Quarterly Report, Q4 2024: Cyber Security Vendor M&A and Funding News
Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.
At a glance
Get the full Q4 2024 dataset — every named company, round, investor, segment, and acquisition.
Highlights and Analysis
In Q4 2024, our team tracked 75 transactions, including 57 funding rounds and 18 M&A events. Disclosed funding totaled $1.70B, modestly above the $1.59B recorded in Q4 2023, while round count contracted from 85 to 57. The quarter closed full-year 2024 disclosed funding at $9.52B across 307 funding rounds, a 9% increase over 2023's $8.70B. The year's structurally distinctive shift, however, sat in the M&A column: the acquirer cohort widened materially beyond pure-play cyber strategics.
Late-stage capital remained selective at the top. Four rounds cleared $100M — Cyera ($300M Series D+, a follow-on to its Q1 $300M growth round), Armis ($200M Series D+), Halcyon ($100M Series C), and Upwind ($100M Series B) — followed by Axiado ($60M Series C), Sublime Security ($60M Series B), HUMAN ($50M growth), and Bugcrowd ($50M growth). Early-stage activity continued to drive volume, with 32 of the 57 funding rounds at Seed or Series A.
The M&A column was unusually heavy in disclosed dollars relative to deal count. Eighteen acquisitions included nine disclosed transactions totaling $2.55B, anchored by Sophos' $859M acquisition of SecureWorks — the quarter's largest disclosed deal and a meaningful PE-orchestrated consolidation of two mid-cap detection-and-response platforms. Wiz's $450M acquisition of Dazz, CrowdStrike's $300M acquisition of Adaptive Shield, and N-able's $266M acquisition of Adlumin round out the upper tier.

Funding Overview
The 57 funding rounds tracked in Q4 2024 highlight a market in which late-stage capital concentrated at the top of the range while round count contracted to the lowest quarterly total of the year.
Four rounds exceeded $100M: Cyera ($300M follow-on), Armis ($200M), Halcyon ($100M), and Upwind ($100M). Below that band, growth-stage activity stayed steady across Axiado ($60M Series C), Sublime Security ($60M Series B), HUMAN ($50M growth), Bugcrowd ($50M growth), and a long tail of $20–$45M Seed and Series A rounds. Seed and Series A activity (32 of 57 rounds, or 56%) held within the year's normal range despite the lower absolute count.
What stands out in Q4 2024 is where that capital is clustering. A meaningful portion of investment is concentrating around:
- Data security and AI-aligned data tooling, where Cyera's $300M Series D+ follow-on — its second $300M round of the year — anchored a category that has now accumulated more than $600M of disclosed capital across 2024 for a single vendor
- IoT and device security, where Armis' $200M Series D+ marked continued late-stage investment in device-visibility and asset-management platforms
- Cloud security and cloud-native AppSec, where Upwind's $100M Series B signaled that early-growth-stage cloud-security capital remains available for vendors with platform breadth
- AppSec and GRC, which together led the segment mix with 15 transactions, reflecting continued enterprise demand for pre-production controls, governance automation, and continuous compliance tooling
This distribution reflects a market in which late-stage capital concentrated on a small set of high-traction vendors while early-stage formation broadened across AppSec, GRC, and AI-aligned categories.

Market & Macro Signals
Several structural dynamics are visible in the Q4 2024 transaction record.
First, PE-orchestrated public-cyber consolidation returned to the M&A column. Sophos' $859M acquisition of SecureWorks — both vendors operating in detection and response under PE ownership (Thoma Bravo's Sophos absorbing Dell-spun SecureWorks) — marked the quarter's largest disclosed deal. The transaction extends the multi-year pattern of PE-sponsored mid-cap consolidation across the public-cyber cohort.
Second, AppSec consolidation accelerated at scale. Wiz's $450M acquisition of Dazz extends the CNAPP platform into application security posture management. The transaction adds to a multi-quarter pattern in which AppSec and cloud-security platforms are converging at the acquirer level.
Third, SaaS-security entered the strategic-acquirer column at disclosed scale. CrowdStrike's $300M acquisition of Adaptive Shield brings dedicated SaaS-posture management into the Falcon platform and signals that incumbent endpoint vendors are willing to own SaaS-security as a category through M&A rather than partnership.
Finally, mid-market XDR consolidation continued. N-able's $266M acquisition of Adlumin and Arctic Wolf's $160M acquisition of Cylance assets together add to a multi-quarter pattern of MSSP-aligned and MSP-aligned acquirers absorbing detection-and-response capabilities. The transactions extend the strategic-consolidation dynamic into the mid-market managed-security tier.

M&A Activity & Strategic Movement
Q4 2024 recorded 18 M&A transactions, with strategic activity concentrated heavily at the top of the disclosed-price range. The most notable transaction was Sophos' $859M acquisition of SecureWorks, the quarter's largest disclosed deal and a PE-orchestrated consolidation of two public-cyber detection-and-response platforms.
Additional activity across the quarter reinforces this direction:
- Wiz acquired Dazz ($450M), extending CNAPP coverage into application security posture management — Wiz's second sizeable AppSec-adjacent acquisition of 2024 following its Q1 acquisition of Gem Security
- CrowdStrike acquired Adaptive Shield ($300M), adding SaaS security posture management to the Falcon platform
- N-able acquired Adlumin ($266M), extending its MSP-aligned platform into XDR and detection-and-response capabilities
- Cyera, Arctic Wolf, Socure, BitSight, and Fortinet each completed disclosed acquisitions (Trail Security at $162M, Cylance assets at $160M, Effectiv at $136M, Cybersixgill at $115M, and Perception Point at $100M) extending capabilities across data, endpoint, fraud, threat intelligence, and email security
- Proofpoint, Dragos, Citrix, Exclusive Networks, Lumifi, Cisco, and OPSWAT each completed targeted acquisitions (Normalyze, Network Perception, deviceTRUST/Strong Network, Cloudrise, Critical Insight, SnapAttack, and Fend respectively) without disclosed pricing, signaling continued platform-building across data, OT, identity, AppSec, MSSP, and threat-intelligence layers
Across these transactions, the strategic pattern is clear: nine disclosed acquisitions totaling $2.55B — more than the quarter's $1.70B in disclosed funding — signal that acquirer capital deployment outpaced primary funding for the first time in 2024. Detection and response, AppSec, and SaaS-security were the most contested strategic categories.
Stepping back to the full year, the disclosed M&A column distributed across an unusually broad buyer cohort: $8.65B in PE-led take-privates (Thoma Bravo/Darktrace, Hg/AuditBoard, Haveli/ZeroFox), $2.65B in non-cyber strategic acquisition (Mastercard/Recorded Future), $1.02B in PE-orchestrated strategic consolidation (Sophos/SecureWorks, Arctic Wolf/Cylance assets), and $4.89B across 16 pure-cyber strategic acquisitions — $17.21B in total disclosed M&A. PE-aligned activity (~$9.67B) materially exceeded pure-cyber strategic dollars (~$4.89B), and Mastercard's entry marked the first non-cyber strategic to acquire a cyber platform at meaningful scale — a structural broadening of who buys cyber that did not appear at this magnitude in 2023.

Looking Ahead
Q4 2024 closes the year with a market in which the central shift sat in the acquirer cohort: PE-led disclosed activity outpaced pure-cyber strategic dollars, a non-cyber strategic entered at meaningful scale, and disclosed M&A dollars at the top of the range outran primary funding for the quarter.
We expect the following dynamics to carry into 2025:
- Strategic and PE-sponsored consolidation will continue across the public-cyber cohort, with mid-cap detection-and-response, AppSec, and SaaS-security as the most contested categories
- Late-stage capital will continue concentrating on category leaders, with Cyera's two $300M rounds across 2024 establishing a clear reference point for data-security vendor scale
- Strategic acquirers will continue absorbing AI-aligned and SaaS-security capabilities, as enterprise buyers consolidate spend on platforms that span data, identity, and AI-driven workflows
From a go-to-market perspective, 2024 closed with disclosed funding modestly ahead of 2023 ($9.52B vs. $8.70B), but the year's structurally distinctive shift sat in the acquirer column: PE sponsors, PE-orchestrated strategics, and a non-cyber strategic together absorbed more disclosed M&A capital than pure-play cyber acquirers — an inversion of 2023's strategic-dominant pattern. Vendors entering 2025 will be measured against a market in which acquirer appetite has clearly broadened: PE sponsors hunting mature mid-cap cash flow, adjacent-industry strategics extending into cyber capability ownership, and pure-cyber platforms continuing tuck-in consolidation. The interplay between disciplined late-stage capital and a widening acquirer cohort will continue to shape both funding outcomes and competitive positioning across the cybersecurity ecosystem.
The full Q4 2024 dataset — every named company, round, investor, segment, and acquisition — is in the data feed. Get the full Q4 2024 dataset →
Methodology
Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.
Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.
About Pinpoint Search Group
Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.
Get the underlying data
The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.
