CrowdStrike is acquiring Bionic, an application security posture management (ASPM) startup. This deal creates an opportunity to integrate CrowdStrike’s cloud-native application protection platform (CNAPP) with Bionic’s ASPM technologies to enhance its cloud and application security portfolio.

The acquisition is expected to close during CrowdStrike’s fiscal third quarter, pending customary closing conditions. The purchase will be predominantly in cash, with a portion in the form of stock and options subject to vesting conditions. The two companies did not disclose financial terms, but the deal is reportedly worth about $350 million.

Headquartered in California, Bionic has raised a total of $82 million in funding over three rounds since its founding in 2019 and has been backed by high-profile investors like Battery Ventures and Insight Partners. Its latest Series B funding scored $65 million in March 2022. Its customers include Aston Martin, Chipotle, Freddie Mac and HP Enterprise.

Bionic focuses on securing applications rather than just infrastructure. “Most companies we spoke to claimed to have CNAPP but had no idea what was happening inside their code. We needed to convince them they could not secure what they couldn’t see. We created Bionic to address this gap,” Bionic CEO Idan Ninyo wrote in a blog post.

“We have built a 'Google Maps for your apps,' delivering a complete picture of application security risk in a truly frictionless way that does not interfere with the development process,” he said in a statement.

Ninyo and his cofounder Eyal Mamo will join CrowdStrike to lead a business unit focused on cloud security, along with the Bionic team.

Bionic “gives you a comprehensive view of the risk associated with everything that's running in your cloud environment — the applications, the microservices and everything that's connected to it, which really represents risk,” CrowdStrike Cofounder and CEO George Kurtz said during its Fal.Con 2023 keynote.

Bionic’s ASPM technology will enhance CrowdStrike’s Falcon platform by offering:

1. Real-time application visibility: Bionic aims to offer an agentless approach to discover all application services, databases, microservices, third parties, APIs and data flows across the hybrid-cloud environment.
2. Vulnerability prioritization: The technology is designed to prioritize application-level, top business-critical risks based on the business impact.
3. Serverless infrastructure visibility: Bionic offers vulnerability scanning for serverless functions like Microsoft Azure Functions and Amazon Web Services (AWS) Lambda.

CrowdStrike plans to offer Bionic ASPM both as an independent offering and as an integrated feature of its cloud security portfolio Falcon Cloud Security, part of the CrowdStrike Falcon platform.

The vendor’s existing CNAPP already includes cloud workload protection (CWP), cloud security posture management (CSPM) and cloud infrastructure entitlement management (CIEM). And now, it integrates with ASPM.

Kurtz said in the keynote that today, its cloud security portfolio is “almost a $300 million business.” And the new integration makes it “one of the most complete cloud security offerings on the planet.”

“We're bringing all those together to give you not only a complete view of your risk, and what's running in the cloud, but also obviously the protection piece, which comes from the cloud workload protection,” he added.