Quarterly Report, Q2 2024: Cyber Security Vendor M&A and Funding News
Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.
At a glance
Get the full Q2 2024 dataset — every named company, round, investor, segment, and acquisition.
Highlights and Analysis
In Q2 2024, our team tracked 121 transactions, including 99 funding rounds, 21 M&A events, and 1 IPO. Disclosed funding totaled $3.36B, a 71% increase over the $1.96B recorded in Q2 2023, while round count remained broadly steady (99 vs. 97). Year-to-date funding has reached $5.66B through two quarters, a 17% increase over the same period in 2023.
The quarter's defining transaction sat in the M&A column. Thoma Bravo's $5.3B take-private of Darktrace is the largest disclosed cyber take-private of 2024 so far and one of the largest PE-led cyber transactions the workbook has tracked. Alongside it, Hg's $3B take-private of AuditBoard and CyberArk's $1.54B acquisition of Venafi form a disclosed-M&A top tier exceeding $9.8B — the heaviest concentration of disclosed M&A dollars in any quarter since Q3 2023. Even as PE took names private, the sector returned to the public markets: Rubrik's April IPO was the first cyber-vendor listing the workbook tracked since the 2021 wave, ending a multi-year drought.
Late-stage funding also returned at meaningful scale. Wiz's $1B Series D+ anchored the upper band — the only $1B+ pure-play cyber round of 2024 through Q2 — followed by Island ($175M), Corelight ($150M), Huntress ($150M), Semperis ($125M), ThreatLocker ($115M), and PortSwigger ($112M). The combination of returning late-stage capital and outsized strategic and PE-led M&A marks Q2 2024 as the quarter where the strategic-acquirer cohort returned in force.

Funding Overview
The 99 funding rounds tracked in Q2 2024 highlight a market in which late-stage capital returned at scale while early-stage formation continued at a steady pace.
Capital concentration at the top was pronounced. Eight rounds cleared $100M: Wiz ($1B), Island ($175M), Corelight ($150M), Huntress ($150M), Semperis ($125M), ThreatLocker ($115M), PortSwigger ($112M), and Cyberhaven ($88M). Wiz's $1B round alone represented roughly 30% of disclosed funding for the quarter. Below that band, growth-stage activity stayed healthy across Cyera ($60M follow-on), Vanta ($150M earlier-stage growth), and a long tail of $25–$80M Seed and Series A rounds. Early-stage activity (54 Seed or Series A rounds) held at 55% of round count.
What stands out in Q2 2024 is where that capital is clustering. A meaningful portion of investment is concentrating around:
- Cloud security and CNAPP, where Wiz's $1B Series D+ — the largest pure-cyber round of the year through Q2 — anchored a category in which cloud-native application protection is consolidating around a small set of platform leaders
- Data security and identity, which together led the segment mix with 36 transactions, reflecting persistent enterprise demand across data-layer protection and identity infrastructure
- Detection, response, and managed security, where Corelight's $150M Series D+, Huntress' $150M Series D+, and 11 segment transactions reinforce that detection-and-response platforms continue to attract late-stage capital
- Endpoint, browser, and workspace security, where Island's $175M Series D+ and ThreatLocker's $115M Series D+ signal that workspace-layer and endpoint platforms are absorbing significant late-stage capital
This distribution reflects a market in which investors are placing larger, more selective bets on platforms with clear enterprise traction across cloud, data, identity, and detection/response.

