Here at Bionic, we continue to push the boundaries of what’s possible to help our customers secure their cloud-native applications. Today, we’re announcing a direct integration with ServiceNow, Bionic Events, and a reimagined dashboard. These updates supercharge the state of application security posture management and help you achieve unprecedented visibility into and continuous control over your cloud-native applications.
Bionic’s ServiceNow Integration Benefits Security and IT Operations
Having full visibility – and an accurate record of what you’re seeing – is the cornerstone of a strong security program. We’ve heard from countless security leaders that their greatest struggle is having a trusted system of record for their applications in production. Similarly, IT operations management teams seek to maintain an inventory of their most ephemeral asset: code.
Introducing Bionic’s ServiceNow Integration
Starting today, you’ll be able to enrich your existing ServiceNow CMDB with a real-time accurate model of all application dependencies so you can better secure and manage your cloud applications. Through a Service Graph Connector integration, Bionic sends application inventory data to ServiceNow. This provides an accurate and continuously up-to-date record of every application service and dependency along with deployment and environment variables. Bionic does this without agents or sensors, making it easy to scale across large, complex cloud-native apps.
Bionic’s innovative collection process provides an accurate and up-to-date CMDB of all application services and dependencies so you can:
- Automatically generate an accurate SBOM
- Respond efficiently to zero-day threats and critical security issues by identifying and fixing every exploitable instance of a specific vulnerable component.
- Address critical application outages quickly and reduce your mean time to resolution (MTTR).
- Create resilient, well-architected applications, with better availability and reduced technical debt.
Here’s what an inventory of an application looks like in ServiceNow, grouped by class.
From the full list of CIs discovered by Bionic, select a specific application to investigate. The following example shows the order_manager app. The timeline highlights changes to the application and identifies what changed, when it changed, and if the change was authorized.
As always, you’ll have the standard map and inventory in Bionic.
Bionic Events Brings Control to Constant Application Chaos
Applications are constantly changing, and not all changes are thoroughly tested or vetted prior to release. According to Google’s 2022 DevOps Research and Assessment report, even high-performing DevOps teams have around a 15% change failure rate (meaning a change that causes an outage, degradation, or exposure). Higher CFRs are more common, ranging between from 16% to 60% for medium and low DevOps performers.
Inevitable and constant change is a guarantee in the world of applications. Security is not. We built Bionic Events to help security teams track the changes that expose the organization to additional risk.
Introducing Bionic Events
The Bionic Events dashboard shows you how your applications are changing and relates those changes to business risk. You can now identify when developers add or remove an application service or service connection or any time there’s a change to an application artifact or dependency.
By tracking these changes, Bionic is able to calculate if/how an event modifies the overall risk of the application service. From the Events query bar, you can search for events of interest based on business application, application service, type of event, and risk change.
The time filter helps you target events during a specific date range. This also helps you visualize how changes have affected your application security posture over a specified period of time.
Investigate event details quickly from the side panel, which provides a full description of the event. This includes when it occurred, the other services that were impacted, how the Business Risk Score changed (increased or decreased and by how many points), if there are any new violations due to this change, and more.
These details allow you to see how the effects of a change ripple across your application ecosystem and impact your overall security posture.
New Bionic Dashboard
Security teams are inundated with tools, data, and alerts, the vast majority of which are neither relevant nor actionable. Bionic’s new dashboard helps security teams focus on the data that matters most when it comes to managing their overall application security posture and business risk.
Introducing the New Bionic Dashboard
We’re pleased to show you the new Bionic Dashboard, which gives you a centralized view of your application security posture. Here are some notable highlights.
The overview is at the top of the dashboard. It shows the app services, tech stack, deployment stack, and potential exposure information (sensitive data stores, third-party connections, and internet exposed services).
The main filters help you focus on specific services or components of your application. This enables you to analyze data in a more targeted manner and allows you to quickly and easily define the scope of the entire dashboard. You can filter by business application, service owner, and service department.
The dashboard’s interactive widgets help teams better manage, prioritize, and remediate threats. The dashboard widgets fall into three main views: services, violations, and remediation.
Service widgets include:
- Services by Risk Level
- Services by Risk Over Time
- Top Services by Risk Score
Violation widgets include:
- Violations by severity
- Violations by severity over time
- Newly detected violations
Remediation widgets include:
- Violation analysis
- Open vs. resolved violations
- Violations with maximum impact
Stay tuned for more exciting changes in the coming months. We will continue to focus on enhancing our support across clouds and languages, expanding our Signals program, adding key integrations with tools to ease workflow across teams, and creating ways to help you get up and running with ASPM quicker than ever.
Want to learn more right now? Book a demo with our team today.