Bionic

ASPM Capabilities:

• Application discovery/inventory

• risk ranking

• threat modeling

• vulnerability management

List of Integrations:

• vulnerability scanners

• source code repositories

• IDEs

• ticketing systems

Vulnerability Management:

• Helping organizations to identify, prioritize, track, and remediate vulnerabilities in their applications

SAST, DAST, SCA:

• Integrate with separate SAST, DAST, and SCA tools, or include their own capabilities

Integration with Intelligence Feeds:

• Integrate with threat intelligence feeds to provide more context for identified vulnerabilities and threats

Dependencies/Transitive Dependencies:

• Transitive dependencies are the dependencies of the direct dependencies in your code

Real Time:

• Scans happen upon schedule, though working on event-driven capability

Risk Determination:

• Risk scoring or ranking system that helps organizations prioritize their remediation efforts.

Bionic works on binaries, they do NOT scan code

• Cloud Application Discovery and Mapping - Resilience

• Cloud Application Inventory - SBOMs (licensing, provenance, hash)

• Business Context Savvy

• Data Flow Discovery and Mapping - database calls, no API against spec, sensitive data via keywords though regex being worked on

• Drift Detection - beta release coming up

• Business Risk Scoring

• Unified Threat Database

• Policy-Driven Security Posture

• Automated DevSecOps Workflows

• Easy to Deploy and Scale

• Deployment - SaaS and on-premises deployment

• Pricing - license based on unique service (doesn't matter which environments, or how many servers it runs on). 20k services for 1.2M per year (~$60/service/year). 175-200k/year is land size.

Lucene based search engine