The new platform is designed to drastically reduce alert noise and allow security teams to focus on genuine threats. Credit: Hiraman / Getty Images Application code security provider BackSlash has announced a new application security posture management (ASPM) platform to combine its existing application security (AppSec) capabilities with a few new ones. The new platform will pack BackSlash’s existing AppSec solutions including software component analysis (SCA), static application security testing (SAST), software bill of materials (SBOM), vulnerability exploitability exchange (VEX), and secrets detection, within a holistic ASPM offering, aimed specifically to focus on risk prioritization. “Most AppSec professionals spend 50% or more of their time chasing vulnerabilities,” BackSlash said in a press release. “The sheer volume of vulnerabilities flagged across multiple costly and siloed tools overwhelms the typical AppSec team, and fixing the most critical security risks is increasingly challenging without the ability to prioritize.” The ASPM platform is generally available at launch and can also be availed on the AWS Marketplace. BackSlash fuses “reachability analysis” into existing stack BackSlash recently announced a cloud-native AppSec solution aimed at identifying toxic code flows and automating threat models. The new ASPM is intended to provide an integrated, continuous view of an organization’s AppSec posture to help prioritize risks. “Backslash is approaching application security from a risk-prioritization security posture standpoint to help security teams and developers work more efficiently,” said Melinda Marks, senior analyst at ESG. “This is a clever way to enable risk mitigation and application protection with a hacker point of view with what they are calling ‘reachability analysis.” BackSlash’s new reachability analysis will constitute the core offering of the ASPM platform by attempting to prioritize the most critical open source software vulnerabilities and code vulnerabilities by pinpointing risks that are actually reachable and exploitable. This, according to BackSlash, will drastically reduce alert noise and allow security teams to focus on genuine threats. “The top challenge for security operations is the change velocity with the speed and volume of software releases, so having a more efficient way to manage remediation can help teams mitigate risk to prevent security incidents,” Marks added. BackSlash promises contextual risk analysis BackSlash’s new ASPM will inherit its existing toxic flow analysis capability that allows the product to identify, on average, one critical toxic flow for every 100 security alerts produced by the AppSec tools. This is done through risk-based vulnerability management (RBVM) wherein BackSlash prioritizes risks based on their exposure and business context. “Context and efficiency are now key to help security teams scale with modern application development,” Marks said. “Organizations are moving to consolidation and platform approaches. So, instead of using separate siloed tools, they are looking for integrated platforms that can pull in data from multiple sources to give them the context needed to prioritize risk.” The new ASPM will also feature a “remediation at the root” capability, which will allow it to target the right developer for each code fix, with evidence to reduce remediation and triage MTTR (mean time to recovery). Related content news AT&T suffers critical breach impacting 73 million customers Data released on the dark web impacts 7.6 million existing account holders and 65.4 million past subscribers. By Shweta Sharma 01 Apr 2024 4 mins Data Breach feature Recruit for diversity: Practical ways to remove bias from the hiring process Changing the wording on job descriptions and introducing a diverse hiring panel are some of the ways to remove bias when hiring cybersecurity professionals. By Aimee Chanthadavong 01 Apr 2024 8 mins Careers feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff 01 Apr 2024 17 mins Technology Industry IT Skills Events news Top cybersecurity product news of the week New product and service announcements from Bedrock Security, GitGuardian, Legit Security, Nametag, and Cybereason and Observe By CSO staff 29 Mar 2024 70 mins Generative AI Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe