Bionic Signals and Bionic Business Risk Scores are being added to Bionic’s Application security posture management platform for context-based risk prioritization. Credit: istock/gilaxia Application security posture management (ASPM) company Bionic has added two new capabilities -- Bionic Signals and Bionic Business Risk Scoring -- to its namesake cybersecurity platform to help its customers detect, prioritize and remediate vulnerabilities and threats in their applications. The idea is to collate signals from multiple threat intelligence platforms and add business context to identify critical risks in customer applications and help prioritize them based on the level of risks involved. "The surge in applications and shift to continuous delivery are introducing new attack surfaces and attack vectors at an unimaginable rate," said Eyal Mamo, co-founder and chief technology officer at Bionic. "Our next-gen application security platform detects, scores, and prioritizes application risk so that teams can spend time fixing what needs to be fixed." The new capabilities are available to users at launch as part of their existing subscription. Bionic licenses are priced by the number of unique services used across customer environments. Bionic Signals delivers consolidated intelligence Earlier this year, Bionic announced its first signal integration, with cloud security posture management (CSPM) provider Wiz, in a bid to unify cloud application security. To further its signal integrations, the company has onboarded new partners including Snyk, which develops code-security applications, and Sonatype, which sells software supply chain management software. "AppSec and developers have too many disparate siloed security tools across their CI/CD pipelines that create thousands of alerts, vulnerabilities, and false positives," Mamo said. "This creates developer TOIL (manual triage) and prevents developers from rapidly fixing the most critical security bugs before a production release." Bionic Signals will allow the platform to integrate with one or more security tools so it can ingest and contextualize the alerts and vulnerabilities that are triggered by tests and scans, according to Mamo. Bionic ASPM can now be accessed through both the Snyk and Sonatype UIs. Bionic Signals for Sonatype IQ is generally available now, and Bionic Signals for Snyk SCA will be available in July. "Collating results from various aspects of application security scanning into a single platform for review will be a big help to engineers on both development and security teams," said David Chernitzky, CEO of Armour Cybersecurity. "Bionic's integration is a step forward in that direction and we are curious to see it in action." Bionic adds business context to the mix The new business risk scoring adds data context and scores business risk, on a scale of 1 to 100, based on threat profile and severity, business criticality, and exploitability. It further groups the threats into critical, high, medium and low categories to understand threat impacts and prioritize accordingly. "The thing usually missing from the vulnerability management process, and sometimes the hardest thing to get, is an understanding of the business context associated to any particular vulnerability," said Story Tweedie-Yates, head of product marketing at cybersecurity company KSOC. "Bionic is trying to help teams with the question of prioritization, and the more signals they can add in to make that context more precise and accurate, the better." Bionic adopts an agentless deployment to continuously scan production environments so it can provide a real-time view of application security posture in production, Mamo added. Related content brandpost Shifting security left: DevSecOps meets virtualization By Anthony Ricco, CMO of Corellium. 01 Jul 2023 4 mins Security news analysis Attackers add hacked servers to commercial proxy networks for profit Proxyjacking allows attackers to sell unknowing victims' unused network bandwidth. By Lucian Constantin 30 Jun 2023 4 mins Cybercrime news Command-and-control framework PhonyC2 attributed to Iran’s Muddywater group PhonyC2 was used to exploit the log4j vulnerability in the Israeli software SysAid, the attack against Israel’s Technion institute, and the ongoing attack against the PaperCut print management software. By Apurva Venkat 30 Jun 2023 4 mins Advanced Persistent Threats Cyberattacks Vulnerabilities news First state-sponsored cyberattack against UK government revealed two decades later Rare insight marks the 20th anniversary of a state-backed malware attack on a UK government department. By Michael Hill 30 Jun 2023 3 mins Cyberattacks Government Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe