March 2022 Cyber Funding & M&A Brief
Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.
At a glance
Get the full March 2022 dataset — every named company, round, investor, and segment.
What March told us
March 2022 reframed the cyber M&A market. Google's $5.40B acquisition of Mandiant was the largest cyber M&A event of 2022 so far, the largest threat-intelligence transaction in the workbook by a wide margin, and the largest hyperscaler-led cyber acquisition the data set has tracked. Mandiant had been spun out of FireEye in 2021; the Google Cloud acquisition placed cyber-threat intelligence at the center of a hyperscaler's security stack and is the structural marker for what hyperscaler-led cyber M&A could look like at scale. The deal sits below several larger 2021 transactions in the workbook (Proofpoint at $12.30B and Avast at $8.00B led that cohort), so the framing here is cyber-M&A-of-2022 rather than largest-cyber-M&A-ever.
Funding activity ran $1.20B across 30 rounds. Axonius's $200M Series D+ in Vulnerability was the largest funded round, with the company returning to the data set roughly a year after a $100M Series D+ in March 2021. Island raised $115M Series B in the Browser segment — an early data point for browser-as-a-controlled-surface as a fundable category — and TokenEx at $100M Series B in Fraud, Cowbell Cyber at $100M Series B in Cyber Insurance, and Balbix at $70M Series C in Ratings rounded out the named cohort.
Below Mandiant, two further nine-figure M&A events cleared. SentinelOne acquired Attivo Networks at $616.5M in Detection/Response — a strategic move on identity threat detection from a public-cyber buyer — and Liberty Strategic Capital acquired Zimperium at $525M in Endpoint, extending mobile-endpoint security under PE ownership. The three disclosed M&A events combined for $6.5B, more than the entire 2021 first-quarter cyber-M&A column the workbook tracks.
Stage and segment breakdown

| Stage | Count |
|---|---|
| Seed | 3 |
| Series A | 12 |
| Series B | 10 |
| Series C | 1 |
| Series D+ | 1 |
| Acquisition | 6 |
| Top segments | Transactions |
|---|---|
| Detection/Response | 6 |
| Vulnerability | 5 |
| Threat Intel | 3 |
| Identity | 3 |
| AppSec | 3 |
| GRC | 2 |
Two deals worth your attention
Google's $5.40B acquisition of Mandiant. Google agreed to acquire Mandiant at $5.40B, the largest cyber M&A event of 2022 so far and the largest threat-intelligence transaction in the workbook by a wide margin (FireEye's June 2021 take-private at $1.20B is the next-largest Threat Intel transaction). The deal pulled the post-FireEye Mandiant standalone story into Google Cloud and placed cyber-threat intelligence at the structural center of a hyperscaler's security platform. Mandiant sits below several larger 2021 transactions in the workbook (Proofpoint $12.30B, Avast $8.00B, Auth0 $6.50B), but it is the largest hyperscaler-led cyber acquisition the data set has tracked — the clearest signal so far that hyperscalers were prepared to compete for security platforms at the scale of dedicated cyber acquirers.
Axonius — $200M Series D+ in Vulnerability. Axonius raised $200M Series D+ for its cyber-asset attack-surface management platform, the largest funded round of March. The round was Axonius's second workbook event after a $100M Series D+ in March 2021 — same-segment, same-stage, 12 months apart — and a clean two-round Vulnerability ramp.
Companies we've covered before
Axonius first appeared in March 2021 with a $100M Series D+ in Vulnerability. The March 2022 $200M Series D+ is Axonius's second tracked event, same segment classification, and a 2x step-up in round size against the year-prior baseline.
Cowbell Cyber first appeared in March 2021 with a $20M Series A in Cyber Insurance. The March 2022 $100M Series B is Cowbell's second tracked event, same segment classification, and a 5x step-up that puts cyber-insurance MGAs into nine-figure funding territory for the first time in the workbook.
The other 34 transactions are in the data feed — including the 6 acquisitions whose values never hit the press. Get March's details and more →
Methodology
Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.
Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.
About Pinpoint Search Group
Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.
Get the underlying data
The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.
