Palo Alto Networks (PANW) News Today: Chronosphere Deal, Q1 Beat, VPN Attack Surge and AI Security Push – 20 November 2025

Palo Alto Networks, Inc. (NASDAQ: PANW) is at the center of several major cybersecurity and market stories today. The company has:

• Announced a $3.35 billion acquisition of observability platform Chronosphere
• Reported a better‑than‑expected fiscal Q1 2026, with strong growth in next‑generation security
• Faced reports of more than 2.3 million attacks against its GlobalProtect VPN portals
• Rolled out new Prisma AIRS AI‑security integrations with IBM, ServiceNow, Glean and Factory
• Drawn mixed but generally positive Wall Street reactions, including multiple price‑target changes

Here’s a full wrap‑up of everything happening around Palo Alto Networks on 20 November 2025 and what it could mean for customers and investors.

Market reaction: PANW slips despite upbeat fundamentals

As of early afternoon trading, Palo Alto Networks shares were changing hands around $199.90, down modestly on the day and giving the company a market valuation in line with other large‑cap cybersecurity leaders.

The stock’s move comes after a more pronounced 3–4% drop in after‑hours and pre‑market trading following last night’s earnings and M&A announcements, as investors digested the premium price tag of the Chronosphere deal. ^[1]

Analysts remain broadly constructive:

• Citizens reiterated a Market Outperform rating with a $250 price target, implying roughly 25% upside from current levels. ^[2]
• Bernstein lifted its target to $210 (Outperform), citing stronger platform deals and software mix. ^[3]
• UBS trimmed its target from $230 to $220 and kept a Neutral rating, pointing to a “mixed” outlook mainly around services growth, even as ARR and free cash flow remained strong. ^[4]
• Other firms, including TD Cowen, BTIG, Truist and Cantor, are maintaining Buy/Overweight stances with targets between $220 and $255, while Guggenheim stands out with a Sell rating and a $135 target. ^[5]

According to Investing.com data, PANW is up about 9–10% year‑to‑date, lagging the broader Russell 3000 but still reflecting solid long‑term optimism. The stock trades at a rich P/E near 125, leaving little room for execution missteps. ^[6]

Q1 FY 2026: Strong start to the year and proof of “platformization”

For its fiscal first quarter 2026 (ended 31 October 2025), Palo Alto Networks delivered results that came in ahead of Wall Street expectations and reinforced CEO Nikesh Arora’s “platformization” strategy.

Key financial highlights

• Revenue: about $2.47 billion, up 16% year‑on‑year, slightly above the ~$2.46 billion consensus. ^[7]
• Non‑GAAP EPS:$0.93, topping estimates of $0.89. ^[8]
• Non‑GAAP operating margin: roughly 30.2%, ahead of the ~29.1% analysts expected, marking a second straight quarter above 30%. ^[9]
• Next‑Generation Security ARR: grew 29% year‑over‑year to around $5.85–$5.9 billion, outpacing total revenue growth. ^[10]
• Remaining performance obligations (RPO): climbed 24% to roughly $15.5 billion, giving Palo Alto multi‑year revenue visibility. ^[11]

A TradingView summary of the company’s latest Form 10‑Q also highlights: ^[12]

• Total revenue of $2,474 million, with
  • Product revenue up 23% year‑on‑year
  • Subscription and support revenue up 14%
• Gross margin of 74.2%, slightly higher than last year
• Revenue growth across all regions – Americas +14%, EMEA +18%, APAC +22%

On the earnings call, management emphasized that customers are increasingly consolidating spend onto Palo Alto’s portfolio across SASE, XSIAM, software firewalls and the emerging Prisma AIRS AI security platform, driving larger “platform deals” and improved operating leverage. ^[13]

Guidance: Slight raise for FY 2026, steady outlook for Q2

Alongside the Q1 print, Palo Alto raised its full‑year fiscal 2026 outlook, though only modestly:

• Revenue: now $10.50–$10.54 billion, up from $10.48–$10.53 billion
• Adjusted EPS: now $3.80–$3.90, versus prior guidance of $3.75–$3.85 ^[14]

For Q2 FY 2026, the company expects:

• Revenue:$2.57–$2.59 billion (in line with the ~$2.58 billion consensus)
• Non‑GAAP EPS:$0.93–$0.95, also broadly in line with analyst expectations. ^[15]

The incremental raise was enough for some analysts to tweak models higher, but not enough to silence concerns that M&A might pressure returns in the short term.

