April 2022 Cyber Funding & M&A Brief
Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.
At a glance
Get the full April 2022 dataset — every named company, round, investor, and segment.
What April told us
April 2022 made the public-cyber take-private thread structural. Thoma Bravo's $6.90B acquisition of SailPoint was the largest pure-identity take-private the workbook tracks, and the largest Identity-segment M&A event in the data set. In parallel, KKR acquired Barracuda Networks at $4.00B in Email, extending PE-led ownership of email-security infrastructure. The two transactions combined for $10.9B in disclosed M&A inside 30 days — the largest single-month M&A value the workbook has tracked through this point in 2022 — and put the year on a structurally different cyber-M&A footing than 2021's mostly strategic-buyer-led column.
Below SailPoint and Barracuda, M&A breadth ran high. Turn/River Capital acquired Tufin at $570M in GRC, Synopsys picked up WhiteHat Security at $330M in AppSec, and eight further acquisitions cleared at smaller or undisclosed values. The mix — two large PE take-privates plus a mid-cap PE buy in GRC plus a strategic-buyer AppSec tuck-in — is one of the more diverse buyer-cohort distributions the workbook tracks across a single month.
Funding activity ran $1.82B across 30 rounds. SonarSource at $412M growth funding in AppSec was the largest funded round, followed by Critical Start at $215M growth in Detection/Response, Fortress at $125M in Supply Chain, Veza at $110M Series C in Data, and ThreatLocker at $100M Series C in Endpoint. Fourteen of the 30 funding rounds cleared at Seed or Series A, a slightly heavier early-stage skew than March's distribution.
Stage and segment breakdown

| Stage | Count |
|---|---|
| Seed | 6 |
| Series A | 8 |
| Series B | 7 |
| Series C | 5 |
| Growth Funding | 1 |
| Acquisition | 11 |
| Top segments | Transactions |
|---|---|
| Identity | 5 |
| AppSec | 4 |
| Data | 4 |
| Detection/Response | 4 |
| Threat Intel | 3 |
| Endpoint | 2 |
Two deals worth your attention
Thoma Bravo's $6.90B acquisition of SailPoint. Thoma Bravo agreed to take SailPoint private at $6.90B, the largest pure-identity take-private the workbook tracks and the largest Identity-segment M&A event in the data set. The deal reset the comp set for workforce-identity governance — SailPoint had traded publicly since 2017 — and joined Mandiant/Google (March) as a structural marker for the 2022 cyber-M&A column. Inside Identity specifically, the deal sat above Okta's prior $6.50B acquisition of Auth0 in March 2021 by roughly $400M in disclosed value.
KKR's $4.00B acquisition of Barracuda Networks. KKR acquired Barracuda Networks at $4.00B, the largest Email-segment M&A event of 2022 so far and the second large PE deal of April after SailPoint. The transaction transferred Barracuda's email and network security platform from Thoma Bravo (which had owned it since 2018) to KKR — a PE-to-PE secondary at scale rather than a public-to-private exit, but consistent with the year's broader pattern of PE-led consolidation across mid-cap cyber names.
Companies we've covered before
ThreatLocker first appeared in May 2021 with a $20M Series B in Endpoint. The April 2022 $100M Series C is ThreatLocker's second tracked event, same segment classification, and a 5x step-up over the year-prior round.
The other 39 transactions are in the data feed — including the 11 acquisitions whose values never hit the press. Get April's details and more →
Methodology
Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.
Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.
About Pinpoint Search Group
Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.
Get the underlying data
The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.
