Advancing ASPM w/ Jacob Garrison of Bionic

Alan Shimel talks with Jacob Garrison, security researcher at Bionic, about how Bionic advances its ASPM platform with Bionic Signals and Business Risk Scoring.

Bionic Extends Application Security Posture Management Platform

Bionic this week added a pair of tools to its application security posture management (ASPM) platform that make it simpler to triage threats based on severity and attach a risk score.

Bionic unveils news tools to address application security vulnerabilities

Application security posture management platform company Bionic today launched two new features to help customers understand and manage the vulnerabilities and threats to their applications more efficiently.

Bionic integrations offer context-based vulnerability management

Bionic Signals and Bionic Business Risk Scores are being added to Bionic’s Application security posture management platform for context-based risk prioritization.

Bionic Advances the Industry’s First Application Security Posture Management Platform with Bionic Signals and Business Risk Scoring

PALO ALTO, Calif., June 27, 2023Bionic, the industry’s first Application Security Posture Management (ASPM) platform, today launched two new product features – Bionic Signals and Business Risk Scoring – to help engineers simplify the thousands of security vulnerabilities they manually triage each day. Bionic Signals ingest data from popular security tools to contextualize which vulnerabilities are critical threats to applications in production. Bionic Business Risk Scoring calculates the relative risk of an application based on the number of related vulnerabilities, their ability to compromise sensitive data through architecture dependencies, and their ability to be exploited within the architecture’s attack surfaces. Together, these capabilities provide engineering teams with the rich data, visibility, and context necessary to rapidly prioritize and fix critical threats before they impact the business.

Shifting security left in CI/CD pipelines means engineers have multiple security tools for static code analysis, open-source libraries, pen-testing, container security, infrastructure-as-code, cloud security, and more. In large, modern, distributed, cloud applications these tools create significant exhaust fumes for engineers. This manual triage and toil results in hundreds of hours of lost engineering productivity each week, and also means critical threats get missed and exposed in production. To solve this, Bionic created Bionic Signals and Business Risk Scoring. 

Bionic emerged from stealth in December 2020 with the world’s first ASPM solution – a new market category recently validated by Gartner – to give enterprises complete end-to-end application visibility and context. With Bionic Signals and Business Risk Scoring, Bionic is reinforcing its commitment to deliver cutting-edge security solutions that empower teams to prioritize and resolve threats in minutes instead of weeks, months, or never.

“The surge in applications and shift to continuous delivery are introducing new attack surfaces and attack vectors at an unimaginable rate. Most security tools today focus primarily on discovery, but without operational insights into critical exploitable business risks, all they provide is noise,” said Eyal Mamo, co-founder and CTO at Bionic. “Our next-gen application security platform discovers and visualizes all services, dependencies, APIs, and data flows. We then detect, score, and prioritize application risk so that teams can spend time fixing what needs to be fixed. That’s why the largest enterprises across nearly every industry are leveraging Bionic for ASPM.”

Bionic Signals

Security tool sprawl is a growing problem: According to Gartner, 78% of CISOs have 16 or more tools in their cybersecurity vendor portfolio, and 12% have 46 or more. Bionic Signals help customers correlate security data from virtually any source to better understand and contextualize which vulnerabilities are critical risks, thus reducing engineer triage and toil by up to 95%. Instead of engineers manually reviewing each tool and vulnerability, Bionic is able to automate this process across security tools, thus reducing the amount of vulnerabilities, false positives, and noise.

Bionic previously announced its first major signal integration with cloud security leader Wiz to unify cloud application security, and was recently named an inaugural technology partner within the Wiz Integration (WIN) Program. Today, Bionic is honoring its commitment to integrate with any security tool by unveiling a new signal integration with Sonatype IQ. With these integrations, Bionic customers see the power of Wiz and Sonatype right from the Bionic UI.

“Identifying and mitigating risk is a top priority for nearly every business. As organizations innovate with the cloud, they need to protect their cloud-based applications at the same pace that engineers ship code,” said Oron Noah, Director Product Management at Wiz. “Together, Bionic and Wiz bring unparalleled context to complex, chaotic cloud environments and applications. By integrating Wiz’s best-in-class cloud security platform with Bionic ASPM, we can enable visibility and context in complex cloud environments and applications.”

Bionic Signals helps customers correlate security signals across tools with greater accuracy to reduce noise from too many alerts across too many security tools. The new solution enriches customers’ understanding of threats with context from application and cloud security tools and measures the impact of other security tools on applications in production. Bionic will continue to add signals from partners to meet the growing demand for visibility into applications in production, better vulnerability context, and more accurate risk-based prioritization.

Bionic Business Risk Scoring

Determining what to fix – and what to fix first – is a challenge for today’s security teams. While risk-based prioritization is imperative for organizations to make well-informed decisions about security and prioritize their work, there are no current tools on the market that provide adequate context for automated risk assessment, prioritization, and remediation. Instead of engineers using CVSS scores to prioritize vulnerabilities, Bionic Business Risk Scoring expands this approach by understanding the business criticality of each vulnerability (e.g. what sensitive data can be exposed) and the architecture exploitability of each vulnerability (e.g. is the impacted service or API internet-facing).

Bionic Signals and Bionic Business Risk Scoring are generally available. For more information, visit or check out our blog post

About Bionic

Bionic is an Application Security Posture Management (ASPM) platform that proactively reduces security, data privacy, and operational risk by continuously analyzing the entire architecture of applications as they evolve and change in production. Unlike cloud security posture offerings, Bionic provides deep visibility into the application layer to help organizations manage the risk of their services, APIs, dependencies, and data flows in production. Bionic was founded in 2019 by Idan Ninyo and Eyal Mamo and is based out of Palo Alto, CA.

Media Contact 

Francesca DeAnda
[email protected] 

The limitations of shifting left in application security

In this Help Net Security video, Jacob Garrison, Security Researcher for Bionic, explains the limitations of shifting left in application security.

5 best practices to ensure the security of third-party APIs

The application programming interface (API) has become integral to setting up functionality and flexibility. But they’re also potential attack vectors that need to be high on the security team’s radar.

Cyber Defense Radio – HotSeat Podcast w/ Steve Burton from Bionic

Hosted by Gary Miliefsky, Publisher of Cyber Defense Magazine, this hotseat interview is with Stephen Burton of Bionic.

Plugging the infosec holes before the bad guys can sneak in

Security posture management gets its due at RSA

The White House National Cybersecurity Strategy Has a Fatal Flaw

The government needs to shift focus and reconsider how it thinks about securing our nation’s digital and physical assets.

What Uber’s Latest Data Breach Means for Third-Party Risk

Uber is in the headlines once again for losing sensitive data. However, this round of data exposure isn’t due to a breach of Uber’s facilities.

HACKERverse LIVE Topic: Interview w/Eyal Mamo of BIONIC from inside the HACKERverse

Listen or watch HACKERverse LIVE with Bionic CTO and Co-Founder Eyal Mamo.

Bionic integrates with Wiz to provide customers with full cyber-risk coverage

Bionic has announced a product integration with Wiz to provide customers with an agentless way to unify and scale their cloud and application security posture in production.

CrowdStrike Bionic

Have you heard the news?

Bionic to be acquired by CrowdStrike to provide the industry’s most comprehensive cloud security platform. Together, we are creating the industry-defining cloud security platform, fully integrated from code to runtime.