{"id":14561,"date":"2025-08-05T07:07:40","date_gmt":"2025-08-05T07:07:40","guid":{"rendered":"https:\/\/newestek.com\/?p=14561"},"modified":"2025-08-05T07:07:40","modified_gmt":"2025-08-05T07:07:40","slug":"top-cybersecurity-ma-deals-for-2025","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=14561","title":{"rendered":"Top cybersecurity M&A deals for 2025"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

Cybersecurity continues to remain one of the biggest concerns in global information technology for a litany of reasons that are all too familiar to cybersecurity pros\u2014new and evolving threats, regulatory pressure and uncertainty, and a proliferation of AI-enabled tools, among others.<\/p>\n

According to Kroll\u2019s Spring 2025 Cybersecurity Software Sector M&A Industry Insights<\/a>, 2025 M&A activity is on pace with 2024 \u201cas strategic buyers and investors consolidate capabilities across key domains \u2013 cloud security, exposure management, identity and SecOps.\u201d And, the report notes, as of Q1 2025, deal value already exceeded more than 90% of 2024\u2019s total deal value, thanks to Google\u2019s 32 billion acquisition of Wiz.<\/p>\n

After cybersecurity mergers and acquisitions dropped more than 18% in 2023 versus the prior year, 2024 saw increases in both deal volume (5%) and transaction value (13%) over 2023, a according to a Return on Security<\/a> report. Notably, \u201cthe top 10 deals accounted for 91%\u00a0<\/strong>of the total value.\u201d<\/p>\n

Below are the deals that CSO has selected as the most significant of the year, updated periodically as new deals are announced.<\/p>\n

2025 cybersecurity M&A activity (so far)<\/h2>\n

Palo Alto Networks to buy CyberArk for $25B as identity security takes center stage<\/h3>\n

July 30, 2025:\u00a0<\/strong>Palo Alto Networks is making what could be its biggest bet yet by agreeing to\u00a0buy Israeli identity security company CyberArk<\/a>\u00a0for around $25 billion. \u201cWe envision Identity Security becoming the next major pillar of our multi-platform strategy, complementing our leadership in Network Security, SASE, Cloud Security and Security Operations,\u201d CEO Nikesh Arora\u00a0wrote in a\u00a0letter<\/a>\u00a0to shareholders.<\/p>\n

HPE finalizes Juniper acquisition<\/h3>\n

July 2, 2025:\u00a0<\/strong>Nearly 18 months after it was first announced,\u00a0HPE finally closed its $14 billion acquisition of Juniper Networks<\/a>\u00a0and is combining it and Aruba into a new HPE Networking business unit with a dual-pronged strategy: AI for networks and networking for AI.<\/p>\n

Netgear\u2019s enterprise ambitions grow with SASE acquisition<\/h3>\n

June 5, 2025:\u00a0<\/strong>Netgear took the next step in its plans to grow share among enterprises with the\u00a0acquisition of privately-held security vendor Exium<\/a>. Founded in 2019, Exium provides\u00a0SASE\u00a0capabilities that go beyond the secure web gateway (SWG) type of functionality that describes most retail and SMB networking gear. Financial terms of the deal were not publicly disclosed.<\/p>\n

Proofpoint buying Hornetsecurity in a play to expand email security scope<\/h3>\n

May 15, 2025:\u00a0<\/strong>Proofpoint announced its\u00a0intent to purchase<\/a>\u00a0Hornetsecurity Group, a European email security rival. The move will extend Proofpoint\u2019s base beyond some of the world\u2019s largest companies to small and mid-sized businesses globally, through managed service providers.<\/p>\n

Palo Alto Networks to buy Protect AI, strengthen AI security platform<\/h3>\n

April 29, 2025:<\/strong> Palo Alto Networks announced plans to acquire AI security platform vendor Protect AI<\/a> in a deal that will strengthen its Prisma AIRS security platform, which includes AI agent capabilities. The financial details of the deal were not disclosed, but analysts from investment banking and capital markets\u00a0firm Jeffries\u00a0reportedly estimated<\/a>\u00a0Palo Alto Networks will spend between $650 million to $700 million to acquire Protect AI and its platform for securing AI and machine learning models and applications. <\/p>\n

