How Perion protects its code from data leaks

About The Company

IPOed in 2006, Perion, a publicly-traded (NASDAQ) MarTech company with over 300 million USD in annual revenue, provides digital businesses with engagement, search marketing, and monetization services.

Providing developers a heads up on the secrets and potential security leaks before it gets to the code is super important for us. We wanted our data to be as safe as it can and recognize code and developers work as an area needs focus

Ofer Levi

Production manager, Perion

The Challenge

Perion leadership felt confident in their existing security tools and measures taken. They believed the company had adequate defenses in place to protect the company’s IP (intellectual property) and private information against external attacks. What the company did not take into account was the possibility of accidental public exposure of sensitive company data by the company’s own employees.

Spectral have automatically identified and surfaced security flaws that our company was not aware of, it helped us be more secure and helped us avoid operational risks

Solution Step One: External Audit

To exhibit Spectral’s unique human-error mitigating feature-set, Spectral began by offering Perion a fully external audit of the company’s assets. All without having to integrate Spectral into the company’s codebase and with no impact on development workflows.

Once the initial scan was performed, Spectral used AI/ML models to cross-reference and identify Perion’s software developers with any public-facing code repositories they may have used while working at the company. The scan quickly identified a publicly accessible GitHub repository where a developer left login credentials to a sensitive company PostgreSQL database fully exposed for anyone to find and exploit.

Solution Step Two: Continuous Protection

A second chance to exhibit Spectral’s prowess presented itself only a few weeks later. Perion was in the process of integrating code resources from a recently purchased company. This time, and with forward-thinking security in mind, Spectralops systems were tasked with reviewing the newly acquired assets, verifying DevSecOps quality in both code and employee practices. All done well before potentially insecure code was used in any of the company’s products or operations.

Spectral team is highly professional, and we were able to adopt their Product swiftly. Securing all our code base in minutes. We love working with security minded people

About Spectral

Spectral is a lightning-fast, developer-first cybersecurity solution that acts as a control-plane over source code and other developer assets. It finds and protects against harmful security errors in code, configurations and other artifacts. Spectral employs the first hybrid scanning engine, combining AI and hundreds of detectors, ensuring developers can code with confidence while protecting companies from high-cost mistakes.