Progress announced new powerful capabilities and enhancements in the latest release of Progress® Sitefinity®.
Backslash Security Launches Application Security Posture Management (ASPM) Platform to Fuse In-Depth Reachability Analysis with Cloud-Native Context
By bringing Package Reachability, SCA, SAST, SBOM and other core AppSec capabilities together in a single, visualized ASPM platform, Backslash cuts 99% of security noise generated by traditional AppSec tools
November 01, 2023
Backslash Security announced the general availability of its Application Security Posture Management (ASPM) platform for enterprise AppSec and product security teams. Backslash provides unprecedented application-centric visibility with complete cloud-context, solving the most pervasive challenge AppSec teams face today: risk prioritization.
The solution weaves together ASPM capabilities with core AppSec functions including SCA, SAST, SBOM, VEX and secrets detection in a single, visualized platform. It is the sole ASPM solution available that not only seamlessly detects vulnerabilities across multiple fronts, but also offers built-in technology to prioritize them according to their reachability and exploitability. By seamlessly integrating native risk assessment with reachability analysis, Backslash unveils otherwise concealed risks, and provides a comprehensive view of the highest risk vulnerabilities and their real world impact.
Most AppSec professionals spend 50% or more of their time chasing vulnerabilities (source: Backslash). The sheer volume of vulnerabilities flagged across multiple costly and siloed tools overwhelms the typical AppSec team, and fixing the most critical security risks is increasingly challenging without the ability to prioritize. As a result, organizations are left vulnerable to attack due to lengthened remediation timeframes, code is less secure and team pressures increase.
Application Security Posture Management alleviates these issues by providing an integrated, continuous, and holistic view of an organization's application security posture. Gartner’s Innovation Insight for Application Security Posture Management report forecasts over 40% of organizations developing proprietary applications will adopt ASPM to more rapidly identify and resolve application security issues by 2026.
“We used to be overwhelmed on a daily basis by the amount of alerts we would get. In most cases these alerts turned out to be false-positives, leaving our dev team frustrated,” said Ori Assaraf, Vice President, R&D at Panoramic Power, a Centrica Company. “For the first time we have a solution that actually finds real risks and helps us make sense of them. This way our developers can fix the most important issues without wasting their time chasing useless vulnerabilities.”
Backslash has entered the market with a powerful, native solution that identifies risk across cloud-native code and infrastructure layers in one visual dashboard. Key features and benefits include:
■ In-depth reachability analysis: Prioritizes the most critical OSS vulnerabilities and code vulnerabilities by pinpointing risks that are actually reachable and exploitable, drastically reducing alert noise and allowing security teams to focus on genuine threats.
■ Native security analysis (signal) detection: Identifies critical risks natively within the Backslash platform to give AppSec and product security teams a single, comprehensive and consolidated viewpoint.
■ Toxic flow analysis: On average, Backslash identifies one critical toxic flow for every 100 security alerts produced by other AppSec tools, reducing alert fatigue and enabling AppSec teams to fix the most high risk vulnerabilities first. Toxic flow analysis allows Backslash to provide Risk-based Vulnerability Management (RBVM) and prioritize risks based on their exposure and business context.
■ Automated vulnerability and threat modeling: Automatically visualizes the architecture, security findings and threats associated with the application.
■ Remediation at the root: Precisely targets the right developer for each code fix, complete with crisp evidence to reduce remediation and triage MTTR (mean time to recovery).
“AppSec teams need to cut through the noise and focus on what matters most – and this means understanding which vulnerabilities are exploitable. Backslash has designed its platform with a focus on prioritization to enable AppSec teams to fix the most critical risks first,” said Shahar Man, co-founder and CEO of Backslash. “Backslash draws inspiration from the agile workflows we see in software development — just as devs have shortened and streamlined their cycles, we can now shorten and streamline ours. The power to continuously prioritize the most critical, reachable vulnerabilities will enable AppSec to keep pace with their dev counterparts.”
The Backslash solution is now generally available, and is also available on the AWS Marketplace.
Industry News
November 21, 2024
November 21, 2024
Red Hat announced the general availability of Red Hat Enterprise Linux 9.5, the latest version of the enterprise Linux platform.
November 21, 2024
Securiti announced a new solution - Security for AI Copilots in SaaS apps.
November 20, 2024
Spectro Cloud completed a $75 million Series C funding round led by Growth Equity at Goldman Sachs Alternatives with participation from existing Spectro Cloud investors.
November 20, 2024
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, has announced significant momentum around cloud native training and certifications with the addition of three new project-centric certifications and a series of new Platform Engineering-specific certifications:
November 20, 2024
Red Hat announced the latest version of Red Hat OpenShift AI, its artificial intelligence (AI) and machine learning (ML) platform built on Red Hat OpenShift that enables enterprises to create and deliver AI-enabled applications at scale across the hybrid cloud.
November 20, 2024
Salesforce announced agentic lifecycle management tools to automate Agentforce testing, prototype agents in secure Sandbox environments, and transparently manage usage at scale.
November 19, 2024
OpenText™ unveiled Cloud Editions (CE) 24.4, presenting a suite of transformative advancements in Business Cloud, AI, and Technology to empower the future of AI-driven knowledge work.
November 19, 2024
Red Hat announced new capabilities and enhancements for Red Hat Developer Hub, Red Hat’s enterprise-grade developer portal based on the Backstage project.
November 19, 2024
Pegasystems announced the availability of new AI-driven legacy discovery capabilities in Pega GenAI Blueprint™ to accelerate the daunting task of modernizing legacy systems that hold organizations back.
November 19, 2024
Tricentis launched enhanced cloud capabilities for its flagship solution, Tricentis Tosca, bringing enterprise-ready end-to-end test automation to the cloud.
November 19, 2024
Rafay Systems announced new platform advancements that help enterprises and GPU cloud providers deliver developer-friendly consumption workflows for GPU infrastructure.
November 19, 2024
Apiiro introduced Code-to-Runtime, a new capability using Apiiro’s deep code analysis (DCA) technology to map software architecture and trace all types of software components including APIs, open source software (OSS), and containers to code owners while enriching it with business impact.
November 19, 2024
Zesty announced the launch of Kompass, its automated Kubernetes optimization platform.
November 18, 2024
MacStadium announced the launch of Orka Engine, the latest addition to its Orka product line.
