During a busy month of May for merger and acquisition (M&A) announcements in cybersecurity, several big-name vendors signaled their intent to boost their capabilities in areas including AI, cloud and quantum.
Proofpoint made announcements around two separate transactions, while tech giant Check Point reached agreement for a deal expected to close at the end of Q2, 2025.
Here is Infosecurity’s M&A roundup for the month:
Fortra Buys Lookout’s Cloud Security Business
On May 12, Fortra announced the acquisition of Lookout’s cloud security business, which features its Security Service Edge (SSE) solution. This deal is designed to augment Fortra’s ability to identify, protect and detect data in the cloud. The latest agreement follows a strategic integration partnership between the two firms in March 2024.
Orca Acquires Startup to Enhance Agentic AI Security
Cloud security company Orca revealed it had acquired Opus, a startup specializing in agentic AI-driven automation and orchestration, on May 13. The move marks the next phase in Orca’s journey to provide agentic AI-based remediation and prevention services. The Opus team will be integrated into Orca.
Keyfactor in Double Quantum Security Acquisition
Keyfactor announced the acquisitions of two providers of quantum secure cryptographic solutions, InfoSec Global and CipherInsights. The two deals, unveiled on May 13, aim to position Keyfactor as a leader in digital trust and quantum readiness, with the new solutions allowing it to discover and inventory cryptographic assets across customers.
Proofpoint Reaches Agreement to Buy Hornetsecurity
Cybersecurity and compliance company Proofpoint announced a definitive agreement to acquire Hornetsecurity on May 15. Proofpoint will integrate Hornetsecurity’s AI-powered Microsoft 365 security services, enhancing its ability to provide human-centric security to SMBs globally through managed services providers (MSPs). The acquisition is expected to close in the second half of 2025.
Proofpoint Acquires Nuclei in Second M&A Announcement
In its second acquisition announcement of the month, on May 21 Proofpoint announced it had purchased Nuclei, a US based company specializing in compliance archiving and AI-driven data enrichment for modern workplace communications. Proofpoint will use Nuclei’s platform to enhance its capabilities to capture, retain and analyze communications across workspace collaboration platforms such as Microsoft Teams, Slack and Zoom.
JumpCloud Acquires PAM Specialist VaultOne
On May 20, identity firm JumpCloud announced the acquisition of VaultOne, a privileged access management (PAM) specialist. The transaction is designed to expand JumpCloud’s ability to provide secure, frictionless access to resources. VaultOne customers will keep their service without interruption.
Fortinet Buys SaaS Security Provider Suridata
Fortinet announced the acquisition of SaaS security provider Suridata on May 22. Suridata’s solutions will be added to Fortinet’s Unified SASE portfolio to help it deliver secure SaaS access. These solutions provide continuous monitoring, risk assessment and policy enforcement across SaaS apps. The announcement comes amid rising SaaS compromises via stolen credentials.
Zscaler to Utilize Agentic AI with Red Canary Deal
On May 27, cloud security firm Zscaler signed a definitive agreement to acquire Red Canary, a managed detection and response provider. By utilizing Red Canary’s agentic AI, behavioral analytics and threat intelligence capabilities, Zscaler aims to deliver a unified, agentic security operations center. The transaction is expected to close in August 2025.
Check Point Reaches Definitive Agreement to Acquire Veriti
Check Point announced on May 27 that it had reached a deal to acquire Veriti Cybersecurity, a fully automated, multi-vendor pre-emptive threat exposure and mitigation platform. The deal marks a step toward realizing Check Point’s hybrid mesh security vision, enabling the firm to provide multi-vendor remediation across the entire security stack. The transaction is expected to close by the end of Q2, 2025.
Tenable Announces Intent to Acquire Apex Security
On May 29, exposure management company Tenable announced its intent the acquire Apex Security to strengthen its AI security capabilities. Tenable intends to add Apex’s tools to govern usage, enforce policy and control exposure across both the AI that organizations use and the AI they build. Following acquisition close, Tenable expects to deliver integrated capabilities in the second half of 2025.