In this article, we’ll describe how a global leader in customer engagement and employee management let Bionic show them how fast they can achieve total visibility into one of their most complex applications.
The company has thousands of employees around the world who support dozens of products. As a publicly traded company, it is critical for them to protect sensitive data for their customers, who include some of the biggest companies in the world.
The Problem: Lack of Application Visibility Leaves the Security Team in the Dark
The company has dozens of applications in its product base. They approached Bionic because they lacked the foundation of any good security program – basic visibility. Furthermore, are seeking to centralize application risk analysis, automate mundane tasks and manual exercises, and migrate legacy applications to the cloud.
The small security team has been struggling to understand what application services and dependencies are running across their products. Like many enterprises, each product has its own development team, and one small security team is responsible for securing everything.
Here are some of the company’s specific challenges:
Challenge 1: Lack of application architecture documentation. This has forced the security team to interview each development team, hoping to get accurate depictions of all the application services, dependencies, and data flows.
Impact: Security and development teams are spending significant time (and dollars from lost productivity) conducting interviews and creating manual application diagrams time/resources.
Challenge 2: No way to get an accurate software bill of materials (SBOM). Without visibility, the company has no accurate inventory of application components.
Impact: Several of the company’s customers require the ability to generate an SBOM. The gap is causing a hold on millions of dollars worth of contracts.
Challenge 3: Delayed cloud migration. Many of the company’s applications are on-prem, but an initiative to move to the cloud means that they’re building newer apps in the cloud while migrating their legacy apps.
Impact: The decision to lift and shift to the cloud has left security in the dark, with no way to manage application security risk across the business or respond efficiently to zero-day vulnerabilities.
Bionic offered to show the company how quickly they could overcome each of their challenges with the industry’s leading Application Security Posture Management (ASPM) solution.
The Solution: Bionic ASPM
Bionic had the privilege of demonstrating to the company how quickly and easily they can gain the visibility they need into their applications. Here’s all that was required of the company to get started:
- Name and description of the application
- Programming language(s) used in the application
- Operating system
- Application deployment details
After providing the details of the application, Bionic’s engineering team completed the agentless setup for the selected application.
The Results: Clear and Immediate Visibility
Within minutes, Bionic was able to discover and map application assets, including services, APIs, dependencies, and data flows. Across this cloud-native application, Bionic discovered almost 100 services and more than 1,500 API calls.
The instant visibility that Bionic provides could eliminate a huge burden for the security and development teams doing interviews and manual application diagrams.
Bionic’s inventory capability created an instant catalog of all application assets. By providing the company with a much-needed way to generate accurate SBOMs, Bionic could help them check off a key regulatory requirement, unblock multiple deals, and grow revenue.
Bionic surfaced more than 500 violations in this application. However, because Bionic assesses risk based on exploitability, severity, and impact, Bionic was able to contextualize the violations and narrow the list down to only 5 violations that the company needed to fix immediately to reduce their overall application risk.
Along with this 99% reduction in vulnerabilities, Bionic was also able to pinpoint the location of a zero-day vulnerability in production and prioritize which libraries were affected and should be prioritized based on access to sensitive data, exploitability, and business criticality of the service where the vulnerability was located.
In short, Bionic demonstrated to the company how they can remediate zero-day vulnerabilities in hours instead of weeks.
Bionic gives the company the ability to visualize its applications, catalog all application assets, and secure applications at an enterprise scale across a hybrid environment. With every code change, Bionic offers an updated map and inventory and reevaluates the company’s application security posture.
To learn more about Bionic, schedule a demo with us today!