Quarterly Report, Q3 2023: Cyber Security Vendor M&A and Funding News
Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.
At a glance
Get the full Q3 2023 dataset — every named company, round, investor, segment, and acquisition.
Highlights and Analysis
In Q3 2023, our team tracked 113 transactions, including 90 funding rounds and 23 M&A events. Disclosed funding totaled $2.26B, modestly above the $1.86B recorded in Q3 2022, while round count rose from 56 to 90. Year-to-date funding has reached $7.10B through three quarters, a 42% decrease from the same period in 2022.
The quarter's defining transaction sat in the M&A column. Cisco's $28B acquisition of Splunk is the largest cyber transaction the workbook has tracked, more than doubling the prior leader (McAfee's $14B take-private of November 2021). The transaction folds SIEM, observability, and machine-data analytics into Cisco's broader security and networking portfolio.
Late-stage funding remained selective. Seven rounds cleared $100M — Cato Networks ($238M growth), Nile ($175M Series C), OneTrust ($150M growth), SpyCloud ($110M growth), NetCraft ($100M growth), Resilience ($100M Series D+), and Nord Security ($100M growth) — followed by Dragos ($74M Series D+), Endor Labs ($70M Series A), and ThetaRay ($57M growth). Early-stage activity continued to drive volume, with 61 of the 90 funding rounds at Seed or Series A. HiddenLayer's $50M Series A marked the largest dedicated AI/LLM-security funding round the workbook has tracked through this point.

Funding Overview
The 90 funding rounds tracked in Q3 2023 highlight a market in which late-stage capital concentrated on a small set of category leaders while early-stage formation continued at a steady pace.
Seven rounds exceeded $100M: Cato Networks ($238M), Nile ($175M), OneTrust ($150M), SpyCloud ($110M), NetCraft ($100M), Resilience ($100M), and Nord Security ($100M). Below that band, growth-stage activity stayed steady across Dragos ($74M Series D+), Endor Labs ($70M Series A), ThetaRay ($57M growth), Secure Code Warrior ($50M Series C), Upwind ($50M Series A), HiddenLayer ($50M Series A), Grip Security ($41M Series B), Hyperproof ($40M growth), and a long tail of $25–$40M Seed and Series A rounds. Early-stage activity (61 of 90 rounds, or 68%) held at the year's heaviest share alongside Q2.
What stands out in Q3 2023 is where that capital is clustering. A meaningful portion of investment is concentrating around:
- Identity and access infrastructure, which led the segment mix with 14 transactions, anchored by SpyCloud's $110M growth round and continued early-stage formation across identity governance and credential protection
- Governance, risk, and compliance, where OneTrust's $150M growth round and Hyperproof's $40M growth round anchored a 10-transaction GRC segment reflecting continued enterprise demand for continuous-control automation
- SASE and cloud-native network security, where Cato Networks' $238M growth round and Nile's $175M Series C reinforce that converged network security and zero-trust access remain contested late-stage categories
- AI/LLM security and emerging AI-defense, where HiddenLayer's $50M Series A and steady early-stage activity across AI-aligned defense vendors reflect a developing investor interest in AI-defense tooling
This distribution reflects a market in which late-stage capital is concentrating on category leaders across identity, GRC, and network security, while early-stage formation continues to broaden across both established and emerging segments.

Market & Macro Signals
Several structural dynamics are visible in the Q3 2023 transaction record.
First, the workbook recorded its largest cyber M&A transaction to date. Cisco's $28B acquisition of Splunk is the largest cyber transaction the workbook has tracked, more than doubling the prior leader (McAfee Consumer at $14B). The transaction signals that strategic acquirers are willing to underwrite full-platform cyber acquisitions at scale.
Second, mid-tier strategic consolidation accelerated alongside the headline deal. Below Cisco/Splunk, the disclosed M&A column included Thales' $3.7B acquisition of Imperva, TPG's $2.5B acquisition of Forcepoint's Global Governments and Critical Infrastructure business (G2CI), Check Point's $490M acquisition of Perimeter 81, CrowdStrike's $350M acquisition of Bionic, Tenable's $265M acquisition of Ermetic, and Rubrik's $250M acquisition of Laminar. Nine disclosed transactions in a single quarter totaling $35.76B is the heaviest disclosed M&A dollar total of any quarter the workbook has tracked.
Third, cloud-native AppSec and data security clustered in the disclosed M&A column. Three of the quarter's mid-tier strategic deals — CrowdStrike/Bionic, Tenable/Ermetic, and Rubrik/Laminar — extended three platforms into application security posture management, cloud-native exposure, and cloud-data security respectively. The pattern signals continued strategic-acquirer appetite for cloud-native security capabilities at disclosed prices.
Finally, identity consolidation deepened through PE-orchestrated combination. Thoma Bravo's combination of ForgeRock with Ping Identity completed during the quarter (undisclosed in the workbook), folding two large identity platforms under a single PE sponsor. The transaction extends the multi-quarter pattern of PE sponsors consolidating mature identity vendors into combined platforms.

