• Megadeal brings together the three pillars of cybersecurity
• Tie-up may not receive second request, but other industry deals have

The huge size of Palo Alto Networks’ USD 25bn takeover of Israel-based CyberArk means the deal is likely to attract close attention from US regulators.

The lack of major overlaps implies that the Department of Justice (DoJ) will likely approve the deal without a second request, Mergermarket US regulatory reporter Serafina Smith tells Dealcast host Julie-Anna Needham. A second request involves a more in-depth antitrust investigation, and it can extend a deal timetable by 2 to 6 months.

However, resolving the deal without a second request is not a foregone conclusion in this case. The DoJ issued a second request to private equity (PE) firm Thoma Bravo in 2022 when it bought CyberArk competitor ForgeRock. The deal eventually cleared after reports of extended timing agreements.

The cybersecurity industry is based around three pillars: identity management (like CyberArk and ForgeRock), network management (like Palo Alto), and endpoint security (also provided by Palo Alto).

• Will the DoJ be concerned about Palo Alto bundling the three pillars together?
• How has regulatory thinking on bundling theory evolved from US President Joe Biden’s administration to President Donald Trump’s?
• Will officials under Trump continue to take a hard line on tech consolidation in general? And how about cybersecurity in particular?

All this and more in this week’s Dealcast