Bionic integrations offer context-based vulnerability management

Application security posture management (ASPM) company Bionic has added two new capabilities -- Bionic Signals and Bionic Business Risk Scoring -- to its namesake cybersecurity platform to help its customers detect, prioritize and remediate vulnerabilities and threats in their applications.

The idea is to collate signals from multiple threat intelligence platforms and add business context to identify critical risks in customer applications and help prioritize them based on the level of risks involved.

"The surge in applications and shift to continuous delivery are introducing new attack surfaces and attack vectors at an unimaginable rate," said Eyal Mamo, co-founder and chief technology officer at Bionic. "Our next-gen application security platform detects, scores, and prioritizes application risk so that teams can spend time fixing what needs to be fixed."

The new capabilities are available to users at launch as part of their existing subscription. Bionic licenses are priced by the number of unique services used across customer environments.

Bionic Signals delivers consolidated intelligence

Earlier this year, Bionic announced its first signal integration, with cloud security posture management (CSPM) provider Wiz, in a bid to unify cloud application security. To further its signal integrations, the company has onboarded new partners including Snyk, which develops code-security applications, and Sonatype, which sells software supply chain management software.

"AppSec and developers have too many disparate siloed security tools across their CI/CD pipelines that create thousands of alerts, vulnerabilities, and false positives," Mamo said. "This creates developer TOIL (manual triage) and prevents developers from rapidly fixing the most critical security bugs before a production release."

Bionic Signals will allow the platform to integrate with one or more security tools so it can ingest and contextualize the alerts and vulnerabilities that are triggered by tests and scans, according to Mamo.

Bionic ASPM can now be accessed through both the Snyk and Sonatype UIs. Bionic Signals for Sonatype IQ is generally available now, and Bionic Signals for Snyk SCA will be available in July.

"Collating results from various aspects of application security scanning into a single platform for review will be a big help to engineers on both development and security teams," said David Chernitzky, CEO of Armour Cybersecurity. "Bionic's integration is a step forward in that direction and we are curious to see it in action."

Bionic adds business context to the mix

The new business risk scoring adds data context and scores business risk, on a scale of 1 to 100, based on threat profile and severity, business criticality, and exploitability. It further groups the threats into critical, high, medium and low categories to understand threat impacts and prioritize accordingly.

"The thing usually missing from the vulnerability management process, and sometimes the hardest thing to get, is an understanding of the business context associated to any particular vulnerability," said Story Tweedie-Yates, head of product marketing at cybersecurity company KSOC. "Bionic is trying to help teams with the question of prioritization, and the more signals they can add in to make that context more precise and accurate, the better."

Bionic adopts an agentless deployment to continuously scan production environments so it can provide a real-time view of application security posture in production, Mamo added.