Quarterly Report, Q2 2021: Cyber Security Vendor M&A and Funding News
Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.
At a glance
Get the full Q2 2021 dataset — every named company, round, investor, segment, and acquisition.
Highlights and Analysis
In Q2 2021, our team tracked 121 transactions, including 87 funding rounds, 31 M&A events, and 3 IPOs. Disclosed funding totaled $5.11B. The quarter's M&A column was anchored by Thoma Bravo's $12.3B take-private of Proofpoint, the largest disclosed acquisition the workbook has tracked, surpassing the prior high set the previous quarter (Okta–Auth0 at $6.5B). Of the 31 acquisitions, 7 disclosed prices totaling $16.07B, with Proofpoint alone accounting for 77% of disclosed deal value.
Late-stage capital ran at scale. Sixteen rounds cleared $100M, led by Transmit Security's $543M Series A — the largest Series A the workbook has tracked — followed by Trulioo's $394M and Forter's $300M. The disclosed top three together accounted for roughly $1.24B, about 24% of the quarter's disclosed funding. Identity and identity-verification vendors led both the funding and consolidation columns, and early-stage activity drove a meaningful share of round count, with 38 of the 87 funding rounds at Seed or Series A.
Cybersecurity also returned to the public markets, with three vendors completing IPOs during the quarter — KnowBe4 and Darktrace in April and SentinelOne in June — underscoring a reopening public-market window for the sector.

Funding Overview
The 87 funding rounds tracked in Q2 2021 highlight a market in which late-stage capital remained available at scale, with identity-verification and fraud-prevention vendors absorbing the largest rounds.
Capital concentration at the top was pronounced. Sixteen rounds cleared $100M: Transmit Security ($543M), Trulioo ($394M), Forter ($300M), Illumio ($225M), OneTrust ($210M), Exabeam ($200M), Sysdig ($188M), Aura ($150M), Druva ($147M), Claroty ($140M), Vectra AI ($130M), Wiz ($120M), and a tail of $100M+ rounds. The disclosed top three together (Transmit Security, Trulioo, Forter) accounted for roughly $1.24B — about 24% of the quarter's disclosed funding.
What stands out in Q2 2021 is where that capital is clustering. A meaningful portion of investment is concentrating around:
- Identity verification and fraud prevention, where Transmit Security's $543M Series A — the largest Series A the workbook has tracked — sat alongside Trulioo's $394M and Forter's $300M, making identity the quarter's dominant funding cluster
- Zero-trust and segmentation, where Illumio's $225M Series D+ reflected continued enterprise demand for micro-segmentation and least-privilege network control
- Governance, risk, and compliance, where OneTrust's $210M Series C reinforced privacy-and-compliance automation as a durable late-stage thesis
- Detection, response, and SIEM, where Exabeam's $200M growth round and Vectra AI's $130M Series D+ signal continued appetite for next-generation SIEM and network-detection platforms
This distribution reflects a market in which late-stage capital concentrated heavily in identity, verification, and fraud prevention, while detection/response, zero-trust, and compliance absorbed the next tier of growth-stage capital.

Market & Macro Signals
Several structural dynamics are visible in the Q2 2021 transaction record.
First, the PE take-private reached a new dollar tier. Thoma Bravo's $12.3B take-private of Proofpoint is the largest disclosed acquisition the workbook has tracked and the first public-company take-private in the dataset above the $10B mark. The transaction removes a public email-security leader from the listed market and signals that PE sponsors are now underwriting cyber take-privates at a scale not previously seen.
Second, identity capital reached record round sizes. Transmit Security's $543M Series A is the largest Series A the workbook has tracked, and identity-verification peers Trulioo and Forter both cleared $300M. The pattern reflects investor conviction that identity proofing and fraud prevention are durable, large-market categories worthy of late-stage-scale checks at the earliest priced rounds.
Third, the IPO window reopened for the sector. SentinelOne's June listing, alongside public debuts from KnowBe4 and Darktrace during the quarter, reflects a reopening public-market window. These listings provide a reference point for the next tier of growth-stage cyber vendors weighing public exits.
Finally, undisclosed M&A did significant work. Of the 31 acquisitions, 24 came without disclosed prices, including strategic moves by Jamf (Wandera) and JFrog (Vdoo) alongside a tail of mid-market consolidators. Disclosed dollars concentrated in a single transaction while acquirer breadth stayed wide across zero-trust, IoT, and identity.

M&A Activity & Strategic Movement
Q2 2021 recorded 31 M&A transactions, with disclosed-deal dollars concentrated almost entirely in a single PE take-private. The most notable transaction was Thoma Bravo's $12.3B take-private of Proofpoint, the quarter's largest deal and the largest disclosed acquisition the workbook has tracked.
Additional activity across the quarter reinforces this direction:
- STG completed the $1.2B carve-out of FireEye's products business, separating it from the FireEye-branded services company that remained publicly listed — a business-unit carve-out rather than a public take-private
- Bain Capital and Crosspoint Capital acquired ExtraHop ($900M), taking the privately held network-detection-and-response vendor into a PE-sponsored portfolio
- Mastercard acquired Ekata ($850M), extending its identity-verification and fraud-prevention capabilities
- Jamf and JFrog added Wandera ($400M) and Vdoo ($300M) respectively, extending into zero-trust mobile management and device/IoT security
Across these transactions, the structural pattern is clear: PE-orchestrated take-privates and carve-outs absorbed the overwhelming majority of disclosed deal value, with Thoma Bravo's Proofpoint transaction setting a new dataset high. Identity verification, network detection, and email security were the most active consolidation categories this quarter.

Looking Ahead
Q2 2021 marks the quarter in which the PE take-private reached a new dollar tier, identity capital reached record round sizes, and the IPO window reopened for pure-play cyber.
We expect the following dynamics to continue through 2021:
- PE-orchestrated take-privates and carve-outs will continue to anchor the disclosed-M&A column, as sponsors test mature public cyber names and divested business units across email, network, and endpoint security
- Identity and fraud-prevention capital will remain at record scale, concentrating on verification, proofing, and fraud platforms with large addressable markets
- The IPO window will be tested again, with the quarter's cyber IPOs creating a reference point for the next tier of growth-stage vendors weighing public exits
From a go-to-market perspective, Q2 2021 marks a quarter in which acquirer dollars reached a new high concentrated in a single take-private, while venture capital wrote record-scale checks into identity. The interplay between large PE take-privates, record identity funding, and a reopening public-market window will continue to shape both funding outcomes and competitive positioning across the cybersecurity ecosystem.
The full Q2 2021 dataset — every named company, round, investor, segment, and acquisition — is in the data feed. Get the full Q2 2021 dataset →
Methodology
Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.
Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.
About Pinpoint Search Group
Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.
Get the underlying data
The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.
