Reasonable Valuations Drove Mergers and Acquisition Activity in Q3, 2023

Ciscos $28 billion purchase of Splunk was the biggest story, but other security majors made strategic acquisitions as well in a better-than-expected quarter.

Ciscos massive $28 billion acquisition of Splunk in September was the financial highlight of a quarter during which several other vendors also made strategic purchases to position themselves for emerging enterprise requirements around cloud, application and identity security.
The acquisitions added to a better-than-expected quarter ended Sept. 30, 2023, with venture funding too picking up steam after a slowdown earlier this year following the collapse of Silicon Valley Bank. IPO activity showed early signs of a revival for the first since late 2021 as well and provided further evidence of the resilience of the sector against economic conditions that have roiled other verticals.
Security segments that witnessed the most activity included services, security consulting, application GRC, security operations and identity and access management.
Reasonable Valuations Drive Acquisition Interest
The third-quarters M&A activity continued a gradual consolidation of the security industry as big players got bigger through acquisitions and smaller players looked for opportunities to make profitable exits.
It appears to have been quite an active quarter, even without Cisco’s $28bn acquisition of Splunk, and there are some good reasons for this, says Rik Turner an analyst at Omdia. With IPO activity still not fully revived, some venture capital firms are looking for quicker exits, resulting in a lot of cybersecurity companies being available at reasonable prices. That’s why there are currently stories circulating about the likes of Dig and Talon being in negotiation to be acquired by Palo Alto, for instance. Even SentinelOne—which is currently public--is also said to be on the hunt for an acquirer, Turner says.
Ciscos purchase of Splunk positioned the company as one of the industrys foremost players in the next generation SIEM market, a
cloud and analytics-driven alternative
to traditional security information and event management technologies.
The acquisition—Ciscos largest ever—was one of more than half-a-dozen purchases the company has made this year to insert itself into multiple hot cybersecurity segments. Others include identity management vendor
Oort
, AI/ML software vendor
Armorblox
, network performance monitoring vendor
Acedian
and cloud security vendors
Lightspin
and
Valtix.
A Gradual Reshaping of the Industry
Cisco was not alone in its attempts to buy its way into lucrative and emerging security segments. Q3, 2023 had several other vendors making similar moves. The most prominent among them were CrowdStrikes purchase of application security posture management vendor
Bionic for a report $350 million
; Check Points forking out of some $490 million for
secure remote access vendor Perimeter 81
;
Thales $3.6 billion acquisition of Imperva
in July and
Tenables $265 million cash and restricted stock purchase
of cloud native application protection platform vendor Ermetic.
Strategic technology buyers are actively looking to round up their offerings by acquiring innovative solutions and teams with the subject matter expertise that will help them stay relevant and competitive in emerging market segments, says Alberto Yépez managing director of Forgepoint Capital. Sponsors are also actively looking for acquisitions that will help them add capabilities to the platform companies they own in order to expand their addressable market and increase their rate of growth.
Yépez identified the managed security services market as a segment that garnered considerable interest from acquisition hunters last quarter—and through the year in general. Much of the activity was in response to growing demand for security services from companies that were either struggling to find professionals or were looking to outsource the security function to others.
We expect more activity in this segment in the next four to six quarter. It is primed for consolidation, he says. M&A activity so far this year suggests that cloud security and compliance are sectors with lots of potential for consolidation given how overcrowded the segments are with emerging companies, Yépez notes.
Momentum Cyber recorded a total of 63 M&A deals in Q3, 2023 with a total disclosed value of $34.9 billion. Of those, eight involved transactions of $100 million or more. Active M&A sectors in Q3 2023 according to Momentum included security consulting and services, managed security services, security operations, incident response, threat intel and identity and access management.
While the majority of 2023 has centered around continued headwinds in a difficult market, strategic activity did see an uptick in deal volume across both M&A and financing toward the back half of Q3, says Momentum analyst John Gould. Momentum anticipates the trend will continue into 2024. Strategic investors are becoming more opportunistic in M&A markets as evidenced by a number of key deals this past quarter, Gould says.
Investment Activity Showed Signs of a Rebound
Activity in the third quarter also suggested that investors are finally putting the
disruption caused by Silicon Valley Banks spectacular collapse
in March, behind them.
All signs point to total venture funding in cybersecurity hitting $10 billion in 2023, matching the record setting year of 2020 says Richard Stiennon, chief research analyst at IT-Harvest. That total is less than half of the all-time record of $24 billion in 2021, he says. But considering the failure of Silicon Valley Bank early in the year and the devastating impact that had on VCs, investments are not too shabby, Stiennon says.
IT-Harvests data showed there was some $7.5 billion invested through the end of September in the cybersecurity sector with the GRC segment—once again—attracting the most investments at $1.6 billion. At the other end of the spectrum was the API security segment with just four investments totaling a paltry $15.9 million so far this year and email security with an even smaller $12.2 million in investor funding.
Investments activity in Q3, 2023 included some big rounds such as the $
238 million that Cato Networks raised in equity investment
in September. The financing round valued Cato at $3 billion and bought to $773 million in total that the secure access service edge technology provider has raised so far. Cato is one of several companies in the third quarter that hinted at going public in the near term Stiennon says. There are signs of life on Wall Street with companies like Palo Alto Networks, CrowdStrike, and Zscaler up 63% to 95% from their lows on January 6, he notes.
Other major investments that Momentum tracked in the third-quarter included
OneTrusts $150 million
later stage venture capital raise in July,
SpyClouds $110 million growth round
in August,
Resiliences $100 million
Series D round and
Nord Securitys $100 million growth raise
in September.
IPO rumors are also heating up for the first time in a while going into 2024, Gould says. Later-stage security startups including Cato Networks and Rubrik have been rumored to be considering going public next year as the market looks to rebound from a dead period in traditional IPO activity since late 2021, he says.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Reasonable Valuations Drove Mergers and Acquisition Activity in Q3, 2023