Spectral now part of Check Point’s CloudGuard to provide the industry’s most comprehensive security platform from code to cloud Read now

Spectral launches DeepConfig to ensure no misconfiguration for ALL layers of software

By Dotan Nahum August 5, 2021

TEL AVIV, Israel, Aug. 5, 2021 /PRNewswire/ — Spectral, the developer-first cybersecurity company, today announced the release of DeepConfig, a detection technology that can identify misconfigurations at all layers of software to prevent exploits of security gaps and data breaches. Additionally, this protection also helps companies comply with privacy regulations at all layers of software.

Spectral’s DeepConfig is the first solution that can detect misconfigurations at all layers of software, including the infrastructure layer and the data layer, which is composed of products like Elastic, MySQL, Redis, Memcache, and more. DeepConfig also detects issues in the app framework layer, where we find popular app frameworks like Rails, Django, and others, as well as the app layer by scanning for API misconfiguration and other mistakes in code. Current solutions tend to focus on detection at the infrastructure layer of software only, such as scanning for Kubernetes and CloudFormation misconfigurations.

“Software tends to grow in complexity faster than our ability to tame it, and it’s not just the infrastructure layer that can grow to be complex,” said Dotan Nahum, Spectral’s co-founder and CEO. “If we take Kubernetes as an example — it’s not just Kubernetes itself that can suffer from misconfiguration but what’s running inside Kubernetes, it’s also vulnerable to the same issues and it can be breached. Imagine running a fully secure Kubernetes cluster but within it a misconfigured Elastic cluster that goes undetected, is exposing all of your data to hackers. Spectral now provides a one-stop-shop for all of that. You just update your Spectral version and you’ve got it.”

DeepConfig joins Spectral’s existing scanning technology, fondly named DeepSecret, which is the market-leading secret scanning solution supporting over 500 different detectors for shapeless data, code, binary and more. Aside from an unprecedented amount of detectors that come out of the box, both DeepSecret and DeepConfig allow for building custom detectors using a simple declarative language written in YAML.

“In the current reality of ‘infrastructure as code’ we’re used to shipping all layers of software to production from code – from Terraform files describing our cloud, to our Postgres configuration files, to our Django configuration, and finally, our app code and necessary infrastructure. All these have to be looked at and secured,” said Lior Reuven, Spectral’s co-founder and CPO. “Typically, these issues are solved with a combination of security review, pentesting, and consulting — all manual, costly, and generating a lot of reports that need to be carefully digested to understand what is important before action can be taken. The security research we’re doing at Spectral, which DeepConfig builds on, is mapping the entire universe of software – from infrastructure to data, to frameworks, and the application.”

Tel Aviv-based Spectral left stealth in February 2021 with $6.2M in funding for their developer-first code security scanner, which uses the first hybrid engine that combines hundreds of detectors with AI in order to find, prioritize and block costly coding mistakes. The DevSecOps startup was founded by Dotan Nahum, Uri Shamay, Idan Didi, and Lior Reuven.

About Spectral

Spectral is a lightning-fast, developer-first cybersecurity solution that acts as a control-plane over source code and other developer assets. It finds and protects against harmful security errors in code, configurations and other artifacts. Spectral employs the first hybrid scanning engine, combining AI and hundreds of detectors, ensuring developers can code with confidence while protecting companies from high-cost mistakes.

Media Contact

Kevin Capon Goldszmidt

Related articles

8 Most Common Cloud Misconfigurations to Look Out For

8 Most Common Cloud Misconfigurations to Look Out For

Recently, Amazon accidentally exposed information on Amazon Prime Video viewing habits to the public. In addition, Thomson Reuters news and media company admitted that their servers

Top 10 CNAPP Software Vendors for 2023

Top 10 CNAPP Software Vendors for 2023

As a developer or member of a DevOps team, you probably know the stress and satisfaction of pouring your heart and soul into developing a groundbreaking

What is SSDLC (Secure Software Development Lifecycle) and 6 Steps to Take Now

What is SSDLC (Secure Software Development Lifecycle) and 6 Steps to Take Now

The pressure to ship software faster to meet market demands is compromising security in a big way. As cyber criminals find ways to use the glaring

Stop leaks at the source!