Cybersecurity continues to remain one of the biggest concerns in global information technology for a litany of reasons that are all too familiar to cybersecurity pros—new and evolving threats, regulatory pressure and uncertainty, and a proliferation of AI-enabled tools, among others.
According to Kroll’s Spring 2025 Cybersecurity Software Sector M&A Industry Insights, 2025 M&A activity is on pace with 2024 “as strategic buyers and investors consolidate capabilities across key domains – cloud security, exposure management, identity and SecOps.” And, the report notes, as of Q1 2025, deal value already exceeded more than 90% of 2024’s total deal value, thanks to Google’s 32 billion acquisition of Wiz.
After cybersecurity mergers and acquisitions dropped more than 18% in 2023 versus the prior year, 2024 saw increases in both deal volume (5%) and transaction value (13%) over 2023, a according to a Return on Security report. Notably, “the top 10 deals accounted for 91% of the total value.”
Below are the deals that CSO has selected as the most significant of the year, updated periodically as new deals are announced.
2025 cybersecurity M&A activity (so far)
Palo Alto Networks to buy CyberArk for $25B as identity security takes center stage
July 30, 2025: Palo Alto Networks is making what could be its biggest bet yet by agreeing to buy Israeli identity security company CyberArk for around $25 billion. “We envision Identity Security becoming the next major pillar of our multi-platform strategy, complementing our leadership in Network Security, SASE, Cloud Security and Security Operations,” CEO Nikesh Arora wrote in a letter to shareholders.
HPE finalizes Juniper acquisition
July 2, 2025: Nearly 18 months after it was first announced, HPE finally closed its $14 billion acquisition of Juniper Networks and is combining it and Aruba into a new HPE Networking business unit with a dual-pronged strategy: AI for networks and networking for AI.
Netgear’s enterprise ambitions grow with SASE acquisition
June 5, 2025: Netgear took the next step in its plans to grow share among enterprises with the acquisition of privately-held security vendor Exium. Founded in 2019, Exium provides SASE capabilities that go beyond the secure web gateway (SWG) type of functionality that describes most retail and SMB networking gear. Financial terms of the deal were not publicly disclosed.
Proofpoint buying Hornetsecurity in a play to expand email security scope
May 15, 2025: Proofpoint announced its intent to purchase Hornetsecurity Group, a European email security rival. The move will extend Proofpoint’s base beyond some of the world’s largest companies to small and mid-sized businesses globally, through managed service providers.
Palo Alto Networks to buy Protect AI, strengthen AI security platform
April 29, 2025: Palo Alto Networks announced plans to acquire AI security platform vendor Protect AI in a deal that will strengthen its Prisma AIRS security platform, which includes AI agent capabilities. The financial details of the deal were not disclosed, but analysts from investment banking and capital markets firm Jeffries reportedly estimated Palo Alto Networks will spend between $650 million to $700 million to acquire Protect AI and its platform for securing AI and machine learning models and applications.
Alphabet agrees to buy Israel’s Wiz, expanding its cloud security reach
March 18, 2025: Alphabet has agreed to acquire Israeli cybersecurity firm Wiz for $32 billion, a move that will significantly expand its footprint in cloud security and mark its largest acquisition to date. The latest bid exceeds Alphabet’s previous $23-billion bid by roughly a third. Wiz had rejected the earlier proposal in July 2024 due to regulatory concerns.
Jamf to acquire Identity Automation for dynamic ID
March 4, 2025: The notion of responsive platform security on Apple devices becomes far more profound now that Jamf, a leading device management and security vendor in the space, has agreed to acquire Identity Automation, an education-focused dynamic identity and access management platform, for around $215 million.
SolarWinds buys Squadcast to speed incident response
March 4, 2025: Observability provider SolarWinds has agreed to acquire San Francisco-based Squadcast and its incident response technology for an undisclosed amount. The acquisition will let SolarWinds provide customers with intelligent incident response that will speed mean time to resolution for customers, SolarWinds says.
IBM closes its acquisition of HashiCorp
February 27, 2025: Ten months after the $6.4 billion deal was first announced, HashiCorp is now a part of IBM. Best known for its Terraform infrastructure automation tool, HashiCorp will contribute to IBM’s focus on hybrid cloud and AI, and will show up in IBM offerings including Red Hat, watsonx, data security, IT automation, and its consulting businesses. IBM already uses Hashicorp technology in its cloud offerings.
SolarWinds to change hands for $4.4 billion
February 7, 2025: SolarWinds, the IT service management and security information and event management software vendor best known as the target of one of the biggest ever software supply chain attacks, has agreed to be acquired by a new private equity owner, Turn/River Capital, for $4.4 billion. The company’s two largest shareholders, private equity firms Thoma Bravo and Silver Lake, bought into the company in 2015 in a deal that valued it then at $4.5 billion.
Sophos completes purchase of Secureworks
February 3, 2025: Now that its $859-million acquisition of Secureworks has closed, Sophos will be able to fold Secureworks’ XDR products into its own portfolio, making it one of the world’s largest providers of managed detection and response services.
