Spectral released Spectral Logs, a detection technology that ensures that sensitive user data and system information are not accidentally leaking into their log files.
The company’s highly regarded DevSecOps platform already scans code, data and configuration. Now, using the same proprietary technology and machine learning models, it’s possible to also discover mistakes in logs. Spectral code, data, and logs are not tightly coupled so users can secure one without the other to achieve full security through their CI/CD pipeline.
Spectral recognized the need for a new scanning solution specifically for logs when it witnessed how easily sensitive data inadvertently sprawled into the logs. The problem can occur, for instance, when services output sensitive information, such as passwords, personal data, or other sensitive information, to their logs by mistake while the original intent was to offer better operability.
To prevent problems, it’s vital that companies ensure their logs are clean before they ship them to the different cloud providers, including logs processing providers, to protect data, and also to comply with PCI DSS (Payment Card Industry Data Security Standard) and GDPR regulations, as well as other equivalent data protection regulations.
“It is increasingly common for companies to ship their logs to the cloud. However, that may risk exposing sensitive information, such as secrets, passwords, medical data, and personal information on these logs,” said Dotan Nahum, CEO and founder of Spectral. “This data, if containing sensitive information, and now with 3rd party storage services, poses an immediate compliance risk that needs to be addressed, and this is often discovered too late.”
“To solve for logs, you must also take into account performance and scale, because companies will not allow any delay in processing logs,” added CPO and co-founder Lior Reuven (previously part of the R&D leadership of Elastic, the company behind the ELK stack for logs). “Our technology is already perfectly positioned for this, and we’re proud to say that we’re seeing very little overhead in this area.”
Tel Aviv-based Spectral left stealth in February 2021 with $6.2M in funding for their developer-first code security scanner, which uses the first hybrid engine that combines hundreds of detectors with AI in order to find, prioritize and block costly coding mistakes. The DevSecOps startup was founded by Dotan Nahum, Uri Shamay, Idan Didi, and Lior Reuven.