The cybersecurity market — estimated to be worth more than $1 trillion over the next five years — is simultaneously expanding and consolidating.

Last week, CSO provided a list of the largest cybersecurity VC deals in 2017. At least 20 companies have raised $40 million or more from venture capital firms and corporate investors so far this year (not including recent Q4 deals). Dozens of other cybersecurity startups have pulled in smaller rounds during the first three quarters.

[ Download the State of Cybercrime 2017 report and bookmark CSO's daily dashboard for the latest advisories and headlines. | Sign up for CSO newsletters. ]

The cybersecurity space is dotted with new market entrants, and the trend is expected to continue through 2021. A total addressable market — TAM, as VCs like to call it — with 12 zeroes equates to a lot of investment activity.

On the other hand, the market is being somewhat equalized by a slew of mergers and acquisitions over the past two years.

Symantec, the world’s largest cybersecurity company, has been busy on both sides this year. They recently unloaded their website security and PKI business to DigiCert for $950 million. And they acquired two Israeli companies — Skycure, a mobile threat defense firm, and Fireglass, an enterprise cybersecurity provider.

To get a sense of the merger and acquisition (M&A) activity, a recent report from Cybersecurity Ventures lists 20 of the larger deals. This does not include many transactions where the companies involved did not disclose financial terms.

20 big cybersecurity M&A deals

Sept. 27 — SAP acquires Gigya, maker of a web-based platform for customer identity management and profiling, for a reported $350 million.

Sept. 19 — Mantech International announces intent to acquire InfoZen for $180 million in cash. InfoZen is an IT solutions provider whose domain expertise includes threat monitoring and assessment capabilities in support of critical national and homeland security missions.

Sept. 1 — HPE completes sale of its IT management, big data and security lines to Micro Focus for $8.8 billion.

Aug. 2 — Symantec sells its website security and PKI solutions business to DigiCert for some $950 million in cash and 30 percent of DigiCert’s common stock at the close of the transaction, which is expected in the third quarter of fiscal 2018.

July 27 — Open Text announces definitive agreement to acquire Guidance Software for about $222 million. Guidance is known for its EnCase digital investigations software. Its software partners include Box, Cisco, Dropbox and Intel.

July 18 — Rapid7 acquires Komand, a maker of software tools for automating security tasks. Deal price is reported at $50 million, including cash, stock and earn-outs.

June 7 — Fingerprint Cards completes purchase of Delta ID, an iris recognition company, for $113.1 million. FPC says the acquisition will help it expand beyond the mobile market where it has a strong position.

May 31 — Gemalto, a digital security company, completes purchase of 3M’s identity management business for $850 million. The units, including Cogent biometric technologies, will be integrated into a new entity to be known as Gemalto-Cogent.

May 26 — Vector Capital, a global equity company, acquires Sandvine, a network policy control solutions provider, for $375 million.

May 24 — Microsoft agrees to acquire Hexadite for $100 million. Hexadite, located in Boston and with its research and development center in Israel, provides technology to automate responses to cyber attacks.

[ Read also: Largest cybersecurity venture capital deals in 2017. ]

May 11 — CyberArk Software acquires Conjur, a maker of DevOps security software, for $42 million in cash. CyberArk says the acquisition allows it to reach deeper into the DevOps lifecycle to protect secrets and manage machine identities.

April 28 — Thales agrees to acquire Guavus, a developer of machine intelligent big data analytics platforms, in a cash transaction valued at up to $215 million. Thales designs and deploys security equipment, systems and services.

April 19 — European Union approves $2.7 billion acquisition of Morpho, the biometrics and security arm of the French aerospace company Safran, by the U.S. private equity firm Advent International. The deal is contingent upon Morpho selling off its payment card business.

March 13 — Intel acquires Mobileye, a maker of sensors and cameras for driverless vehicles, for $15.3 billion.

March 7 — CA Technologies announces intention to acquire application security vendor Veracode for $614 million.

Feb. 28 — Palo Alto Networks acquires LightCyber, a behavioral analytics company, for $105 million in cash.

Feb. 8 — Sophos, a cybersecurity solutions company, agrees to acquire Invincea, a provider of machine learning, threat detection software, for $100 million in cash and an earn-out of $20 million.

Jan. 17 — Auxilio, a provider of document workflow solutions and IT security services, acquires CynergisTek, a cybersecurity and privacy consulting firm, in a deal valued at up to $34.3 million.

Jan. 9 — TechCrunch reports Amazon Web Services acquired Harvest.ai, a user behavior analytics company founded by two former NSA employees, for $19 million.

Jan. 9 — LLR Partners acquires BluVector, a machine learning, threat detection and cyber hunting solution, from Northrop Grumman Corporation and commits $50 million to BluVector, which will operate as a standalone business, to support the acquisition and the company’s future growth plans.

For more deal flow covering cybersecurity M&A transactions — including those without publicly disclosed financial details — read the latest Cybersecurity M&A Report. The next report will publish at the end of the year and will cover transactions in the fourth quarter of 2017.