Cybersecurity Acquisitions in Minnesota
Minnesota Cybersecurity M&A Themes
Cybersecurity deals in Minnesota span managed security services, exposure and insider threat analytics, and data protection—often framed as expanding platforms, adding cloud-native capabilities, or extending enterprise reach. Recent transactions include acquisitions in Maple Grove, Minneapolis, and Saint Paul that reflect both offensive security and defense-oriented security services.
Across the listed announcements, several well-known cybersecurity investors and operators recur, including TA Associates, Charlesbank Capital Partners, HGGC, KKR, Mimecast, Arctic Wolf Networks, Inc., Sectigo, and Courion. The common thread is capability expansion—such as integrating MDR/XDR/WAF managed services, unifying asset intelligence and exposure identification, or broadening Certificate Lifecycle Management (CLM).
For buyers active in Minnesota, the strategic rationale tends to center on scaling delivery (including managed services footprints), deepening product coverage (DLP, insider risk, offensive testing), and incorporating targeted technology to strengthen platform offerings.
What Stands Out
- Managed security services expansion shows up in deals like LevelBlue’s acquisition of Fortra’s Alert Logic managed services business.
- Exposure, vulnerability, and asset intelligence integration is highlighted by Arctic Wolf’s acquisition of Sevco Security.
- Identity and certificate lifecycle security remains a focus, including Sectigo’s acquisition of Entrust’s public certificate business.
- Offensive testing and adversarial simulation capabilities are reinforced through acquisitions such as Cyber Advisors’ acquisition of White Oak Security and DeepSeas’ acquisition of RedTeam Security.
- Insider threat and data loss prevention themes appear in Mimecast’s acquisition of Code42.
| Buyer | What they’re adding (from Minnesota deals) |
|---|---|
| Arctic Wolf Networks, Inc. | Exposure assessment technology to enhance continuous exposure identification |
| Sectigo | Expanded CLM capabilities via Entrust’s public certificate business |
| Mimecast | Insider threat management via Code42’s capabilities |
| HelpSystems (Fortra) | DLP portfolio strength through Digital Guardian |
| LevelBlue | MDR/XDR/WAF managed services coverage through Alert Logic |
-
March 19, 2026
- Buyer
- Sterling Investment Partners
- Target
- Cyber Advisors
- Industry
- Cybersecurity
- Location
- Minnesota, United States
- Type
- Buyout
Sterling Investment Partners announced the acquisition of Cyber Advisors, a provider of cybersecurity and managed IT services. Cyber Advisors, headquartered in Maple Grove, Minnesota, supports 1,800+ customers nationwide with 330+ professionals.
-
February 23, 2026
- Buyer
- Arctic Wolf Networks, Inc.
- Target
- Sevco Security
- Industry
- Cybersecurity
- Location
- Minnesota, United States
- Type
- Buyout
Arctic Wolf announced it has acquired Sevco Security, an exposure assessment platform company. Sevco’s cloud-native technology will be integrated into the Arctic Wolf Aurora Platform to unify asset intelligence, vulnerability context, and security control coverage for continuous exposure identification and prioritization across hybrid environments.
-
January 29, 2026
- Buyer
- LevelBlue
- Target
- Alert Logic (managed services business)
- Seller
- Fortra, Alert Logic
- Industry
- Cybersecurity
- Location
- Minnesota, United States
- Type
- Divestiture
LevelBlue has acquired Fortra’s Alert Logic managed services business—covering Alert Logic’s MDR, XDR, and WAF managed services—under a broader long-term strategic partnership that makes Fortra a leading technology partner for LevelBlue. The deal expands LevelBlue’s global managed detection and response platform and provides Alert Logic customers access to a larger global footprint and broader threat telemetry; Santander and Stephens served as financial advisors to LevelBlue and Fortra/Alert Logic, respectively.
-
January 29, 2025
- Buyer
- Sectigo
- Target
- Entrust public certificate business
- Seller
- Entrust
- Industry
- Cybersecurity
- Location
- Minnesota, United States
- Type
- Divestiture
Sectigo has acquired Entrust's public certificate business, a transaction that doubles Sectigo's enterprise footprint and expands its Certificate Lifecycle Management (CLM) capabilities. The company completed a migration of more than 500,000 certificates to Sectigo Certificate Manager, ensuring continuity for Entrust customers and partners while boosting Sectigo's scale and PQC readiness.
-
July 24, 2024
- Buyer
- Mimecast
- Target
- Code42
- Industry
- Cybersecurity
- Location
- Minnesota, United States
- Type
- Buyout
Mimecast has acquired Code42, a leader in insider threat management and data loss prevention, to expand its Human Risk Management (HRM) platform and enhance visibility into insider threats. Financial terms were not disclosed; Code42's Incydr product will be made available to Mimecast customers and integrated into its platform over the coming months.
-
October 10, 2023
- Buyer
- Cyber Advisors, Goldner Hawn
- Target
- White Oak Security
- Industry
- Cybersecurity
- Location
- Minnesota, United States
- Type
- Addon
Cyber Advisors, a Goldner Hawn portfolio company, has acquired White Oak Security, an offensive cybersecurity firm based in Plymouth, Minnesota. The deal expands Cyber Advisors’ offensive testing and adversarial simulation capabilities and brings White Oak’s experienced talent into Cyber Advisors’ security services platform.
