Cloud Security , Security Operations

CrowdStrike to Buy AppSec Startup Bionic for Reported $350M

Deal Will Offer Visibility Into Application Behavior, Vulnerability Prioritization
CrowdStrike to Buy AppSec Startup Bionic for Reported $350M

CrowdStrike plans to purchase a Silicon Valley application security startup founded by two Israel Defense Forces veterans in a bid to expand risk visibility and protection across entire cloud computing environments.

See Also: OnDemand: 2024 Google Cloud Partner of the Year - Application and Infrastructure Security

The Austin, Texas-based endpoint security titan said its proposed acquisition of Palo Alto-based application security posture management firm Bionic will offer visibility into application behavior and prioritize vulnerability remediation for server-based and serverless infrastructure. CrowdStrike said the deal expands its security umbrella from cloud infrastructure into the applications and services running inside the cloud.

"The cloud is cybersecurity's new battleground, yet the industry's answer to date has been disjointed point security tools or 'platforms' with multiple consoles and agents," CrowdStrike co-founder and CEO George Kurtz said. "We are delivering what customers need: modern protection to address cloud security risk comprehensively, through one unified platform."

Terms of the acquisition weren't disclosed, though both The Information and Calcalist reported that CrowdStrike will pay $350 million to buy Bionic. CrowdStrike didn't immediately respond for a request for comment. Calcalist and TechCrunch reported in late July that CrowdStrike was in advanced negotiations to buy Bionic in a deal valued at between $200 million and $300 million (see: Why CrowdStrike Is Eyeing Cyber Vendor Bionic at Up to $300M).

CrowdStrike's stock is down $1.85 - or 1.11% - to $165.12 in trading Tuesday morning. The purchase, announced before the market opened Tuesday, will be paid for predominantly in cash. The deal is expected to close by Oct. 31. Bionic founder and CEO Idan Ninyo was a lead software engineer in the Israel Defense Forces, and founder and CTO Eyal Mamo was an IDF research team lead.

Cloud and App Protection From a Single Platform

Ninyo and Mamo founded Bionic in May 2019, raised $82 million in three rounds of outside funding, and grew its headcount by 47% over the past year, according to IT-Harvest. Past backers include Insight Partners, Cyberstarts, current Island CEO and ex-Symantec President Michael Fey, ex-Barclays Chief Information Security Officer Sameer Jain, and Passave and Anobit founder Ariel Maislos, according to IT-Harvest.

"When it comes to application risk, you can't protect what you can't see. We have built a 'Google Maps for your Apps,' delivering a complete picture of application security risk in a truly frictionless way that does not interfere with the development process," Ninyo said Tuesday. CrowdStrike's "strength and scale as a market leader and innovator will help us dramatically accelerate the adoption of ASPM."

CrowdStrike plans to offer application security posture management as an independent offering as well as fully integrated with the company's cloud security platform. As a result, CrowdStrike said, clients will be able to get cloud workload protection, cloud security posture management, cloud infrastructure entitlement management and application security posture management from a single platform.

Bionic's tool will allow CrowdStrike customers to discover and map all application services, databases, microservices, third parties, APIs and data flows across cloud service providers as well as hybrid and on-premises application deployments, according to the company. There is no need for sensitive source code access since apps are automatically deconstructed while integrating with CI/CD pipelines.

CrowdStrike said Bionic eliminates up to 95% of vulnerability noise and prioritizes the top business-critical risks that can be exploited in production applications so teams know what to fix first, based on business impact. The tool also reduces risk with vulnerability scanning for serverless infrastructure such as Azure Functions and AWS Lambda, according to CrowdStrike.

The World's 4th-Largest Cloud Workload Security Vendor

CrowdStrike was the fourth-largest cloud workload security vendor in the world last year, and its $154.3 million of sales accounted for 5.9% of the $2.6 billion market, according to IDC. The company increased its cloud workload security revenue by 54.3% between 2021 and 2022, which helped CrowdStrike's share jump from 4.9% to 5.9%. CrowdStrike trails Trend Micro, Palo Alto Networks and Microsoft in the category.

CrowdStrike hasn't been shy about acquisitions to widen its technology footprint. The Bionic deal comes 11 months after CrowdStrike spent $18.9 million to buy San Francisco-based external attack surface management startup Reposify. Nearly a year before that, CrowdStrike bought data protection firm SecureCircle for $60.8 million to fortify its zero trust endpoint security device and identity muscle (see: Israeli Security Companies CrowdStrike Could Buy for $2B).

The SecureCircle deal came eight months after CrowdStrike had purchased log management startup Humio for $400 million to strengthen its ability to ingest and correlate data from any log, application or feed. Six months earlier, CrowdStrike bought access control and threat prevention firm Preempt Security for $96 million to help clients defend identity data without sacrificing productivity or user experience.

The first acquisition in CrowdStrike's 13-year history took place in October 2017, when the company bought automated malware analysis system Payload Security for $8 million.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.