September 2023 Cyber Funding & M&A Brief
Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.
At a glance
Get the full September 2023 dataset — every named company, round, investor, and segment.
What September told us
September 2023 reset the scale of cyber M&A. Cisco's $28.00B announcement to acquire Splunk is the largest cyber-adjacent M&A event the workbook has tracked, larger than the next-biggest deal of 2023 (Thales/Imperva at $3.70B) by more than seven times and larger than any prior workbook event by more than four times. The transaction reframes what platform consolidation can cost when networking, observability, and SIEM converge on a single buyer, and it reset the comp set for every pure-play SIEM and SOAR vendor in the funded pipeline behind it.
Underneath the Splunk announcement, two further large strategic M&A events landed in the same month. CrowdStrike acquired Bionic at $350M to extend into application security posture management for APIs, and Tenable acquired Ermetic at $265M to fold cloud infrastructure entitlement management (CIEM) into its vulnerability platform. Both transactions extended the 2023 pattern of platform vendors acquiring category-specialist tuck-ins — Bionic in API security, Ermetic in cloud identity — at meaningful but not category-defining prices.
Funding activity ran 28 rounds and $864M in disclosed capital. Cato Networks' $238M growth round in SASE was the largest funded event, the company's third workbook appearance after $130M in November 2020 and $200M in October 2021. Nord Security's $100M growth round in consumer VPN came second; Dragos at $74M Series D+ in OT/ICS came third. The funded mix held to the year's pattern — late-stage events on extensions of existing stories, with a thinner cohort of new-vendor large rounds.
Stage and segment breakdown

| Stage | Count |
|---|---|
| Seed | 10 |
| Series A | 7 |
| Series B | 4 |
| Series D+ | 1 |
| Growth Funding | 3 |
| Acquisition | 9 |
| Top segments | Transactions |
|---|---|
| Fraud | 5 |
| GRC | 4 |
| Detection/Response | 3 |
| Cloud | 2 |
| Cyber Insurance | 2 |
| API | 2 |
Two deals worth your attention
Cisco's $28.00B acquisition of Splunk. Cisco agreed to acquire Splunk at $28.00B, the largest cyber-adjacent M&A event tracked in this series. The deal pulls SIEM and observability into a networking platform at a price point that resets the entire comp set for the segment — every funded SIEM vendor in the workbook now has to reprice its exit math against the Cisco/Splunk number, and the announcement closes any near-term path for Splunk to remain independent.
Cato Networks — $238M growth round in SASE. Cato Networks raised $238M in growth funding, the largest funded round of September and the company's third workbook appearance after rounds in November 2020 and October 2021. All three Cato rounds have cleared inside the SASE segment classification at increasing scale, making the company one of the more consistent SASE-funded trajectories alongside Netskope and Perimeter 81 (the latter acquired by Check Point in August).
Companies we've covered before
Cato Networks first appeared in November 2020 with a $130M Series D+ in SASE, returning in October 2021 with a $200M Series D+ in the same segment. The September 2023 $238M growth round is Cato's third tracked event — same segment classification across all three, with each round larger than the last.
Splunk is acquired by Cisco in September 2023 at $28.00B in the largest cyber-adjacent M&A event the workbook tracks. The announcement closes a path of independent operation for Splunk after roughly a decade of public-market trading and is the structural marker for 2023's M&A column.
Dragos first appeared in December 2020 with a $110M Series C in OT/ICS, returning in October 2021 with a $200M Series D+ in the same segment. The September 2023 $74M Series D+ extension is Dragos's third workbook event — same segment across all three — and a step-down in size from the 2021 round consistent with broader 2023 OT/ICS funding compression.
The other 35 transactions are in the data feed — including the 9 acquisitions whose values never hit the press. Get September's details and more →
Methodology
Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.
Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.
About Pinpoint Search Group
Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.
Get the underlying data
The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.
