Earlier this year, we broke the news that CrowdStrike was set to acquire Bionic.ai – a security management platform for cloud services – for between $200 million and $300 million. Sources tell us that this deal has now closed and will be formally announced later today after the market opens, and that publicly traded CrowdStrike will ultimately pay $350 million for the startup.
The deal underlines the challenges, but also the opportunities, that continue to present startups in the cybersecurity startup ecosystem.
On the one hand, startups are coming to the end of their runway from previous funding, and the business environment is not as robust as they might have expected in the past.
Sources close to the deal tell me that Bionic – which gives security teams a bird’s-eye view of a company’s technology and IT landscape to identify vulnerabilities – had no more than $10 million in annual recurring revenue (ARR), a significant benchmark in the SaaS space for business visibility. (For comparison in size, CrowdStrike reported ARR of $2.93 billion, up 37%, in its latest quarterly results. Its market cap on the Nasdaq currently hovers just under $40 billion.)
Bionic has roots in Israel but is headquartered in Palo Alto, and its last funding round was over a year ago, in March 2022, and consisted of $55 million in equity and $10 million in secondary capital. With a total of around $82 million raised from investors including Insight Partners and Battery Ventures, the $350 million price tag is a small increase from the previous valuation of $250-300 million.
On the other hand, decent Plan Bs remain for companies that do to have interesting technology built, and Doing have customers: Today’s market is driving a larger trend of M&A-based consolidation, with larger platforms snapping up smaller players to bring in new services, new customers and generally broaden their own revenue channels.
In Bionic’s case, its customers include Chipotle, Freddie Mac and Transamerica, and the technology complements CrowdStrike’s existing business and speaks to the larger purpose of similar cybersecurity companies.
As we’ve said before, cybersecurity remains a moving target: as malicious actors become more sophisticated in their approaches, so must those protecting networks and IT assets. Although CrowdStrike’s business focuses primarily on endpoint security, threat intelligence and breach response services, and it is already in the business of security posture management (CrowdStrike’s service is called ‘Falcon’), Bionic would be a provide advanced levels of observability for security operations teams.
The latter startup focuses on providing advanced security posture management specifically for deployed applications running in production; entire application architectures and related dependencies that can provide opportunities for attacks, even as they evolve or ‘drift’ within the network; and application data flows. The technology is interesting enough that sources tell us Microsoft was also looking at Bionic.
CrowdStrike has been an active M&A player in Israel, including its acquisition of Reposify in September 2022. And in the months since we first reported this acquisition was in the works, the company has reported strong results and raised its earnings forecasts, a signal that it would look for more sources of growth.
“As a leading cloud security provider, we remain focused on delivering the best cloud security platform in the world, but we cannot comment on rumors or speculation,” a spokesperson told TechCrunch last summer. We’ve reached out to representatives from both companies for comment today and will update as we learn more. But again, the chatter is strong here, with an Israeli news channel also reporting today’s upcoming news in the US in the overnight hours.
In the meantime, the consolidation trend is not over yet: we hear that more mergers and acquisitions are on the way in the cyber market. (And if you’re reading this and have more to share, you can always do so ping me directly.)