CrowdStrike To Acquire Bionic To Boost Cloud-Native App Security

The company said it will incorporate the startup’s capabilities into its cloud native application protection platform, making it the first security vendor to provide ‘complete code-to-runtime cloud security from one unified platform.’


CrowdStrike is deepening its capabilities in security for cloud-native applications with the announcement Tuesday of its planned acquisition of Bionic, a startup offering technology in the emerging category of application security posture management.

The cybersecurity giant said it has reached an agreement — previously reported to be under negotiation by TechCrunch — to acquire Bionic and incorporate the startup’s capabilities into its cloud-native application protection platform (CNAPP).

[Related: CrowdStrike CEO George Kurtz: Microsoft’s ‘Failures’ Put Everyone At Risk]

Sponsored post

The agreement was announced in connection with CrowdStrike’s Fal.Con 2023 conference. Terms of the deal were not disclosed, but the acquisition of Bionic is expected to come with a price tag of $350 million, according to multiple reports. The Information had first reported the finalizing of the deal and acquisition price for Bionic on Monday.

The acquisition will give CrowdStrike’s CNAPP the ability to provide “comprehensive risk visibility and protection across the entire cloud estate, from cloud infrastructure to the applications and services running inside of them,” CrowdStrike said in a news release. CrowdStrike said it will now become “the first cybersecurity company to deliver complete code-to-runtime cloud security from one unified platform.”

The acquisition of Bionic “further extends our cloud security leadership on our mission of stopping breaches,” CrowdStrike Co-Founder and CEO George Kurtz said in the news release.

In August, CrowdStrike disclosed that its annual recurring revenue for cloud security had reached $296 million, a 70-percent spike from a year ago. That makes CrowdStrike’s cloud security business “larger than almost every single vendor in cloud security today,” Kurtz said at the time.

Application security posture management (ASPM) is a relatively recent category to emerge in the cybersecurity space, and aims to offer a way to proactively reduce eliminate security risks in software. Another startup in the ASPM category, Enso Security, was acquired by developer security platform Snyk in June.

Bionic’s technology has the ability to provide a complete view of the security status of deployed applications, according to Jacob Garrison, a security researcher at Bionic. While many companies have a decent understanding of their application infrastructure, “they’re struggling to understand where the vulnerabilities — which they’re seeing in their security testing tools — actually exist,” Garrison told CRN in August.

What Bionic provides is a complete architecture overview along with data flow diagrams and a software bill of materials (SBOM), linking vulnerabilities to specific components, he said. This helps teams to better prioritize their risk-reduction efforts, according to Garrison.

Bionic stands out from many existing security tools, which focus on scanning code repositories to spot vulnerabilities without fully understanding the context of the app, he said.

“Our whole goal is to say, ‘We understand your full app, and we’re giving you the architecture in a way that no one has before,’” Garrison said. “As far as I know, no one else is taking the approach we’re taking, and saying, ‘This is what your app looks like in production.’”

Bionic had reportedly raised $83 million in total funding. Most recently, the startup had raised a $65 million Series B round in March 2022 led by Insight Partners.