November 2025 Cyber Funding & M&A Brief

Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.

At a glance

46 transactions
tracked across cybersecurity vendors in November 2025
$1.31B
in disclosed funding capital
41 funding rounds
— of which 27 were Seed or Series A
5 acquisitions — anchored by Palo Alto Networks' $3.335B deal for Chronosphere

Get the full November 2025 dataset — every named company, round, investor, and segment.

What November told us

November 2025 delivered $1.32B in disclosed funding across 41 rounds — up 82% year-over-year — and the third Palo Alto Networks megadeal of the year: a $3.335B acquisition of Chronosphere, the observability platform. While the Chronosphere deal sits at the edge of cyber classification, its scale and Palo Alto's continued M&A appetite (CyberArk in July, Protect AI in April, now Chronosphere) make it impossible to ignore. Palo Alto is, plainly, the most active acquirer in the cyber-adjacent space in 2025.

Two new segments enter the workbook this month. Social Engineering — vendors specifically building against deepfake-enabled vishing and pretexting — joins the series with its first tagged deal (Humanix Security, Series A). Offensive Cyber, covering productized adversary-emulation and red-team tooling, also debuts (Twenty, Series A). Both segments are downstream of vendor self-descriptions that no longer fit cleanly under Fraud or PenTesting respectively, and both are likely to grow as the underlying threat models continue to differentiate from the parent categories.

Beneath the headlines, the funding distribution stayed broad: Armis' $435M growth round in IoT (foreshadowing the December acquisition), Guardio's $80M Series B in browser security, and Sweet Security's $75M Series B in Detection/Response anchored a healthy mid-tier. The seed-and-Series-A share was 66%, comfortably in the normal band, and the top-six segment table was unusually flat — AppSec, OSINT, GRC, Vulnerability, Identity, and Automation all clustered between 4 and 5 transactions each. The breadth signal: the cyber category surface is still expanding even as platform M&A consolidates the top of the market.

Stage and segment breakdown

November 2025 Stage & Segment Breakdown
November 2025 Stage & Segment Breakdown
StageCount
Seed14
Series A13
Series B4
Series C1
Growth Funding8
Debt1
Acquisition5
Top segmentsTransactions
AppSec5
OSINT5
GRC4
Vulnerability4
Identity4
Automation4

Two new segments enter the series this month. Social Engineering debuts via Humanix Security's Series A in deepfake-and-pretexting defense — vendor positioning that no longer fits cleanly inside the Fraud bucket. Offensive Cyber debuts via Twenty's Series A in productized adversary emulation — distinct from the services-led PenTesting bucket. Both are first appearances in the Pinpoint normalized segment series.

Two deals worth your attention

Armis — $435M growth round led by Goldman Sachs Alternatives. Armis raised $435M led by Goldman Sachs Alternatives — its fourth appearance in this series and a precursor to the company's December acquisition by ServiceNow at $7.775B. The November capital event, in retrospect, was a final markup before exit; at the time, it positioned Armis as the leading independent in connected-asset cyber visibility.

Palo Alto Networks' $3.335B acquisition of Chronosphere. Palo Alto Networks acquired observability platform Chronosphere for $3.335B — its third large acquisition of 2025 after Protect AI ($700M, April) and CyberArk (~$25B, July). The Chronosphere deal sits at the edge of cyber proper but reflects Palo Alto's expanding view that cybersecurity, observability, and AI-pipeline telemetry are converging into one operational layer. For competitive read: Cisco already owns Splunk; CrowdStrike's Falcon LogScale is its observability play; Datadog increasingly carries security workloads. The category lines are dissolving.

Companies we've covered before

Armis first appeared in February 2021 with a $125M growth round in IoT security. Across four tracked appearances and $1B+ in cumulative capital, the November 2025 round at $435M makes Armis one of the most heavily capitalized independent IoT-security vendors in the workbook and a probable strategic-exit candidate for the right buyer.

Guardio first appeared in December 2021 with a $47M Series A in Browser security. Four years later, the company returns with an $80M Series B in the same segment — one of the cleaner consumer-browser-security arcs in the workbook.

The other 44 transactions are in the data feed — including the 5 acquisitions whose values never hit the press. Get November's details and more →

Methodology

Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.

Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.

About Pinpoint Search Group

Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.

Get the underlying data

The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.

Subscribe to the data feed

Published 2025-12-05 · last updated 2026-06-25. The narrative and aggregate figures above are free; the full per-deal dataset is available to subscribers.