Network Security & Firewall Software Valuations: Q2 2026
Network security and firewall software valuations in Q2 2026 turn on platform consolidation and an agentic AI access wave: Palo Alto's $25B CyberArk close and Google's $32B Wiz acquisition anchor the top of the table, while the broad public cohort settles near 11x EV/Revenue. Edge-cloud and SASE leaders trade at 14x to 28x revenue, mature NGFW incumbents anchor on roughly 14x EBITDA, and pure-play NDR vendors face XDR encroachment. Zscaler's reported Rule of 40 score of 78 sets the live cohort benchmark; the Rule of 50 has become the new top-decile bar.
- Sector
- Cybersecurity
- Focus
- Valuations
- Published
- May 27, 2026
- Length
- 33 slides
- Reading time
- 10 minutes
Slide deck
33-slide deck. Desktop readers can page through the embedded viewer below. Mobile readers can open the direct PDF link.
Open slide deck PDF Key findings
- Google's $32B acquisition of Wiz and Palo Alto Networks' $25B acquisition of CyberArk, which closed 11 February 2026, anchor the top of the network security M&A table and were priced at 30% to 100% premiums above the cohort.
- Cybersecurity M&A deal value reached $47B in Q1 2026 alone, against a backdrop of approximately $3.7T in global private equity dry powder seeking deployment.
- The broad public network security cohort benchmark has settled near 11x EV/Revenue in Q2 2026, with edge-cloud and SASE leaders ranging from 22x to 28x and legacy on-prem appliances compressing to 3.5x to 5.5x.
- Zscaler posted a reported Rule of 40 score of 78 in its most recent quarter, setting the live cohort benchmark; the Rule of 50 has become the new top-decile bar, earning 50% to 100% premiums over the median.
- Gartner expects 70% of SD-WAN purchases to ride a single-vendor SASE platform by 2028, up from 25% in 2025, underpinning the SASE subsegment's strengthening EV/Revenue range of 14x to 18x.
- Pure-play NDR vendors are compressing toward 5x to 9x EV/Revenue as Microsoft, CrowdStrike, Palo Alto Networks, and Fortinet capture the bulk of new detection spend through platform-integrated XDR.
- Fortinet and Check Point are valued at a median of approximately 14x EV/EBITDA, while the top four NGFW vendors collectively hold about 70% of global NGFW shipments.
- North America attracted approximately 64% of 2025 global cybersecurity venture investment, commanding an innovation premium, while Israel absorbed about 12% of global cyber funding as a disproportionate R&D engine.
- The Federal Reserve held its policy rate at 3.50% to 3.75% at its April 2026 meeting, the third consecutive hold, with an 8-to-4 dissent representing the widest FOMC split since October 1992.
- Best-in-class platform vendors run net revenue retention above 120% and platform attach in the three-to-five-module range, with each ten-point gain in the Rule of 40 score worth roughly an additional turn of revenue multiple.
Methodology
This report synthesises data from PitchBook's Q1 2026 Enterprise SaaS and Cybersecurity Comp Sheet and Cybersecurity IPO Watchlist, S&P Global Market Intelligence cybersecurity sponsor and dry-powder analyses, CB Insights State of Cybersecurity 2025, Crunchbase Cybersecurity Startup Investment Year-End Review, Gartner's Magic Quadrant for SASE Platforms 2026, McKinsey Global Private Markets Report 2026 and 2026 M&A Trends, Bain & Company Global Private Equity Report 2026, Goldman Sachs 2026 Global M&A Outlook, KPMG Pulse of Fintech and Cyber, EY M&A Outlook 2026, Federal Reserve FOMC statements and the March 2026 Summary of Economic Projections, and Palo Alto Networks' SEC Form 8-K for the CyberArk acquisition close. Windsor Drake applied its proprietary valuation framework to calibrate subsegment multiple ranges, Rule of 40 tier benchmarks, and the methodology matrix against those third-party sources.
Frequently asked questions
What multiples are network security and firewall software companies trading at in Q2 2026?
The broad public cohort benchmarks near 11x EV/Revenue in Q2 2026, but the spread is the widest Windsor Drake has tracked. Edge-cloud leaders trade at 22x to 28x, SASE hyper-growth platforms at 14x to 18x, SSE/ZTNA at 11x to 15x, mature NGFW incumbents at roughly 14x EV/EBITDA, and legacy on-prem appliances at just 3.5x to 5.5x EV/Revenue.
How are network security companies valued in 2026?
Valuation in 2026 is built on a multi-factor model centred on the Rule of 40—now migrating to a Rule of 50 for top-decile names—net revenue retention above 120%, platform attach of three to five modules, and a demonstrably AI-native architecture. A credible path to 25%+ free cash flow margin within 12 to 18 months is required for any asset valued above 10x revenue. Zscaler's reported Rule of 40 score of 78 sets the live cohort benchmark.
What is driving network security valuations higher or lower this quarter?
Expansion drivers include AI security demand, platform consolidation exemplified by Palo Alto's $25B CyberArk deal and Google's $32B Wiz acquisition, and zero-trust mandates re-rating ZTNA and SSE assets. Compression drivers include the Q1 2026 software-wide re-rating that pulled the cohort median roughly 2x lower, XDR encroachment on NDR pure-plays, and macro and tariff risks adding cross-border deal friction.
Which valuation metric should apply to a network security or firewall software company?
EV/Revenue suits high-growth, subscription-led platforms such as SASE, SSE, ZTNA, and identity security, with the essential adjustment for subscription mix. EV/EBITDA fits mature or appliance-heavy businesses like Fortinet and Check Point, which trade at a median of about 14x. EV/ARR applies in the private market for subscription-led assets with NRR above 120%, while strategic premiums of 30% to 100% above the cohort attached to both the Wiz and CyberArk transactions.
Who is buying network security companies right now, and what premiums are they paying?
Strategic acquirers dominate, led by Palo Alto Networks ($25B for CyberArk, closed 11 February 2026) and Google ($32B for Wiz). Cybersecurity M&A deal value reached $47B in Q1 2026 alone. Both headline transactions were priced on platform-synergy underwriting at premiums of 30% to 100% above the public cohort, rather than on standard peer-screen math.
How long does a network security M&A or IPO process take in 2026?
A full process runs 12 to 18 months end to end. Cross-border deals take 30% to 50% longer to clear than domestic transactions, particularly given current CFIUS scrutiny, EU FDI rules, and Israeli export controls. Windsor Drake advises founders who intend to engage while today's platform-consolidation cycle and reopened capital markets align to begin preparation now.
What Rule of 40 score do network security companies need to achieve premium valuations in 2026?
A Rule of 40 score of 40 to 50 earns a healthy premium at 9x to 13x EV/Revenue, but the top decile now demands a Rule of 50 or above, yielding 13x and above and a 50% to 100% premium over the median. Zscaler's reported score of 78, on roughly 26% revenue growth and approximately 27% free cash flow margin, is the live benchmark. Each ten-point gain in the score is worth roughly an additional turn of revenue multiple across the public cohort.
Companies covered
Public and private companies referenced in this report.