A $25 billion acquisition, a 43% revenue surge, and coordinated federal guidance issued across five agencies within a single fiscal year have confirmed that Secure Access Service Edge and Zero Trust Architecture are no longer optional security upgrades. They are the load-bearing infrastructure of enterprise network strategy. With the SASE market projected to reach $28.5 billion by 2028 at a 26% CAGR, and the Zero Trust security market expected to grow from $48.84 billion in 2025 to $168 billion by 2033, capital is moving decisively toward vendors that can converge networking and security into a single, cloud-native platform.
Palo Alto Networks Makes Its Largest Bet on Identity-Centric Zero Trust
In July 2025, Palo Alto Networks and CyberArk announced a definitive agreement under which Palo Alto Networks would acquire CyberArk for an equity value of approximately $25 billion, representing a 26% premium to the unaffected 10-day average of CyberArk's daily trading price. The deal is the largest in enterprise cybersecurity in recent memory and positions Palo Alto Networks to integrate identity security as a core pillar of its SASE platform, directly embedding Zero Trust principles at the identity layer for both human users and AI agents.
The strategic logic is straightforward. Zero Trust's fundamental premise, verify every user and device at every connection rather than trusting network location, makes identity the central enforcement point. Palo Alto Networks reported total revenue of $9.22 billion in fiscal 2025, up 15% year over year, while its Next-Generation Security annual recurring revenue reached $5.58 billion, growing 32% year over year. The CyberArk acquisition, pending regulatory approval, extends that platform into privileged access management and machine identity, segments increasingly critical as enterprises deploy autonomous AI systems requiring their own access controls.
Separately, in November 2025, Palo Alto Networks announced a definitive agreement to acquire Chronosphere, a next-generation observability platform, for total consideration of $3.35 billion. The back-to-back acquisitions signal a platformization strategy built on the premise that enterprise security buyers will consolidate vendors, and that SASE providers with the broadest capability surface will capture disproportionate wallet share.
Cato Networks Crosses $350 Million ARR, Outpacing Market Growth
Cato Networks announced in February 2026 that its 2025 annual recurring revenue surpassed $350 million, an increase of 43% year over year, significantly outpacing Gartner's estimated 26% CAGR for the broader SASE market, which Gartner projects will reach $28.5 billion by 2028.
In September 2025, Cato completed its first-ever acquisition, purchasing Aim Security, a specialist in AI security, and extended its Series G financing round with an additional $50 million from Acrew Capital, bringing total Series G funding to $409 million. Aim Security's research team had uncovered the first reported zero-click AI vulnerability in Microsoft 365 Copilot, a finding that underscores how AI application proliferation is creating a new attack surface that existing security architectures were not designed to address.
More than 4,000 enterprises worldwide have now adopted the Cato SASE platform, including Fortune 500 and Forbes Global 2000 companies. Cato's cloud-native architecture, built from the ground up rather than assembled through legacy appliance integration, has become a competitive differentiator as enterprises demand platforms capable of securing both traditional distributed workforces and emerging AI workloads simultaneously.
The Federal Mandate Is Accelerating Private-Sector Adoption
Regulatory pressure remains one of the most durable demand drivers in this market. The U.S. government's cybersecurity mandates, including the Cybersecurity Executive Order of 2021 and the Federal Zero Trust Strategy of 2022, have required federal agencies and contractors to implement Zero Trust architectures and cloud-native security frameworks. Public sector investments in SASE solutions are projected to grow at 21% annually through 2030.
In 2025, a coalition of five U.S. federal agencies, including the Cybersecurity and Infrastructure Security Agency, the FBI, and the departments of Defense, Energy, and State, issued joint guidance on applying Zero Trust principles to operational technology environments. The guidance addressed a segment that has historically lagged in Zero Trust adoption: industrial control systems, power grids, and critical infrastructure where legacy technology with long operational lifespans cannot be easily replaced. The agencies noted that OT environments interact directly with physical systems, creating safety constraints that make Zero Trust implementation more complex but also more consequential.
The Trump administration's approach to Zero Trust, which officials have described as "Zero Trust 2.0," has shifted emphasis from compliance-based mandates to outcome-based security investments, with federal officials examining where compliance frameworks may be duplicative and prioritizing measurable security outcomes over checkbox adherence. This policy direction is expected to reshape federal procurement patterns, rewarding vendors that can demonstrate measurable risk reduction rather than procedural compliance alone.
Market Structure: Three Vendors Lead, AI Is the Next Battleground
In terms of SASE revenue share, Zscaler, Cisco, and Palo Alto Networks are the current top three, with the third position now contested between Palo Alto Networks and Broadcom following Broadcom's acquisition of VMware. Broadcom inherited VMware's SD-WAN capabilities and Symantec's Security Service Edge assets, creating a combined offering that directly challenges Palo Alto Networks for enterprise accounts.
Cisco and Palo Alto Networks have achieved 34% growth in next-generation security annual recurring revenue to $4.8 billion in fiscal 2025 by folding Zero Trust Network Access into wider SASE portfolios. For Zscaler, which pioneered cloud-delivered Zero Trust, and Netskope, which has built its enterprise base around data protection in cloud application environments, the competitive threat comes from the same direction: larger platform vendors using their installed base to cross-sell integrated SASE capabilities.
The security-as-a-service segment now accounts for 52% of the SASE market in 2025 and is projected to reach $10.4 billion by 2035, as enterprises embed Zero Trust Network Access and cloud-native security controls to replace legacy perimeter models. The perimeter model, built on the assumption that traffic inside a corporate network is trusted, has been rendered structurally obsolete by remote work, multicloud adoption, and the proliferation of SaaS applications.
