Jump to content

Spectral raises $6.2M for its DevSecOps service


NelsonG

Recommended Posts

Tel Aviv-based Spectral is bringing its new DevSecOps code scanner out of stealth today and announcing a $6.2 million funding round. The startup’s programming language-agnostic service aims to automated code security development teams to help them detect potential security issues in their codebases and logs, for example. Those issues could be hardcoded API keys and other credentials, but also security misconfiguration and shadow IT assets.

The four-person founding team has a deep background in building AI, monitoring and security tools. CEO Dotan Nahum was a Chief Architect at Klarna and Conduit (now Como, though you may remember Conduit from its infamous toolbar that was later spun off), and the CTO at Como and HiredScore, for example. Other founders worked on building monitoring tools at Elastic and HP and on security at Akamai. As Nahum told me, the idea for Spectral came to him and co-founder and COO Idan Didi during their shared time at mobile application build Conduit/Como.

dash-shot.png

Image Credits: Spectral

“We basically stored certificates for every client that we had, so we could submit their apps to the various marketplaces,” Nahum told me of his experience at Counduit/Como. “That certificate really proves that you are who you are and it’s super sensitive. And at each point at these companies, I really didn’t have the right tools to actually make sure that we’re storing, handling, detecting [this information] and making sure that it doesn’t leak anywhere.”

Nahum decided to quit his current job and started to build a prototype to see if he could build a tool that could solve this problem (and his work on this prototype quickly discovered an issue at Slack). And as enterprises move from on-premises software to the cloud and to microservices and DevOps, the need for better DevSecOps tools is only increasing.

“The emphasis is to create a great developer experience,” Nahum noted. “Because that’s where we started from. We didn’t start as a top down cyber tool. We started as a modest DevOps friendly, developer-friendly tool.”

1200x628-Spectral-post.png

Image Credits: Spectral

One interesting aspect of Spectral’s approach, which uses a machine learning model to detect these breaches across programming languages, is that it also scans public-facing systems. On the backend, Spectral integrates with tools like Travis, Jenkins, CircleCI, Webpack, Gatsby and Netlify, but it can also monitor Slack, npm, maven and log providers — tools that most companies don’t really think about when they think about threat modeling.

“Our solution prevents security breaches on a daily basis,” said Spectral co-founder and COO Idan Didi. “The pain points we’re addressing resonate strongly across every company developing software, because as they evolve from own-code to glue-code to no-code approaches they allow their developers to gain more speed, but they also add on significant amounts of risk. Spectral lets developers be more productive while keeping the company secure.”

The company was founded in mid-2020, but it already has about 15 employees and counts a number of large publicly-listed companies among its customers.

http://feeds.feedburner.com/~r/Techcrunch/~4/wD6Kyq9dPWw

View the full article

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Our picks

    • Wait, Burning Man is going online-only? What does that even look like?
      You could have been forgiven for missing the announcement that actual physical Burning Man has been canceled for this year, if not next. Firstly, the nonprofit Burning Man organization, known affectionately to insiders as the Borg, posted it after 5 p.m. PT Friday. That, even in the COVID-19 era, is the traditional time to push out news when you don't want much media attention. 
      But secondly, you may have missed its cancellation because the Borg is being careful not to use the C-word. The announcement was neutrally titled "The Burning Man Multiverse in 2020." Even as it offers refunds to early ticket buyers, considers layoffs and other belt-tightening measures, and can't even commit to a physical event in 2021, the Borg is making lemonade by focusing on an online-only version of Black Rock City this coming August.    Read more...
      More about Burning Man, Tech, Web Culture, and Live EventsView the full article
      • 0 replies
    • Post in What Are You Listening To?
      Post in What Are You Listening To?
    • Post in What Are You Listening To?
      Post in What Are You Listening To?
    • Post in What Are You Listening To?
      Post in What Are You Listening To?
    • Post in What Are You Listening To?
      Post in What Are You Listening To?
×
×
  • Create New...