Parasoft announces the opening of its new office in Northeast Ohio.
Backslash Security Emerges from Stealth
March 22, 2023
Backslash Security, a new cloud-native application security solution for enterprise AppSec teams, emerged from stealth, announcing an $8 million round led by StageOne Ventures, First Rays Venture Partners, D. E. Shaw & Co. and a roster of security veterans as angel investors, including technology entrepreneur and investor Shlomo Kramer, Ron Zoran (former CRO at CyberArk) and Brian Fielder (General Manager and CTO Enterprise Security at Microsoft), among others.
Backslash provides unified code and cloud-native security by correlating cloud context to code risk, bolstered by automated threat modeling, code risk prioritization and simplified remediation across applications and teams. With Backslash, enterprise AppSec teams can now see, prioritize and easily act upon high-risk code combinations, called “toxic code flows,” in their cloud-native applications.
“AppSec teams are stuck with a decades-old paradigm of noisy vulnerability scanners, while cloud security teams have been enjoying modern, visual ways to zero in on and secure cloud infrastructure risks and vulnerabilities,” said Shahar Man, co-founder and CEO of Backslash. “Backslash is here to uplevel the cloud-native security game for AppSec professionals by capturing the full context of cloud-native application security risk – because soon enough, most applications will run on cloud, and application security will be what matters most. The Backslash team is honored to have the support of renowned cybersecurity entrepreneurs and investors to help us achieve our vision.”
"Backslash's approach to Application Security stands out as a game changer," said Yuval Cohen, founder and managing partner at StageOne Ventures. "Their unique solution offers contextual code risk visibility and visually maps the cloud-native application posture, providing unparalleled insight into security risks. We firmly believe that this innovative technology will have a significant impact on the industry."
“AppSec teams are struggling as companies rapidly shift to cloud-based deployment environments because the traditional solutions just aren’t keeping up,” said Brian Fielder, General Manager, CTO Enterprise Security at Microsoft. “The Backslash team has built a truly cloud-native approach to application security, bringing a new, visual, lightweight paradigm to the AppSec industry."
Backslash was specifically designed to address the persistent, time-consuming and manual ways of discovering and mapping application code risks, and the cloud-native context gaps left unaddressed by previous generation, noisy SAST tools. The company was founded by industry veterans Shahar Man, formerly Vice President at Aqua Security and SAP, and Yossi Pik, formerly Co-founder and CTO of FARMIGO (acquired by GrubMarket) and Vice President at SAP. Backed by extensive cloud-native application expertise and experience across cloud/ serverless and microservices, the Backslash Cloud-Native Application Security solution provides AppSec teams with security insights and business context to the code risk, while tracking the security posture of different applications and teams involved.
“There can be friction between developers and security teams because traditional application security methods are disruptive to cloud-native development. Developers need an accurate way to efficiently identify and fix code issues in their workflows, without being overwhelmed by alerts or false positives, while security needs a scalable way to manage risk,” said Melinda Marks, senior analyst at Enterprise Strategy Group. “Backslash has developed a solution to address this gap utilizing the properties of the stack and modern development environments to give security teams the context they need to support development as it scales.”
Through unified visual mapping of threat models and application posture, AppSec teams can quickly prioritize code risks based on the relevant cloud context, reducing false positives, alerts and fatigue; and they can significantly cut MTTR (mean time to recovery) by enabling developers with the evidence they need to take ownership of the process. Specifically, the Cloud-Native Application Security solution brings the following capabilities to enterprise AppSec teams:
- Contextual visibility: Empowers AppSecs teams with the automatic discovery and mapping of cloud-native application code and its dependencies via contextual visual dashboards, without the need to read or understand the underlying code
- Automatic threat model visualization: Automatically maps and serves up a preferred threat model
- Automatic high-risk code prioritization, informed by application cloud posture in production
- Quick-fix remediation: Simplifies vulnerability and risk remediation with intelligently automated risk identification
- Scale by policy alignment: Frees up AppSec teams to set and enforce the optimal cloud-native security policies while significantly cutting the time and resources needed to chase code issues
Industry News
May 02, 2024
Postman released v11, a significant update that speeds up development by reducing collaboration friction on APIs.
May 02, 2024
Sysdig announced the launch of the company’s Runtime Insights Partner Ecosystem, recognizing the leading security solutions that combine with Sysdig to help customers prioritize and respond to critical security risks.
May 02, 2024
Nokod Security announced the general availability of the Nokod Security Platform.
May 02, 2024
Drata has acquired oak9, a cloud native security platform, and released a new capability in beta to seamlessly bring continuous compliance into the software development lifecycle.
May 01, 2024
Amazon Web Services (AWS) announced the general availability of Amazon Q, a generative artificial intelligence (AI)-powered assistant for accelerating software development and leveraging companies’ internal data.
May 01, 2024
Red Hat announced the general availability of Red Hat Enterprise Linux 9.4, the latest version of the enterprise Linux platform.
May 01, 2024
ActiveState unveiled Get Current, Stay Current (GCSC) – a continuous code refactoring service that deals with breaking changes so enterprises can stay current with the pace of open source.
May 01, 2024
Lineaje released Open-Source Manager (OSM), a solution to bring transparency to open-source software components in applications and proactively manage and mitigate associated risks.
May 01, 2024
Synopsys announced the availability of Polaris Assist, an AI-powered application security assistant on the Synopsys Polaris Software Integrity Platform®.
April 30, 2024
Backslash Security announced the findings of its GPT-4 developer simulation exercise, designed and conducted by the Backslash Research Team, to identify security issues associated with LLM-generated code. The Backslash platform offers several core capabilities that address growing security concerns around AI-generated code, including open source code reachability analysis and phantom package visibility capabilities.
April 30, 2024
Azul announced that Azul Intelligence Cloud, Azul’s cloud analytics solution -- which provides actionable intelligence from production Java runtime data to dramatically boost developer productivity -- now supports Oracle JDK and any OpenJDK-based JVM (Java Virtual Machine) from any vendor or distribution.
April 30, 2024
F5 announced new security offerings: F5 Distributed Cloud Services Web Application Scanning, BIG-IP Next Web Application Firewall (WAF), and NGINX App Protect for open source deployments.
April 29, 2024
Code Intelligence announced a new feature to CI Sense, a scalable fuzzing platform for continuous testing.
April 29, 2024
WSO2 is adding new capabilities for WSO2 API Manager, WSO2 API Platform for Kubernetes (WSO2 APK), and WSO2 Micro Integrator.
