CrowdStrike Buying Bionic for Application Security Posture Management

CROWDSTRIKE FAL.CON — Security provider CrowdStrike made a big splash at its Fal.Con event in Las Vegas Tuesday by announcing its acquisition of Bionic, which provides an application security posture management (ASPM) platform.

By adding Bionic’s ASPM to its cloud-native application protection platform (CNAPP), CrowdStrike says it will be able to offer comprehensive risk visibility and protection for cloud infrastructure, as well as for the applications and services running within the cloud. Once complete, CrowdStrike claims it will be the first cybersecurity company to deliver “complete code-to-runtime cloud security from one unified platform.”

CrowdStrike’s George Kurtz

“The cloud is cybersecurity’s new battleground, yet the industry’s answer to-date has been disjointed point security tools or ‘platforms’ with multiple consoles and agents,” said George Kurtz, co-founder and chief executive officer at CrowdStrike. “We are delivering what customers need: modern protection to address cloud security risk comprehensively, through one unified platform. We pioneered cybersecurity for the cloud era, and the addition of Bionic further extends our cloud security leadership on our mission of stopping breaches. Bionic shares our passion for customer-focused innovation and will make a great addition to the CrowdStrike team.”

The acquisition of Bionic will extend the CrowdStrike Falcon platform’s agent and agentless protection of cloud infrastructure in a number of ways through some specific capabilities: real-time, frictionless application visibility; the ability to instantly prioritize application-level vulnerabilities; and complete visibility for serverless infrastructure.

Application Security Available as Standalone and with Falcon

CrowdStrike says it will offer Bionic ASPM both independently and fully integrated into Falcon Cloud Security. The combination gives partners the opportunity to offer their customers cloud workplace protection, cloud security posture management (CSPM), cloud infrastructure entitlement management (CIEM) and now application security posture management.

CrowdStrike didn’t say how much it’s paying for Bionic, only that it will pay mostly cash, with a portion being stock and options subject to vesting conditions.

Bionic’s Idan Ninyo

“Bionic was founded on the core premise that when it comes to application risk, you can’t protect what you can’t see. We have built a ‘Google Maps for your Apps,’ delivering a complete picture of application security risk in a truly frictionless way that does not interfere with the development process,” said Idan Ninyo, chief executive officer at Bionic. “CrowdStrike has taken the mantle as the modern cybersecurity platform of choice and the company to beat in the cloud security market. Its strength and scale as a market leader and innovator will help us dramatically accelerate the adoption of ASPM by every business and organization on the planet.”

There’s some research to back CrowdStrike’s latest application security acquisition. The company’s recent 2023 Global Threat Report noted that cloud exploitations increased by a whopping 95% and the number of malicious hackers labeled as “cloud-conscious” tripled in the past year. This comes as the growth of cloud computing, the speed of DevOps and the increasing use of no- and low-code development platforms has resulted in a massive jump in applications and microservices running within cloud environments.

CrowdStrike’s move to buy Bionic, an application security specialist, reinforces its commitment to protection in the cloud.

The acquisition comes on the heels of CrowdStrike’s second quarter financial results, which showed record growth for its cloud security business. The company’s annual recurring revenue for modules deployed in the public cloud grew to $296 million — up 70% year over year.

Salt Security Integration

Meantime, also at CrowdStrike Fal.Con on Tuesday, Salt Security said it is integrating the Salt Security API protection platform with CrowdStrike Falcon. The new integration, the companies say, gives customers a 360-degree view of API security risks. They also get “unique insights” into the application-layer attack surface.

Channel partners can relay to their customers specific benefits of the integration that include API vulnerability and threat context; API threat mitigation; and API threat management automation.

“As API abuse continues to proliferate and cause havoc on unprepared organizations, API security has become a top priority for CISOs and security teams globally,” said Roey Eliyahu, co-founder and CEO, Salt Security. “Protecting against API threats requires deep visibility and robust runtime protection. We are excited to bring our unique strengths in API security to the CrowdStrike customer base with this new integration. Together with CrowdStrike, Salt can provide organizations with extended posture management and runtime protections across the cloud and application landscapes.”