Alphabet agrees to buy Israel\u2019s Wiz, expanding its cloud security reach<\/h3>\n

March 18, 2025:<\/strong> Alphabet has agreed to acquire Israeli cybersecurity firm Wiz<\/a> for $32 billion, a move that will significantly expand its footprint in cloud security and mark its largest acquisition to date. The latest bid exceeds Alphabet\u2019s previous $23-billion bid by roughly a third. Wiz had rejected the earlier proposal<\/a>\u00a0in July 2024 due to regulatory concerns.<\/p>\n

Jamf to acquire Identity Automation for dynamic ID<\/h3>\n

March 4, 2025:\u00a0<\/strong>The notion of responsive platform security on Apple devices becomes far more profound now that\u00a0Jamf, a leading device management and security vendor in the space, has agreed to\u00a0acquire\u00a0Identity Automation<\/a>, an education-focused dynamic identity and access management platform, for around $215 million.<\/p>\n

SolarWinds buys Squadcast to speed incident response<\/h3>\n

March 4, 2025:\u00a0<\/strong>Observability provider SolarWinds has agreed to\u00a0acquire San Francisco-based\u00a0Squadcast\u00a0<\/a>and its incident response technology for an undisclosed amount. The acquisition will let SolarWinds provide customers with intelligent\u00a0incident response\u00a0that will speed mean time to resolution for customers, SolarWinds says.<\/p>\n

IBM closes its acquisition of HashiCorp<\/h3>\n

February 27, 2025:<\/strong>\u00a0Ten months after the $6.4 billion deal was first announced,\u00a0HashiCorp is now a part of IBM<\/a>. Best known for its Terraform infrastructure automation tool, HashiCorp will contribute to IBM\u2019s focus on hybrid cloud and AI, and will show up in IBM offerings including Red Hat, watsonx, data security, IT automation, and its consulting businesses. IBM already uses Hashicorp technology in its cloud offerings.<\/p>\n

SolarWinds to change hands for $4.4 billion<\/h3>\n

February 7, 2025:\u00a0<\/strong>SolarWinds, the IT service management and security information and event management software vendor best known as the target of\u00a0one of the biggest ever software supply chain attacks<\/a>, has\u00a0agreed to be acquired<\/a>\u00a0by a new private equity owner, Turn\/River Capital, for $4.4 billion. The company\u2019s two largest shareholders, private equity firms Thoma Bravo and Silver Lake, bought into the company in 2015 in a deal that\u00a0valued it then at $4.5 billion<\/a>.<\/p>\n

Sophos completes purchase of Secureworks<\/h3>\n

February 3, 2025:<\/strong>\u00a0Now that its\u00a0$859-million acquisition of Secureworks has closed<\/a>, Sophos will be able to fold Secureworks\u2019 XDR products into its own portfolio, making it one of the world\u2019s largest providers of managed detection and response services.<\/p>\n

2024 cybersecurity M&A activity<\/h2>\n

Cisco buys SnapAttack\u00a0<\/h3>\n

December 17, 2024: <\/strong>Threat detection startup\u00a0SnapAttack is now part of Cisco<\/a>, joining the security business it is building around its acquisition of Splunk last year.<\/p>\n

Cohesity closes acquisition of Veritas\u00a0<\/h3>\n

December 10, 2024: <\/strong>Data protection software vendor Cohesity has finally closed its acquisition of Veritas<\/a>, vendor of NetBackup, making it one of the largest enterprise data protection vendors. The deal was first struck in February.<\/p>\n

