The identity security market is growing rapidly, with organizations becoming increasingly aware of the risks associated with attack paths. However, despite growing awareness, this doesn’t automatically translate to effective prevention.
Acquisition of CyberArk by Palo Alto Networks
Palo Alto Networks and CyberArk have signed a definitive agreement under which Palo Alto Networks will acquire CyberArk, marking the cybersecurity company’s major entry into the identity security market.
| Key Points | Palo Alto Networks | CyberArk |
|---|---|---|
| Acquisition agreement | Palo Alto Networks will acquire CyberArk | CyberArk will become part of Palo Alto Networks |
| Market strategy | Palo Alto Networks’ AI-powered security platforms | CyberArk’s experience in Privileged Access Management (PAM) and broader identity security solutions |
| Integration | Embedding CyberArk’s capabilities in Palo Alto Networks’ Strata and Cortex offerings | Accelerating CyberArk’s evolution into a full-scale identity security platform |
Executive Views
Nikesh Arora, chairman and CEO of Palo Alto Networks, commented: “Our market strategy has always been to enter categories at their inflection point, and we believe that moment for Identity Security is now.”
Udi Mokady, founder and Executive Chairman of CyberArk, said: “Joining forces with Palo Alto Networks is a powerful next chapter, built on shared values and a deep commitment to solving the toughest identity challenges.”
Identity Security Spending
A report from Omdia analyzing trends in identity attack path management (APM) found that nearly 60 percent of organizations have raised their annual spend on identity security in the past year.
- Nearly 60 percent of organizations have raised their annual spend on identity security in the past year
- A top priority for more than half of organizations is integrating APM with other security tools
- Staffing and security incident reduction are also high priorities
Addressing Identity Security Challenges
BeyondID has uncovered a striking disconnect between how organizations perceive their identity security readiness and the measures they actually implement.
Confidence Paradox
BeyondID’s report, “The Confidence Paradox: Delusions of Readiness in Identity Security,” found that while nearly three-quarters of IT leaders believe their identity posture is either “Established” or “Advanced,” these same organizations routinely fall short on fundamental security practices.
| Security Practices | Average Score | Percentage of Organizations Implementing |
|---|---|---|
| MFA for every user | 60% | 60% |
| Regular user access reviews | 40% | 40% |
| Least privilege access model | 27% | 27% |
Real-World Consequences
Organizations that consider themselves “Advanced” implement fewer than five out of a dozen recommended identity-security best practices on average, a lower score than their “Established” peers, who put in just over five. Only 60 percent of all respondents enforce multi-factor authentication (MFA) for every user, and a mere 40 percent conduct regular user access reviews. The report also found that 72 percent of the surveyed organizations have suffered at least one attack, and nearly half endured multiple incidents.
Recommendations
BeyondID urges companies to treat basic controls such as MFA, routine access reviews and least privilege models as nonnegotiable; to pursue third-party benchmarks rather than rely on self-assessments, and realign budgets to recognize identity as the new security perimeter. “Identity security often remains underfunded and inconsistently managed,” Arun Shrestha, BeyondID’s CEO, said. “The confidence many organizations express simply isn’t backed by operational rigor.”
Market Trends
The identity security market is growing rapidly, with organizations becoming increasingly aware of the risks associated with attack paths.
Key Statistics
- 72% of organizations have suffered at least one attack
- 38% of breaches were caused by compromised employee credentials
- 36% of data breaches were tied directly to identity credentials
- 34% of organizations failed an audit for identity-related issues
- 14% of organizations have failed more than one audit
Conclusion
The identity security market is booming, with organizations focusing on attack paths. However, despite growing awareness, this doesn’t automatically translate to effective prevention. The acquisition of CyberArk by Palo Alto Networks marks a significant entry into the identity security market, and the integration of CyberArk’s capabilities with Palo Alto Networks’ AI-powered security platforms is expected to accelerate CyberArk’s evolution into a full-scale identity security platform. However, despite the growing awareness and investment in identity security, many organizations still struggle to implement effective measures, as highlighted by BeyondID’s report. The report found that many organizations overestimate their identity security readiness and underestimate the measures they need to implement. As the identity security market continues to grow, it is essential that organizations prioritize effective prevention and treatment of identity security challenges. By doing so, they can ensure that their identity security posture is robust and resilient, and that they can protect themselves against the ever-evolving threats of attack paths.
