What Is Risk? Let’s be frank. Risk represents the possibility of loss. In business terms, loss is in the form of cash, customers, partners, revenue, IP, corporate data, and brand loyalty. Global Risk & Compliance (GRC) teams calculate, manage, and mitigate the possibility of loss across the business (and IT). So, what’s the role of […]

Stephen Burton 18 Aug, 2023

Every security startup needs a superhero. Snyk created the Dobermann. At Bionic, we created a badass bulldog. Here’s the story… He was just an ordinary bulldog from a small town in England, owned by a bad actor. Then one day, his owner left the back door open, and Billy escaped! Billy was vulnerable and became […]

Stephen Burton 09 Aug, 2023

The job of every security professional is to decipher buzzwords created by analysts and vendors. ASOC and ASPM are the latest, which are increasingly relevant in 2023 as applications become cloud-native (more distributed tech) and incorporate CI/CD (loads of f***king changes). In this post, I shall try to explain what ASOC and ASPM are, why […]

Stephen Burton 20 Jan, 2023

Bionic allows teams to detect, and manage application drift in real-time. Drift in this context doesn’t relate to infrastructure as drift rarely occurs with infrastructure-as-code in ephemeral environments. Bionic allows teams to quickly baseline and lock in their application architectures, so they have drift policies that can notify them in real-time should an architecture change. […]

Stephen Burton 22 Nov, 2021

Continuous Delivery (CD) and Infrastructure as Code (IaC) means apps, clusters, and environments are constantly changing in your business. Drift occurs when an app, microservice, or infrastructure ‘drifts’ out of its intended configuration or approved operating boundaries. In short, drift is difficult to detect and introduces risk which isn’t seen or managed until something serious […]

Stephen Burton 10 Nov, 2021

Bionic provides teams with a real-time living architecture map of their applications, showing all services, APIs, libraries, dependencies, and data flows. You can think of it as a visual software bill of materials or an SBOM, as it’s called. This is particularly useful for understanding black box applications, accelerating cloud migrations, or even refactoring monolithic […]

Stephen Burton 09 Nov, 2021

Bionic can help teams automate threat modeling and security reviews. We use an agentless approach to scan and reverse engineer your applications in any environment. The output is a real-time living architecture map that is code-level accurate. You can now threat model or review security based on what actually exists in your application versus estimating […]

Stephen Burton 09 Nov, 2021

Bionic helps teams rapidly understand which applications and services are accessing PII, PCI, and other sensitive data sources. Visualize with Business Context For example, below we can see six business applications that Bionic has discovered along with 68 unique services, which are mapped showing their dependencies to databases. In seconds, we can filter this map to […]

Stephen Burton 08 Nov, 2021

Think of Personal Identifiable Information (PII) as gold that companies store about their customers. Gold must be kept in a safe place at all times, with restricted access, effective governance, and auditing to secure it. However, we live in a world today where everything is code. Meaning more things touch corporate gold than ever before. […]

Stephen Burton 03 Nov, 2021

As engineering teams accelerate and scale their cloud and CI/CD initiatives, the rate of change in production (and the business) starts to increase dramatically. Continuously delivering small incremental code changes is proven to lower the risk of production incidents and downtime. In addition, tools like DataDog, Splunk, Dynatrace, and New Relic can detect application performance […]

Stephen Burton 28 Sep, 2021