CYBERSECURITY | MARKET RESEARCH | PUBLIC COMPANIES |

Cybersecurity $10B Giants: Insights Into Cyber’s Largest Public Companies

Readers,

Today, we’re analyzing the latest developments with the largest public cybersecurity companies. I’ve spent hundreds of hours reviewing their roadmaps to provide a summary of their priorities. These companies have over 65% market share of the $200B+ cybersecurity industry. In this report, I analyze their challenges, emerging categories, and financial metrics because they give us a glimpse into the future of cybersecurity.

Below are the major pureplay cybersecurity players that have a market capitalization over $10B:

Notably, only seven cybersecurity companies have a market cap of over $10B (there are over 4,500 vendors in the ecosystem). This reflects the ultimate power law game within security, where a small number of companies account for a large portion of enterprise security spending.

I’ve provided an analysis of each vendor above. I’ve excluded an in-depth analysis of Fortinet and Checkpoint, but decided to focus on SentinelOne because of recent developments since the Crowdstrike breach. I decided to share some educational content on how both vendors differ. See the full report below.

For observers, I haven’t included an analysis of technology companies that also offer cybersecurity services as part of their broader platforms. However, I will recognize they are all major players. These notable companies include Microsoft ($3.31T), Cisco-Splunk ($210B), Datadog ($38B), Cloudflare ($26B), Rubrik ($5.7B), Checkpoint ($21B), Tenable ($4.8B), Qualys ($4.6B), and many not mentioned here.

• Among the seven public companies with a market cap greater than $10B, Palo Alto Networks leads with a 9% market share, followed by Fortinet (7%) and Microsoft (6%). This shows how cybersecurity remains highly fragmented.
• The top 20 cybersecurity vendors grew 12% collectively, far above the market average, and account for 65% of total cybersecurity spending. The remaining 35.5% of the market is divided among thousands of smaller vendors vying for market visibility and customer spend.
• The largest cybersecurity companies in the world mainly operate in network security, SOC (EDR, and SIEM), and largely in identity security. There are other exceptions on the private market, like Proofpoint (Email security), Wiz (Cloud security), and many more.
• My analysis of the largest vendors generally shows that cybersecurity spending remains growing well. Budgets from CISOs continue to show that companies are investing in cybersecurity, but most of it continues to go to the largest vendors.
• Every major cybersecurity company is prioritizing AI initiatives. Major vendors like Palo Alto Networks and Crowdstrike are focusing on growth within SOC Next Gen-SIEMs and security data. Several cloud security vendors are emphasizing AI-SPM (Security Posture Management) following Wiz’s launch earlier this year. Zscaler is expanding its data security solutions, while CrowdStrike is rapidly growing its cloud security, identity (ITDR), and data security segments.
• The rest of the report goes in-depth to showcase the next growth areas for these successful companies. Resources like Canalys and Altitude Cyber market reviews offer excellent insights into the top security vendors.

Before diving into the companies, let’s look at some charts highlighting the current market status and key facts.

As discussed earlier, Palo Alto Networks is a leading vendor growing 11.2% YoY to secure to a 9.7% market share. Despite a fragmented landscape, no single vendor has achieved a double-digit market share yet. PANW was followed by Fortinet and Microsoft, with Cisco and CrowdStrike rounding out the top five. The combined revenue of the top 16 vendors reached $10.7 B, a $0.7 B increase from Q1 and $1.2 B from last year. Several vendors, including SentinelOne (33%), CrowdStrike (32%), Zscaler (30%), and Cloudflare (30%), achieved growth rates exceeding 30% in Q2 2024.

Altitude Cyber shows the key financial metrics for all the public cybersecurity companies.

I’ve long believed that FQ4 2024 would be a defining quarter for Palo Alto Networks. The company delivered strong financial results, with revenue of $2.19B and an 11% YoY uptick in billings, slightly beating estimates. For FY 2024, total revenue was around $8.1 B.

The Next-Generation Security (NGS) ARR grew 43% YoY to exceed $4B, surpassing expectations by $150 M. Despite a slowdown from 60% growth, this 40%+ figure reflects Palo Alto’s successful transition towards platformization-consolidating its products to drive larger, more integrated deals.

Over 1,000 customers (out of 5000 of their largest customers) have adopted the platform model, with the average ARR per platformized customer exceeding $2 M, up more than 10% from earlier this year. This has helped Palo Alto secure large deals, including multiple eight-figure and even a nine-figure deal. Future growth hinges on key segments like Software VMs, SASE (Secure Access Service Edge), Cortex XSIAM (Extended Security Intelligence and Management), and Prisma Cloud. Let’s examine each;

Platformization Update & Next-Gen Security (NGS)

Palo Alto’s platformization goal is to convert 2,500–3,500 customers to the platform model by FY 2030, aiming for $15 B in NGS ARR by then. This approach gives Palo Alto a competitive edge, especially with existing customers, enabling them to adopt the full suite of security solutions, leading to stickier relationships and larger deal sizes.

Software and SASE

SASE accounted for 67% of PANW’s Firewall-as-a-Platform (FWaaP) billings in FY24, up from 55% in FY23. The rise in the subscription attach rates (3.5 per customer in F4Q24 vs. 3.1 in F4Q23) signals growing customer adoption of multiple services. Zscaler and Netskope are PANW’s fiercest competitors within this market. PANW stopped disclosing revenue, but my assumption is that growth has slowed. Prisma SASE has over 5,300 customers, 21% growth YoY, with more than one-third being new to PANW. This is a good indicator, but it’s critical that we hear more about pure revenue metrics since this is a core pillar for PANW’s future growth, particularly in relation to their XSIAM and Prisma Cloud businesses.

Prisma Cloud

Prisma Cloud’s ARR surpassed $700 M, growing 30% YoY. While PANW’s growth in this space has slowed due to fierce competition from Wiz and CrowdStrike, hitting $700M is still a significant milestone within this segment of cybersecurity.

Cortex

Cortex reached $900M in ARR, with a 4x increase in active customers for XSIAM, highlighting the growing demand for extended detection and response (XDR) and automation in security operations.

PANW disclosed that its AI-related ARR exceeded $200M, growing 4x YoY, driven by its XSIAM and AIOps products.

While many AI offerings are still in their early stages, it’s clear that PANW is prioritizing these initiatives. As AI adoption accelerates, securing AI workloads, applications, and access will be critical, and PANW’s early moves position it ahead of the curve. Other cybersecurity vendors are likely to follow suit.

The July 19th incident with Crowdstrike will be remembered for years to come. Rather than rehashing the entire scenario, let’s focus on the company’s results following the event. The major question going into the quarter was how much the outage would impact the business and whether customers would churn.

Despite initial concerns about the impact on the company’s reputation, CrowdStrike delivered a solid second-quarter earnings report. The company achieved $3.8B in Annual Recurring Revenue (ARR), growing 32% YoY, with free cash flow of $323M (30%). More importantly, CrowdStrike did not dramatically cut its guidance as the market expected. Instead, it adjusted its FY25 guidance, signaling caution for the remainder of the year.

It’s important to note that CrowdStrike has introduced important programs like Falcon Flex, which is already proving effective in retaining customers. Currently, the program has secured $700M in total account value from Falcon Flex customers.

Platform and Future Growth Strategy

CrowdStrike’s core strategy is centered on broadening its cybersecurity platform beyond endpoint security. George Kutz has set a goal to reach $10 B in ARR by FY31, up from $3.8B in 2025. The key growth drivers will be the company’s expansion into cloud security, identity protection, and Next-Gen Security Information and Event Management (SIEM), which collectively have already surpassed $1 B in ARR. The growth in Identity Threat Detection & Response (ITDR) and Cloud Security is expected to drive 50–65% of ARR by FY31, up from 28% today. Let’s examine each of these business lines.

This business is growing 85% year-over-year and it makes up over 28% of Crowdstrike’s overall business. These are Crowdstrike’s key product lines that will drive their next arc of growth:

Cloud Security (10k customers — 13% of ARR)

CrowdStrike’s cloud security offering has experienced rapid growth, now contributing $515M in ARR, with an 80% YoY increase. The company’s expansion into Cloud-Native Application Protection Platforms (CNAPP) has been highly successful, particularly in leveraging its expertise in security for Windows-focused cloud workloads.

As I recently wrote, Wiz is CrowdStrike’s closest competitor, and both are dominating the cloud security market. This will be an interesting battle to watch unfold. See my past report on the pros vs cons in cloud security and you’ll observe that Crowdstrike is capturing a large market share. CrowdStrike’s recent addition of AI Security Posture Management (AI-SPM) to its Falcon Cloud Security suite addresses the growing need to secure AI workloads. This product helps organizations detect misconfigurations and secure large language models (LLMs) operating in the cloud, following a similar move by Wiz earlier this year. AI-SPM is an area to monitor closely, as enterprises increasingly adopt AI technologies and look to secure their deployment environments..

ITDR (4k customers — 9% of ARR)

ITDR has become a critical component of CrowdStrike’s portfolio, now contributing $350M in ARR, with 70% YoY growth, bolstered by acquisitions. The product focuses on defending against identity-based threats in Windows Active Directory environments, one of the most common attack vectors today. Falcon Identity Protection detects suspicious login behaviors, password-spraying attacks, and compromised credentials by integrating with both on-prem and cloud identity providers like Microsoft Active Directory and Microsoft Entra ID. Additionally, the introduction of Falcon Privileged Access secures hybrid cloud environments by enforcing least-privilege access with risk-based, just-in-time (JIT) controls.

CrowdStrike’s Next-Gen SIEM (2000+ customers — 6% of ARR)

CrowdStrike’s Next-Gen SIEM business has garnered significant buzz in recent months. LogScale, a rapidly growing part of this business, has surpassed $220M in ARR, with an impressive 140% YoY growth. Essentially, this product is a SIEM solution that helps enterprises consolidate vast amounts of security data and events into a single platform, providing comprehensive visibility and analytics across the entire security stack.

What sets CrowdStrike apart is LogScale SIEM’s ability to leverage the company’s endpoint-first data (which constitutes a large portion of SIEM data). This enables the platform to capture real-time threat data from endpoints across an organization’s environment. Since nearly half of the security threat data processed by SIEM solutions originates from endpoints, CrowdStrike’s platform enjoys a unique advantage. It integrates seamlessly with non-CrowdStrike sources, offering a complete view of security incidents and enabling customers to build a unified security stack. This makes it highly attractive for organizations seeking to consolidate security tools and reduce costs. Beyond its native EDR data, one of CrowdStrike’s key differentiators is its AI-generated parsers, which accelerate data ingestion by automatically creating parsers for complex data sets. This enhances the platform’s usability for large-scale data analysis and incident response.

Among CrowdStrike’s three business lines, the Next-Gen SIEM product has the greatest growth potential. Estimates suggest that it could account for 40% of future growth, contributing $6.85B of the $10B ARR target. CrowdStrike’s long-term growth narrative remains intact, with plans to reach $10B in ARR by FY31. Its expansions in ITDR and Cloud Security are expected to drive a significant portion of this growth, contributing 50–65% of ARR by FY31, up from 28% today.

SentinelOne continues its journey as one of the fastest-growing software companies, although some argue that its valuation does not reflect its impressive growth profile. This quarter was particularly interesting, as it followed the fallout from CrowdStrike’s outage, providing valuable insights into the company’s positioning.

SentinelOne’s Q2 FY 2025 earnings report was solid, though not exceptional. The company reported $199M in revenue (33% YoY growth), slightly ahead of consensus estimates of $197.3M. Its ARR grew by 32%, reaching a total of $806M. When compared to CrowdStrike- which is growing at a similar rate but at almost double the revenue- it’s clear both companies have grown substantially despite being founded just three years apart.

A significant milestone for SentinelOne was its first-ever positive net income and earnings per share, marking the company’s transition toward profitability.

SentinelOne’s growth is largely anchored by its AI-powered security architecture. Several product updates were highlighted:

A key theme discussed during SentinelOne’s earnings call was its positioning following CrowdStrike’s global IT outage. CEO Tomer Weingarten emphasized SentinelOne’s architectural advantages, highlighting the company’s autonomous AI-based detection and reduced reliance on kernel access. These factors, he argued, make SentinelOne’s platform more resilient and secure.