Thoma Bravo completes $5.3 billion Darktrace acquisition.<\/h3>\n

Oct 1, 2024: <\/strong>Thoma Bravo closed its acquisition of Darktrace<\/a>, a British vendor of AI-powered cybersecurity tools, in a deal worth roughly $5.3 billion. The investment firm had reportedly been courting Darktrace since 2022. It also owns stakes in LogRhythm, PingIdntity, Proofpoint and Sophos, among other\u00a0cybersecurity vendors.<\/a><\/p>\n

Cisco finalizes massive Splunk acquisition<\/h3>\n

March 18, 2024:<\/strong> Cisco\u2019s $28 billion acquisition of machine data experts Splunk<\/a> finally passed regulatory muster in the US and EU and closed on March 18. The\u00a0networking giant\u00a0bills the acquisition as a way to connect more people, applications and devices to enterprise data stores, while simultaneously offering improved security.<\/p>\n

CyberArk agrees to buy Venafi from Thoma Bravo for $1.54 billion<\/h3>\n

May 20, 2024:<\/strong> Identity security firm CyberArk has agreed to buy<\/a> machine identity management company Venafi in a cash-and-shares deal worth $1.54 billion from investment firm Thoma Bravo. The acquisition will allow CyberArk to establish a unified platform for end-to-end machine identity security at enterprise scale. <\/p>\n

Palo Alto to acquire IBM\u2019s QRadar security tech as vendors expand partnership<\/h3>\n

May 15, 2024: <\/strong>IBM and Palo Alto Networks announced a wide-reaching partnership to mix and match security technology between the vendors. The deal includes the sale of Big Blue\u2019s QRadar\u00a0security intelligence\u00a0platform\u00a0to Palo Alto.<\/a><\/p>\n

LogRhythm and Exabeam announce plan to merge<\/h3>\n

May 15, 2024:<\/strong> Security intelligence and analytics firm LogRhythm, owned by private equity investment firm Thoma Bravo, will merge with competitor Exabeam, a provider of AI-driven security operations. \u201cThe combined company will leverage the complementary strengths from each organization to take AI-driven security operations to new heights,\u201d Thoma Bravo said in a statement<\/a>. According to the statement, customers of both platforms \u201cwill benefit from enhanced R&D investments and product innovation, greater service and support coverage and access to a larger AI-driven product portfolio, including cloud-native and on-premises options.\u201d Financial terms of the deal, expected to close in the third quarter of 2024, were not disclosed.<\/p>\n

Akamai agrees to buy API security firm Noname<\/h3>\n

May 9, 2024: <\/strong>Cloud security firm Akamai Technologies announced its intention to buy<\/a> application programming interface (API) security company Noname Security for about $450 million. Akamai said the deal will allow it to extend protection across all API traffic locations, regardless of business, integration, or deployment requirements. It expects the acquisition will allow it to offer a complete API security suite enabling customers to better discover shadow APIs and detect vulnerabilities and attacks. The deal is expected to close in the second quarter of 2024.<\/p>\n

KnowBe4 to buy Egress<\/h3>\n

April 24, 2024:<\/strong> Security awareness training firm KnowBe4 has agreed to acquire Egress<\/a>, an adaptive and integrated cloud email security platform. KnowBe4 said in a statement that adding the capabilities of Egress will create a single platform that aggregates threat intelligence dynamically, offering AI-based email security and training that is automatically tailored relative to risk. Financial details of the deal were not disclosed.<\/p>\n

Flare acquires Foretrace to enhance threat exposure management capabilities<\/h3>\n

March 26, 2024: <\/strong>Threat exposure management provider Flare has acquired\u00a0Foretrace<\/a>, a US-based data exposure company for an undisclosed amount. Montr\u00e9al-based Flare said the acquisition of Foretrace and its Total Recon detection engine \u201cfurther broadens our capabilities for collecting emergent threat data while also deepening our expertise, ensuring that we can be in a great position to lead the way in TEM.\u201d Foretrace founding executives Nick Ascoli and Matt Mosley will join Flare as senior product strategist and VP of Strategic Partnerships respectively.<\/p>\n

