Spectrum Announced the release of DeepConfig, a detection technology that can identify misconfigurations at all layers of software to prevent security gaps and exploitation of data breaches. In addition, this protection helps businesses comply with privacy regulations at all layers of software.
DeepConfig also detects issues with popular app frameworks such as Rails and Django, as well as app framework layers that find app layers by scanning for API misconfigurations and other code mistakes. Current solutions tend to focus only on detection at the infrastructure layer of software, such as Kubernetes scans and CloudFormation misconfigurations.
Dotan Nahum, Co-Founder and CEO of Spectral, said:
“Take Kubernetes as an example, it’s not just Kubernetes itself that suffers from misconfigurations, but it’s also running inside Kubernetes, which is vulnerable to the same problem and can be compromised. Imagine you’re running a secure Kubernetes cluster, but no misconfigured Elastic clusters are detected in it, exposing all your data to hackers. Spectral is on all of them. We now offer a one-stop shop. You can get it just by updating the spectrum version. “
DeepConfig joins Spectral’s existing scanning technology, Deep Secret. It is a market-leading secret scanning solution that supports over 500 different detectors for shapeless data, code, binaries and more. With the exception of the unprecedented amount of detectors that come out of the box, both DeepSecret and DeepConfig allow you to build custom detectors using a simple declarative language written in YAML.
“The current reality of’infrastructure as code’is to ship all layers of software from code to production, from Terraform files that describe the cloud to Postgres configuration files, Django configurations, and finally app code. I’m used to. And the necessary infrastructure. Lior Reuven, co-founder and CPO of Spectral, said:
“Usually these issues are solved by a combination of security reviews, penetration testing, and consulting. All are manually costly and need to be carefully digested to understand what is important before taking action. The DeepConfig-based Spectral security research maps the entire world of software, from infrastructure to data, frameworks, and applications. “
Tel Aviv-based Spectral left Stealth in February 2021 to fund the developer’s first code security scanner with $ 6.2 million. It uses the first hybrid engine that combines hundreds of detectors and AI to find, prioritize, and block costly coding mistakes. The DevSecOps startup was founded by Dotan Nahum, Uri Shamay, Idan Didi and Lior Reuven.
Spectral DeepConfig detects software misconfigurations at all layers to prevent violations
https://www.helpnetsecurity.com/2021/08/08/spectral-deepconfig/ Spectral DeepConfig detects software misconfigurations at all layers to prevent violations