Interviews | October 26, 2023

Application Security Posture Management Tools Can Enable Data Driven Security Programs

Axonius | Bionic, A Crowdstrike company

Sean Blenkhorn
VP of Sales Engineering


Q1. What exactly is Cyber Asset Attack Surface Management? Why do organizations need the technology?

Cyber Asset Attack Surface Management or "CAASM" is a term that was first introduced by Gartner as part of their 2021 Hype Cycle for Network Security. The aim of CAASM is to help organizations discover all assets, managed and unmanaged, cloud or on-premise to provide a credible and comprehensive inventory. CAASM works by leveraging API integrations with existing security tools, network infrastructure and management tools to aggregate and correlate all asset data into a single system of record. From there, organizations can quickly leverage that information to identify and remediate security risks across their organization.

Q2. Can organizations effectively secure the use of cloud-based applications using a SaaS Management Platform (SMP) or do they need a separate SaaS Security Posture Management (SSPM) capability for that?

SaaS Management Platform (SMP) and SaaS Security Posture Management (SSPM) are two types of products that organizations use today for helping them address the potential risk(s) associated with SaaS application use and adoption. That said, both categories of solutions solve different challenges. SMP products are focused on SaaS application management with regards to a key focus on user onboarding and offboarding and/or SaaS application spend and spend optimization. SSPM, on the other hand, is focused on the configuration of SaaS applications to ensure they meet specific security standards or policies. Because of this, organizations should think about the risk(s) associated with both solutions that include identifying, securing and optimizing spend across SaaS applications to ensure they address all potential business risks.

Q3. What are some of Axonious' objectives at Black Hat Europe 2023? What can customers and attendees expect from Axonious at the event?

The Axonius team is excited about the opportunity to continue to spread awareness to the region of the power of the Axonius platform to solve foundational challenges and drive measurable (and continuous) risk reduction across their business. Attendees will have an opportunity to stop into our booth, meet our amazing team and have an opportunity for an individualized demo to help them understand exactly how Axonius can help reduce their risk through improved visibility, risk identification and automated remediation.

Steve Burton

Bionic, A Crowdstrike company

Q1. What does CrowdStrike's acquisition of Bionic mean for customers? How will they benefit from the transaction?

This acquisition is great news for Bionic customers. They will continue to get Bionic’s industry-leading application security posture management (ASPM) right from the CrowdStrike Falcon Cloud Security platform. CrowdStrike Falcon Cloud Security + Bionic ASPM helps customers integrate and scale next-gen cloud security with next-gen application security. This provides unique full-stack visibility so teams can secure their cloud services, workloads, applications, services, and data flows. In short, we are unifying cloud and application security posture, so they can see and secure everything.

Q2. How can application security posture management tools help enable more proactive, data-driven app-security programs? How does the technology help organizations properly manage speed of application delivery with appropriate security measures during the development lifecycle?

ASPM tools enable more data-driven application security programs by showing teams the top business risks that can be exploited in their applications running in production. Traditional “shift left” and “extend right” tools offer lots of benefits and can be part of an overall security strategy, however, even when incorporated as early and stringently as possible, there are limitations to what testing can do and blind spots to what they can see. ASPM gives both visibility and application architecture context in production to understand individual threats as they relate to the complete application (and business).

Q3. What is Bionic's main messaging at Black Hat Europe 2023? What do you want customers to know about your technology and where it is headed over the next few years?

At this moment we’re squarely focused on ensuring our customers see combined value from Bionic and CrowdStrike to provide the industry’s most complete platform for cloud security. Moving forward you will see Bionic accelerate investments across the CrowdStrike Falcon Cloud Security platform, ecosystem integrations, global sales, and global support. Catch us at Black Hat Europe booth #212, as a Diamond Sponsor, for a full demo of our ASPM platform and to learn more about Bionic and CrowdStrike.

Sustaining Partners