-
July 12, 2023
- Buyer
- DeepSeas, Nautic Partners
- Target
- RedTeam Security
- Industry
- Cybersecurity
- Location
- Minnesota, United States
- Type
- Addon
DeepSeas, a Nautic Partners-backed cyber defense platform, has acquired RedTeam Security, a Minneapolis-based offensive security testing firm. The acquisition strengthens DeepSeas' offensive testing and assessment capabilities to better serve enterprise and mid-market clients, while expanding its talent base for security and compliance engagements.
-
October 5, 2022
- Buyer
- KKR
- Target
- NetSPI
- Seller
- Sunstone Partners
- Industry
- Cybersecurity
- Location
- Minnesota, United States
- Type
- Growth capital
KKR is increasing its investment in NetSPI with a $410 million growth funding round to support the company's technology innovation, talent acquisition, and global expansion while recapitalizing NetSPI's first institutional investor, Sunstone Partners. The funding comes from KKR's Technology Growth strategy and follows prior investments in NetSPI as the company scales its PTaaS, Attack Surface Management, and related offensive security offerings.
-
December 17, 2021
- Buyer
- Virtual Guardian, ESI Technologies
- Target
- NaviLogic, Inc.
- Seller
- NaviLogic shareholders (including co-founders Bill Strub and Bob Bennett)
- Industry
- Cybersecurity
- Location
- Minnesota, United States
- Type
- Buyout
ESI Technologies' cybersecurity subsidiary Virtual Guardian acquired NaviLogic, Inc., a Saint Paul-based cybersecurity and IT integration firm, with the deal closing on December 17, 2021. The acquisition expands Virtual Guardian and ESI Technologies' cybersecurity and GRC capabilities in the United States and provides NaviLogic clients access to a broader suite of resources and services.
-
October 27, 2021
- Buyer
- HelpSystems (Fortra)
- Target
- Digital Guardian
- Industry
- Cybersecurity
- Location
- Minnesota, United States
- Type
- Buyout
HelpSystems (now Fortra) acquired Digital Guardian, a provider of SaaS and managed service-enabled data loss prevention (DLP) solutions, to strengthen its data security portfolio. The deal brings Digital Guardian’s endpoint, network and cloud DLP capabilities and managed services into Fortra’s security offering to improve data classification and protection across environments.
-
- Buyer
- KKR, Ten Eleven Ventures, Sunstone Partners
- Target
- NetSPI
- Industry
- Cybersecurity
- Location
- Minnesota, United States
- Type
- Growth capital
NetSPI, a Minneapolis-based leader in penetration testing and attack surface management, raised $90 million in growth funding led by KKR with participation from Ten Eleven Ventures (and existing investor Sunstone Partners). The capital will be used to accelerate product innovation, expand cyber security and client experience teams, and deepen U.S. and international operations.
-
- Buyer
- Harvest Partners SCF, LP, TA Associates, Charlesbank Capital Partners, HGGC, HelpSystems employees
- Target
- HelpSystems
- Industry
- Cybersecurity
- Location
- Minnesota, United States
- Type
- Growth capital
Funds managed by Harvest Partners SCF, LP signed a definitive agreement to lead a minority investment in HelpSystems, joining existing investors TA Associates, Charlesbank Capital Partners and HGGC alongside HelpSystems employees. The growth investment will support HelpSystems' continued expansion of its cybersecurity and IT automation software offerings and further product, acquisition and geographic growth.
-
October 10, 2019
- Buyer
- TA Associates, Charlesbank Capital Partners, HGGC
- Target
- HelpSystems
- Industry
- Cybersecurity
- Location
- Minnesota, United States
- Type
- Growth capital
Private equity firms TA Associates and Charlesbank Capital Partners have signed definitive agreements to become additional investors in HelpSystems, joining existing investor HGGC as well as management and employees. The minority growth investment will provide capital to accelerate HelpSystems' organic growth and support complementary acquisitions of cybersecurity, automation and analytics solutions.
-
December 9, 2015
- Buyer
- Courion
- Target
- Core Security
- Industry
- Cybersecurity
- Location
- Minnesota, United States
- Type
- Buyout
Courion, an identity governance and administration (IGA) provider, acquired Core Security, a vulnerability management and attack intelligence company, to combine identity and vulnerability intelligence into an integrated Vulnerability and Risk Management (VRM) solution. The deal brings together Courion's IGA capabilities with Core Security's analytics-driven attack intelligence to provide customers a more comprehensive view of attack surface, detection and remediation.
Track M&A activity that matters to you
Get real-time deal alerts, build buyer lists with AI, and access our full acquisition database. Start your free trial today.
Frequently Asked Questions
What cybersecurity subsectors are represented in Minnesota acquisitions?
The page reflects a mix of managed detection and response and related services, exposure/vulnerability assessment, public certificate lifecycle management, insider threat/data loss prevention, and offensive security testing and adversarial simulation.
Which acquirers appear more than once across the Minnesota activity shown?
Several recurring names appear across the page’s broader coverage, including KKR, TA Associates, Charlesbank Capital Partners, HGGC, Mimecast, Arctic Wolf Networks, Inc., Sectigo, and Courion.
Do the Minnesota deals include both defensive and offensive security capabilities?
Yes. The announcements include defensive-focused capabilities (e.g., managed services, insider threat, DLP, certificate lifecycle management) and offensive/security testing capabilities (e.g., exposure testing and adversarial simulation firms).
Are financial terms disclosed for the Minnesota acquisitions?
Not consistently. For example, Mimecast’s acquisition of Code42 notes that financial terms were not disclosed, while other deal summaries focus on strategic and capability rationale rather than pricing.