Quarterly Report, Q3 2024: Cyber Security Vendor M&A and Funding News
Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.
At a glance
Get the full Q3 2024 dataset — every named company, round, investor, segment, and acquisition.
Highlights and Analysis
In Q3 2024, our team tracked 86 transactions, including 73 funding rounds and 13 M&A events. Disclosed funding totaled $2.16B, broadly steady against the $2.26B recorded in Q3 2023, while round count contracted modestly (73 vs. 90). Year-to-date funding has reached $7.82B through three quarters, a 10% increase over the same period in 2023.
Late-stage capital remained selective. Five rounds cleared $100M — Kiteworks ($456M growth, the quarter's largest single round), Abnormal Security ($250M Series D+), Vanta Security ($150M Series C), Chainguard ($140M Series C), and Pindrop ($100M debt facility) — followed by Torq ($70M Series C), Cowbell Cyber ($60M Series C), and Protect AI ($60M Series B). Early-stage activity continued to drive volume, with 44 of the 73 funding rounds at Seed or Series A.
The quarter's M&A column was lighter in deal count but contained one of 2024's largest disclosed strategic transactions. Mastercard's $2.65B acquisition of Recorded Future is the largest disclosed strategic acquisition of 2024 through Q3 and a notable cross-vertical move — a financial-services strategic acquirer extending into threat intelligence at platform scale.

Funding Overview
The 73 funding rounds tracked in Q3 2024 highlight a market in which late-stage capital remained selective and modestly distributed, while early-stage formation continued at a steady pace.
Five rounds exceeded $100M: Kiteworks ($456M), Abnormal Security ($250M), Vanta Security ($150M), Chainguard ($140M), and Pindrop ($100M). Below that band, growth-stage activity stayed steady across Torq ($70M Series C), Cowbell Cyber ($60M Series C), Protect AI ($60M Series B), and a long tail of $25–$50M Series A and B rounds. Early-stage activity (44 Seed or Series A rounds) held at 60% of round count, broadly consistent with prior quarters.
What stands out in Q3 2024 is where that capital is clustering. A meaningful portion of investment is concentrating around:
- Data security and data governance, where Kiteworks' $456M growth round — the quarter's largest single round — anchored continued enterprise demand for data-layer protection and secure-collaboration tooling
- Email and collaboration security, where Abnormal Security's $250M Series D+ reinforced AI-driven email defense as a category absorbing late-stage capital
- Governance, risk, and compliance, where Vanta Security's $150M Series C and continued segment activity (7 transactions) reflect enterprise demand for continuous-control automation and audit tooling
- AppSec and software supply chain, where Chainguard's $140M Series C anchored an 8-transaction AppSec segment that reflects persistent buyer demand across pre-production controls and supply-chain integrity
This distribution reflects a market in which capital is increasingly aligned with categories tied to enterprise risk operations, AI-driven workflows, and supply-chain integrity.

Market & Macro Signals
Several structural dynamics are visible in the Q3 2024 transaction record.
First, a non-cyber strategic acquirer entered cyber at meaningful scale. Mastercard's $2.65B acquisition of Recorded Future places a payments-industry strategic acquirer at the top of the quarter's M&A column. The transaction signals that adjacent-industry acquirers — financial services, in this case — are willing to underwrite cyber capability ownership at platform scale, not just through partnership.
Second, AI-security M&A continued at strategic pace. Cisco's acquisition of Robust Intelligence (undisclosed) and Protect AI's acquisition of SydeLabs add to the multi-quarter pattern of incumbent platforms absorbing AI-defense capabilities. The pattern is steady rather than concentrated, with disclosed prices typically remaining undisclosed.
Third, late-stage capital remained selective and dispersed. Five rounds cleared $100M this quarter, none above $500M. The distribution is broader and shallower than Q2's Wiz-anchored top tier, reflecting continued late-stage availability without a single category-defining round.
Finally, strategic tuck-in M&A continued at sustained volume. Of the 13 acquisitions, 11 came without disclosed prices, including platform-extending moves by Rapid7 (Noetic), Mimecast (Code42, Aware), Fortinet (Next DLP), DigiCert (Vercara), and Experian (NeuroID). Check Point's $200M acquisition of Cyberint marks the second-largest disclosed deal of the quarter, extending threat-intelligence and external-attack-surface capabilities.

M&A Activity & Strategic Movement
Q3 2024 recorded 13 M&A transactions, with strategic activity concentrated in a small set of high-dollar disclosed deals and a long tail of undisclosed platform-extending tuck-ins. The most notable transaction was Mastercard's $2.65B acquisition of Recorded Future, the largest disclosed strategic acquisition of 2024 through Q3 and a meaningful entry of a payments-industry acquirer into the cyber platform stack.
Additional activity across the quarter reinforces this direction:
- Check Point acquired Cyberint ($200M), extending threat-intelligence and external-attack-surface capabilities into the platform
- Cisco acquired Robust Intelligence, adding AI-model security and runtime LLM protection to its broader platform
- Mimecast completed two acquisitions — Code42 (data-loss prevention) and Aware (collaboration security) — broadening its platform beyond email into adjacent risk surfaces
- Fortinet, DigiCert, Rapid7, Experian, and Protect AI each completed targeted acquisitions (Next DLP, Vercara, Noetic, NeuroID, and SydeLabs respectively) without disclosed pricing, signaling continued platform-building across data, DNS, vulnerability, fraud, and AI-security
- Dataprise, ColorTokens, and Absolute Security completed additional tuck-ins (Phoenix IT, PureID, and Syxsense) across MSSP, identity, and vulnerability-management layers
Across these transactions, the strategic pattern is clear: acquirers are pursuing targeted capability expansion across threat intelligence, AI-security, data, and email. The Mastercard/Recorded Future transaction in particular signals that the cyber-acquirer cohort is widening to include adjacent-industry strategic buyers, not just pure-play cyber platforms.

Looking Ahead
Q3 2024 reinforces the year's pattern: late-stage capital is available but selective, and strategic consolidation continues across both pure-play cyber acquirers and adjacent-industry entrants.
We expect the following dynamics to continue through Q4 2024:
- Adjacent-industry strategic acquirers will continue testing cyber M&A, with the Mastercard/Recorded Future transaction establishing a reference point for cross-vertical platform extensions
- Late-stage capital will remain selective and dispersed, favoring vendors with measurable enterprise traction across data, AppSec, GRC, and AI-driven defense
- Strategic tuck-in M&A will continue at sustained pace, with incumbent platforms filling capability gaps across threat intelligence, data, and AI-security
From a go-to-market perspective, the implications are clear. The cyber-acquirer universe is broadening, late-stage capital favors vendors with proven enterprise traction, and strategic consolidation continues across categories tied to enterprise risk operations and AI-driven workflows. Vendors entering the final quarter of 2024 will need to demonstrate operational discipline and clear platform positioning to compete for either capital or acquirer attention.
The full Q3 2024 dataset — every named company, round, investor, segment, and acquisition — is in the data feed. Get the full Q3 2024 dataset →
Methodology
Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.
Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.
About Pinpoint Search Group
Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.
Get the underlying data
The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.
