Backslash Security is known as the first Cloud-Native Application Security solution for enterprise AppSec teams to offer unified security and business context to cloud-native code risk, coupled with automated threat modeling, code risk prioritization, and simplified remediation across applications and teams. To learn more about the company, Pulse 2.0 interviewed Backslash Security co-founder and CEO Shahar Man.
Shahar Man’s Background
Shahar Man has been leading agile and innovative product and R&D teams in a wide range of technologies and platforms for over 2 decades. And Man specializes in developer-oriented products and transitioning large-scale development groups to agile methodologies.
“I built the foundation of my career at SAP during the great shift to the cloud. During that time, as well as later in my career in my role as VP of product management and R&D at Aqua Security, I was an active part of an industry created around cloud-native infrastructure and security. In that way, I took part in a major technological disruption, but yet, application security had been largely left behind. This is where the idea for Backslash began,” said Man.
Formation Of Backslash Security
While working at SAP, Man along with Backslash co-founder Yossi Pik saw clients struggle with traditional AppSec tools.
“These tools produced an overwhelming number of false positives because they simply were not designed for the needs of modern microservices-based, cloud-native applications. Also, increasingly rapid agile releases made it impossible for AppSec teams to catch up with developers because they were (and still are) massively outnumbered – there are an average of 1173 developers for every AppSec engineer,” Man explained. “At the same time, cloud security teams – even with their modernized tools – still weren’t able to drill down into the code. All of these factors mean that we need to change our thinking and develop new AppSec models that meet the needs of modern, cloud-based environments. This is why we started Backslash.”
Challenges Faced Building Backslash Security
What were some of the challenges faced in building the company? Timing was the biggest challenge according to Man.
“Backslash built a great team of professionals with a very clear vision. However, around May 2022 the economic climate started to change and we were lucky to complete the seed round in time before any implications of the situation truly challenged us,” Man acknowledged.
What are Backslash Security’s core products? The Backslash enterprise AppSec solution offers unified code and cloud-native security by correlating cloud context to code risk, bolstered by automated threat modeling, code risk prioritization, and simplified remediation across applications and teams. And with Backslash, enterprise AppSec teams can now see, prioritize, and easily act upon high-risk code combinations called “toxic code flows” in their cloud-native applications. Backslash was specifically designed for addressing the persistent, time-consuming, and manual ways of discovering and mapping application code risks, and the cloud-native context gaps left unaddressed by previous-generation, noisy SAST tools.
Below are some of Backslash’s key features:
– Contextual visibility – Empowers AppSecs teams with the automatic discovery and mapping of cloud-native application code and its dependencies via contextual visual dashboards, without the need to read or understand the underlying code
– Automatic threat model visualization – Automatically maps and serves up a preferred threat model
– Automatic high-risk code prioritization – Informed by application cloud posture in production
– Quick-fix remediation – Simplifies vulnerability and risk remediation with intelligently automated risk identification
– Scale by policy alignment – Frees up AppSec teams to set and enforce the optimal cloud-native security policies while significantly cutting the time and resources needed to chase code issues
Advancement of the AppSec sector
How has Backslash Security’s technology advanced the AppSec sector? “Cloud-native technology is more advanced, mature, and widely adopted than 5 years ago. This allows Backslash to create mainstream AppSec solutions for cloud applications that leverage the rich context accessible from cloud APIs to provide much better insights on how to prioritize today’s AppSec risks,” replied Man.
Backslash just completed a seed round of funding of $8 million led by StageOne Ventures, First Rays Venture Partners, D. E. Shaw & Co., and a roster of security veterans as angel investors, including technology entrepreneur and investor Shlomo Kramer, Ron Zoran (former CRO at CyberArk) and Brian Fielder (General Manager and CTO Enterprise Security at Microsoft).
What have been some of Backslash Security’s biggest milestones? Man told me that the biggest milestone to date has been the recent launch of our company and solution on March 22nd, accompanied with the $8 million round. And now that Backslash Security is official, the company “is laser-focused on up-leveling the security game for AppSec professionals by capturing the full context of cloud-native application security risk.”
Total addressable market (TAM)
What is the total addressable market that Backslash Security is pursuing? “It is huge, as Appsec is not limited to any specific vertical. Wherever software is being developed, the need and the budget for solid AppSec protection exists. According to Gartner, global spending on application security topped $6 billion in 2022, and is expected to increase by almost 25% in 2023,” Man answered.
Differentiation From The Competition
What differentiates Backslash Security from the competition? “What sets Backslash apart from other AppSec platforms is that we are the first cloud-native application security solution for enterprises that brings the power of git and cloud in one unified solution. Our platform is coupled with automated threat modeling, code risk prioritization, and simplified remediation across applications and teams,” Man replied.
Future Company Goals
What are some of Backslash Security’s future company goals? Man noted that they have already seen how cloud security has changed the infrastructure security paradigm dramatically with a new generation of leading vendors.
“We believe this type of change is the next phase for AppSec as well. Our ultimate vision is to become the leader of the AppSec paradigm shift to the cloud,” Man concluded.