Spectral now part of Check Point’s CloudGuard to provide the industry’s most comprehensive security platform from code to cloud Read now

Spectral launches Spectral Logs to Ensure Sensitive Data Isn’t Accidentally Exposed

By Dotan Nahum July 15, 2021

Spectral Logs enables additional layer to existing protection of code and data to shield against breaches and ensure PCI DSS and GDPR compliance

TEL AVIV, Israel, July 14, 2021 /PRNewswire/ — Spectral, the developer-first cybersecurity company, today announced the release of Spectral Logs, a detection technology that ensures that sensitive user data and system information are not accidentally leaking into their log files.

The company’s highly regarded DevSecOps platform already scans code, data and configuration. Now, using the same proprietary technology and machine learning models, it’s possible to also discover mistakes in logs. Spectral code, data, and logs are not tightly coupled so users can secure one without the other to achieve full security through their CI/CD pipeline.

Spectral recognized the need for a new scanning solution specifically for logs when it witnessed how easily sensitive data inadvertently sprawled into the logs. The problem can occur, for instance, when services output sensitive information, such as passwords, personal data, or other sensitive information, to their logs by mistake while the original intent was to offer better operability.

To prevent problems, it’s vital that companies ensure their logs are clean before they ship them to the different cloud providers, including logs processing providers, to protect data, and also to comply with PCI DSS (Payment Card Industry Data Security Standard) and GDPR regulations, as well as other equivalent data protection regulations.

It is increasingly common for companies to ship their logs to the cloud. However, that may risk exposing sensitive information, such as secrets, passwords, medical data, and personal information on these logs,” said Dotan Nahum, CEO and founder of Spectral. “This data, if containing sensitive information, and now with 3rd party storage services, poses an immediate compliance risk that needs to be addressed, and this is often discovered too late.”

To solve for logs, you must also take into account performance and scale, because companies will not allow any delay in processing logs,” added CPO and co-founder Lior Reuven (previously part of the R&D leadership of Elastic, the company behind the ELK stack for logs). “Our technology is already perfectly positioned for this, and we’re proud to say that we’re seeing very little overhead in this area.”

Tel Aviv-based Spectral left stealth in February 2021 with $6.2M in funding for their developer-first code security scanner, which uses the first hybrid engine that combines hundreds of detectors with AI in order to find, prioritize and block costly coding mistakes. The DevSecOps startup was founded by Dotan Nahum, Uri Shamay, Idan Didi, and Lior Reuven.

About Spectral

Spectral is a lightning-fast, developer-first cybersecurity solution that acts as a control-plane over source code and other developer assets. It finds and protects against harmful security errors in code, configurations and other artifacts. Spectral employs the first hybrid scanning engine, combining AI and hundreds of detectors, ensuring developers can code with confidence while protecting companies from high-cost mistakes.

Related articles

top 12 cloud security solutions

Top 12 Cloud Security Tools for 2022

A recent survey of nearly 2,000 IT professionals found that while most (85%) enterprises believe cloud technologies are critical to innovation, only 40% actually have a security policy

Identity Governance: What Is It And Why Should DevSecOps Care?

Did you know that the household data of 123 million Americans were recently stolen from Alteryx’s Amazon cloud servers in a single cyberattack? But the blame

3 Steps To Remain PCI Compliant with your AWS Configuration

3 Steps To Remain PCI Compliant with your AWS Configuration

Becoming and staying PCI compliant both take a lot of work. Developers are often already swamped with an endless list of tasks, and adding PCI compliance

Stop leaks at the source!