Spectral launches Spectral Logs to Ensure Sensitive Data Isn’t Accidentally Exposed

By Dotan Nahum July 15, 2021

Spectral Logs enables additional layer to existing protection of code and data to shield against breaches and ensure PCI DSS and GDPR compliance

TEL AVIV, Israel, July 14, 2021 /PRNewswire/ — Spectral, the developer-first cybersecurity company, today announced the release of Spectral Logs, a detection technology that ensures that sensitive user data and system information are not accidentally leaking into their log files.

The company’s highly regarded DevSecOps platform already scans code, data and configuration. Now, using the same proprietary technology and machine learning models, it’s possible to also discover mistakes in logs. Spectral code, data, and logs are not tightly coupled so users can secure one without the other to achieve full security through their CI/CD pipeline.

Spectral recognized the need for a new scanning solution specifically for logs when it witnessed how easily sensitive data inadvertently sprawled into the logs. The problem can occur, for instance, when services output sensitive information, such as passwords, personal data, or other sensitive information, to their logs by mistake while the original intent was to offer better operability.

To prevent problems, it’s vital that companies ensure their logs are clean before they ship them to the different cloud providers, including logs processing providers, to protect data, and also to comply with PCI DSS (Payment Card Industry Data Security Standard) and GDPR regulations, as well as other equivalent data protection regulations.

It is increasingly common for companies to ship their logs to the cloud. However, that may risk exposing sensitive information, such as secrets, passwords, medical data, and personal information on these logs,” said Dotan Nahum, CEO and founder of Spectral. “This data, if containing sensitive information, and now with 3rd party storage services, poses an immediate compliance risk that needs to be addressed, and this is often discovered too late.”

To solve for logs, you must also take into account performance and scale, because companies will not allow any delay in processing logs,” added CPO and co-founder Lior Reuven (previously part of the R&D leadership of Elastic, the company behind the ELK stack for logs). “Our technology is already perfectly positioned for this, and we’re proud to say that we’re seeing very little overhead in this area.”

Tel Aviv-based Spectral left stealth in February 2021 with $6.2M in funding for their developer-first code security scanner, which uses the first hybrid engine that combines hundreds of detectors with AI in order to find, prioritize and block costly coding mistakes. The DevSecOps startup was founded by Dotan Nahum, Uri Shamay, Idan Didi, and Lior Reuven.

About Spectral

Spectral is a lightning-fast, developer-first cybersecurity solution that acts as a control-plane over source code and other developer assets. It finds and protects against harmful security errors in code, configurations and other artifacts. Spectral employs the first hybrid scanning engine, combining AI and hundreds of detectors, ensuring developers can code with confidence while protecting companies from high-cost mistakes.

Related articles

top 12 open source security solutions

Top 12 Open Source Code Security Tools

Open source software is everywhere. From your server to your fitness band. And it’s only becoming more common as over 90% of developers acknowledge using open

top 10 java vulnerabilities

Top 10 Most Common Java Vulnerabilities You Need to Prevent

It’s easy to think that our code is secure. Vulnerabilities or potential exploits are often the things we think about last. Most of the time, our

6 steps to a data breach response plan

6 Steps to Developing a Data Breach Response Plan

Experiencing a data breach is never pleasant. Just ask any of the hundreds of businesses that suffered a data breach in the past year, exposing billions

Stop leaks at the source!