While SentinelOne’s CEO acknowledged some customer pipeline interest following CrowdStrike’s outage, he noted that sales cycles for enterprise transitions typically take 9–12 months, before they can see any benefits. Nevertheless, SentinelOne is seen as the best-positioned cybersecurity vendor to capitalize on the fallout from CrowdStrike’s outage, with the potential to capture significant market share, particularly in the SMB space and among legacy vendor displacements.

Future Growth Initiatives

A big development that shouldn’t be overlooked is their FedRAMP high certification and partnership with CISA (Cybersecurity and Infrastructure Security Agency), which could unlock decent opportunities in the federal market, which still relies heavily on on-premise infrastructure. This partnership will position the company to secure critical federal assets and grow its share in government contracts — a big driver of growth for many companies. Time will tell if these efforts yield substantial results.

Zscaler was severely punished by the market, (losing 20% in market cap post-earnings) despite what seemed like a good quarter. In my opinion, Zscaler posted solid results, with billings growth of 27% YoY and revenues of $593M, surpassing both street expectations and their own guidance. Billings is a key metric for ZS and this beat was a positive sign. Let’s focus on the emerging products that will drive growth.

Zscaler’s new offerings-such as ZDX (Digital Experience), Zero Trust for branches, AI-driven security, and unified vulnerability management (Avalor acquisition) -are gaining good traction. These newer products accounted for 22% of new business in FY24, up from 18% in FY23, with expectations to grow to 25% in FY25. While their new AI products are still in the early stages, they show promise.

Increased Focus on Large Enterprise and Government Contracts Zscaler continues to attract large enterprise customers, with the number of $1M+ ARR (Annual Recurring Revenue) customers growing by 26% YoY to 567. Furthermore, Zscaler has made significant inroads with the U.S. federal government, adding a new cabinet agency to its roster, bringing the total to 13 out of 15 U.S. cabinet-level agencies.

• Sales Team attrition: One major reason for the market’s negative reaction is Zscaler’s ongoing sales attrition in previous quarters, which continues to have a lagging effect. Ever since Zscaler lost Dalic rajic (sales leader responsible for driving their 2020–2024), things haven’t been the same. Although sales productivity improved in Q4, thanks to better-than-expected performance from new sales hires, the lingering effects of previous challenges remain.. Nevertheless, it’s still impressive to see them grow at such a scale despite the sales lag.
• Doubts on FY25 Guidance: Investors are wary of Zscaler’s guidance, which predicts slower billings growth in the first half of FY25 (13% YoY) followed by steep growth in the second half (23% YoY). This uneven growth trajectory raises concerns about execution risks.
• Increasing Competitive Pressure: The cybersecurity market, especially in SASE and Zero Trust, is becoming more competitive. Zscaler’s leadership in the space is strong, but the company faces ongoing threats from established players like Palo Alto Networks, Netskope, Cisco, and Cato Networks.

To summarize the issues at Zscaler, the market wants to see them improve the productivity of sales staff, GTM strategies (around working with GSIs), and upselling their new products within data and AI security. However, ZS’ ability to grow to $2B (30% YoY growth) revenue and $2.61B (27% YoY growth) in billings with Free Cash Flow of 23% shows they have a strong market share within SASE — particularly primarily within the Government. Achieving their FY 2025 guide will be crucial.

This is my first time providing full coverage of CyberArk, but I truly believe this is a company that has been underlooked for a long time and is finally starting to gain some recognition. CyberArk is one of the few cybersecurity companies growing over 30% in a difficult economic environment.

CyberArk reported Q2 revenue of $224M, growing 28% YoY, surpassing consensus estimates of $219M. ARR grew 33% YoY to $868M, ahead of market expectations and they’ve raised their guidance for ARR to nearly a B ($985M-$995M) at a growth rate of 29%. While many have believed the company is primarily on-prem, recurring revenue accounted for 93% of total revenue.

Multi-Product Adoption

CyberArk has effectively broadened its identity security platform beyond its traditional focus on Privileged Access Management (PAM) to include identity security across workforce, machine identities, secrets management and components of DevSecOps. Notably, secrets management and workforce identity solutions are seeing increased traction.

