Cybersecurity M&A Roundup: 2025 Off to a Fast Start

Written by

The new year saw an immediate surge of merger and acquisition (M&A) activity in the cybersecurity space, with a vast volume of announcements made in January 2025.

Big name players in the cybersecurity field, including 1Password, Darktrace and Tenable, proposed and confirmed acquisitions in January.

This activity plays into expected cybersecurity M&A trends for 2025, with industry analysts telling Infosecurity that they anticipate large firms to continue to expand their product offerings this year.

Here is Infosecurity’s M&A roundup for January 2025.

Veracode Acquires Phylum’s Software Security Capabilities

On January 6, application risk management firm Veracode announced it had acquired “certain assets” of Phylum, an automated, software supply chain security platform. These assets include Phylum’s malicious package analysis, detection and mitigation technology, with Veracode seeking to enhance its identify and block malicious code in open-source libraries. The move is part of Veracode’s continued investment in software supply chain risk management.

1Password Announces Trelica Acquisition

Password management service 1Password announced on January 7 that it had acquired SaaS access management provider Trelica. The transaction is designed to accelerate the delivery of new capabilities in the 1Password Extended Access Management Platform, which secures every sign-in to every app on every device.

WatchGuard Buys ActZero to Boost AI Security

Managed detection and response (MDR) provider WatchGuard acquired ActZero, with a view to incorporating the firm’s cross-platform AI-driven threat analysis capabilities into its offerings. Announced on January 8, the deal will see ActZero’s technology and teams become the foundation of the WatchGuard MDR product line serving managed service providers (MSPs).

Darktrace Proposes Acquisition to Boost Cloud Security Capabilities

On January 9, UK AI-specialist cybersecurity firm Darktrace announced the proposed acquisition of Cado Security, a cloud investigation and response provider. The strategic move is designed to boost Darktrace’s abilities to defend customer operations across multiple cloud environments. The acquisition is subject to regulatory approval and is expected to complete in February 2025. The announcement follows Darktrace’s $5.3bn acquisition by Thomas Bravo in October 2024.

Source: T. Schneider / Shutterstock.com
Source: T. Schneider / Shutterstock.com

Chainalysis Acquires AI-Powered Fraud Detection Firm

Blockchain analysis firm Chainalysis announced on January 13 that it had acquired AI-powered fraud detection specialist, Alterya. The move is part of Chainalysis’ ambition to become a leader in the prevention and investigation of illicit cryptocurrency transactions. The announcement follows the firm’s acquisition of web3 security solution Hexagate in December 2024.

NinjaOne Reaches Definitive Agreement to Buy Dropsuite

On January 27, NinjaOne announced a definitive agreement to buy cloud data backup firm Dropsuite for approximately $252m. NinjaOne intends to integrate Dropsuite’s data protection suite into its automated endpoint management platform to safeguard customers against data breaches and ransomware attacks. The acquisition is expected to close in the first half of 2025, subject to regulatory approval.

JumpCloud Acquires Stack Identity

Zero-trust directory platform JumpCloud announced the acquisition of Stack Identity on January 28, with the firm looking to strengthen its access management solution. Stack Identity’s data analytics technology is designed to detect unmonitored and unauthorized access pathways. The transaction comes less than a year after JumpCloud’s acquisition of SaaS security firm Resmo.

Searchlight Announces Assetnote Acquisition

On January 29, Searchlight Cyber announced its first ever acquisition, of Australia-based Assetnote. The deal will see the integration of Assetnote’s attack surface management solution into Searchlight’s dark web intelligence and monitoring capabilities. The entire Assetnote team will be joining Searchlight, including founders CEO Michael Gianarakis and CTO Shubham Shah.

Sectigo Acquires Entrust’s Public Certificate Business

Digital certificates specialist Sectigo announced the purchase of Entrust’s public certificate business on January 29. The strategic move will double the size of Sectigo’s enterprise operations, enabling the firm to provide enhanced certificate lifecycle management capabilities to a broader customer base. This comes amid the growing challenges posed by shorter certificate lifespans and postquantum cryptography.

CYE Acquires Cloud Security Company Solvo

CYE announced the acquisition of Solvo on January 29, as the firm looks to boost its ability to help customers remediate security gaps across multi-cloud environments. Solvo’s solution will complement CYE’s Hyver platform by providing deep visibility into cloud assets of customers and by addressing configurations. CYE hopes the move will allow it to broaden its market reach.

Tenable Announces Definitive Agreement to Acquire Vulcan

Tenable revealed it had signed a definitive agreement to acquire exposure management company Vulcan Cyber on January 29. Vulcan’s capabilities will be used to allow Tenable to consolidate exposures across its customers’ security stack. Under the terms of the agreement, Tenable will pay Vulcan approximately $147m in cash and $3m of restricted stock units that vest over a future period.

What’s hot on Infosecurity Magazine?