OX Security is an application security company with a mission to secure the modern software supply chain. The company aims to provide end-to-end visibility, from the first line of code to release, turning the software supply chain from a “black box” into a source of security insights. OX Security’s primary goal is to help organizations cut through the noise of excessive security alerts by identifying and prioritizing the most critical vulnerabilities that pose a genuine threat. This approach is designed to enable security and DevOps teams to focus their efforts on fixing the issues that matter most, rather than being overwhelmed by a high volume of low-risk findings.
The company was founded by former Check Point executives and has established a strong market reputation, evidenced by significant venture capital funding and a growing client base that includes major enterprises like Microsoft and IBM. OX Security is recognized for its Active Application Security Posture Management (ASPM) platform, which consolidates various security tools into a single interface. The company’s focus on providing actionable risk reduction has been well-received in the market, positioning it as an innovator in the application security space.
Offerings, Capabilities, and Integrations
OX Security provides an Active Application Security Posture Management (ASPM) platform designed to consolidate various application security tools into a single interface. This platform offers end-to-end visibility and traceability throughout the software development lifecycle (SDLC). A key capability of the OX Security platform is its ability to prioritize vulnerabilities based on factors like exploitability, reachability, and business impact, which helps security and development teams focus on the most critical risks. The platform’s proprietary Code Projection technology maps runtime behavior to its source code to provide actionable insights. OX Security also features no-code workflow automation to streamline remediation processes. The platform integrates with a variety of tools across source control, CI/CD pipelines, registries, and cloud environments. These integrations allow for the consolidation of security data and facilitate automated responses.
Products and Services
OX Security’s core offering is its Active Application Security Posture Management (ASPM) platform. This platform is designed to provide a unified solution for application security, covering the entire software development lifecycle. Key features and services within the platform include:
- Application Security Posture Management (ASPM): This is the central component of the OX Security platform, providing a comprehensive view of security posture.
- Software Supply Chain Security: The platform helps secure the software supply chain from development to deployment.
- Vulnerability Management: It includes tools for identifying, assessing, and prioritizing vulnerabilities in software.
- Static Application Security Testing (SAST): The platform incorporates SAST capabilities to analyze source code for potential security vulnerabilities.
- Software Bill of Materials (SBOM): OX Security provides SBOM generation to inventory all components within a software product.
- Risk Assessment and Prioritization: The platform assesses and prioritizes risks to focus on the most critical issues.
- No-Code Workflow Automation: This feature allows for the creation of custom, automated workflows to handle security tasks and responses.
Target Customers
OX Security targets organizations with development and security teams that need to secure their application development processes. This includes companies of various sizes, from mid-market to large enterprises, across industries such as finance, healthcare, media, and technology. The platform is designed for use by both application security (AppSec) teams and developers. OX Security’s solutions benefit customers by reducing the number of security alerts, allowing teams to focus on the most critical vulnerabilities. This helps to improve the overall security posture while enabling faster and more secure product releases. Organizations that utilize modern, cloud-native architectures and have integrated DevOps processes can also benefit from the platform’s capabilities.
Cloud Integrations and Marketplaces
OX Security provides integrations with major cloud platforms and is available on their marketplaces, enabling customers to streamline the security of their software supply chain.
- Amazon Web Services (AWS): OX Security is available on the AWS Marketplace. This allows customers to purchase and deploy the OX Security Active ASPM platform using their existing AWS accounts. The platform integrates with the AWS environment to provide visibility and risk prioritization for software supply chains.
- Microsoft Azure: OX Security is listed on the Microsoft Azure Marketplace. The offering aims to consolidate various application security practices into a single platform. Additionally, OX Security offers an extension for Azure DevOps available on the Visual Studio Marketplace, which scans for vulnerabilities, secrets, and misconfigurations in code.
- Google Cloud Platform (GCP): While users have expressed a desire for more GCP integrations, OX Security does not currently have a listing on the Google Cloud Marketplace.
Key People
- Co-Founder & CEO: Neatsun Ziv
- Co-Founder & CPO: Lior Arzi
- SVP, Sales & Field Ops: Dana D. Bureau
- VP Research: Eyal Paz
- VP R&D: Anandabrata Pal (Pasha)
- Vice President of Sales: Ohad Cohen
- Vice President of Global Channels, Partnerships and Strategic Alliances: Meir Eliyahu
Key Facts
- Headquarters Location: Tel Aviv, Israel
- Number of Employees: 150-200
- Annual Revenue: $10 million
- Parent Company: None
- Subsidiary Companies: None
- Publicly Listed: No
Analyst Recognition
Gartner has recognized OX Security in several of its research publications. OX Security was named a Gartner Cool Vendor in the 2023 “Platform Engineering for Scaling Application Security Practices” report. The company is also listed as a sample vendor for Application Security Posture Management (ASPM) in Gartner’s Hype Cycle for Application Security and for Software Supply Chain Security (SSCS) in the Market Guide for Cloud-Native Application Protection Platforms (CNAPP).
There is no information to suggest that OX Security has been recognized by Forrester, IDC, or Everest Group.
