Partners: CrowdStrike Acquiring Bionic Is A Cloud Security Win

The planned acquisition of the startup will round out the capabilities available on CrowdStrike’s cloud-native app security platform, according to CrowdStrike partners.

CrowdStrike’s deal to acquire application security posture management startup Bionic is a strong move to extend its fast-growing cloud security platform and make the cybersecurity giant an even fiercer competitor in the space, solution provider executives told CRN.

On Tuesday, CrowdStrike announced the acquisition agreement for Bionic in connection with its Fal.Con 2023 conference—a move that co-founder and CEO George Kurtz said will ultimately provide customers with “a comprehensive view of the risk associated with everything that’s running in your cloud environment.”

With the planned acquisition, CrowdStrike’s cloud-native application security platform (CNAPP) will become “one of the most complete cloud security offerings on the planet,” Kurtz said during his keynote at Fal.Con on Tuesday.

[Related: 5 Big Takeaways From CrowdStrike’s 2023 Partner Summit]

During interviews at Fal.Con 2023, CrowdStrike partners applauded the deal for Bionic, calling it a savvy move to extend the vendor’s capabilities in a rapidly growing market.

The planned acquisition positions CrowdStrike “to really take over the market in cloud security,” said Larry Pfiefer, founder of Medford, N.J.-based Consortium Networks.

One reason for this, Pfiefer said, is the fact that Bionic’s capabilities will no doubt be “easy to deploy, if you already have the CrowdStrike agent.”

In particular, “we think that’s going to really bump them up in the market against Wiz,” he said, referring to the fast-growing cloud security vendor.

The Bionic acquisition also appears poised to open up additional markets for CrowdStrike, said Jordan Hildebrand, practice director for detection and response at St. Louis-based World Wide Technology.

“I think it’s going to bring other teams in” to utilize CrowdStrike, such as an application security team that’s separate from a customer’s information security team, he said.

Adding the new capabilities from Bionic will also make CrowdStrike even more appealing as a “strong platform consolidation play,” Hildebrand said.

That’s critical because, for most customers, “the consolidation play is so important right now,” he said.

At a time when organizations are facing a surge in cloud-based attacks, it’s a smart move for CrowdStrike to focus where the adversary is focusing, said Curt Aubley, cyber and strategic risk groups managing director at Deloitte.

“If the new attack surface that’s growing is cloud, I think it makes sense for CrowdStrike and other cybersecurity companies to either build native [capabilities] or get to market faster by buying a hot startup,” Aubley said.

Ultimately, “I think Bionic is really rounding out their full cloud security suite,” he said.

Terms of the deal for Bionic were not disclosed, but the acquisition of Bionic is expected to come with a price tag of $350 million, according to multiple reports.

Bionic’s technology has the ability to provide a complete view of the security status of deployed applications, offering a complete architecture overview along with data flow diagrams and a software bill of materials (SBOM), linking vulnerabilities to specific components, the company has told CRN.

The planned Bionic acquisition will give CrowdStrike an “amount of application-level visibility that is unparalleled,” said Raj Rajamani, chief product officer for data, identity, cloud and endpoint at CrowdStrike.

The Bionic technology will enable CrowdStrike to do a “risk-based prioritization” of all the threats and alerts that are being identified by cloud security posture management (CSPM) tools, both from CrowdStrike and from third-party vendors such as Wiz, Orca Security and Palo Alto Networks, Rajamani said in an interview with CRN.

“Our thesis here is that by layering Bionic on top of our CSPM, we can reduce 80 percent of the alerts,” he said. “And we want to do this not just for our own CSPM customers, we want to do this for every CSPM customer.”

In August, CrowdStrike disclosed that its annual recurring revenue for cloud security had reached $296 million, a 70 percent spike from a year ago. That makes CrowdStrike’s cloud security business “larger than almost every single vendor in cloud security today,” Kurtz said at the time.

On Tuesday, Kurtz noted during his keynote that CrowdStrike already offers CSPM as well as cloud infrastructure entitlement management (CIEM) and cloud workload protection.

“And now with application security posture management [from Bionic], we’re bringing all those together to give you not only a complete view of your risk [around] what’s running in the cloud, but also obviously the protection piece, which comes from cloud workload protection,” he said.