It’s important to note that as we discuss their multi-product adoption, the company continues to add new customer logos at a healthy pace, with 245 new customers in Q2, marking a 23% QoQ growth. Impressively, 50% of these customers purchased two or more solutions, showcasing CyberArk’s success in cross-selling its portfolio of identity security products.

Machine Identity Acquisition will drive growth

The acquisition of Venafi underscores the importance of machine identity in securing modern IT environments, especially with the rise of AI, DevOps, and cloud-native applications. Machine identities are quickly becoming as critical as human identities, and CyberArk’s move into this space could provide a significant competitive edge as organizations look to secure an increasing number of non-human identities.

Software transition

CyberArk has historically been a Privileged Access Management (PAM) that covered vaults for on-prem, but currently, over 70% of its total bookings come from SaaS. They are capitalizing on cloud-driven security needs, especially in North America, where SaaS comprises 80% of bookings. CyberArk’s transition to a SaaS (Software-as-a-Service) model remains a critical component of its growth strategy. SaaS deferred revenue grew 52% YoY, far outpacing overall deferred revenue growth of 24%.

CyberArk’s shift from on-prem to SaaS continues to drive shorter deployment cycles, quicker adoption, and better customer retention. However, since they have a large on-prem install base especially in regulated industries, such as financial services and government — these customers may require hybrid solutions, combining SaaS and on-prem models for certain use cases.

Summary

CyberArk currently has a strong competitive advantage across PAM (human identities and Machine identity management (Venafi) which positions them strongly in this market. They still have the largest market share and are the dominant player in a high-moat category like PAM and they are successfully expanding into new categories.

CyberArk’s continued growth will hinge on their execution into broader identity security use cases within IGA, Access Management, secrets Management (Conjur and Secrets Hub), Workforce Identity (IDaaS and Workforce Access Solutions) and Machine Identity (with Venafi Acquisition and PKI Management).

These areas are going to be pivotal as they aim to scale the $1B barrier. However, they are in a good place because competitors don’t have their level of depth in PAM & Secrets management, and competitors will need to either specialize deeply in one area of identity security or build similar, broad-based platforms to compete effectively.

Okta’s recent earnings call provided mixed signals, reflecting both strengths and ongoing challenges. The company delivered a modest beat on its topline results but struggled with some key growth metrics, particularly in customer retention and new bookings.

Okta posted decent revenue growth of 16% YoY for F2Q25, beating consensus expectations slightly. However, customer retention, measured through net retention rate (NRR), showed a 1% decline from the previous quarter, reflecting pressure on upsell opportunities and headwinds. Notably, Okta also turned a GAAP profit for the first time, with a net income margin of 4%.

Challenges

• Total customer growth was slower than historical trends, up only 5% YoY. cRPO growth slowed to 13% YoY, marking the second consecutive quarter of deceleration.
• The outlook for F3Q25, with a 9% YoY cRPO guide, was below expectations, reflecting Okta’s challenges in expanding seats and upsells due to macroeconomic pressures and longer sales cycles
• NRR continues to decline, down to 110% this quarter from 115% a year ago. Thise decline is driven by slower upsells and a reduction in seat expansions due to hiring slowdowns in many enterprises. Upsell transactions, particularly in the SMB segment, have been a key area of weakness.

Next Growth Verticals Moving Forward:

Okta’s issues stem from its 2023 incident, where it struggled to recover quickly. Okta has reorganized its sales teams, particularly in the Americas SMB market, to adopt a hunter-farmer model, which is expected to drive more focused selling efforts. However, it’s too early to see the impact of this shift, and management expects it will take a few more quarters to gauge its success fully. Okta has a significant competitive advantage as an IdP that won’t be displaced by any major competitor (except Microsoft). some of this reflects its customers with more than $1 million ACV, which were the fastest-growing segment, demonstrating Okta’s success with large enterprises despite challenges in the broader market. The company will first need to get its sales team in order and build customer trust before gradually driving emphasis into upselling its adjacent products.

Thank you for reading! Share your comments on the largest vendors below. My next analysis will explore the largest private security companies, keep an eye out!

Originally published at https://softwareanalyst.substack.com.

#CyberSecurity #Listedcompanies #PublicCompanies #technologycompanies #Tech #CyberArk #PaloAlto #Crowdstrike #OKTA