What are the major US cybersecurity companies?

Five major US-listed cybersecurity companies: (1) CrowdStrike (CRWD) — cloud-native EDR/XDR platform leader; (2) Palo Alto Networks (PANW) — diversified network security plus cloud security plus security operations; (3) Fortinet (FTNT) — network security plus security fabric with proprietary ASIC; (4) Zscaler (ZS) — cloud-native zero trust networking; (5) Cloudflare (NET) — edge cloud platform plus security services.

What is cybersecurity platform consolidation?

Enterprise customers consolidating from multiple point-solution vendors (separate endpoint, network, identity, cloud security vendors) to integrated platforms drives platform-vendor revenue growth. Palo Alto Networks pursues explicit platform consolidation strategy. CrowdStrike expands from endpoint to XDR platform. Multi-year consolidation cycles produce dramatic operator-specific dynamics as customers select primary platform vendor for multi-year commitments.

How does AI affect cybersecurity competitive positioning?

AI integration into threat detection reshapes competitive positioning. Vendors with strong AI capabilities (machine learning models, behavioral analytics, automated response) capture share from legacy signature-based competitors. CrowdStrike's Falcon platform uses AI extensively; Palo Alto's Cortex platform integrates AI for security operations. Multi-year AI capability evolution drives competitive dynamics. Reading AI integration roadmap reveals long-cycle thesis.

How did CrowdStrike's 2024 outage affect positioning?

CrowdStrike's July 2024 Falcon sensor update caused widespread Windows outages affecting airlines, hospitals, banks globally. The incident caused near-term customer concern, financial settlements, and competitive opportunity for Palo Alto, SentinelOne. Multi-year reputation recovery plus customer retention dynamics drove institutional positioning. Reading post-outage retention disclosure plus competitive share data reveals recovery trajectory.

What is zero trust networking?

Zero trust networking assumes no implicit trust within network perimeters — every connection requires explicit authentication and authorization. Zscaler operates cloud-native zero trust networking through Zero Trust Exchange platform routing all traffic through cloud security inspection. Multi-year enterprise zero trust adoption replaces traditional VPN and perimeter-based security approaches. Concentrated growth manager ZS positions reflect zero trust adoption thesis.

What signals cybersecurity cycle inflections?

Four signals: (1) major security incidents driving accelerated enterprise spending; (2) net retention disclosure showing customer expansion versus churn; (3) AI integration milestones revealing competitive differentiation; (4) platform consolidation announcements showing customer multi-vendor reduction strategies. Concentrated 13F changes around these signals reveal manager cycle reading. Cybersecurity cycle inflections often lead broader enterprise software positioning.

Learn

Cybersecurity 13Fs: CrowdStrike, Palo Alto, Fortinet, Zscaler

CrowdStrike, Palo Alto Networks, Fortinet, Zscaler, and Cloudflare anchor US cybersecurity 13F positioning. Platform consolidation cycles, AI-driven threat detection, SaaS subscription economics, and enterprise security spending drive distinctive institutional patterns.

By Sarah Mitchell, Education Editor

PublishedMay 15, 2026UpdatedMay 15, 2026

US cybersecurity equities form a high-growth platform corner of institutional 13F positioning. CrowdStrike Holdings, Palo Alto Networks, Fortinet, Zscaler (ZS), and Cloudflare (NET) anchor the cohort. Multi-year platform consolidation cycles, AI-driven threat detection capabilities, SaaS subscription economics, and enterprise security spending dynamics drive distinctive institutional patterns. Reading cybersecurity 13F positioning requires understanding the platform-consolidation framework plus the multi-year AI-and-subscription cycle dynamics.

The cybersecurity business model

Cybersecurity faces four primary economic drivers:

Platform consolidation cycles. Enterprise customers consolidating from multiple point-solution vendors to integrated platforms drives platform-vendor revenue growth. Multi-year consolidation cycles produce dramatic operator-specific dynamics.
AI-driven threat detection. AI integration into threat detection capabilities reshapes competitive positioning. Vendors with strong AI capabilities capture share from legacy signature-based competitors.
SaaS subscription economics. Multi-year recurring subscription contracts produce predictable recurring revenue plus high gross margins.
Enterprise security spending cycles. Multi-year enterprise IT security budgets drive baseline demand. Major incidents (SolarWinds, Colonial Pipeline, MGM) accelerate spending cycles.

Major US cybersecurity names

CrowdStrike Holdings (CRWD)

Cloud-native endpoint detection-and-response (EDR) plus extended detection-and-response (XDR) platform leader. Multi-year platform expansion plus 2024 July outage recovery cycle.

Palo Alto Networks (PANW)

Diversified across network security, cloud security, and security operations. Multi-year platform consolidation strategy plus AI-driven Cortex platform.

Fortinet (FTNT)

Network security plus security fabric platform. Distinctive proprietary ASIC technology plus integrated platform approach.

Zscaler (ZS)

Cloud-native zero trust networking. Multi-year operational scaling plus enterprise customer expansion.

Cloudflare (NET)

Edge cloud platform plus security services. Multi-segment exposure (CDN, security, workers compute) distinct from pure-play cybersecurity.

How institutional managers position around cybersecurity

Three patterns:

Pattern 1: Platform-consolidation concentration

PANW-concentrated growth manager positions reflect platform consolidation strategy thesis.

Pattern 2: AI-integration positioning

CRWD-concentrated growth manager positions reflect AI-driven endpoint detection thesis.

Pattern 3: Zero-trust positioning

ZS-concentrated growth manager positions reflect zero trust networking thesis.

How to read cybersecurity 13F positioning

Three rules:

Rule 1: Identify platform-vs-point-solution exposure

Integrated platform vendors capture consolidation revenue.

Rule 2: Watch net retention disclosure

Quarterly net retention rates reveal customer expansion plus churn dynamics.

Rule 3: Cross-check AI integration roadmap

AI capability differentiation drives multi-year competitive positioning.

What cybersecurity positioning signals

Platform-consolidation conviction. Concentrated PANW positions signal platform consolidation thesis.
AI-integration conviction. Concentrated CRWD positions signal AI threat detection thesis.
Zero-trust conviction. Concentrated ZS positions signal zero trust networking thesis.

For real-time tracking of cybersecurity 13F activity, see the institutional signals feed.

Sarah MitchellEducation Editor

Investment Education Editor at 13F Insight. Breaks down complex institutional data into actionable insights for individual investors.