Thoma Bravo rollup could rival Wiz
Wiz
The real threat is not any one Thoma Bravo asset on its own, but a rolled up security stack that could copy the same bundling motion Wiz is using to expand from cloud posture into adjacent categories. Wiz started with an agentless cloud scanner and is now layering on code security and threat detection. A merged rival built from endpoint, email, MDR, XDR, and application security assets would give buyers a broad suite from one vendor and a single console for more of the security team’s daily workflow.
-
Sophos is the clearest nucleus for that kind of platform. It already combines endpoint, network, email, cloud security, MDR and XDR inside Sophos Central, and added Secureworks in February 2025, making it the largest pure play MDR provider with more than 28,000 organizations on the service.
-
Veracode fills a different gap than Sophos. It sells application security testing software used by developers and security teams to scan code before release. Pairing that with Sophos style operations products would create a bundle that reaches from software build pipelines to production incident response, closer to Wiz’s push into Wiz Code and Wiz Defend.
-
Barracuda is the least likely piece today because Thoma Bravo exited it in April 2022, but it shows the playbook. Barracuda built a broad cloud first suite across email, application, network, and data protection for more than 200,000 customers, which is exactly the kind of installed base a sponsor can use to cross sell adjacent modules.
The direction of travel is toward fuller security bundles that collapse more tools into one buying decision. Wiz is racing there organically through product expansion. Private equity owned platforms can get there faster through M&A. That sets up a market where the strongest challengers are the ones that can unify many security jobs into one platform before customers standardize.