--- title: "Cybersecurity 13Fs: Palo Alto, CrowdStrike, Fortinet, Zscaler" type: learn slug: cybersecurity-13f-panw-crwd-decoder canonical_url: https://13finsight.com/learn/cybersecurity-13f-panw-crwd-decoder published_at: 2026-05-16T15:37:00.243Z updated_at: 2026-05-16T15:37:07.185Z author: Sarah Mitchell author_title: Education Editor author_url: https://13finsight.com/authors/sarah-mitchell word_count: 683 locale: en source: 13F Insight --- # Cybersecurity 13Fs: Palo Alto, CrowdStrike, Fortinet, Zscaler > Palo Alto Networks, CrowdStrike, Fortinet, Zscaler, SentinelOne, plus CyberArk and Tenable anchor US cybersecurity 13F positioning. Multi-year emerging platform consolidation, AI-driven threat detection, plus emerging emerging CrowdStrike July 2024 outage drive distinctive institutional patterns. US cybersecurity equities form a distinctive software corner of institutional 13F positioning. Palo Alto Networks (PANW), CrowdStrike Holdings (CRWD), Fortinet (FTNT), Zscaler (ZS), SentinelOne (S), CyberArk Software (CYBR), plus Tenable Holdings (TENB) anchor the cohort. Multi-year emerging platform consolidation, AI-driven threat detection, plus emerging emerging CrowdStrike July 2024 outage dynamics drive distinctive institutional positioning. Reading cybersecurity 13F positioning requires understanding the platform-vs-point-solution framework plus the multi-year category dynamics.The cybersecurity business modelCybersecurity companies operate four primary economic engines:Platform consolidation. Multi-year emerging platform consolidation drives operator economics. Multi-year emerging customer preference for integrated security platforms (Palo Alto Networks Cortex XSIAM, CrowdStrike Falcon, Fortinet Security Fabric, Microsoft Security) plus emerging emerging point-solution displacement drives platform vendor share gain. Multi-year emerging emerging mega-deal customers spending $1M-$10M+ annually drive emerging emerging platform vendor revenue concentration.AI-driven threat detection. Multi-year emerging AI-driven threat detection drives multi-year emerging operator differentiation. Multi-year emerging CrowdStrike Charlotte AI plus emerging emerging Microsoft Security Copilot plus emerging emerging Palo Alto Cortex AI plus emerging emerging Fortinet AI plus emerging emerging SentinelOne Purple AI drive emerging emerging customer ROI. Multi-year emerging emerging emerging emerging emerging AI-driven incident response plus emerging emerging emerging emerging emerging emerging AI threat hunting drive operator value proposition.SASE plus zero-trust transition. Multi-year emerging SASE (Secure Access Service Edge) plus emerging emerging zero-trust transition drives multi-year emerging emerging architectural shift. Multi-year emerging Zscaler ZIA plus ZPA plus emerging emerging Palo Alto Prisma plus emerging emerging emerging Cisco Umbrella plus emerging emerging Cloudflare drive emerging emerging emerging SASE category emergence. Multi-year emerging emerging zero-trust network access (ZTNA) replaces emerging emerging VPN drives multi-year emerging emerging operator competitive dynamics.CrowdStrike July 2024 outage emerging. Multi-year emerging CrowdStrike July 19 2024 global outage (faulty Falcon sensor update affected 8.5M Windows devices including airlines, hospitals, banks, broadcasters) drives multi-year emerging emerging customer trust dynamics. Multi-year emerging operational response plus emerging emerging customer retention plus emerging emerging emerging emerging emerging share dynamics. Multi-year emerging emerging emerging emerging emerging emerging emerging emerging emerging emerging legal liability plus emerging emerging emerging emerging emerging emerging customer settlement (Delta Air Lines $500M lawsuit) drive emerging emerging emerging emerging emerging operational trajectory.Major US cybersecurity namesPalo Alto Networks (PANW)Largest US cybersecurity platform vendor plus emerging emerging Strata firewall plus emerging emerging Prisma SASE-zero-trust plus emerging emerging Cortex XDR-XSIAM. Multi-year emerging operational scaling plus emerging emerging Nikesh Arora CEO leadership.CrowdStrike Holdings (CRWD)Diversified Falcon endpoint detection plus emerging emerging Falcon SIEM (post-Humio acquisition) plus emerging emerging Falcon Cloud plus emerging emerging Falcon Identity. Multi-year emerging operational scaling plus emerging emerging George Kurtz founder-CEO leadership plus emerging emerging July 2024 outage recovery.Fortinet (FTNT)Diversified Fortinet network security plus emerging emerging emerging Lacework cloud security acquisition (2024) plus emerging emerging FortiGate firewall plus emerging emerging FortiOS. Multi-year emerging operational scaling.Zscaler (ZS)Pure-play cloud SASE-zero-trust plus emerging emerging ZIA Secure Web Gateway plus emerging emerging ZPA Zero Trust Network Access plus emerging emerging Zscaler Posture Control. Multi-year emerging operational scaling.SentinelOne (S)Diversified