AppSec Teams Stuck in Catch-Up Cycle Due to Massive Cloud-Native Enablement Gap

Tel Aviv, Might 17, 2023 Backslash Security, the brand new cloud-native utility safety answer for enterprise AppSec groups, at present launched a brand new analysis research, Breaking the Catch-up Cycle: The New Cloud-Native AppSec Paradigm Survey Report, exploring how the state of utility safety has advanced given the rise of cloud-native utility growth. The research examines the practices, instruments, and desires of CISOs, AppSec managers, and AppSec engineers at enterprise organizations of 1,000 or extra staff with mature cloud-native app growth environments. 

The research reveals that AppSec groups are caught in a catch-up cycle, unable to maintain up with the more and more speedy, agile dev tempo, and enjoying safety protection by way of an infinite and unproductive vulnerability chase. Notably, 58% of respondents report spending over 50% of their time chasing vulnerabilities, with a stunning 89% spending a minimum of 25% of their time on this defensive mode. This pricey ‘defensive tax’ — the price of using AppSec engineers who chase vulnerabilities relatively than drive a complete cloud-native AppSec program — is estimated to be upwards of $1.2 million yearly.

Given the accelerated tempo of digital innovation throughout enterprises of all sizes and the blurred traces between AppSec and CloudSec, enterprise AppSec groups are saddled with options that haven’t caught as much as the cloud tempo. In consequence, AppSec professionals are dropping religion within the prevailing AppSec instruments: 

  • Nearly all organizations are seeing a widespread influence of the shortage of cloud-native AppSec instruments, together with rising friction between AppSec and dev groups (39%), jeopardized potential to generate income (39%), and incapability to retain high-value dev expertise (38%) and AppSec expertise (35%);
  • 94% of respondents cited a number of points with at present’s AppSec applied sciences; high complaints have been the appreciable period of time spent prioritizing findings (48%) and that current AppSec instruments are noisy (45%);
  • SAST and DAST are rapidly dropping floor, with simply 32% of respondents stating that they use both of those prevailing requirements extensively.

The report emphasizes the pressing want for a new AppSec paradigm that maps a transparent path to a contemporary customary for cloud-native AppSec success, characterised by end-to-end visualization of all microservices, automated identification and prioritization of actual dangers, and clever triaging and remediation. In assessing the significance of those three key tenets of recent AppSec: 

  • 82% agree that automating menace mannequin visualization will assist AppSec groups save time and handbook labor analyzing cloud-native utility dangers;
  • 91% consider correlating utility safety dangers with the appliance’s publicity to the skin world, akin to by way of open APIs, is necessary;
  • 91% consider differentiating between basic code weaknesses and important vulnerabilities is necessary;
  • Eight out of the 9 complete capabilities that outline this new cloud-native AppSec paradigm have been ranked as “essential” or “necessary” by 70%+ of respondents.

Nevertheless, the AppSec trade suffers from an enormous cloud-native enablement hole. Throughout all the most crucial capabilities, respondents reported that enablement is sorely missing: 

  • 85% of respondents say the power to distinguish between actual dangers and noise is essential to their success, making it the #1 most necessary functionality; but solely 38% of respondents are enabled to take action;
  • This development persists all through, together with “correlating safety findings to the developer or dev group chargeable for the repair” (78% vs. 43%); “assembly compliance requirements” (78% vs. 38%); and “environment friendly triaging between Dev and AppSec” (73% vs. 42%).

“What we’re listening to throughout the board is a message of urgency – we have entered a brand new, cloud-native actuality, and it’s time to place an finish to the AppSec catch-up recreation,” mentioned Shahar Man, co-founder and CEO of Backslash. “These outdated AppSec methodologies hamper productiveness, innovation and expertise retention for each AppSec and dev groups. The cloud-native utility growth paradigm requires a brand new, unified method to utility safety that may make the friction between growth and AppSec groups a factor of the previous, allow enterprises to retain beneficial expertise, and speed up innovation and progress.”

This report surveyed 300 safety professionals particularly tasked with utility safety for his or her group, equally cut up between CISOs, AppSec managers and AppSec engineers from U.S. firms with 1,000 or extra staff. Firms characterize a variety of industries. 

Click here to obtain the report and study extra. 

About Backslash Safety

Backslash is the primary Cloud-Native Software Safety answer for enterprise AppSec groups to offer unified safety and enterprise context to cloud-native code danger, coupled with automated menace modeling, code danger prioritization, and simplified remediation throughout purposes and groups.

With Backslash, AppSec groups can see and simply act upon the essential poisonous code flows of their cloud-native purposes; rapidly prioritize code dangers based mostly on the related cloud context; 

and considerably reduce MTTR (imply time to restoration) by enabling builders with the proof they should take possession of the method.

Backed by StageOne Ventures, First Rays Enterprise Companions, D. E. Shaw & Co., and a roster of safety veterans as angel traders, together with know-how entrepreneur and investor Shlomo Kramer, Ron Zoran (former CRO of CyberArk), and Brian Fielder (Common Supervisor, CTO Enterprise Safety at Microsoft), Backslash has been deployed throughout main know-how organizations and Fortune 100 firms. 

Extra at


Leave a Reply

Your email address will not be published. Required fields are marked *