2024 cybersecurity M&A activity
Cisco buys SnapAttack
December 17, 2024: Threat detection startup SnapAttack is now part of Cisco, joining the security business it is building around its acquisition of Splunk last year.
Cohesity closes acquisition of Veritas
December 10, 2024: Data protection software vendor Cohesity has finally closed its acquisition of Veritas, vendor of NetBackup, making it one of the largest enterprise data protection vendors. The deal was first struck in February.
Thoma Bravo completes $5.3 billion Darktrace acquisition.
Oct 1, 2024: Thoma Bravo closed its acquisition of Darktrace, a British vendor of AI-powered cybersecurity tools, in a deal worth roughly $5.3 billion. The investment firm had reportedly been courting Darktrace since 2022. It also owns stakes in LogRhythm, PingIdntity, Proofpoint and Sophos, among other cybersecurity vendors.
Cisco finalizes massive Splunk acquisition
March 18, 2024: Cisco’s $28 billion acquisition of machine data experts Splunk finally passed regulatory muster in the US and EU and closed on March 18. The networking giant bills the acquisition as a way to connect more people, applications and devices to enterprise data stores, while simultaneously offering improved security.
CyberArk agrees to buy Venafi from Thoma Bravo for $1.54 billion
May 20, 2024: Identity security firm CyberArk has agreed to buy machine identity management company Venafi in a cash-and-shares deal worth $1.54 billion from investment firm Thoma Bravo. The acquisition will allow CyberArk to establish a unified platform for end-to-end machine identity security at enterprise scale.
Palo Alto to acquire IBM’s QRadar security tech as vendors expand partnership
May 15, 2024: IBM and Palo Alto Networks announced a wide-reaching partnership to mix and match security technology between the vendors. The deal includes the sale of Big Blue’s QRadar security intelligence platform to Palo Alto.
LogRhythm and Exabeam announce plan to merge
May 15, 2024: Security intelligence and analytics firm LogRhythm, owned by private equity investment firm Thoma Bravo, will merge with competitor Exabeam, a provider of AI-driven security operations. “The combined company will leverage the complementary strengths from each organization to take AI-driven security operations to new heights,” Thoma Bravo said in a statement. According to the statement, customers of both platforms “will benefit from enhanced R&D investments and product innovation, greater service and support coverage and access to a larger AI-driven product portfolio, including cloud-native and on-premises options.” Financial terms of the deal, expected to close in the third quarter of 2024, were not disclosed.
Akamai agrees to buy API security firm Noname
May 9, 2024: Cloud security firm Akamai Technologies announced its intention to buy application programming interface (API) security company Noname Security for about $450 million. Akamai said the deal will allow it to extend protection across all API traffic locations, regardless of business, integration, or deployment requirements. It expects the acquisition will allow it to offer a complete API security suite enabling customers to better discover shadow APIs and detect vulnerabilities and attacks. The deal is expected to close in the second quarter of 2024.
KnowBe4 to buy Egress
April 24, 2024: Security awareness training firm KnowBe4 has agreed to acquire Egress, an adaptive and integrated cloud email security platform. KnowBe4 said in a statement that adding the capabilities of Egress will create a single platform that aggregates threat intelligence dynamically, offering AI-based email security and training that is automatically tailored relative to risk. Financial details of the deal were not disclosed.
Flare acquires Foretrace to enhance threat exposure management capabilities
March 26, 2024: Threat exposure management provider Flare has acquired Foretrace, a US-based data exposure company for an undisclosed amount. Montréal-based Flare said the acquisition of Foretrace and its Total Recon detection engine “further broadens our capabilities for collecting emergent threat data while also deepening our expertise, ensuring that we can be in a great position to lead the way in TEM.” Foretrace founding executives Nick Ascoli and Matt Mosley will join Flare as senior product strategist and VP of Strategic Partnerships respectively.
GitLab buys Oxeye to advance app security and governance
March 20, 2024: DevSecOps platform GitLab has acquired cloud-native application security and risk management solution Oxeye. The addition of Oxeye will accelerate its static application security testing (SAST) plans and augment GitLab’s software composition analysis and compliance tools. Oxeye’s automated cloud-native application security testing solution helps identify and resolve application-layer risks across the software development lifecycle.
Zscaler buys Avalor to add real-time AI-driven security insights and threat prevention
March 14, 2024: Cloud security company Zscaler has bought Avalor to add the capabilities of its artificial intelligence-driven Data Fabric for Security to the Zscaler Zero Trust Exchange platform. The acquisition will allow Zscaler to “more effectively identify vulnerabilities while predicting and preventing breaches,” said Zscaler CEO Jay Chaudhry. Avalor’s Data Fabric for Security ingests, normalizes, and unifies data across enterprise security and business systems to deliver actionable insights, analytics, and operational efficiencies.
