Backed by StageOne Ventures and a stellar roster of security industry leaders, AppSec disruptor secures $8M to equip AppSec teams with visual control over cloud-native applications by identifying toxic code flows and automating threat models
Backslash Security, the new cloud-native application security solution for enterprise AppSec teams, emerged from stealth today, announcing an $8 million round led by StageOne Ventures, First Rays Venture Partners, D. E. Shaw & Co. and a roster of security veterans as angel investors, including technology entrepreneur and investor Shlomo Kramer, Ron Zoran (former CRO at CyberArk) and Brian Fielder (General Manager and CTO Enterprise Security at Microsoft), among others.
Already in use by leading technology organizations and Fortune 100 companies, Backslash is the new enterprise AppSec solution to provide unified code and cloud-native security by correlating cloud context to code risk, bolstered by automated threat modeling, code risk prioritization and simplified remediation across applications and teams. With Backslash, enterprise AppSec teams can now see, prioritize and easily act upon high-risk code combinations, called “toxic code flows,” in their cloud-native applications.
As more enterprise teams embrace the cloud and cloud-native application development, the percentage of large organizations that deploy code to production daily is expected to increase from 5% in 2021 to 70% in 2025 (IDC FutureScape). According to the Cloud Native Computing Foundation, 85% of organizations believe modernizing security is very important to their organization’s cloud-native deployment. Yet, AppSec teams face a mounting challenge in keeping pace with their fast-paced development counterparts. The problem is compounded by current application security tools that often produce an excessive number of low-value alerts, leading to an overwhelming amount of noise – nearly half of all security alerts are false positives (ESG). Not only that, security teams spend upwards of 25 minutes investigating each one – and due to the sheer volume, cost and time, almost a quarter of alerts are simply ignored (IDC).
“Cloud security has gone through a paradigm shift over the last few years, and I believe the application security industry is next to follow,” said Shlomo Kramer, investor and co-founder and CEO of Cato Networks. “The Backslash approach brings a new type of holistic, context-based application security to AppSec teams, leveraging their vast security skills to the cloud-native stack.”
“AppSec teams are stuck with a decades-old paradigm of noisy vulnerability scanners, while cloud security teams have been enjoying modern, visual ways to zero in on and secure cloud infrastructure risks and vulnerabilities,” said Shahar Man, co-founder and CEO of Backslash. “Backslash is here to uplevel the cloud-native security game for AppSec professionals by capturing the full context of cloud-native application security risk – because soon enough, most applications will run on cloud, and application security will be what matters most. The Backslash team is honored to have the support of renowned cybersecurity entrepreneurs and investors to help us achieve our vision.”
“Backslash’s approach to Application Security stands out as a game changer,” said Yuval Cohen, founder and managing partner at StageOne Ventures. “Their unique solution offers contextual code risk visibility and visually maps the cloud-native application posture, providing unparalleled insight into security risks. We firmly believe that this innovative technology will have a significant impact on the industry.”
“AppSec teams are struggling as companies rapidly shift to cloud-based deployment environments because the traditional solutions just aren’t keeping up,” said Brian Fielder, General Manager, CTO Enterprise Security at Microsoft. “The Backslash team has built a truly cloud-native approach to application security, bringing a new, visual, lightweight paradigm to the AppSec industry.”
Backslash was specifically designed to address the persistent, time-consuming and manual ways of discovering and mapping application code risks, and the cloud-native context gaps left unaddressed by previous generation, noisy SAST tools. The company was founded by industry veterans Shahar Man, formerly Vice President at Aqua Security and SAP, and Yossi Pik, formerly Co-founder and CTO of FARMIGO (acquired by GrubMarket) and Vice President at SAP. Backed by extensive cloud-native application expertise and experience across cloud/ serverless and microservices, the Backslash Cloud-Native Application Security solution provides AppSec teams with security insights and business context to the code risk, while tracking the security posture of different applications and teams involved.
“There can be friction between developers and security teams because traditional application security methods are disruptive to cloud-native development. Developers need an accurate way to efficiently identify and fix code issues in their workflows, without being overwhelmed by alerts or false positives, while security needs a scalable way to manage risk,” said Melinda Marks, senior analyst at Enterprise Strategy Group. “Backslash has developed a solution to address this gap utilizing the properties of the stack and modern development environments to give security teams the context they need to support development as it scales.”
Through unified visual mapping of threat models and application posture, AppSec teams can quickly prioritize code risks based on the relevant cloud context, reducing false positives, alerts and fatigue; and they can significantly cut MTTR (mean time to recovery) by enabling developers with the evidence they need to take ownership of the process. Specifically, the Cloud-Native Application Security solution brings the following capabilities to enterprise AppSec teams:
- Contextual visibility: Empowers AppSecs teams with the automatic discovery and mapping of cloud-native application code and its dependencies via contextual visual dashboards, without the need to read or understand the underlying code
- Automatic threat model visualization: Automatically maps and serves up a preferred threat model
- Automatic high-risk code prioritization, informed by application cloud posture in production
- Quick-fix remediation: Simplifies vulnerability and risk remediation with intelligently automated risk identification
- Scale by policy alignment: Frees up AppSec teams to set and enforce the optimal cloud-native security policies while significantly cutting the time and resources needed to chase code issues
Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!