Spectral launches DeepConfig to ensure no misconfiguration for ALL layers of software

By Dotan Nahum August 5, 2021

TEL AVIV, Israel, Aug. 5, 2021 /PRNewswire/ — Spectral, the developer-first cybersecurity company, today announced the release of DeepConfig, a detection technology that can identify misconfigurations at all layers of software to prevent exploits of security gaps and data breaches. Additionally, this protection also helps companies comply with privacy regulations at all layers of software.

Spectral’s DeepConfig is the first solution that can detect misconfigurations at all layers of software, including the infrastructure layer and the data layer, which is composed of products like Elastic, MySQL, Redis, Memcache, and more. DeepConfig also detects issues in the app framework layer, where we find popular app frameworks like Rails, Django, and others, as well as the app layer by scanning for API misconfiguration and other mistakes in code. Current solutions tend to focus on detection at the infrastructure layer of software only, such as scanning for Kubernetes and CloudFormation misconfigurations.

“Software tends to grow in complexity faster than our ability to tame it, and it’s not just the infrastructure layer that can grow to be complex,” said Dotan Nahum, Spectral’s co-founder and CEO. “If we take Kubernetes as an example — it’s not just Kubernetes itself that can suffer from misconfiguration but what’s running inside Kubernetes, it’s also vulnerable to the same issues and it can be breached. Imagine running a fully secure Kubernetes cluster but within it a misconfigured Elastic cluster that goes undetected, is exposing all of your data to hackers. Spectral now provides a one-stop-shop for all of that. You just update your Spectral version and you’ve got it.”

DeepConfig joins Spectral’s existing scanning technology, fondly named DeepSecret, which is the market-leading secret scanning solution supporting over 500 different detectors for shapeless data, code, binary and more. Aside from an unprecedented amount of detectors that come out of the box, both DeepSecret and DeepConfig allow for building custom detectors using a simple declarative language written in YAML.

“In the current reality of ‘infrastructure as code’ we’re used to shipping all layers of software to production from code – from Terraform files describing our cloud, to our Postgres configuration files, to our Django configuration, and finally, our app code and necessary infrastructure. All these have to be looked at and secured,” said Lior Reuven, Spectral’s co-founder and CPO. “Typically, these issues are solved with a combination of security review, pentesting, and consulting — all manual, costly, and generating a lot of reports that need to be carefully digested to understand what is important before action can be taken. The security research we’re doing at Spectral, which DeepConfig builds on, is mapping the entire universe of software – from infrastructure to data, to frameworks, and the application.”

Tel Aviv-based Spectral left stealth in February 2021 with $6.2M in funding for their developer-first code security scanner, which uses the first hybrid engine that combines hundreds of detectors with AI in order to find, prioritize and block costly coding mistakes. The DevSecOps startup was founded by Dotan Nahum, Uri Shamay, Idan Didi, and Lior Reuven.

About Spectral

Spectral is a lightning-fast, developer-first cybersecurity solution that acts as a control-plane over source code and other developer assets. It finds and protects against harmful security errors in code, configurations and other artifacts. Spectral employs the first hybrid scanning engine, combining AI and hundreds of detectors, ensuring developers can code with confidence while protecting companies from high-cost mistakes.

Media Contact

Kevin Capon Goldszmidt

Related articles

top 12 open source security solutions

Top 12 Open Source Code Security Tools

Open source software is everywhere. From your server to your fitness band. And it’s only becoming more common as over 90% of developers acknowledge using open

top 10 java vulnerabilities

Top 10 Most Common Java Vulnerabilities You Need to Prevent

It’s easy to think that our code is secure. Vulnerabilities or potential exploits are often the things we think about last. Most of the time, our

6 steps to a data breach response plan

6 Steps to Developing a Data Breach Response Plan

Experiencing a data breach is never pleasant. Just ask any of the hundreds of businesses that suffered a data breach in the past year, exposing billions

Stop leaks at the source!