DEVOPSdigest

Backslash Security announced the general availability of its Application Security Posture Management (ASPM) platform for enterprise AppSec and product security teams. Backslash provides unprecedented application-centric visibility with complete cloud-context, solving the most pervasive challenge AppSec teams face today: risk prioritization.

The solution weaves together ASPM capabilities with core AppSec functions including SCA, SAST, SBOM, VEX and secrets detection in a single, visualized platform. It is the sole ASPM solution available that not only seamlessly detects vulnerabilities across multiple fronts, but also offers built-in technology to prioritize them according to their reachability and exploitability. By seamlessly integrating native risk assessment with reachability analysis, Backslash unveils otherwise concealed risks, and provides a comprehensive view of the highest risk vulnerabilities and their real world impact.

Most AppSec professionals spend 50% or more of their time chasing vulnerabilities (source: Backslash). The sheer volume of vulnerabilities flagged across multiple costly and siloed tools overwhelms the typical AppSec team, and fixing the most critical security risks is increasingly challenging without the ability to prioritize. As a result, organizations are left vulnerable to attack due to lengthened remediation timeframes, code is less secure and team pressures increase.

Application Security Posture Management alleviates these issues by providing an integrated, continuous, and holistic view of an organization's application security posture. Gartner’s Innovation Insight for Application Security Posture Management report forecasts over 40% of organizations developing proprietary applications will adopt ASPM to more rapidly identify and resolve application security issues by 2026.

“We used to be overwhelmed on a daily basis by the amount of alerts we would get. In most cases these alerts turned out to be false-positives, leaving our dev team frustrated,” said Ori Assaraf, Vice President, R&D at Panoramic Power, a Centrica Company. “For the first time we have a solution that actually finds real risks and helps us make sense of them. This way our developers can fix the most important issues without wasting their time chasing useless vulnerabilities.”

Backslash has entered the market with a powerful, native solution that identifies risk across cloud-native code and infrastructure layers in one visual dashboard. Key features and benefits include:

■ In-depth reachability analysis: Prioritizes the most critical OSS vulnerabilities and code vulnerabilities by pinpointing risks that are actually reachable and exploitable, drastically reducing alert noise and allowing security teams to focus on genuine threats.

■ Native security analysis (signal) detection: Identifies critical risks natively within the Backslash platform to give AppSec and product security teams a single, comprehensive and consolidated viewpoint.

■ Toxic flow analysis: On average, Backslash identifies one critical toxic flow for every 100 security alerts produced by other AppSec tools, reducing alert fatigue and enabling AppSec teams to fix the most high risk vulnerabilities first. Toxic flow analysis allows Backslash to provide Risk-based Vulnerability Management (RBVM) and prioritize risks based on their exposure and business context.

■ Automated vulnerability and threat modeling: Automatically visualizes the architecture, security findings and threats associated with the application.

■ Remediation at the root: Precisely targets the right developer for each code fix, complete with crisp evidence to reduce remediation and triage MTTR (mean time to recovery).

“AppSec teams need to cut through the noise and focus on what matters most – and this means understanding which vulnerabilities are exploitable. Backslash has designed its platform with a focus on prioritization to enable AppSec teams to fix the most critical risks first,” said Shahar Man, co-founder and CEO of Backslash. “Backslash draws inspiration from the agile workflows we see in software development — just as devs have shortened and streamlined their cycles, we can now shorten and streamline ours. The power to continuously prioritize the most critical, reachable vulnerabilities will enable AppSec to keep pace with their dev counterparts.”

The Backslash solution is now generally available, and is also available on the AWS Marketplace.