April 2022 Cyber Funding & M&A Brief

Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.

At a glance

41 transactions
tracked across cybersecurity vendors in April 2022
$1.82B
in disclosed funding capital
30 funding rounds
— of which 14 were Seed or Series A
11 acquisitions — anchored by Thoma Bravo's $6.90B deal for SailPoint

Get the full April 2022 dataset — every named company, round, investor, and segment.

What April told us

April 2022 made the public-cyber take-private thread structural. Thoma Bravo's $6.90B acquisition of SailPoint was the largest pure-identity take-private the workbook tracks, and the largest Identity-segment M&A event in the data set. In parallel, KKR acquired Barracuda Networks at $4.00B in Email, extending PE-led ownership of email-security infrastructure. The two transactions combined for $10.9B in disclosed M&A inside 30 days — the largest single-month M&A value the workbook has tracked through this point in 2022 — and put the year on a structurally different cyber-M&A footing than 2021's mostly strategic-buyer-led column.

Below SailPoint and Barracuda, M&A breadth ran high. Turn/River Capital acquired Tufin at $570M in GRC, Synopsys picked up WhiteHat Security at $330M in AppSec, and eight further acquisitions cleared at smaller or undisclosed values. The mix — two large PE take-privates plus a mid-cap PE buy in GRC plus a strategic-buyer AppSec tuck-in — is one of the more diverse buyer-cohort distributions the workbook tracks across a single month.

Funding activity ran $1.82B across 30 rounds. SonarSource at $412M growth funding in AppSec was the largest funded round, followed by Critical Start at $215M growth in Detection/Response, Fortress at $125M in Supply Chain, Veza at $110M Series C in Data, and ThreatLocker at $100M Series C in Endpoint. Fourteen of the 30 funding rounds cleared at Seed or Series A, a slightly heavier early-stage skew than March's distribution.

Stage and segment breakdown

April 2022 Stage & Segment Breakdown
April 2022 Stage & Segment Breakdown
StageCount
Seed6
Series A8
Series B7
Series C5
Growth Funding1
Acquisition11
Top segmentsTransactions
Identity5
AppSec4
Data4
Detection/Response4
Threat Intel3
Endpoint2

Two deals worth your attention

Thoma Bravo's $6.90B acquisition of SailPoint. Thoma Bravo agreed to take SailPoint private at $6.90B, the largest pure-identity take-private the workbook tracks and the largest Identity-segment M&A event in the data set. The deal reset the comp set for workforce-identity governance — SailPoint had traded publicly since 2017 — and joined Mandiant/Google (March) as a structural marker for the 2022 cyber-M&A column. Inside Identity specifically, the deal sat above Okta's prior $6.50B acquisition of Auth0 in March 2021 by roughly $400M in disclosed value.

KKR's $4.00B acquisition of Barracuda Networks. KKR acquired Barracuda Networks at $4.00B, the largest Email-segment M&A event of 2022 so far and the second large PE deal of April after SailPoint. The transaction transferred Barracuda's email and network security platform from Thoma Bravo (which had owned it since 2018) to KKR — a PE-to-PE secondary at scale rather than a public-to-private exit, but consistent with the year's broader pattern of PE-led consolidation across mid-cap cyber names.

Companies we've covered before

ThreatLocker first appeared in May 2021 with a $20M Series B in Endpoint. The April 2022 $100M Series C is ThreatLocker's second tracked event, same segment classification, and a 5x step-up over the year-prior round.

The other 39 transactions are in the data feed — including the 11 acquisitions whose values never hit the press. Get April's details and more →

Methodology

Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.

Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.

About Pinpoint Search Group

Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.

Get the underlying data

The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.

Subscribe to the data feed

Published 2022-05-05 · last updated 2026-06-25. The narrative and aggregate figures above are free; the full per-deal dataset is available to subscribers.