Earlier this year, we broke the news that CrowdStrike was close to acquiring Bionic.ai — a security posture management platform for cloud services — for between $200 million and $300 million. Sources tell us that this deal has now closed and will be formally announced later today after market open, and that publicly-traded CrowdStrike ultimately will be paying $350 million for the startup.
The deal underscores the challenges, but also opportunities, that continue to persist startups in the cybersecurity startup ecosystem.
On one side, startups are getting to the end of their runways of previous funding, and business is not as robust as they might have projected when raising in the past.
Sources close to the deal tell me that Bionic — which provides security teams with a bird’s eye view of a company’s tech and IT landscape to identify vulnerabilities — did not have more than $10 million in annual recurring revenue (ARR), a key metric in the SaaS space for understanding business activity. (As a point of comparison in size here, CrowdStrike reported ARR of $2.93 billion, up 37%, in its last quarterly earnings. Its market cap on the Nasdaq is currently hovering just below $40 billion.)
Bionic has roots in Israel but is headquartered in Palo Alto, and its last round of funding was well over a year ago, back in March 2022, which was made up of $55 million in equity and $10 million in secondary. With about $82 million raised in total from investors that included Insight Partners and Battery Ventures, the $350 million price tag is a small bump on its previous valuation of $250-300 million.
On the other side, there remain decent Plan B’s for companies that have built interesting technology, and do have customers: the current market is spurring a bigger trend of M&A-based consolidation, where larger platforms are scooping up smaller players to bring in new services, new customers and overall widen their own revenue funnels.
In the case of Bionic, its customers include the likes of Chipotle, Freddie Mac and Transamerica, and its technology complements CrowdStrike’s existing business and speaks to the bigger goal of cybersecurity companies like it.
As we have said before, cybersecurity remains a moving target: as malicious actors become more sophisticated in their approaches, those protecting networks and IT assets need to be as well. While CrowdStrike’s business mainly focuses on endpoint security, threat intelligence and breach response services, and it already covers security posture management — CrowdStrike’s service is branded “Falcon” — Bionic would bring an advanced level of observability for security operations teams.
The latter startup focuses on providing advanced security posture management specifically for deployed applications running in production; whole application architectures and related dependencies that might represent opportunities for attacks, even as they evolve or ‘drift’ within the network; and application data flows. Its tech is interesting enough that sources tell us Microsoft was also looking Bionic.
CrowdStrike has been an active M&A player in Israel, including the acquisition of Reposify in September 2022. And in the months since we first reported that this acquisition was in the works, the company has reported strong results and bumped up its earnings forecasts, a signal that it would be looking for more sources of growth.
“As a leading cloud security provider, we continue to be laser focused on delivering the best cloud security platform in the world, however we can’t comment on rumors or speculation,” a spokesperson told TechCrunch over the summer. We have reached out to representatives of both companies for comment today and will update as we learn more. But again, the chattering is strong on this one, with an Israeli outlet also reporting today’s upcoming news in the U.S. overnight hours.
In the meantime, the consolidation trend is not over: we’re hearing of more M&A in the cyber market coming around the corner. (And if you are reading this and have more to share, you can always ping me directly.)