a reporting-line decision. CyberArk and Chronosphere bring senior engineers who joined companies with distinct missions. Koi and Portkey are smaller teams whose value may depend on autonomy. Existing Palo Alto Networks groups will naturally defend roadmaps, budgets and customer relationships. Platformization can become an internal contest over which product is the platform and which is merely a feature.

Arora must make integration a technical discipline rather than a corporate slogan. Shared identity, data schemas, policy engines, deployment models and administrative experiences matter more than branding. Customers should not need separate professional-services projects to make products from the same company exchange context.

At the same time, complete uniformity would be a mistake. A privileged-access specialist, a cloud engineer and a security-operations analyst use different workflows. The platform should connect their data and enforcement without forcing each profession into one generic interface.

This is where Arora’s reputation as a high-intensity operator becomes both an advantage and a risk. Urgency can break through organisational resistance and make teams commit to shared outcomes. It can also produce integration milestones that look complete internally before customers experience them as coherent.

The company’s expanding scope requires more product patience precisely when the market rewards speed. Palo Alto Networks must ship quickly enough to respond to AI-driven threats, yet integrate carefully enough that automated enforcement remains reliable. Arora can impose the tempo. He still depends on technical leaders to decide where haste becomes dangerous.

A global platform has to survive a sovereign internet

Arora’s career has been unusually international. Born in India, educated in India and the United States, he built telecommunications businesses in Europe, ran global commercial operations at Google and joined SoftBank in Japan before leading a Silicon Valley security company. He understands that technology markets scale globally while institutions retain national boundaries.

Cybersecurity sits directly inside that contradiction. Multinational companies want common controls across countries. Governments want assurance that sensitive data, critical infrastructure and security operations remain within national jurisdiction. Europe is imposing stricter sovereignty requirements. Asian governments are expanding domestic cyber capabilities. The United States increasingly treats software supply chains and cloud infrastructure as strategic assets.

Palo Alto Networks benefits from scale because threats cross borders and telemetry improves when drawn from a broad estate. Yet the company must provide regional clouds, local data controls, transparent access policies and partnerships that satisfy regulated industries. The platform cannot require customers to surrender sovereignty in exchange for integration.

This is especially important after the CyberArk acquisition. Identity systems contain some of the most sensitive information in an organisation: privileged credentials, access relationships and records of who can reach critical assets. Governments and financial institutions will scrutinise where that information resides and how it interacts with other Palo Alto Networks services.

Arora’s global commercial instincts should help the company adapt its operating model without fragmenting the product. Sovereignty controls must become part of the architecture, not bespoke concessions added during procurement. The winners in enterprise security will be able to provide global intelligence with local authority.

The opportunity across Asia is considerable. The region combines advanced digital economies, fast-growing cloud adoption, major financial centres, enormous manufacturing networks and escalating geopolitical risk. Japanese, Indian, Singaporean, South Korean and Southeast Asian organisations are modernising infrastructure while confronting different regulatory and threat environments.

Palo Alto Networks’ JPAC revenue grew 26 per cent in the latest quarter, below the Americas and Europe but still substantial. Long-term growth will depend on more than exporting a US sales model. It requires local partners, technical talent, government trust and products designed for heterogeneous infrastructure rather than only the architecture of the largest Western enterprises.

Arora’s biography gives him fluency across these markets. The company’s challenge is to turn that fluency into institutional depth that does not depend on the chief executive personally.

The next proof point is integration, not another acquisition

Nikesh Arora has already changed the trajectory of Palo Alto Networks. He took a company associated with one category and made it a contender for the strategic centre of enterprise security. Revenue has multiplied, recurring commitments have deepened and the business has maintained exceptional cash generation while entering markets that did not meaningfully exist in its portfolio eight years ago.

He also recognised the industry’s central structural weakness before many customers were ready to act on it. Fragmented security stacks are expensive, slow and poorly suited to attacks that move at machine speed. A connected platform with broad telemetry and multiple enforcement points has a better chance of seeing an incident early and stopping it quickly.

The strategy is now entering its least forgiving phase. CyberArk and Chronosphere are large enough to alter product priorities, financial reporting and organisational culture. The company has issued significant equity, accepted billions of dollars of goodwill and promised that integration will improve both growth and margins. Smaller AI-security acquisitions add speed, but they also add more interfaces, teams and decisions.

Arora does not need another category to complete the story. He needs customers to experience identity, observability, network security and security operations as parts of one architecture. He needs sales teams to expand accounts without turning platformization into indiscriminate bundling. He needs acquired engineers to retain specialist excellence while contributing to shared products. He needs adjusted cash flow to become GAAP earnings with less dependence on stock compensation.

Most of all, he needs Palo Alto Networks to remain excellent at the control points that gave it permission to expand. The firewall cannot become neglected infrastructure. Cortex must continue reducing response time. CyberArk must remain the trusted authority on privileged access. Chronosphere must win on observability even when security integration is not the deciding factor.

If those products become stronger together, Arora will have built something rare: a broad technology platform whose scale reduces complexity rather than reproducing it. Palo Alto Networks would occupy a position closer to an enterprise operating layer than a conventional security vendor, with recurring economics and data advantages that point-product competitors would struggle to match.

If integration remains incomplete, the same breadth will become the company’s vulnerability. Customers will see overlapping consoles, inconsistent policies and a commercial bundle assembled faster than the products could converge. The acquisitions will have increased revenue while weakening the clarity that made Palo Alto Networks valuable.

Arora’s career has been defined by scale. At Palo Alto Networks, scale is no longer the destination. It is the raw material.

The question that will define his next chapter is whether he can turn it into coherence.