Chronosphere: a $3.35 billion bet on AI‑era observability

The biggest strategic headline is Palo Alto Networks’ agreement to acquire Chronosphere, a fast‑growing observability platform built for cloud‑native and Kubernetes environments, in a cash‑and‑stock deal valued at $3.35 billion. ^[16]

What Palo Alto is buying

According to company and media reports:

• Chronosphere generated over $160 million in annual recurring revenue (ARR) as of September 2025. ^[17]
• Palo Alto is paying nearly 21× ARR, a rich multiple that has fueled investor debate. ^[18]
• Management frames the deal as an entry into a roughly $32 billion observability TAM, complementary to its existing SIEM, operations and AI‑driven security offerings. ^[19]

Chronosphere will be integrated with the Cortex AgentiX platform so that Palo Alto’s AI agents can analyze performance telemetry alongside security data, automatically spotting and investigating issues across modern application stacks. ^[20]

M&A strategy: CyberArk + Chronosphere

The Chronosphere deal comes on the heels of Palo Alto’s planned $25 billion acquisition of identity‑security specialist CyberArk, announced in July and approved by CyberArk shareholders last week. Both the CyberArk and Chronosphere transactions are expected to close in the second half of fiscal 2026. ^[21]

Together with earlier deals like Protect AI (around $500 million), these moves signal Palo Alto’s ambition to build an end‑to‑end platform that spans network security, identity, AI security and observability, rather than remaining a pure firewall vendor. ^[22]

For now, though, the premium paid for Chronosphere is weighing on sentiment. Multiple commentaries today note that investors are wrestling with the timing of another large acquisition ahead of CyberArk’s close, and whether such aggressive dealmaking will ultimately deliver the returns management is promising. ^[23]

VPN under fire: 2.3 million attacks against GlobalProtect portals

While investors focus on earnings and M&A, security teams are watching another headline closely: a massive spike in malicious traffic targeting Palo Alto Networks’ GlobalProtect VPN portals.

Threat‑intelligence firm GreyNoise and multiple cybersecurity outlets report that since 14 November 2025, attackers have launched roughly 2.3 million malicious sessions against the /global-protect/login.esp endpoint on PAN‑OS and GlobalProtect systems. Activity surged 40× in just 24 hours, reaching a new 90‑day high. ^[24]

Key details from these reports include:

• Traffic is heavily concentrated in a small number of hosting providers. Around 62% of sessions reportedly originate from AS200373 (3xK Tech GmbH), with another 15% apparently routed through Canadian infrastructure on the same ASN. ^[25]
• Additional volume stems from AS208885, suggesting a coordinated campaign using known infrastructure from prior attacks on Palo Alto devices. ^[26]
• Targets span multiple geographies, with the U.S., Mexico and Pakistan among the most heavily probed countries. ^[27]

Crucially, the activity appears to be brute‑force scanning rather than exploitation of a new zero‑day vulnerability, but GreyNoise notes that in past cases, similar spikes against other VPN vendors preceded public vulnerability disclosures by several weeks. ^[28]

Security advisories covering the surge urge organizations to:

• Patch all recent GlobalProtect and PAN‑OS vulnerabilities
• Restrict management interfaces to trusted internal networks
• Monitor for anomalous login attempts from suspicious ASNs
• Implement rate‑limiting and stronger authentication controls on VPN endpoints ^[29]

For Palo Alto, the episode underlines both the centrality of its infrastructure in enterprise networks and the relentless pressure from attackers on these high‑value access points.

Prisma AIRS 2.0: new AI‑security integrations with IBM, ServiceNow, Glean and Factory

Against this backdrop of heightened attack activity, Palo Alto Networks is doubling down on AI‑driven security.

Today, the company announced a new wave of integrations for its Prisma AIRS 2.0 platform, designed to secure AI agents and generative‑AI workflows in production. According to a press release and partner coverage, Prisma AIRS now offers native, end‑to‑end integrations with: ^[30]

• Factory – securing agent‑native development workflows by inspecting prompts, responses and tool calls so developers can safely embed AI into coding pipelines.
• Glean – adding real‑time protection on top of Glean’s data‑governance controls by scanning AI prompts and LLM responses for potential prompt injection and data leakage.
• IBM watsonx Orchestrate and “Project Bob” – protecting orchestration workflows and AI‑assisted software development, including detection of vulnerable or malicious code generated by AI.
• ServiceNow AI Agent Studio – securing agentic workflows in the ServiceNow AI Platform before agents take action, helping enterprises manage AI risks from design to runtime.

