Quarterly Report, Q1 2022: Cyber Security Vendor M&A and Funding News

Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.

At a glance

124 transactions
tracked across cybersecurity vendors in Q1 2022
$5.30B
in disclosed funding capital across 86 funding rounds
46 Seed or Series A rounds
— 53% of funding activity
38 M&A events
, 10 with disclosed prices totaling $7.91B

Get the full Q1 2022 dataset — every named company, round, investor, segment, and acquisition.

Highlights and Analysis

In Q1 2022, our team tracked 124 transactions, including 86 funding rounds and 38 M&A events. Disclosed funding totaled $5.30B, up 38% from the $3.84B recorded in Q1 2021, while round count rose from 67 to 86. The quarter recorded no cyber IPOs, but the M&A column carried structural weight: Google's $5.4B acquisition of Mandiant — the largest hyperscaler-led cyber acquisition the workbook has tracked and the largest Threat Intel transaction in the workbook by a wide margin — anchored disclosed deal dollars alongside a broader strategic-acquirer column running at high volume.

Late-stage capital remained available and at scale. Twelve rounds cleared $100M, led by Securonix's $1B growth round — the largest disclosed cyber funding round of the quarter — followed by 1Password's $620M Series C, eSentire's $325M, BlueVoyant's $250M Series D+, Axonius' $200M Series E, and Pentera's $150M Series C. Below that band, growth-stage activity stayed dense across Cheq ($150M Series C), Salt Security ($140M Series D), Island ($115M Series B), and a long tail of $25–$100M Seed through Series C rounds. Early-stage activity drove a meaningful share of transaction volume, with 46 of the 86 funding rounds at Seed or Series A.

The M&A column included 38 acquisitions, of which 10 disclosed prices totaling $7.91B. Google's $5.4B acquisition of Mandiant and SentinelOne's $616.5M acquisition of Attivo Networks together accounted for the bulk of disclosed M&A capital and signaled two parallel patterns: hyperscaler entry into the cyber-platform column at scale, and pure-cyber platform vendors absorbing adjacent detection-and-deception capabilities.

Total Funding by Month
Total Funding by Month

Funding Overview

The 86 funding rounds tracked in Q1 2022 highlight a market in which late-stage capital remained available at scale while early-stage formation continued at a steady pace.

Capital concentration at the top was pronounced. Twelve rounds cleared $100M: Securonix ($1B), 1Password ($620M), eSentire ($325M), BlueVoyant ($250M), Axonius ($200M), Pentera ($150M), Cheq ($150M), Salt Security ($140M), Island ($115M), Veriff ($100M), Human Security ($100M), and ThriveDX ($100M). Below that band, growth-stage activity stayed steady across Aqua Security ($90M Series E), Lacework follow-on activity, and a long tail of $25–$80M Seed and Series A rounds. The disclosed top three together (Securonix, 1Password, eSentire) accounted for roughly $1.95B — close to 37% of the quarter's disclosed funding.

What stands out in Q1 2022 is where that capital is clustering. A meaningful portion of investment is concentrating around:

This distribution reflects a market in which late-stage capital is concentrating on platforms with clear enterprise traction across detection/response, identity, vulnerability, and application-layer control, while early-stage formation continues to broaden across emerging segments.

Total Funding by Quarter
Total Funding by Quarter

Market & Macro Signals

Several structural dynamics are visible in the Q1 2022 transaction record.

First, hyperscaler-led cyber acquisition reached a new dollar tier. Google's $5.4B acquisition of Mandiant is the largest hyperscaler-led cyber acquisition the workbook has tracked and the largest Threat Intel transaction in the workbook by a wide margin (next is FireEye at $1.2B). The transaction folds threat-intelligence and incident-response capability into Google Cloud's security stack.

Second, late-stage capital ran at scale. Twelve rounds cleared $100M and disclosed funding of $5.30B sits 38% above Q1 2021. The pattern reflects a market in which growth-stage and late-stage venture capital remained actively deployed across category leaders in identity, detection/response, vulnerability management, and workspace-layer security.

Third, strategic tuck-in M&A continued at high volume. Thirty-eight acquisitions cleared the workbook this quarter — the broadest M&A count of any Q1 the workbook tracks. Disclosed prices stayed concentrated in a handful of large transactions (Mandiant, Attivo Networks, Zimperium, Siemplify, Tripwire), while the remaining 28 undisclosed deals included strategic moves by Cloudflare (Area1 Security), Recorded Future (SecurityTrails), Darktrace (Cybersprint), and Radware (SecurityDAM). The pattern signals continued platform-building across email, threat intelligence, vulnerability, and network security.

Finally, undisclosed M&A continued to do significant work. Of the 38 acquisitions, 28 came without disclosed prices, including recognizable strategic moves by Cloudflare, Recorded Future, Darktrace, Radware, Akamai, and several mid-market consolidators. The breadth of acquirer activity signals continued platform-building across email security, threat intelligence, vulnerability, and managed-security delivery.

Q1 2022 Funding Volume by Category
Q1 2022 Funding Volume by Category

M&A Activity & Strategic Movement

Q1 2022 recorded 38 M&A transactions, with strategic activity weighted toward hyperscaler-led cyber consolidation and platform-vendor tuck-ins. The most notable transaction was Google's $5.4B acquisition of Mandiant, the quarter's largest deal and the largest hyperscaler-led cyber acquisition the workbook has tracked.

Additional activity across the quarter reinforces this direction:

Across these transactions, the structural pattern is clear: hyperscaler-led cyber acquisition operated at a materially larger dollar scale than in prior years alongside continued strategic-platform tuck-ins from pure-cyber acquirers. Threat intelligence, identity-threat detection, mobile security, and configuration management were the most active consolidation categories this quarter.

Q1 2022 Top Funded Rounds
Q1 2022 Top Funded Rounds

Looking Ahead

Q1 2022 opens the year with a market in which both funding and M&A operate at high volume, with hyperscaler-led cyber acquisition reaching a materially larger dollar scale as the quarter's structurally distinctive shift.

We expect the following dynamics to continue through 2022:

From a go-to-market perspective, Q1 2022 marks a quarter in which both venture and acquirer activity ran at sustained intensity. Hyperscaler-led cyber acquisition at materially larger scale, continued late-stage capital deployment, and broad strategic-platform tuck-in activity will continue to shape both funding outcomes and competitive positioning across the cybersecurity ecosystem.

The full Q1 2022 dataset — every named company, round, investor, segment, and acquisition — is in the data feed. Get the full Q1 2022 dataset →

Methodology

Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.

Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.

About Pinpoint Search Group

Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.

Get the underlying data

The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.

Subscribe to the data feed

Published 2022-04-10 · last updated 2026-06-25. The narrative and aggregate figures above are free; the full per-deal dataset is available to subscribers.