M&A Activity & Strategic Movement
Q3 2023 recorded 23 M&A transactions, with disclosed-deal dollars heavily concentrated at the top. The most notable transaction was Cisco's acquisition of Splunk for approximately $28B, the largest cyber transaction the workbook has tracked.
Additional activity across the quarter reinforces this direction:
- Thales acquired Imperva ($3.7B), closing one of the largest disclosed pure-cyber strategic acquisitions in the workbook and folding application security, data security, and WAF capabilities into Thales' broader digital identity and security portfolio
- TPG acquired Forcepoint's Global Governments and Critical Infrastructure business ($2.5B) in a PE-orchestrated carve-out, returning the OT- and government-focused cybersecurity unit to standalone private ownership
- Check Point acquired Perimeter 81 ($490M), extending platform reach into SASE and zero-trust network access
- CrowdStrike acquired Bionic ($350M), adding application security posture management to the Falcon platform
- Tenable and Rubrik each completed cloud-and-data acquisitions — Ermetic ($265M) and Laminar ($250M) respectively — extending exposure management and data security posture into cloud-native environments
- Spire Capital, SailPoint, Honeywell, Cisco, and Thoma Bravo completed additional strategic and PE transactions (Cobwebs at $200M, Osirium at $8M, SCADAfence, Oort, and the ForgeRock/Ping Identity combination respectively) reinforcing platform consolidation across OSINT, identity, OT, and identity governance
Across these transactions, the pattern is clear: strategic-platform acquirers absorbed the majority of disclosed M&A capital, with Cisco/Splunk alone accounting for roughly 78% of disclosed deal dollars for the quarter. The combination of one large strategic acquisition, two multi-billion-dollar follow-on transactions, and a tail of platform-extending strategic tuck-ins drove the heaviest disclosed M&A quarter the workbook has tracked.

Looking Ahead
Q3 2023 closes with strategic-platform acquirers having absorbed full-platform cyber capabilities at scale, alongside continued mid-tier strategic consolidation across cloud, AppSec, and SASE.
We expect the following dynamics to continue through Q4 2023:
- Strategic-platform consolidation will remain the dominant M&A dynamic, with incumbent platforms continuing to absorb adjacent capabilities across cloud, AppSec, data, and SASE
- PE-orchestrated combinations will continue across identity and mid-cap public cyber, as PE sponsors consolidate mature vendor portfolios into combined platforms and pursue further take-private candidates
- Cloud-native and AppSec consolidation will continue, as strategic acquirers extend platform reach across data, posture management, and cloud-runtime defense
From a go-to-market perspective, the Cisco/Splunk transaction sits at the top of the workbook's M&A column and is likely to influence acquirer behavior across the remainder of the year and into 2024. Vendors entering the final quarter of 2023 will be measured against a market in which strategic platforms have proven willing to underwrite full-platform absorption at scale, while PE sponsors continue to absorb mature mid-cap public cyber vendors in parallel. The interplay between strategic-platform consolidation, PE-orchestrated take-private activity, and broadening early-stage formation will continue to shape both funding outcomes and competitive positioning across the cybersecurity ecosystem.
The full Q3 2023 dataset — every named company, round, investor, segment, and acquisition — is in the data feed. Get the full Q3 2023 dataset →
Methodology
Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.
Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.
About Pinpoint Search Group
Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.
Get the underlying data
The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.
