Spectral Logs enables additional layer to existing protection of code and data to shield against breaches and ensure PCI DSS and GDPR compliance
Spectral, the developer-first cybersecurity company, announced the release of Spectral Logs, a detection technology that ensures that sensitive user data and system information are not accidentally leaking into their log files.
The company’s highly regarded DevSecOps platform already scans code, data and configuration. Now, using the same proprietary technology and machine learning models, it’s possible to also discover mistakes in logs. Spectral code, data, and logs are not tightly coupled so users can secure one without the other to achieve full security through their CI/CD pipeline.
Recommended ITech News: ColorTokens Launches Xaccess, Extending its Xtended ZeroTrust™ SaaS Platform for Zero Trust Access
Spectral recognized the need for a new scanning solution specifically for logs when it witnessed how easily sensitive data inadvertently sprawled into the logs. The problem can occur, for instance, when services output sensitive information, such as passwords, personal data, or other sensitive information, to their logs by mistake while the original intent was to offer better operability.
To prevent problems, it’s vital that companies ensure their logs are clean before they ship them to the different cloud providers, including logs processing providers, to protect data, and also to comply with PCI DSS (Payment Card Industry Data Security Standard) and GDPR regulations, as well as other equivalent data protection regulations.
Recommended ITech News: DataBank Expands Its “DFW3” Dallas Fort Worth Data Center
“It is increasingly common for companies to ship their logs to the cloud. However, that may risk exposing sensitive information, such as secrets, passwords, medical data, and personal information on these logs,” said Dotan Nahum, CEO and founder of Spectral. “This data, if containing sensitive information, and now with 3rd party storage services, poses an immediate compliance risk that needs to be addressed, and this is often discovered too late.”
“To solve for logs, you must also take into account performance and scale, because companies will not allow any delay in processing logs,” added CPO and co-founder Lior Reuven (previously part of the R&D leadership of Elastic, the company behind the ELK stack for logs). “Our technology is already perfectly positioned for this, and we’re proud to say that we’re seeing very little overhead in this area.”
Recommended ITech News: PNY Announces New NVIDIA Ampere Architecture-Based GPUs for Workstations and the Data Center