You are human visitor number on this page
Language · ภาษา
Services · the new software  ·  Research Note №1 · Memo 100 of 185 ZS  ·  ← Overview
Cybersecurity — Zero-Trust

ZS Zscaler

Zero-trust security platform benefits from AI-driven threat detection and emerging outcome-priced incident response.

Watch Rank 100 · Nasdaq-100 constituent
Last price
$134.68
Market cap
$21.7B
As of
18 April 2026

Live quote sourced from Yahoo Finance. Prices cited in narrative below reflect the original memo date and may be stale.

Scores · adapted framework

Enabler
7 / 10
Autopilot adoption
6 / 10
Disruption risk
4 / 10
Efficiency upside
6 / 10

The Sequoia matrix

Intelligence / Judgment
Intelligence-heavyThreat detection and incident response are AI-driven. Security policy and incident investigation decisions require human judgment.
Copilot posture
StrongAI threat-detection copilot assists security teams; analysts confirm findings and approve remediation.
Autopilot posture
EmergingAutomated threat containment and incident response are emerging; full autonomy is constrained by liability.
Data moat
Very StrongGlobal threat telemetry from Zscaler platform informs detection models. AI models learn attacker patterns and zero-day signatures. Switching cost is high.
Execution layer
ModerateZscaler recommends and automates some threat response; customer security teams retain final accountability.

The memo

State of play · ZS
Trading ~$135 in mid-April 2026. Q1 FY27 (ended Dec 31 2025) revenue $435M (+37% YoY); FY27 guide $2B+ (~30% growth). Fwd P/E ~72x. Zscaler ITDR (identity threat detection and response) launched early 2026; pilot customer adoption rising. Platform consolidation (zero-trust + SASE + identity) is core strategy.

Thesis angle

Zscaler provides zero-trust network security (cloud proxy, SASE - Secure Access Service Edge) and threat detection. Thesis angle: AI-driven threat detection and automated response (incident containment, threat hunting) enable outcome-priced security services (mean-time-to-detect MTTD < X hours, zero-breach guarantees). Zscaler is evolving from tool licensing (security gateway) to outcome pricing (threat-detection and response SLA). AI-driven incident response automation captures security services budgets, not just tool licensing.

The framing

Zscaler is positioned at the intersection of zero-trust adoption (structural multi-year TAM expansion) and AI-driven threat automation (outcome-pricing opportunity). The thesis tension: can Zscaler monetize ITDR and emerging autonomous threat-response capabilities as outcome-priced services, or does it remain a high-growth but tool-licensed zero-trust platform? Zero-trust is a tailwind; outcome pricing is the contested question.

Two forces, opposite directions

Tailwind · Zero-trust adoption is structural; identity threat detection is emergent autopilot

Zero-trust network access (cloud proxy, SASE) is standard in 2026. But identity-based attacks (credential theft, lateral movement, insider threats) are growing 40%+ YoY. Zscaler ITDR (identity threat detection and response) automates identity-based threat triage and containment. Outcome pricing (identity-threat-detection SLA, lateral-movement prevention guarantee) captures identity-operations labor budgets (~$30B+ annual). Platform consolidation (network zero-trust + identity zero-trust) improves stickiness and increases outcome-pricing leverage.

Headwind · Outcome-pricing defensibility is lower for identity than network security
  • Identity attacks are harder to detect (credential misuse vs. network anomaly)
  • ITDR automation is early-stage; human analysts required for complex scenarios
  • Competitors (Microsoft Entra + identity threat detection, Okta Identity governance) are bundling identity protection
  • Outcome guarantees (zero-breach from identity attacks) are hard to enforce (liability)
  • Customers may prefer tool licensing (SIEM + SOAR) to outcome pricing (complexity, SLA unpredictability)
Zscaler ITDR is a real TAM expansion, but outcome-pricing adoption is unproven.

Zscaler's platform consolidation and outcome opportunity

ModuleMarketGrowthOutcome pricingDefensibility
Zero-Trust Network AccessNetwork security ~$100B25%+Tool licensing (emerging MTTD SLA)Strong (high switching cost)
SASE (secure access service edge)Network ops ~$50B30%+Consumption + MTTD SLAModerate (bundled commodity)
ITDR (identity threat detection)Identity ops ~$30B40%+Emerging (early pilots)Moderate (new, unproven)
Platform bundling (zero-trust + SASE + ITDR)Multi-service consolidationTBDTBD (pilots emerging)Moderate (depends on execution)
Zscaler is a high-growth network-security platform adding identity threat detection. Outcome pricing is emerging in network (MTTD SLA pilots), nascent in identity. TAM expansion is real; outcome-pricing defensibility is unproven.

Bull case

ITDR is a real and growing threat category.

Identity-based attacks now exceed network-based attacks in frequency. ITDR market is 10+ years behind EDR (endpoint threat detection); TAM expansion is structural.

Zscaler's network visibility is an advantage for identity threat detection.

Network zero-trust proxy sees all traffic; can detect suspicious identity behavior (login patterns, data exfiltration, lateral movement). Data moat is real; competitors must build identity data equivalents.

Platform consolidation (network + identity) increases stickiness and ACV.

Customers buying bundled zero-trust + SASE + ITDR have higher switching costs. Multi-product lock-in improves retention and pricing power.

Outcome-pricing pilots are ramping.

Zscaler is running MTTD (mean-time-to-detect identity threats) SLA pilots with select customers. Early traction suggests market will pay for identity-threat outcomes.

Bear case

ITDR is early-stage; automation and outcome-pricing defensibility are unproven.

Identity threat detection is harder than network detection. ITDR automation is nascent; human analysts remain critical path. Outcome-pricing adoption (vs. tool licensing) is uncertain.

Competitors are bundling identity threat detection at lower cost.

Microsoft Entra (bundled with Azure and 365), Okta, Cloudflare are all adding identity threat detection. Zscaler's ITDR may be priced out of the market if competitors bundle it for free.

Outcome guarantees (zero-breach from identity attacks) are hard to enforce.

Identity breaches are rare and hard to attribute (insider vs. external attacker). Customers may resist outcome pricing due to liability and SLA unpredictability.

Fwd P/E ~72x assumes ITDR adoption and outcome-pricing upside.

Valuation is contingent on identity-threat outcomes becoming core P&L. If ITDR adoption is slower or outcome pricing does not materialize, multiple compression is sharp.

Sequoia-framework fit

Zscaler is a high-growth zero-trust platform (TAM expansion is real) testing outcome-pricing waters with ITDR (identity threat detection and response). The thesis fit is conditional: if ITDR automates identity-threat response and scales to outcome-based SLAs, Zscaler captures identity-operations labor budgets and shifts to higher-margin outcome pricing. If ITDR remains tool-licensing and outcome pricing stalls, Zscaler is a fast-growing but contested network-security platform. Leading indicators: ITDR customer growth, MTTD SLA pilot adoption rates, and outcome-pricing revenue concentration.

Investor takeaway

Cybersecurity SaaS leader with strong zero-trust positioning; AI-driven outcome services emerging and underestimated.

· · ·
Previous · Xcel Energy (XEL)
↑ Overview
Next · Salesforce Inc. (CRM)