Zscaler (NASDAQ:ZS) has taken another strategic leap in its quest to dominate the modern cybersecurity landscape. On May 27, 2025, the cloud security giant announced a definitive agreement to acquire Red Canary, a recognized leader in Managed Detection and Response (MDR). The acquisition, expected to close in August 2025, builds on Zscaler’s 2024 purchase of Avalor and signals a deeper push into building an AI-driven, agentic Security Operations Center (SOC). Red Canary, which had an annual recurring revenue (ARR) of $140 million as of January 2025, brings over a decade of MDR experience and is known for its high-fidelity threat detection capabilities, behavioral analytics, and remediation workflows. Zscaler plans to integrate Red Canary’s MDR expertise with its Zero Trust Exchange platform and massive proprietary data lake, which processes over 500 billion transactions daily. Let us dive deeper into this move by Zscaler and find out how it enhances Zscaler’s ability to address modern SOC pain points.
Accelerating The AI-Powered SOC Vision With Agentic Capabilities
Zscaler’s acquisition of Red Canary directly supports its ambition to build an AI-powered SOC by fusing its massive high-fidelity data lake with Red Canary’s proven agentic AI workflow capabilities. Red Canary had already built and deployed sophisticated reasoning engines and agentic automation to support real-world SOC environments. These capabilities, when layered on top of Zscaler’s 500 billion daily transactions and 20 petabytes of data processed per day, form a powerful threat detection engine that can automate triage, investigation, and remediation with increased accuracy. Furthermore, Zscaler had already laid the groundwork for SOC expansion with its earlier acquisition of Avalor, a security data fabric provider. By integrating Red Canary’s real-time behavioral analytics with Avalor’s contextual synthesis of logs, Zscaler can generate enriched threat narratives that security teams can act on faster. This makes its SOC offering more competitive against legacy vendors relying on fragmented or siloed toolsets. Red Canary’s Agentic AI workflows also support real-time decision trees and response automation, meaning that Zscaler customers may see reduced mean time to respond (MTTR) for advanced threats. In addition, the company highlighted that it will retain about half of Red Canary’s $140 million ARR, focusing only on segments aligned with its core strategy. The synergy between Zscaler’s Zero Trust Exchange and Red Canary’s AI-first SOC operations creates a vertically integrated security stack—from detection to policy enforcement—positioning Zscaler as a unified security platform that can compete more effectively in high-value enterprise accounts.
Deepening Managed Detection & Response Coverage Across Endpoints and Cloud
Red Canary brings a decade-long legacy in MDR, recognized by Forrester as a leader in its Wave report for three consecutive years and regularly featured in Gartner’s MDR market guides. Its solutions span endpoints, identities, network, and cloud workloads, all of which are central to Zscaler’s Zero Trust strategy. The acquisition strengthens Zscaler’s ability to monitor, detect, and respond to threats not just across users and workloads, but at the infrastructure level across all major public cloud providers—AWS, Azure, and Google Cloud—where Red Canary expanded coverage in March 2024. This expansion allows Zscaler to offer 24/7 monitoring across hybrid environments with a unified control plane. One of the challenges in modern security operations has been the disjointed handling of endpoint telemetry and cloud-based data, often leading to missed threat correlations and delayed incident response. Red Canary helps bridge that gap by offering MDR that is tuned to behavioral analytics and enriched through global threat intelligence, while Zscaler offers the enforcement layer and data context to make that intelligence actionable. The integration offers significant value to security teams that currently juggle multiple vendors for endpoint detection, workload monitoring, and network policy enforcement. Red Canary’s detection engineering team and its existing MDR partner ecosystem can now tap into Zscaler’s global visibility and data fidelity, enriching both detection accuracy and response time. For Zscaler, this integration not only increases the value proposition of its platform but also provides upsell potential into new customer segments that require full-stack SOC-as-a-service capabilities.
Enabling Seamless Go-To-Market Expansion In SOC With An Established MDR Sales Team
The Red Canary acquisition also strengthens Zscaler’s go-to-market capabilities, particularly in selling security operations solutions. As Zscaler broadens its product portfolio—introducing newer modules like Risk360, unified vulnerability management, identity threat detection, and AI protection—the company faces the challenge of educating customers and accelerating sales cycles in a complex cybersecurity landscape. Red Canary brings with it an experienced MDR sales force that has already built relationships with security buyers and incident response teams. Zscaler has been developing a two-tier sales model where the core salesforce focuses on full-suite Zero Trust deployments while specialist teams handle new and complex security modules. Red Canary’s team can be absorbed into this specialist layer, accelerating Zscaler’s penetration into SOC teams and helping upsell modules like GenAI data protection, micro-segmentation, and managed threat hunting. The Z-Flex program—a flexible purchasing model launched in Q3 FY25—has already seen strong traction, with over $65 million in TCV bookings within a single quarter. By combining this procurement flexibility with Red Canary’s consultative MDR sales approach, Zscaler can build stronger, longer-term relationships with enterprise buyers. Deals are also becoming longer in duration—moving from three-year commitments to four- and five-year agreements—which gives Zscaler more room to expand account value over time. This go-to-market alignment, backed by a seasoned MDR salesforce, will allow Zscaler to compete against platform vendors that have already established SOC presence but lack integrated threat intelligence and enforcement layers.
Creating A Closed-Loop Feedback System For Threat Detection & Policy Enforcement
One of the most important benefits of the Red Canary acquisition is the creation of a closed-loop feedback system between detection, response, and policy enforcement. Traditionally, threat detection tools generate alerts that must be manually investigated and translated into new policy rules across network and cloud environments. Zscaler’s platform—already sitting in-line for over 50 million users and processing over 100 trillion annual transactions—has enforcement capabilities built into its Zero Trust Exchange. When paired with Red Canary’s MDR engine and detection telemetry, Zscaler can automate the feedback loop: threats detected by Red Canary can now directly trigger Zscaler policies without requiring third-party orchestration. For example, a malicious endpoint behavior flagged by Red Canary could automatically trigger Zscaler to restrict lateral movement or cut off access to sensitive apps, without human intervention. This integration creates a real-time, policy-enforced response mechanism that reduces the operational burden on security teams and minimizes the time between detection and mitigation. Furthermore, with Avalor’s data fabric acting as the connective tissue between Zscaler’s enforcement engine and Red Canary’s detection layer, enterprises gain a unified visibility and response system. The combination enables granular visibility, context-aware responses, and scalable playbook execution across the entire digital estate. This feedback loop not only improves security outcomes but also reduces the risk of alert fatigue, compliance gaps, and tool sprawl. For Zscaler, it enhances platform stickiness and customer loyalty, especially among enterprise and government accounts that demand tightly integrated and automated security stacks.
Final Thoughts
Source: Yahoo Finance
Zscaler’s stock has witnessed a massive spike after a robust set of earnings and the acquisition of Red Canary is expected to add to the investor optimism around the company. However, Zscaler happens to be one of the most expensive cybersecurity companies today with an LTM EV/ Revenue multiple as high as 17.45x despite having a negative EBITDA. This is definitely a point that should deter investors away despite the upside from Red Canary. We also feel that while the acquisition opens up new revenue streams and strengthens product-market fit, execution risks remain—particularly in integration, customer retention from Red Canary’s legacy segments, and competitive pressures in the crowded SOC space. Overall, we believe that investors should weigh the strategic gains from Red Canary against the high valuation multiples of Zscaler, the margin impact of the transaction, and operational complexities before making any investment decisions in the stock.
