Bionic Signals and Bionic Business Risk Scores are being added to Bionic’s Application security posture management platform for context-based risk prioritization. Credit: istock/gilaxia Application security posture management (ASPM) company Bionic has added two new capabilities — Bionic Signals and Bionic Business Risk Scoring — to its namesake cybersecurity platform to help its customers detect, prioritize and remediate vulnerabilities and threats in their applications. The idea is to collate signals from multiple threat intelligence platforms and add business context to identify critical risks in customer applications and help prioritize them based on the level of risks involved. “The surge in applications and shift to continuous delivery are introducing new attack surfaces and attack vectors at an unimaginable rate,” said Eyal Mamo, co-founder and chief technology officer at Bionic. “Our next-gen application security platform detects, scores, and prioritizes application risk so that teams can spend time fixing what needs to be fixed.” The new capabilities are available to users at launch as part of their existing subscription. Bionic licenses are priced by the number of unique services used across customer environments. Bionic Signals delivers consolidated intelligence Earlier this year, Bionic announced its first signal integration, with cloud security posture management (CSPM) provider Wiz, in a bid to unify cloud application security. To further its signal integrations, the company has onboarded new partners including Snyk, which develops code-security applications, and Sonatype, which sells software supply chain management software. “AppSec and developers have too many disparate siloed security tools across their CI/CD pipelines that create thousands of alerts, vulnerabilities, and false positives,” Mamo said. “This creates developer TOIL (manual triage) and prevents developers from rapidly fixing the most critical security bugs before a production release.” Bionic Signals will allow the platform to integrate with one or more security tools so it can ingest and contextualize the alerts and vulnerabilities that are triggered by tests and scans, according to Mamo. Bionic ASPM can now be accessed through both the Snyk and Sonatype UIs. Bionic Signals for Sonatype IQ is generally available now, and Bionic Signals for Snyk SCA will be available in July. “Collating results from various aspects of application security scanning into a single platform for review will be a big help to engineers on both development and security teams,” said David Chernitzky, CEO of Armour Cybersecurity. “Bionic’s integration is a step forward in that direction and we are curious to see it in action.” Bionic adds business context to the mix The new business risk scoring adds data context and scores business risk, on a scale of 1 to 100, based on threat profile and severity, business criticality, and exploitability. It further groups the threats into critical, high, medium and low categories to understand threat impacts and prioritize accordingly. “The thing usually missing from the vulnerability management process, and sometimes the hardest thing to get, is an understanding of the business context associated to any particular vulnerability,” said Story Tweedie-Yates, head of product marketing at cybersecurity company KSOC. “Bionic is trying to help teams with the question of prioritization, and the more signals they can add in to make that context more precise and accurate, the better.” Bionic adopts an agentless deployment to continuously scan production environments so it can provide a real-time view of application security posture in production, Mamo added. Related content news CISA, FBI urge developers to patch path traversal bugs before shipping The advisory highlights how developers can follow best practices to fix these vulnerabilities during production. By Shweta Sharma May 03, 2024 3 mins Vulnerabilities news Microsoft continues to add, shuffle security execs in the wake of security incidents The company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network. By Elizabeth Montalbano May 03, 2024 4 mins CSO and CISO feature Malware explained: How to prevent, detect and recover from it What are the types of malware? How does malware spread? How do you know if you’re infected? We've got answers. By Josh Fruhlinger May 03, 2024 18 mins Ransomware Phishing Malware brandpost Sponsored by Cyber NewsWire LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience By Cyber NewsWire May 02, 2024 4 mins Cyberattacks Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe