Backslash Security’s Post

90% of the time, when I look at tools, the hands on time comes as a reality check. I'm pitched the dream in the demo, then get the login, and everything works about half as well as I imagined it would. The only exception to that has been in the runtime vulnerability reachability space. I wrote an article just under a year ago arguing that I think static reachability is better than runtime, because the results would get to developers faster. However, in my small testing platforms, I've seen absolutely insane accuracy from the runtime reachability vendors that continues to make me question that conclusion. If anyone has done a comparison at scale between both approaches, I'd love to hear from you! If you're wondering what I'm talking about, I'm going to link to my Oligo Security video (despite being sure that everyone will immediately become suspect when I do), but only because it's the only video content I have at the moment on the solution space, which I hope to update soon! Vendors on SCA with Static Reachability, with maturity varying on language: Endor Labs, Backslash Security, Semgrep, Snyk, Coana, Myrror Security, Socket Vendors on SCA with Runtime Reachability, with function level analysis: Kodem, Oligo Security, Raven.io, Sweet Security Vendors with runtime reachability more broadly, meaning slightly different things: Miggo Security, Upwind Security, ARMO, Sysdig, Aqua Security More on this soon! https://lnkd.in/eDk3hGGb

Gain comprehensive visibility into your environment and streamline incident response with powerful security analytics and intuitive workflows. Explore LogRhythm Axon in this Self- Guided Product Tour > https://ow.ly/MSOX50QUXyv

Envoy Gateway: Key Capabilities All in One Place! 📄 What are you missing? We know it’s a lot of info to take in, but this image breaks down key things Envoy Gateway can do - all on one page. 🚀 From traffic management to security and observability, it’s packed with features you need for your gateway. Pro tip: Bookmark this post so you can come back to it later when you need a quick reference! Got questions about specific capabilities? What capabilities are missing? Let’s chat below! 👇

I can't recommend it enough. Check and harden your Active Directory with #PingCastle by Vincent Le Toux! This powerful tool identifies vulnerabilities, spots misconfigurations, generates a convenient, comprehensive report to guide your security efforts, and helps you ensure your Active Directory remains robust and secure. No installation required. https://lnkd.in/ev8BTsKv #infosec #blueteam #pentest

Gain comprehensive visibility into your environment and streamline incident response with powerful security analytics and intuitive workflows. Explore LogRhythm Axon in this Self- Guided Product Tour > https://ow.ly/TLel50QWVjf

Gain comprehensive visibility into your environment and streamline incident response with powerful security analytics and intuitive workflows. Explore LogRhythm Axon in this Self- Guided Product Tour > https://ow.ly/Pp6v50QReym

My website's speed and security is unmatched now

Gain comprehensive visibility into your environment and streamline incident response with powerful security analytics and intuitive workflows. Explore LogRhythm Axon in this Self- Guided Product Tour > https://ow.ly/RG6k50QTcf9

Gain comprehensive visibility into your environment and streamline incident response with powerful security analytics and intuitive workflows. Explore LogRhythm Axon in this Self- Guided Product Tour > https://ow.ly/tTGq50R1MJr

Gain comprehensive visibility into your environment and streamline incident response with powerful security analytics and intuitive workflows. Explore LogRhythm Axon in this Self- Guided Product Tour > https://ow.ly/kjcI50R3i7m