Backslash Security was a 2023 Cyber Top Innovations Award winner. We heard from the Shahar Man, Co-Founder and CEO of Backslash Security on how the company is revolutionizing AppSec with unified code and cloud-native security.
Why was Backslash Security established?
For over two decades, I have been leading agile and innovative product and R&D teams in a wide range of technologies and platforms. During my career at SAP as VP of product management and R&D at Aqua Security, I was an active part of an industry created around cloud-native infrastructure and security. In that way, I took part in a major technological disruption, but yet, application security had been largely left behind. This is where the idea for Backslash began.
I, along with my Backslash co-founder Yossi Pik, saw clients struggling with traditional AppSec tools. These tools produced an overwhelming number of false positives because they simply were not designed for the needs of modern microservices-based, cloud-native applications. Also, increasingly rapid agile releases made it impossible for AppSec teams to catch up with developers because they were (and still are) massively outnumbered – there are an average of 1173 developers for every AppSec engineer. At the same time, cloud security teams – even with their modernized tools – still weren’t able to drill down into the code. All of these factors mean that we need to change our thinking and develop new AppSec models that meet the needs of modern, cloud-based environments. Because of all this, we started Backslash.
What are Backslash Security's core products and features?
The Backslash enterprise AppSec solution provides unified code and cloud-native security by correlating cloud context to code risk, bolstered by automated threat modeling, code risk prioritization, and simplified remediation across applications and teams. With Backslash, enterprise AppSec teams can now see, prioritize and easily act upon high-risk code combinations, called “toxic code flows,” in their cloud-native applications.
Backslash was specifically designed to address the persistent, time-consuming, and manual ways of discovering and mapping application code risks, and the cloud-native context gaps left unaddressed by previous-generation, noisy SAST tools. Below are some of Backslash’s key features:
Contextual visibility: Empowers AppSecs teams with the automatic discovery and mapping of cloud-native application code and its dependencies via contextual visual dashboards, without the need to read or understand the underlying code
Automatic threat model visualization: Automatically maps and serves up a preferred threat model
Automatic high-risk code prioritization: Informed by application cloud posture in production
Quick-fix remediation: Simplifies vulnerability and risk remediation with intelligently automated risk identification
Scale by policy alignment: Frees up AppSec teams to set and enforce the optimal cloud-native security policies while significantly cutting the time and resources needed to chase code issues
How is Backslash Security different from its competition?
What sets Backslash apart from other AppSec platforms is that we are the first “born in the cloud” application security solution for enterprises to bring a simple, yet holistic view of application risks from code and cloud in one unified solution. Our platform is coupled with automated threat modeling, code risk prioritization, and simplified remediation across applications and teams.
What have been Backslash Security's biggest milestones?
Our biggest milestone to date has been the recent launch of our company and solution on March 22nd, accompanied by our $8M round of seed funding backed by StageOne Ventures, First Rays Venture Partners, D. E. Shaw & Co., and a roster of security veterans as angel investors, including technology entrepreneur and investor Shlomo Kramer, Ron Zoran (former CRO at CyberArk) and Brian Fielder (General Manager and CTO Enterprise Security at Microsoft). Now that we are official, Backslash is laser-focused on up-leveling the security game for AppSec professionals by capturing the full context of cloud-native application security risk.
What are some of the future company goals for Backslash Security?
We've already seen how cloud security has changed the infrastructure security paradigm dramatically with a new generation of leading vendors. Cloud-native technology is more advanced, mature, and widely adopted than five years ago. This allows Backslash to create mainstream AppSec solutions for cloud applications that leverage the rich context accessible from cloud APIs to provide much better insights on how to prioritize today’s AppSec risks. We believe this type of change is the next phase for AppSec as well. Our ultimate vision is to become the leader of the AppSec paradigm shift to the cloud.