BackSlash’s new reachability analysis will constitute the core offering of the ASPM platform by attempting to prioritize the most critical open source software vulnerabilities and code vulnerabilities by pinpointing risks that are actually reachable and exploitable. This, according to BackSlash, will drastically reduce alert noise and allow security teams to focus on genuine threats.
“The top challenge for security operations is the change velocity with the speed and volume of software releases, so having a more efficient way to manage remediation can help teams mitigate risk to prevent security incidents,” Marks added.
BackSlash promises contextual risk analysis
BackSlash’s new ASPM will inherit its existing toxic flow analysis capability that allows the product to identify, on average, one critical toxic flow for every 100 security alerts produced by the AppSec tools. This is done through risk-based vulnerability management (RBVM) wherein BackSlash prioritizes risks based on their exposure and business context.
“Context and efficiency are now key to help security teams scale with modern application development,” Marks said. “Organizations are moving to consolidation and platform approaches. So, instead of using separate siloed tools, they are looking for integrated platforms that can pull in data from multiple sources to give them the context needed to prioritize risk.”
The new ASPM will also feature a “remediation at the root” capability, which will allow it to target the right developer for each code fix, with evidence to reduce remediation and triage MTTR (mean time to recovery).