Palo Alto’s EVP of Network & AI Security, Anand Oswal, framed Prisma AIRS as a way to turn security into an “accelerator for innovation” rather than a blocker, enabling organizations to scale AI agents with embedded protections rather than bolted‑on controls. ^[31]

These integrations line up with themes from the company’s recent blog posts and its CIO’s messaging: AI is becoming woven into every part of IT and development, and security has to be designed in from day one. ^[32]

Product and technology roadmap: quantum‑ready firewalls and global expansion

Beyond AI agents and observability, Palo Alto’s latest filings and commentary show a busy product roadmap:

• In August 2025, the company introduced PAN‑OS 12.1 “Orion”, positioning it as a step toward quantum‑ready security for enterprises. ^[33]
• In October 2025, it formally launched Prisma AIRS 2.0, now at the center of today’s AI‑security news. ^[34]
• The company continues to expand globally, with strong double‑digit growth in EMEA and APAC, supported by a sizable HQ campus in Santa Clara and a growing footprint across Europe and Asia. ^[35]

Morningstar today reiterated its view of Palo Alto as a leader across multiple security end‑markets, spanning network, cloud and security operations platforms – a view that aligns with the company’s multi‑year push to become a one‑stop security provider. ^[36]

How the pieces fit together: platform play under scrutiny

Putting today’s news together, a clear narrative emerges:

1. Core business momentum is solid.
   Revenue, ARR and margins are growing at double‑digit rates, with next‑generation security ARR up nearly 30% and RPO up almost a quarter year‑on‑year. ^[37]
2. M&A is reshaping the portfolio.
   CyberArk and Chronosphere push Palo Alto further into identity security and cloud‑native observability, key adjacencies in a world where security increasingly hinges on understanding both who is doing what and how complex distributed systems are behaving. ^[38]
3. AI is both opportunity and risk.
   Prisma AIRS 2.0 and its new integrations show Palo Alto wants to be the default security layer for AI agents, even as AI‑driven attackers pound its own VPN endpoints and the broader ecosystem. ^[39]
4. Valuation leaves no room for complacency.
   With a triple‑digit P/E multiple and a series of large deals on the table, investors are rightly asking whether management can deliver the 40%+ free‑cash‑flow margins by FY 2028 that some analysts expect from its platform strategy. ^[40]

For customers, the takeaways are clear:

• Expect tighter integration between security, observability and identity, especially as Chronosphere and CyberArk fold in.
• Watch Palo Alto’s advisories around GlobalProtect, and ensure VPN deployments are fully patched and locked down.
• If you’re rolling out AI agents, Prisma AIRS is likely to become a central pillar of Palo Alto’s value proposition.

For investors, Palo Alto Networks remains one of the most strategically important companies in cybersecurity, but also one of the more hotly debated given its valuation and M&A cadence. Whether the Chronosphere and CyberArk deals ultimately look brilliant or over‑aggressive will depend on how well management executes on this ambitious platform vision over the next several years.

This article is for informational purposes only and does not constitute investment advice. Always do your own research or consult a licensed financial professional before making investment decisions.

References

1. www.reuters.com, 2. www.investing.com, 3. www.investing.com, 4. m.investing.com, 5. m.investing.com, 6. www.investing.com, 7. www.reuters.com, 8. www.insidermonkey.com, 9. www.investing.com, 10. www.techmarketview.com, 11. www.techmarketview.com, 12. www.tradingview.com, 13. www.insidermonkey.com, 14. www.reuters.com, 15. blockonomi.com, 16. www.reuters.com, 17. www.reuters.com, 18. www.reuters.com, 19. www.investing.com, 20. www.reuters.com, 21. www.reuters.com, 22. www.techzine.eu, 23. blockonomi.com, 24. www.theregister.com, 25. cyberpress.org, 26. www.theregister.com, 27. www.theregister.com, 28. cyberpress.org, 29. cyberpress.org, 30. www.techpartner.news, 31. www.techpartner.news, 32. live.paloaltonetworks.com, 33. www.tradingview.com, 34. www.tradingview.com, 35. www.tradingview.com, 36. www.morningstar.com, 37. www.techmarketview.com, 38. www.reuters.com, 39. cxotoday.com, 40. www.techmarketview.com