Market & Macro Signals
Several structural dynamics are visible in the Q2 2024 transaction record.
First, PE-led take-privates returned to the cyber acquirer column at scale. Thoma Bravo's $5.3B take-private of Darktrace and Hg's $3B take-private of AuditBoard placed two PE sponsors at the top of the quarter's M&A column. The combination signals that PE appetite for mature mid-cap cyber vendors — last visible at this scale in the 2021–2022 take-private wave — has returned with disclosed-price discipline.
Second, identity consolidation reached the $1B+ band. CyberArk's $1.54B acquisition of Venafi marks the largest disclosed strategic identity acquisition of 2024 so far. The transaction folds machine-identity and certificate management into a privileged-access platform and signals that identity governance is consolidating across human and non-human control surfaces.
Third, late-stage capital concentrated heavily. Wiz's $1B Series D+ alone represented roughly 30% of disclosed funding for the quarter. The pattern reflects continued investor preference for category leaders with clear enterprise traction rather than diffuse thematic exposure.
Finally, strategic tuck-in M&A continued in parallel. Of the 21 acquisitions, 14 came without disclosed prices, including strategic moves by Cloudflare (BastionZero), Tenable (Eureka), Fortinet (Lacework), BeyondTrust (Entitle), Zscaler (Airgap), KnowBe4 (Egress), Veeam (Coveware), and OpenText (Pillr). The breadth of acquirer activity signals continued platform-building across identity, segmentation, data, and email security.

M&A Activity & Strategic Movement
Q2 2024 recorded 21 M&A transactions, with strategic activity concentrated heavily at the top end. The most notable transaction was Thoma Bravo's $5.3B take-private of Darktrace, the largest disclosed cyber acquisition of 2024 through Q2 and one of the largest PE-led cyber take-privates the workbook has tracked.
Additional activity across the quarter reinforces this direction:
- Hg completed the $3B take-private of AuditBoard, returning the GRC vendor to private ownership and continuing the PE-sponsored take-private pattern across mature mid-cap cyber/GRC vendors
- CyberArk acquired Venafi ($1.54B), the quarter's largest strategic identity deal and a meaningful expansion of the privileged-access platform into machine-identity and certificate management
- Akamai acquired Noname Security ($450M), extending its API-security footprint into enterprise API management
- Armis acquired Silk Security ($150M), adding detection-and-response capabilities to its asset-visibility platform
- Palo Alto Networks completed the acquisition of IBM's QRadar SaaS assets, consolidating SIEM customers and accelerating Cortex platform adoption
- Cloudflare, Tenable, Fortinet, BeyondTrust, Zscaler, KnowBe4, Veeam, and OpenText each completed targeted acquisitions (BastionZero, Eureka, Lacework, Entitle, Airgap, Egress, Coveware, and Pillr respectively) without disclosed pricing, signaling continued platform-building across identity, data, email, and detection/response
Across these transactions, the buyer-cohort split is unusually broad: two PE sponsors at the top with disclosed multi-billion-dollar take-privates, a strategic identity acquirer at $1B+, an API-security strategic acquisition, and a long tail of platform-extending strategic tuck-ins. The combination signals that both PE and strategic capital are operating actively in cyber M&A.
The Darktrace and AuditBoard take-privates in particular reframe the disclosed-M&A landscape for 2024 and suggest that PE sponsors continue to view mature cyber vendors with durable cash flow as attractive private-ownership candidates.

Looking Ahead
Q2 2024 sets a clear tone for the second half of the year: PE-led take-private activity has returned at scale, late-stage venture capital is concentrating heavily on category leaders, and strategic tuck-in M&A continues across identity, data, and detection/response.
We expect the following dynamics to continue through the second half of 2024:
- PE-led take-private activity will continue testing the public cyber cohort, particularly for mature mid-cap vendors with durable cash flow and clear platform positioning
- Late-stage capital will remain concentrated on category leaders, with the Wiz $1B round establishing a clear reference point for cloud-security valuation at scale
- Strategic consolidation will broaden across identity, data, and detection/response, as acquirers continue filling capability gaps rather than pursuing broad sector roll-ups
From a go-to-market perspective, the implications are increasingly clear. The bar for late-stage capital has risen meaningfully: investors expect demonstrable enterprise traction, differentiated platform positioning, and a credible path to either continued growth or strategic exit. The combination of returning PE appetite, concentrated late-stage venture capital, and active platform consolidation suggests a market in which vendors with clear product-market fit and operational discipline will continue to attract outsized attention from both venture, strategic, and PE buyers.
The full Q2 2024 dataset — every named company, round, investor, segment, and acquisition — is in the data feed. Get the full Q2 2024 dataset →
Methodology
Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.
Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.
About Pinpoint Search Group
Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.
Get the underlying data
The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.
