At StageOne, we’ve long been intimately familiar with the unique challenges of cybersecurity in the software development arena. Especially since the advent of the cloud and cloud-native development — the pressures of dev speed versus security have grown increasingly acute. What’s more, given our focus on enterprise development and cybersecurity tech — we’re also highly attuned to the needs of the Application Security (AppSec) community.
We’ve long felt that AppSec is a pivotal segment that was sorely under-addressed in recent years. While resources and capital were focused on Cloud Infrastructure Security (CloudSec), AppSec disruption was slow to materialize in the market.
Then, we met Yossi and Shahar at Backslash.
AppSec teams playing catch-up with dev teams
We live and breathe enterprise tech at StageOne. So, we’re well aware of the centrality of apps to the day-to-day operations of enterprises large and small. We’re also aware of the dangers these public- or internet-facing tools pose. Kaspersky found that over half of cyberattacks in 2021 originated with an application vulnerability — making it the number one attack vector that year. And the situation has not improved since.
Despite this, while app development shifted full-tilt towards cloud-native, application security remained old-school. AppSec tools built for on-prem development simply weren’t meeting the needs of microservices-based, cloud-native applications. And because of this, they were either missing critical vulnerabilities or delivering an overwhelming number of false positives. AppSec couldn’t keep up with agile development, either. AppSec teams were constantly playing catch-up with dev teams; Backslash spoke to a prospect with 1500 developers and only four AppSec staff, and another with 4000 developers and only eight AppSec engineers. Clearly, this is not a viable situation from a security perspective.
Essentially, cloud-native architectures and the tech had blurred the lines between AppSec and CloudSec — but there was not yet a solution to bridge the gap between these two. This is where Backslash’s paradigm came on stage — playing to a critically underserved market. There were lots of security solutions for VMware, infrastructure, containers, and the like, alongside lots of deep code analysis vendors. Yet nobody was doing both.
We chose to invest in Backslash based on two key factors: their technology and their people.
From a technology perspective, Backslash is able to achieve exactly what their potential clients were actively seeking: end-to-end, contextual code risk visibility that visually maps cloud-native application posture. By doing this, their solution dramatically lowers the false positive rate because it prioritizes code risks based on actual cloud context. What’s more, Backslash streamlines the remediation process with an evidence-based methodology that empowers developers and slashes MTTR (Mean Time To Recovery) (not sure this term is familiar to all).
From a people perspective, we met an impressive and experienced team with a combined experience in enterprise software and security development. Having backed multiple success stories in the enterprise segment for over two decades, we at StageOne believe Backslash founding team is a clear indicator of Backslash’s potential for success.
The Bottom Line
Today’s cloud AppSec still relies heavily on a decades-old paradigm. Yet we know that these simply cannot deliver a complete picture of application security posture. So, when I was approached by Shahar and Yossi with their concept for Backslash Security, I realized that we had a unique opportunity and a winning combination: the right paradigm, the right technology, a market hungry for innovation, and the right entrepreneurs to make it happen.