Quarterly Report, Q2 2022: Cyber Security Vendor M&A and Funding News
Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.
At a glance
Get the full Q2 2022 dataset — every named company, round, investor, segment, and acquisition.
Highlights and Analysis
In Q2 2022, our team tracked 125 transactions, including 94 funding rounds and 31 M&A events. Disclosed funding totaled $4.38B, down 14% from the $5.10B recorded in Q2 2021, while round count rose from 79 to 94. Year-to-date funding has reached $9.68B through two quarters, an 8% increase over the same period in 2021. The quarter recorded no cyber IPOs, but the M&A column carried the structural weight: two PE-orchestrated public-cyber take-privates — SailPoint and Barracuda Networks — anchored disclosed deal dollars at a combined $10.9B, the heaviest disclosed-M&A concentration the workbook has recorded since Q4 2021.
Late-stage capital remained selective and modestly distributed. Twelve rounds cleared $100M, led by SonarSource's $412M growth round — the largest disclosed cyber funding round of the quarter — followed by Critical Start's $215M growth, Abnormal Security's $210M Series C, Semperis' $200M Series C, and Pathlock's $200M. Below that band, Mosyle ($196M Series B), Fortress ($125M), Veza ($110M Series C), Teleport ($110M Series C), ThreatLocker ($100M Series C), Nord Security ($100M), and Material Security ($100M Series C) populated the next band. Early-stage activity drove a meaningful share of transaction volume, with 45 of the 94 funding rounds at Seed or Series A.
The M&A column included 31 acquisitions, of which 8 disclosed prices totaling $12.07B — the quarter's structurally distinctive concentration. Thoma Bravo's $6.9B take-private of SailPoint — the largest pure-identity acquisition the workbook has tracked and the largest pure-identity take-private — and KKR's $4B take-private of Barracuda Networks together accounted for roughly 90% of disclosed M&A capital and signaled that PE-orchestrated public-cyber take-privates had moved from a 2021 thread into a sustained 2022 acquirer pattern.

Funding Overview
The 94 funding rounds tracked in Q2 2022 highlight a market in which late-stage capital remained available across a broad set of category leaders while early-stage formation continued at a steady pace.
Capital concentration at the top was even rather than top-heavy. Twelve rounds cleared $100M: SonarSource ($412M), Critical Start ($215M), Abnormal Security ($210M), Semperis ($200M), Pathlock ($200M), Mosyle ($196M), Fortress ($125M), Veza ($110M), Teleport ($110M), ThreatLocker ($100M), Nord Security ($100M), and Material Security ($100M). Below that band, growth-stage activity stayed steady across mid-market rounds and a long tail of $25–$80M Seed and Series A rounds. No single round dominated the quarter's disclosed total.
What stands out in Q2 2022 is where that capital is clustering. A meaningful portion of investment is concentrating around:
- Data security and identity infrastructure, which together led the segment mix with 32 transactions, anchored by Semperis' $200M Series C and Veza's $110M Series C, and reflecting continued enterprise demand across the data-and-identity control plane
- Email security and AppSec, where Abnormal Security's $210M Series C, Material Security's $100M Series C, and SonarSource's $412M growth round — the quarter's largest disclosed round — reinforce that pre-production controls and inbox-layer protection continue to absorb late-stage capital
- Endpoint and workspace security, where Mosyle's $196M Series B and ThreatLocker's $100M Series C signal that workspace-layer endpoint platforms are absorbing meaningful growth-stage capital alongside legacy endpoint vendors
- Detection, response, and managed security, where Critical Start's $215M growth round and a tail of MDR-aligned funding reflect continued enterprise demand for managed-detection-and-response delivery
This distribution reflects a market in which capital is broadening across enterprise-relevant categories — identity, data, AppSec, email, and managed detection — without concentrating on a single category leader.

Market & Macro Signals
Several structural dynamics are visible in the Q2 2022 transaction record.
First, PE-orchestrated public-cyber take-privates reached the disclosed-M&A column at scale. Thoma Bravo's $6.9B take-private of SailPoint and KKR's $4B take-private of Barracuda Networks together totaled $10.9B — more than double the quarter's disclosed funding from venture sources. The combination signals that PE appetite for mature public cyber vendors had moved from a 2021 thread into a sustained 2022 acquirer pattern operating alongside strategic-platform consolidation.
Second, identity reached the top of the M&A column. SailPoint's $6.9B take-private is the largest pure-identity acquisition the workbook has tracked, exceeding Okta's $6.5B acquisition of Auth0 in Q1 2021 by a modest margin and standing as the largest pure-identity take-private of any year in the workbook. The transaction reset the identity-governance comp set and signaled that PE sponsors viewed mature identity vendors as durable cash-flow platforms.
Third, late-stage capital broadened rather than concentrated. Twelve rounds cleared $100M with no single round dominating the quarter's disclosed total. The pattern reflects investor appetite distributed across a wider set of category leaders than Q1 — identity, data, email, AppSec, endpoint, and managed detection all attracted late-stage capital.
Finally, strategic tuck-in M&A continued at sustained pace. Of the 31 acquisitions, 23 came without disclosed prices, including strategic moves by ReliaQuest (Digital Shadows), Synopsys (WhiteHat Security), Tenable (Bit Discovery), Turn/River Capital (Tufin), and a tail of mid-market consolidators. The breadth of acquirer activity signals continued platform-building across threat intelligence, AppSec, vulnerability, and GRC.

M&A Activity & Strategic Movement
Q2 2022 recorded 31 M&A transactions, with strategic activity concentrated heavily in PE-orchestrated public-cyber take-privates. The most notable transaction was Thoma Bravo's $6.9B take-private of SailPoint, the quarter's largest deal and the largest pure-identity acquisition the workbook has tracked.
Additional activity across the quarter reinforces this direction:
- KKR completed the $4B take-private of Barracuda Networks, returning the email-and-network-security vendor to private ownership and adding a second PE-orchestrated public-cyber take-private to the quarter's column
- Turn/River Capital completed the $570M take-private of Tufin, extending PE-sponsored acquisition into the network-security policy-management tier
- Synopsys acquired WhiteHat Security ($330M), extending its software-integrity platform into dynamic application security testing
- ReliaQuest acquired Digital Shadows ($160M), adding digital risk protection and threat intelligence to its GreyMatter platform
- Tenable, Sabanci, Cloudflare, and Bitdefender each completed targeted acquisitions (Bit Discovery, Radiflow, undisclosed activity, and other mid-market deals) extending platform reach across attack-surface management, OT/ICS, network security, and endpoint
Across these transactions, the structural pattern is clear: PE-orchestrated public-cyber take-privates absorbed the majority of disclosed M&A capital, while strategic-platform acquirers pursued targeted tuck-ins across AppSec, threat intelligence, vulnerability, and network-security policy. Identity, email, and AppSec were the most active consolidation categories.

Looking Ahead
Q2 2022 reinforces the year's emerging shape: PE-orchestrated public-cyber take-privates operate as a sustained acquirer channel alongside strategic-platform consolidation, late-stage capital remains available across a broad set of category leaders, and early-stage formation continues at scale.
We expect the following dynamics to continue through the second half of 2022:
- PE-orchestrated public-cyber take-privates will continue testing the mid-cap cyber cohort, as PE sponsors target mature vendors with durable cash flow and clear platform positioning across identity, network security, and email
- Strategic tuck-in M&A will continue at sustained pace, as platform vendors absorb adjacent capabilities across AppSec, threat intelligence, vulnerability, and managed-security delivery
- Late-stage capital will continue to broaden across category leaders, favoring vendors with demonstrable enterprise traction across identity, data, email, AppSec, and detection/response
From a go-to-market perspective, Q2 2022 marks the quarter in which PE-orchestrated public-cyber take-privates moved from thread to sustained pattern. The interplay between PE-sponsored acquisition of mature public cyber vendors, continued strategic-platform tuck-in activity, and broadly distributed late-stage venture capital will continue to shape both funding outcomes and competitive positioning across the cybersecurity ecosystem.
The full Q2 2022 dataset — every named company, round, investor, segment, and acquisition — is in the data feed. Get the full Q2 2022 dataset →
Methodology
Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.
Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.
About Pinpoint Search Group
Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.
Get the underlying data
The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.