GitLab buys Oxeye to advance app security and governance<\/h3>\n

March 20, 2024: <\/strong>\u00a0<\/em>DevSecOps platform GitLab has acquired cloud-native application security and risk management solution Oxeye<\/a>. The addition of Oxeye will accelerate its static application security testing (SAST) plans and augment GitLab\u2019s software composition analysis and compliance tools. Oxeye\u2019s automated cloud-native application security testing solution helps identify and resolve application-layer risks across the software development lifecycle.<\/p>\n

Zscaler buys Avalor to add real-time AI-driven security insights and threat prevention<\/h3>\n

March 14, 2024:<\/strong> Cloud security company Zscaler has bought Avalor<\/a> to add the capabilities of its artificial intelligence-driven Data Fabric for Security to the Zscaler Zero Trust Exchange platform. The acquisition will allow Zscaler to \u201cmore effectively identify vulnerabilities while predicting and preventing breaches,\u201d said Zscaler CEO Jay Chaudhry. Avalor\u2019s Data Fabric for Security ingests, normalizes, and unifies data across enterprise security and business systems to deliver actionable insights, analytics, and operational efficiencies.<\/p>\n

UK\u2019s Bridewell buys Arculus Cyber Security to support critical national infrastructure growth<\/h3>\n

March 13, 2024: <\/strong>UK cybersecurity firm Bridewell has completed its acquisition<\/a> of public sector cyber security specialists Arculus Cyber Security. The acquisition, Bridewell\u2019s first, will triple the company\u2019s public sector revenue and strengthen its public sector footprint, aligning with the organization\u2019s strategic focus on critical national infrastructure.<\/p>\n

Gcore buys StackPath WAAP solution<\/h3>\n

March 6, 2024:<\/strong> Edge AI, cloud, network, and security solutions provider Gcore has acquired<\/a> StackPath\u2019s web application and API protection (WAAP) solution. The purchase will provide Gcore customers with an enhanced, enterprise-grade security solution, incorporating web application firewall (WAF), API security, bot protection, and Layer-7 DDoS mitigation at the edge, the company said.<\/p>\n

CrowdStrike acquires Flow Security to expand cloud security<\/h3>\n

March 5, 2024:<\/strong> CrowdStrike has agreed to acquire<\/a> cloud data runtime security firm Flow Security to create a platform that will provide real-time data protection spanning endpoint and cloud environments that secures data at rest and in motion. The acquisition will allow CrowdStrike to deliver native flow security DSPM capabilities through its Falcon XDR platform, enabling customers to consolidate cloud point solutions and protect the entire cloud estate.<\/p>\n

Cycode buys Bearer to increase application security portfolio<\/h3>\n

March 5, 2024:<\/strong> \u00a0Application security posture management (ASPM<\/a>) provider Cycode has acquired Bearer<\/a> to add new capabilities and strengthen its platform. Bearer provides AI-powered SAST, API discovery, and data leak protection, which Cycode said will be integrated into its ASPM product. New capabilities will include faster scanning speeds, increased precision, and an improved developer experience, Cycode said. The addition of Bearer will also provide AI-powered code resolution, data leak protection, advanced API discovery, and fully enriched risk intelligence graph capabilities.<\/p>\n

Hornetsecurity Group acquires Vade<\/h3>\n

March 5, 2024:<\/strong> Cloud security and compliance SaaS provider Hornetsecurity Group has added French email cybersecurity firm Vade to its business. The merger<\/a> will provide customers with a more extensive product offering, the companies said. Vade provides email security for Microsoft 365 with differentiated API-based email filtering technology for large telcos and OEMs around the world. The companies plan to release new products in 2024 via Vade\u00b4s data center. Financial terms of the deal were not disclosed.<\/p>\n

1Password acquires Kolide<\/h3>\n

February 20, 2024: <\/strong>Password management platform 1Password has bought device security solution Kolide<\/a>, a device health and contextual access management solution. The acquisition will extend 1Password\u2019s platform\u2019s ability to ensure that both the device and access requests are secure, enhancing its user-focused device security.<\/p>\n