UK’s Bridewell buys Arculus Cyber Security to support critical national infrastructure growth
March 13, 2024: UK cybersecurity firm Bridewell has completed its acquisition of public sector cyber security specialists Arculus Cyber Security. The acquisition, Bridewell’s first, will triple the company’s public sector revenue and strengthen its public sector footprint, aligning with the organization’s strategic focus on critical national infrastructure.
Gcore buys StackPath WAAP solution
March 6, 2024: Edge AI, cloud, network, and security solutions provider Gcore has acquired StackPath’s web application and API protection (WAAP) solution. The purchase will provide Gcore customers with an enhanced, enterprise-grade security solution, incorporating web application firewall (WAF), API security, bot protection, and Layer-7 DDoS mitigation at the edge, the company said.
CrowdStrike acquires Flow Security to expand cloud security
March 5, 2024: CrowdStrike has agreed to acquire cloud data runtime security firm Flow Security to create a platform that will provide real-time data protection spanning endpoint and cloud environments that secures data at rest and in motion. The acquisition will allow CrowdStrike to deliver native flow security DSPM capabilities through its Falcon XDR platform, enabling customers to consolidate cloud point solutions and protect the entire cloud estate.
Cycode buys Bearer to increase application security portfolio
March 5, 2024: Application security posture management (ASPM) provider Cycode has acquired Bearer to add new capabilities and strengthen its platform. Bearer provides AI-powered SAST, API discovery, and data leak protection, which Cycode said will be integrated into its ASPM product. New capabilities will include faster scanning speeds, increased precision, and an improved developer experience, Cycode said. The addition of Bearer will also provide AI-powered code resolution, data leak protection, advanced API discovery, and fully enriched risk intelligence graph capabilities.
Hornetsecurity Group acquires Vade
March 5, 2024: Cloud security and compliance SaaS provider Hornetsecurity Group has added French email cybersecurity firm Vade to its business. The merger will provide customers with a more extensive product offering, the companies said. Vade provides email security for Microsoft 365 with differentiated API-based email filtering technology for large telcos and OEMs around the world. The companies plan to release new products in 2024 via Vade´s data center. Financial terms of the deal were not disclosed.
1Password acquires Kolide
February 20, 2024: Password management platform 1Password has bought device security solution Kolide, a device health and contextual access management solution. The acquisition will extend 1Password’s platform’s ability to ensure that both the device and access requests are secure, enhancing its user-focused device security.
Armis acquires AI cybersecurity company CTCI
February 14, 2024: Asset intelligence cybersecurity firm Armis has agreed to buy privately held CTCI (Cyber Threat Cognitive Intelligence), a privately held company specializing in AI-powered pre-attack threat-hunting technology. Armis will integrate CTCI’s technology into its Armis Centrix platform to enhance its early warning cyber intelligence system in preventing breaches, detecting attacks, and determining if an organization has been compromised.
Cybersecurity provider SonicWall buys Banyan Security
January 3, 2024: SonicWall acquired security service edge (SSE) solution provider Banyan Security to add zero-trust security capabilities to its offerings. The deal will extend SonicWall’s portfolio to the cloud and provide partners and their customers with more flexibility, the company said.
Mimecast buys Elevate Security to bolster human risk management
January 4, 2024: Email and collaboration security provider Mimecast has acquired Elevate Security to strengthen its capabilities in human risk management. Financial terms of the deal were not disclosed.
Chertoff Group’s MC² Security Fund completes acquisition of Trustwave
January 5, 2024: The MC² Security Fund, an affiliate of advisory and investment firm the Chertoff Group, completed its acquisition of global cybersecurity and managed security services provider Trustwave, which offers the Fusion Security Operations platform.
Privileged access management provider Delinea buys Authomize
January 9, 2024: Privileged access management (PAM) provider Delinea acquired Authomize to increase its capabilities to detect cloud-based threats. The purchase “will extend the Delinea Platform’s reach for comprehensive privileged controls in the cloud while expanding its role to provide a strong defense against identity-based attacks such as account takeovers, insider threats, and lateral movement,” the company said in a statement.
Snyk acquires Helios to enhance cloud-to-code risk visibility
January 16, 2024: Developer security firm Snyk bought application runtime data capture platform Helios in a bid to enhance its cloud-to-code risk visibility. The acquisition will accelerate the evolution of its Snyk AppRisk platform and Helios’ full-stack runtime data collection and insights capabilities will be integrated into the Snyk Developer Security Platform.
Australia’s 5G Networks buys Security Shift
January 16, 2024: Melbourne-based digital services company 5G Networks has acquired Security Shift for AUD$4 million. Security Shift provides cyber security consultancy, end-to-end managed services and outsourced IT engineering and software development, focusing on public cloud, data centre, critical infrastructure, and Australian Government ISM.
Staley Technologies acquires cybersecurity service division of HoganTaylor Technology
January 23, 2024: Managed IT and cybersecurity and technology integrator Staley Technologies has bought the managed service and cybersecurity service division of HoganTaylor Technology for an undisclosed amount. The deal will enhance cybersecurity services and provide an end-to-end solution for the clients of both companies, Staley said in a statement.