Hot on the heels of Google’s eye-popping acquisition of Wiz for a rumored $23 billion valuation, the cybersecurity market is once again making headlines, this time with Zscaler’s announcement that it will acquire Red Canary, a leading Managed Detection and Response firm. While the numbers may be smaller, the strategic implications may prove just as significant.
This is not just another consolidation play in the crowded MSSP and MSP space. It’s something different. For the first time at this scale, a cloud-native firewall vendor is acquiring a services-first cybersecurity company. It reflects a broader shift in a turbulent market, where traditional boundaries between software, platforms and services are collapsing in favor of integrated, outcome-driven solutions.
Who Is Zscaler?
Zscaler, a cloud-native security leader processing over 500 billion transactions daily, serves … More
Zscaler, founded in 2007, built its reputation as a pioneer in secure cloud connectivity. It operates a global security cloud with more than 150 data centers and processes over 500 billion transactions per day. Nearly half of the Fortune 500 relies on Zscaler’s Zero Trust Exchange platform to securely connect users, devices and applications. Its focus has long been on scalable, identity-based access controls and policy enforcement — not services.
Until now.
Who Is Red Canary?
Red Canary, founded in 2013 and based in Denver, has become one of the most respected names in MDR. Its platform offers around-the-clock detection, investigation and response for enterprise customers, helping fill the growing gap in skilled security operations talent. With an estimated $140 million in annual recurring revenue and a reputation for precision threat analytics, Red Canary is a natural bolt-on for a company looking to deliver turnkey threat protection.
Why Did Zscaler Acquire Them?
Zscaler is acquiring Red Canary to accelerate its roadmap for an AI-powered, full-stack Security Operations Center. This includes not just technology, but skilled services, an area where most firewall vendors have historically stayed out.
By combining Red Canary’s MDR capabilities with Zscaler’s deep cloud visibility, the deal promises:
- End-to-end threat detection across users, endpoints, applications and infrastructure
- AI-enhanced automation to reduce mean time to detect and respond
- Deeper integration of identity, behavior and telemetry into Zscaler’s Zero Trust architecture
It’s not just an expansion. It’s a signal that the lines between infrastructure vendors and cybersecurity service providers are vanishing.
Deal Details
The reported deal size is approximately $675 million, split between cash and equity. That places the transaction at roughly 5.7x Red Canary’s $140 million ARR, in line with market expectations for high-growth cybersecurity firms. The deal is expected to close in August 2025, pending regulatory approval.
By comparison, recent MDR acquisitions have either been quiet roll-ups or smaller tuck-ins. This one is different. Zscaler is a publicly traded, platform-first company paying a premium to bring a services company in-house. It sets a precedent.
A Broader Trend
We have already seen early signs of this convergence. SonicWall acquired MDR firm Solutions Granted in late 2023. Fortinet has made moves toward managed SASE offerings. Cisco, Palo Alto Networks, Check Point and others are undoubtedly watching closely.
But Zscaler’s Red Canary deal may be the moment this trend breaks into the mainstream. It challenges the old notion that firewall and network security companies should stay product-focused and leave services to the MSSPs. That barrier is officially gone.
A Compelling Moment?
This is a compelling moment in the evolution of cybersecurity. With AI, cloud and geopolitical risk accelerating enterprise security needs, customers are demanding outcomes not just tools. That means companies like Zscaler will increasingly have to deliver both software and services, seamlessly integrated.
The Zscaler–Red Canary acquisition may be remembered not just for its price tag, but for what it represents: the beginning of a new era where cloud security platforms and service providers are no longer distinct categories. And this may just be the beginning.