Armis acquires AI cybersecurity company CTCI<\/h3>\n

February 14, 2024:<\/strong> Asset intelligence cybersecurity firm Armis has agreed to buy privately held CTCI<\/a> (Cyber Threat Cognitive Intelligence), a privately held company specializing in AI-powered pre-attack threat-hunting technology. Armis will integrate CTCI\u2019s technology into its Armis Centrix platform to enhance its early warning cyber intelligence system in preventing breaches, detecting attacks, and determining if an organization has been compromised.<\/p>\n

Cybersecurity provider SonicWall buys Banyan Security<\/h3>\n

January 3, 2024: <\/strong>SonicWall acquired<\/a> security service edge (SSE) solution provider Banyan Security to add zero-trust security capabilities to its offerings. The deal will extend SonicWall\u2019s portfolio to the cloud and provide partners and their customers with more flexibility, the company said.<\/p>\n

Mimecast buys Elevate Security to bolster human risk management<\/h3>\n

January 4, 2024: <\/strong>Email and collaboration security provider Mimecast has acquired Elevate Security<\/a> to strengthen its capabilities in human risk management. Financial terms of the deal were not disclosed.<\/p>\n

Chertoff Group\u2019s MC\u00b2 Security Fund completes acquisition of\u00a0Trustwave<\/h3>\n

January 5, 2024: <\/strong>The MC\u00b2 Security Fund, an affiliate of\u00a0advisory and investment firm the Chertoff Group,\u00a0completed its acquisition<\/a> of\u00a0global cybersecurity and managed security services provider Trustwave, which offers the Fusion Security Operations platform.<\/p>\n

Privileged access management provider Delinea buys Authomize<\/h3>\n

January 9, 2024: <\/strong>Privileged access management (PAM) provider Delinea acquired\u00a0Authomize<\/a> to increase its capabilities to detect cloud-based threats. The purchase \u201cwill extend the\u00a0Delinea Platform\u2019s reach for comprehensive privileged controls in the cloud while expanding its role to provide a strong defense against identity-based attacks such as account takeovers, insider threats, and lateral movement,\u201d the company said in a statement. <\/p>\n

Snyk acquires Helios to enhance cloud-to-code risk visibility<\/h3>\n

January 16, 2024: <\/strong>Developer security firm Snyk bought application runtime data capture platform Helios<\/a> in a bid to enhance its cloud-to-code risk visibility. The acquisition will accelerate the evolution of its Snyk AppRisk\u00a0platform and Helios\u2019 full-stack runtime data collection and insights capabilities will be integrated into the Snyk Developer Security Platform.<\/p>\n

Australia\u2019s 5G Networks buys Security Shift<\/h3>\n

January 16, 2024:<\/strong> Melbourne-based digital services company 5G Networks has acquired Security Shift<\/a> for AUD$4 million. Security Shift provides cyber security consultancy, end-to-end managed services and outsourced IT engineering and software\u00a0development, focusing on public cloud, data centre, critical infrastructure, and Australian Government ISM.<\/p>\n

Staley Technologies acquires cybersecurity service division of HoganTaylor Technology<\/h3>\n

January 23, 2024: <\/strong>Managed IT and cybersecurity and technology integrator Staley Technologies<\/a> has bought the managed service and cybersecurity service division of HoganTaylor Technology for an undisclosed amount. The deal will enhance cybersecurity services and provide an end-to-end solution for the clients of both companies, Staley said in a statement. <\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Cybersecurity continues to remain one of the biggest concerns in global information technology for a litany of reasons that are all too familiar to cybersecurity pros\u2014new and evolving threats, regulatory pressure and uncertainty, and a proliferation of AI-enabled tools, among others. According to Kroll\u2019s Spring 2025 Cybersecurity Software Sector M&A Industry Insights, 2025 M&A activity is on pace with 2024 \u201cas strategic buyers and investors… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14561","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14561","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14561"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14561\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14561"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14561"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14561"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}