November 2020 Cyber Funding & M&A Brief
Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.
At a glance
Get the full November 2020 dataset — every named company, round, investor, and segment.
What November told us
November 2020 ran the workbook's first $1B-plus disclosed funding month — $1.19B across fifteen disclosed funding rounds — alongside the densest M&A volume the data set has tracked so far, with fourteen acquisitions cleared inside the month. Three of those acquisitions carried disclosed values totaling $1.07B: Palo Alto Networks's $800M purchase of Expanse in Vulnerability, FireEye's $186M acquisition of Respond Software in XDR, and ConnectWise's $80M pickup of Perch Security in Detection/Response. The Expanse transaction is the only Vulnerability-segment M&A the workbook tracks through November 2020.
FireEye's $400M generic funding round in Threat Intel led the funded side and is the largest funded reading the workbook has tracked through this point across any 2020 month. FireEye also closed an acquisition inside the same month (Respond Software in XDR at $186M), placing a single named cyber vendor on both the funded and the acquiring sides of the workbook in a single calendar month. SentinelOne at $267M Series D+ in Endpoint followed, the largest Endpoint-segment funded round the workbook tracks through this point and a step-up over Tanium's $150M October round in the same segment. Cato Networks at $130M Series D+ in SASE, Forter at $125M Series D+ in Fraud, Menlo Security at $100M Series D+ in SASE, and Abnormal Security at $50M Series B in Email rounded out the named cohort. Separately, governance-risk-and-compliance vendor Telos completed a traditional IPO on Nasdaq in November under the ticker TLS, adding to the small set of cyber public-market debuts the workbook has tracked through this point in 2020.
The funded side passing the $1B disclosed mark for the first time in the workbook reflects late-stage concentration rather than breadth — five of the fifteen disclosed rounds cleared at $100M or above, with two of those at $200M or above. The same-month density of late-stage funded activity and strategic-buyer M&A together makes November the highest-disclosed-capital month the workbook has tracked through its opening seven months on a combined funding-plus-M&A basis ($2.26B across both columns). The composition shifts the data set's reference point for both funded scale and strategic-buyer activity into a higher band against the workbook's prior six months of coverage.
Stage and segment breakdown

| Stage | Count |
|---|---|
| Seed | 4 |
| Series A | 4 |
| Series B | 2 |
| Series D+ | 4 |
| Acquisition | 14 |
| Top segments | Transactions |
|---|---|
| Data | 5 |
| GRC | 4 |
| Endpoint | 2 |
| Detection/Response | 2 |
| SASE | 2 |
| Vulnerability | 2 |
Two deals worth your attention
Palo Alto Networks's $800M acquisition of Expanse in Vulnerability. Palo Alto Networks acquired Expanse at $800M in November, the largest disclosed M&A event of the month and the only Vulnerability-segment M&A event the workbook tracks through this point. Expanse brought external-attack-surface-management capabilities — continuous discovery of internet-facing assets and exposures — into Palo Alto's existing Cortex platform. The deal is Palo Alto's second strategic cyber acquisition the workbook tracks in 2020 (after the August pickup of The Crypsis Group at $265M in Forensics) and signals an active pure-cyber-to-cyber acquisition cadence at a single buyer across the data set's opening period.
FireEye — $400M funding round in Threat Intel. FireEye raised $400M in a generic funding round for its threat-intelligence and incident-response platform, the largest funded event of November and the largest funded reading the workbook tracks across any 2020 month through this point. The round closed in the same month that FireEye acquired Respond Software at $186M in XDR — placing FireEye on both the funded and the acquiring sides of the workbook's November column. It is the second dual-role event the data set has tracked in 2020, after Snyk's September pairing of a $200M Series D+ with an undisclosed-value acquisition of DeepCode in AppSec, and the first dual-role event where both sides carry disclosed nine-figure values.
The other 28 transactions are in the data feed — including the 14 acquisitions whose values never hit the press. Get November's details and more →
Methodology
Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.
Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.
About Pinpoint Search Group
Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.
Get the underlying data
The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.
