I’m excited to share that today at Fal.Con, CrowdStrike announced it has agreed to acquire Bionic, a pioneer of application security posture management (ASPM). This will give our customers the most seamless and comprehensive view of cloud risk — from code development through runtime — in a single, unified platform.

With CrowdStrike Falcon® Cloud Security, CrowdStrike set the bar for stopping breaches in the cloud by giving customers unified agent-based and agentless protection in a single offering to provide complete visibility, protection and compliance for cloud infrastructure and workloads from one platform.

With this acquisition, CrowdStrike will once again raise the bar by delivering the industry’s most complete code-to-runtime cybersecurity platform, providing comprehensive risk visibility and protection across the entire cloud estate. Bionic will extend the CrowdStrike Falcon® platform’s unique agent-based and agentless protection of cloud infrastructure with unprecedented visibility into application behavior and vulnerability prioritization for both server-based and serverless infrastructure, without disrupting the development process.

After exhaustive due diligence evaluating organizations in the application security market, we determined that Bionic is unique in its ability to understand the risk that exists within applications, during development and in production. By building a platform that does not require source-code access or integration with source-code repositories, Bionic is able to deliver deep visibility that is completely frictionless, to both security and development teams. The powerful combination of Bionic with CrowdStrike’s industry-leading cloud-native application protection platform (CNAPP) capabilities will deliver the industry’s most comprehensive view of cloud risk that exists within a single, unified platform.

We believe this is the future of cloud security and what is required to help customers stop breaches in the cloud.

The Battle to Stop Breaches Moves to the Cloud

According to the CrowdStrike 2023 Global Threat Report, cloud exploitations increased by 95%  and the number of cloud-conscious threat actors increased more than 3x in the last year. The growth of cloud computing, the speed of DevOps and the increased use of no-code and low-code development platforms have led to an explosion of applications and microservices running within cloud environments. Organizations are running hundreds of proprietary applications — with potentially thousands of underlying microservices within these applications — with little to no visibility or oversight from security and IT teams.

Check out our Unstoppable Innovations CrowdCast series to learn more about how you can rise above the adversaries and shut down breaches

The speed and dynamic nature of application development make it nearly impossible for organizations to keep an up-to-date inventory of their applications, dependencies, microservices and data flows. This creates a massive risk profile that cloud-savvy adversaries continually look to exploit.

Traditional cloud security posture management (CSPM) solutions were not built to solve this risk problem. The lack of integration into continuous integration/continuous delivery (CI/CD) pipelines makes it impossible for CSPM to accurately detect risks before applications move to production, or show where data exposure occurs as applications are launched into production. CSPM solutions only examine infrastructure and configurations and are totally unaware of the risk that exists in the code itself.

With the addition of Bionic, the CrowdStrike Falcon platform will become the industry’s most complete code-to-runtime cybersecurity platform. We will deliver unprecedented application visibility and real-time risk assessment unlike any in the industry. Customers will experience this through an integrated and contextualized cloud security experience, from cloud infrastructure to cloud applications and from code to runtime. Through the power of a unified platform, customers will be able to experience:

• Industry-leading application visibility: Organizations will be able to mitigate risk by discovering and mapping all application services, databases, third parties, APIs and data flows across every cloud service provider with always-up-to-date agentless visibility, including a dynamic software bill of materials (SBOM) for compliance and detecting supply chain pollution.
• Prioritized application risks in production: Customers can continuously identify and prioritize vulnerabilities based on potential impact and business criticality with tight integration into CI/CD pipelines to proactively close security gaps. This enables teams to filter through the noise of static vulnerability alerts and streamline their DevSec programs to find a critical balance between DevSecOps.
• Complete visibility for serverless infrastructure: With vulnerability scanning for serverless infrastructure, such as Azure Functions and AWS Lambda, organizations can reduce their overall cloud risk.

Why Bionic?

The story of Bionic resembles the CrowdStrike story and how we changed the way security was delivered to and experienced by customers when we first disrupted the legacy AV market and pioneered the concept of endpoint detection and response (EDR).

With our single-agent, cloud-native architecture, organizations could rapidly deploy security at scale, without requiring reboots, and could protect their endpoints whether online or offline. This was as revolutionary then as it is today.

In a similar way, Bionic understood that the cloud was emerging as the modern adversarial battleground and that existing solutions were not compatible with the speed and efficiency of modern DevOps. Friction between security and DevOps exacerbates an organization’s overall risk posture.

Bionic knew there was a better way to bridge this gap and deliver the visibility and insight customers require. Rather than build on failed approaches of the past, Bionic pioneered the concept of application security posture management, building one of the industry’s first ASPM platforms, creating a new market and giving customers unprecedented visibility into the risk inside their cloud environments.

Like CrowdStrike, they built a technology that is completely frictionless — to both security and development teams. Bionic purpose-built a platform that does not require source-code access or need to be integrated with source-code repositories.

We’re excited to showcase the power of Bionic unified with our industry-leading Falcon platform to give every customer the deep visibility of risk they need to stop the modern adversary.

Forward-Looking Statements

This blog contains forward-looking statements that involve risks, uncertainties and assumptions, including, but not limited to, statements regarding the benefits of the proposed acquisition to CrowdStrike and its customers, and the anticipated closing of the acquisition. A number of factors could cause actual results to differ materially from statements made in this blog post, including CrowdStrike’s ability to integrate Bionic’s technology and operations, and other risks described in CrowdStrike’s most recent Form 10-Q filed with the Securities and Exchange Commission.  All forward-looking statements in this blog post are based on information available to CrowdStrike as of the date hereof, and CrowdStrike does not assume any obligation to update any of these forward-looking statements to reflect events that occur or circumstances that exist after the date on which they were made.