AI is emerging as the next product differentiation frontier. SASE providers are embedding artificial intelligence and machine learning into security-as-a-service offerings to enable real-time threat detection, predictive analytics, and automated response. Cato's acquisition of Aim Security directly targets this vector: enterprise AI agents accessing applications and data across corporate networks represent a new category of privileged identity that neither legacy VPN nor first-generation ZTNA was designed to manage.
Market Sizing and Growth Trajectory Through 2035
The SASE market exceeded $2.3 billion in 2025 and is expected to grow at a CAGR of 28.9% through 2035, with growth driven by rising adoption of cloud-based SaaS applications across enterprises.
The global Zero Trust security market was valued at $41.85 billion in 2024 and is expected to grow from $48.84 billion in 2025 to $168.01 billion by 2033, at a CAGR of 16.7%.
The Zero Trust Network Access market alone is estimated at $39.58 billion in 2025 and is projected to reach $96.75 billion by 2030, growing at a CAGR of 19.57%. North America holds the largest share at 41%, while Asia-Pacific is positioned for the highest growth rate at a 26.51% CAGR through 2030.
More than 65% of large enterprises are already deploying or planning to deploy SASE solutions by 2026. Small and medium enterprises are moving as well, though at a different pace. SME spending on Zero Trust solutions is expected to grow at a 23.30% CAGR through 2030, as cloud-delivered platforms lower the implementation barrier that historically favored larger organizations with dedicated security teams.
Supply Chain and Vendor Consolidation Implications
The current consolidation wave has direct implications for enterprise procurement. Buyers that selected point-solution vendors for ZTNA, SD-WAN, or CASB now face a market where those vendors are being absorbed into larger platforms or racing to build equivalent breadth themselves. Integration risk, migration timelines, and pricing leverage all shift when a $25 billion deal changes the vendor landscape overnight.
In March 2025, Huawei and Sona of the Netherlands signed a strategic partnership to develop SASE solutions and expand enterprise network security globally. The partnership signals growing non-U.S. vendor activity in a market that has so far been dominated by American firms, and is likely to shape procurement options for enterprises in Europe and Asia-Pacific looking to diversify away from U.S.-headquartered supply chains amid ongoing trade policy uncertainty.
Outlook: The Next 12 to 24 Months
Three forces will shape the SASE and Zero Trust market through 2026 and into 2027.
First, AI agent security will become a product category in its own right. Cato's acquisition of Aim Security and Palo Alto Networks' announced acquisition of CyberArk both target the emerging need to govern machine identities and AI workloads with the same rigor applied to human users. Vendors that cannot address this will face displacement in enterprise accounts running AI at scale.
Second, the OT and industrial sector represents the largest underpenetrated opportunity in Zero Trust. Critical infrastructure operators, energy companies, and manufacturers are under regulatory pressure to implement Zero Trust controls in environments where downtime carries physical consequences. Vendors that develop OT-specific Zero Trust tooling will access a procurement cycle that operates on different timelines and budget structures than enterprise IT.
Third, federal procurement will continue to act as a market signal for private enterprise. The Trump administration's outcome-based reorientation of Zero Trust compliance requirements may slow some federal contract awards in the short term but will accelerate adoption of vendors that can demonstrate measurable security outcomes, a bar that favors mature, integrated platforms over point solutions.
FAQ
What is SASE and how does it relate to Zero Trust Architecture?
SASE, or Secure Access Service Edge, is a cloud-native framework that converges wide-area networking capabilities such as SD-WAN with security services including Zero Trust Network Access, Secure Web Gateway, Cloud Access Security Broker, and Firewall-as-a-Service. Zero Trust Architecture is the underlying security philosophy, requiring that no user or device is trusted by default regardless of network location. SASE is the delivery mechanism through which Zero Trust principles are operationalized at scale for distributed enterprises.
Why is enterprise spending on SASE and Zero Trust accelerating in 2025 and 2026?
Three structural forces are driving acceleration: the normalization of hybrid work and multicloud infrastructure, which broke legacy perimeter-based security models; regulatory mandates from the U.S. federal government requiring Zero Trust implementation across civilian agencies and critical infrastructure; and the rise of AI applications and autonomous agents, which require identity and access controls that older network security architectures cannot provide.
What does the Palo Alto Networks acquisition of CyberArk mean for the market?
The approximately $25 billion deal integrates identity security, specifically privileged access management and machine identity, into Palo Alto Networks' existing SASE and Zero Trust portfolio. It signals that identity has become the primary enforcement layer in Zero Trust architecture, and that the largest cybersecurity vendors believe enterprise buyers will consolidate identity and network security into unified platforms rather than managing them separately.
Which companies are leading the SASE market in 2025?
By revenue share, Zscaler, Cisco, and Palo Alto Networks are the top three SASE vendors globally. Cato Networks, while smaller, reported 43% year-over-year ARR growth in 2025, surpassing $350 million, and is growing significantly faster than the overall market. Netskope remains a major player in the Security Service Edge segment, particularly for enterprises prioritizing cloud data protection.
How will Zero Trust architecture evolve through 2035?
Zero Trust will expand beyond human user authentication to encompass machine identities, AI agents, and IoT devices. Operational technology environments, including industrial control systems and critical infrastructure, will see rising adoption under regulatory pressure. AI-driven threat detection, automated policy enforcement, and predictive analytics will become standard capabilities within SASE platforms, while the market is projected to reach $168 billion for Zero Trust security broadly by 2033.
The enterprise network security market is moving faster than most organizations' procurement cycles. Dimension Market Research provides detailed quantitative analysis, vendor benchmarking, and demand forecasting across the SASE and Zero Trust landscape. Access the full DMR Network Security Market Report for proprietary data on market sizing, competitive positioning, technology adoption rates, and regional growth projections through 2035. Contact the DMR research team for custom intelligence aligned to your specific sector, geography, or technology stack.