Bionic, the application security posture management (ASPM) platform, has launched two new product features – Bionic Signals and Business Risk Scoring – to help engineers simplify the thousands of security vulnerabilities they manually triage each day. Bionic Signals ingest data from popular security tools to contextualize which vulnerabilities are critical threats to applications in production. Bionic Business Risk Scoring calculates the relative risk of an application based on the number of related vulnerabilities, their ability to compromise sensitive data through architecture dependencies, and their ability to be exploited within the architecture’s attack surfaces.
Together, these capabilities provide engineering teams with the rich data, visibility, and context necessary to rapidly prioritize and fix critical threats before they impact the business.
“The surge in applications and shift to continuous delivery are introducing new attack surfaces and attack vectors at an unimaginable rate. Most security tools today focus primarily on discovery, but without operational insights into critical exploitable business risks, all they provide is noise,” said Eyal Mamo, co-founder and CTO at Bionic. “Our next-gen application security platform discovers and visualizes all services, dependencies, APIs, and data flows. We then detect, score, and prioritize application risk so that teams can spend time fixing what needs to be fixed. That’s why the largest enterprises across nearly every industry are leveraging Bionic for ASPM.”
Bionic Signals help customers correlate security data from virtually any source to better understand and contextualize how vulnerabilities are critical threats, thus reducing engineer triage and toil by up to 95%. Instead of engineers manually reviewing each tool and vulnerability, Bionic is able to automate this process across security tools, thus reducing the amount of vulnerabilities, false positives, and noise.
Bionic previously announced its first major signal integration with cloud security leader Wiz to unify cloud application security, and was recently named an inaugural technology partner within the Wiz Integration (WIN) Program. Today, Bionic is honoring its commitment to integrate with any security tool by unveiling a new signal integration with Sonatype IQ. With these integrations, Bionic customers see the power of Wiz and Sonatype right from the Bionic UI.
Bionic will continue to add signals from partners to meet the growing demand for visibility into applications in production, better vulnerability context, and more accurate risk-based prioritization.
Bionic Business Risk Scoring
Instead of engineers using CVSS scores to prioritize vulnerabilities, Bionic Business Risk Scoring expands this approach by understanding the business criticality of each vulnerability (e.g. what sensitive data can be exposed) and the architecture exploitability of each vulnerability (e.g. is the impacted service or API internet-facing).
Bionic Signals and Bionic Business Risk Scoring are generally available.