Over the last decade of my cybersecurity career, I’ve come to recognize two fundamental truths about AppSec—first, that today’s application risks are governed by total chaos; second, that we can make sense of that chaos with the right approach.
Following a $6M seed round led by YL Ventures, I’m thrilled to announce the launch of Enso Security and a new solution that finally lets AppSec teams manage enterprise risk with perfect agility and scalability. Along with my former Wix co-workers and current co-founders Barak Tawily and Chen Gour Arie, it’s my absolute pleasure to introduce the industry’s first Application Security Posture Management (ASPM) platform.
The three of us were inspired to build Enso in order to mitigate the risks that inevitably surface in application development and fill a much anticipated need across security toolboxes. AppSec teams are almost always outnumbered by developers; in fact, when we worked together, this was true by a factor of 100-to-1. We were consequently required to scale our impact accordingly, a task that was virtually impossible without the right tools.
The first key to achieving scalability and matching developer output lies in making the most of the limited resources at our disposal. This is best done by consulting a full picture of real-time security postures which requires, well… data. However, this is where we are forced to confront the main challenge and first truth about today’s AppSec—we often spend more time on manual data-collection processes, waiting on responses, running after developers, or talking to product, instead of doing actual application security.
Even if we could entirely dedicate ourselves to security, too many obstacles still challenge AppSec’s management activities of hundreds, or thousands, of developers. Herein lies AppSec’s second truth: Data-driven prioritization and automated processes are fundamental to any well-oiled application security program.
Barak, Chen and I pooled our shared experience of more than three decades in the field and consulted Israel’s close knit cybersecurity community. Starting a process that uncannily mirrored our eventual conclusions, we understood that we needed to take a data-driven approach towards fixing this growing problem space. This gave us critical insight into what it means to work with R&D, available tools, workflows and architectures, the kind of data required to make informed decisions. It became clear: what we all really needed was a proper management console that could provide the full picture of our AppSec in one place.
This leads us to today’s official launch of the world’s first ASPM platform. We are empowering AppSec teams with the toolbox they need to carry out critical processes that keep enterprises running. Our platform makes the most of what organizations already have, leveraging existing tools to provide complete visibility across every application developed in an enterprise environment, granular analytic application security controls, and a scalable program that is suitable to any maturity level.
For those who are as passionate about AppSec as we are, this is an exciting step towards reclaiming AppSec from chaos. Finally, security teams can do away with rudimentary programs, excel files and unending email chains and manage application security in a single platform. The time for real, agile, scalable and effective AppSec management has arrived.
We invite you to learn more at enso.security and look forward to scheduling a demo with you.