Earlier this year, we reported that CrowdStrike was close to acquiring Bionic.ai – a security currency management platform for cloud services – for between $200 million and $300 million. Sources tell us the deal is now closed and will be formally announced after the market opens today, and that publicly-traded CrowdStrike will ultimately pay $350 million for the startup.
The agreement highlights the challenges, but also the opportunities, that keep startups in the cybersecurity startup ecosystem.
On the one hand, startups are reaching the end of their previous funding run and the business is not as strong as they might have predicted when raising in the past.
Sources close to the deal tell me that Bionic — which provides security teams with a bird’s eye view of the company’s technology and IT landscape to identify vulnerabilities — had no more than $10 million in annual recurring revenue (ARR), a key metric. SaaS space for understanding business activities. (As a point of size comparison here, CrowdStrike reported a 37% ARR on its last quarterly revenue of $2.93 billion. Its market cap on the Nasdaq is currently under $40 billion.)
Bionic has its roots in Israel but is headquartered in Palo Alto, and its last funding round was a year ago, in March 2022, which was $55 million in equity and $10 million in secondary. Having raised a total of about $82 million from investors that include Insight Partners and Battery Ventures, the $350 million price tag is a small bump from its previous valuation of $250-300 million.
On the other hand, there is a perfect plan B for companies is Created interesting technology, and do Customers are: The current market is driving a larger trend of M&A-based consolidation, where larger platforms are scooping up smaller players to bring in new services, new customers, and overall broaden their own revenue funnel.
In Bionic’s case, its customers include the likes of Chipotle, Freddie Mac and Transamerica, and its technology complements CrowdStrike’s existing business and speaks to a larger goal for cybersecurity companies like them.
As we’ve said before, cybersecurity is a moving target: as malicious actors become more sophisticated in their approach, so must those protecting networks and IT assets. CrowdStrike’s business focuses primarily on endpoint security, threat intelligence and breach response services, and already includes security posture management — CrowdStrike’s service is named “Falcon” — Bionic will provide advanced level monitoring for security operations teams.
The latter startup specifically focuses on providing advanced security posture management for deployed applications running in production; Entire application architectures and associated dependencies that may also represent opportunities for attacks as they evolve or ‘drift’ across the network; and application data flow. Its technology is so interesting that sources tell us that even Microsoft is looking bionic.
CrowdStrike is an active M&A player in Israel, including the September 2022 acquisition of Reposify. And since we first reported that the acquisition was in the works, the company has reported strong results and raised earnings estimates, a signal. That it will be looking for more sources of growth.
“As a leading cloud security provider, we are focused on delivering the best cloud security platform in the world, however we cannot comment on rumors or speculation,” a spokesperson told TechCrunch over the summer. We’ve reached out to representatives of both companies for comment today and will update as we learn more. But again, there’s a lot of buzz going on, with an Israeli outlet reporting overnight on the upcoming news from America today.
Meanwhile, the consolidation trend isn’t over: we’re hearing more M&A in the cyber market. (And if you’re reading this and have something else to share, you always can Ping me directly.)