Singularity XDR plus emerging emerging Purple AI plus emerging emerging Singularity Cloud. Multi-year emerging operational scaling plus emerging emerging Tomer Weingarten founder-CEO leadership plus emerging emerging share gain post-CrowdStrike outage.CyberArk Software (CYBR)Diversified Privileged Access Management (PAM) plus emerging emerging Identity Security plus emerging emerging Venafi machine identity acquisition (closed 2024). Multi-year emerging operational scaling.Tenable Holdings (TENB)Diversified vulnerability management plus emerging emerging Tenable.io plus emerging emerging Tenable Cloud Security plus emerging emerging Tenable OT Security. Multi-year emerging operational scaling plus emerging emerging Permiso acquisition (2024).How institutional managers position around cybersecurityThree patterns appear across smart-money 13Fs:Pattern 1: Platform-leadership concentrationPANW, FTNT-concentrated growth manager positions reflect platform consolidation thesis.Pattern 2: SASE-zero-trust positioningZS-concentrated growth manager positions reflect SASE-zero-trust transition thesis.Pattern 3: Identity-security positioningCYBR-concentrated growth manager positions reflect identity security thesis.How to read cybersecurity 13F positioningThree rules apply:Rule 1: Identify category exposureEndpoint vs network vs SASE vs identity have distinct dynamics.Rule 2: Watch ARR growthMulti-year annual recurring revenue drives operator economics.Rule 3: Cross-check competitive dynamicsMulti-year platform consolidation drives share dynamics.What cybersecurity positioning signalsPlatform-leadership conviction. Concentrated PANW positions signal platform consolidation thesis.SASE conviction. Concentrated ZS positions signal SASE-zero-trust thesis.Identity conviction. Concentrated CYBR positions signal identity security thesis.For real-time tracking of cybersecurity 13F activity, see the institutional signals feed. ## FAQ ### What are the major US cybersecurity companies? Seven major US cybersecurity: (1) Palo Alto Networks (PANW) — largest platform vendor; (2) CrowdStrike Holdings (CRWD) — Falcon endpoint; (3) Fortinet (FTNT) — network security; (4) Zscaler (ZS) — pure-play cloud SASE; (5) SentinelOne (S) — Singularity XDR; (6) CyberArk Software (CYBR) — Privileged Access Management; (7) Tenable Holdings (TENB) — vulnerability management. Plus Microsoft Security. ### How does cybersecurity platform consolidation work? Multi-year platform consolidation drives operator economics. Customer preference for integrated security platforms (Palo Alto Networks Cortex XSIAM, CrowdStrike Falcon, Fortinet Security Fabric, Microsoft Security) plus point-solution displacement drives platform vendor share gain. Multi-year mega-deal customers spending $1M-$10M+ annually drive platform vendor revenue concentration. Reading platform vendor ARR drives institutional positioning. ### What was the CrowdStrike July 2024 outage? CrowdStrike experienced July 19 2024 global outage when faulty Falcon sensor update affected 8.5M Windows devices including airlines, hospitals, banks, broadcasters. Multi-year emerging operational response plus customer retention plus share dynamics. Multi-year emerging legal liability plus customer settlement (Delta Air Lines $500M lawsuit). Multi-year emerging SentinelOne plus Microsoft plus emerging Sophos share gain following outage. Reading recovery drives positioning. ### What is SASE plus zero-trust transition? SASE (Secure Access Service Edge) plus zero-trust transition drives multi-year architectural shift. Zscaler ZIA plus ZPA plus Palo Alto Prisma plus Cisco Umbrella plus Cloudflare drive SASE category emergence. Zero-trust network access (ZTNA) replaces VPN driving operator competitive dynamics. Multi-year cloud-first plus emerging hybrid work plus emerging SaaS adoption drives multi-year SASE adoption. Reading SASE share drives positioning. ### How does AI-driven threat detection work? Multi-year AI-driven threat detection drives operator differentiation. CrowdStrike Charlotte AI plus Microsoft Security Copilot plus Palo Alto Cortex AI plus Fortinet AI plus SentinelOne Purple AI drive customer ROI. Multi-year AI-driven incident response plus AI threat hunting drive operator value proposition. Multi-year emerging generative AI security agents plus emerging AI-driven security operations drive multi-year emerging operator positioning. ### What signals cybersecurity cycle inflections? Four signals: (1) ARR growth plus emerging emerging net new ARR dynamics; (2) platform vs point-solution share dynamics; (3) AI-driven threat detection plus emerging customer adoption; (4) M&A activity (Cisco-Splunk, Palo Alto IBM QRadar, Fortinet-Lacework, CyberArk-Venafi). Concentrated 13F changes around these signals reveal manager cycle reading. --- Source: 13F Insight — https://13finsight.com/learn/cybersecurity-13f-panw-crwd-decoder Author: Sarah Mitchell — https://13finsight.com/authors/sarah-mitchell Last updated: 2026-05-16T15:37:07.185Z