Check Point buys Spectral to safeguard cloud development

Cyber sector kingpin Check Point is to expand its CloudGuard cloud security platform after announcing it is to acquire Spectral, an Israel-based startup of “developer-first” security tools, for an undisclosed sum.

Less than two years after its inception, Spectral – which focuses on code safety and trust and code scanning – has grown into a key innovator in developer security, backed by a thriving open source community.

“As leaders in IT security, Check Point is constantly looking at how cloud security will morph in the future so we can invest today in securing whatever comes next,” said Dorit Dor, chief product officer at Check Point.

“The acquisition of Spectral further emphasises our commitment to cloud developers. This is Check Point’s fifth cloud security acquisition in the last three years, reaffirming our commitment to support the cloud developer community and our mission of delivering cloud security automation, usability and trust across any cloud to every enterprise.”

Dotan Nahum, CEO and co-founder of Spectral, added: “Spectral’s undertaking is to enable developers to build and ship software without worry. By joining Check Point, we will be able to help more developers, across more regions, and build our community and open source offering faster and more effectively.

“The combination of Check Point’s deep cloud security capabilities and threat intelligence tools with Spectral’s best-in-class security tools for developers will allow organisations to shift-left security with tools that developers love and security teams trust.”

Check Point hopes the purchase will help it take advantage of two big industry trends – accelerated digital transformation, which is pushing organisations to deploy new apps and services more quickly, and the move to a more distributed environment that is pushing development teams towards cloud-native methods such as low-code platforms.

It reckons that by this time next year, more than 500 million digital apps and services will have been developed and deployed using cloud-native approaches – the same number of apps that have been developed since 1983, which poses a series of “clear and immediate” security risks, such as data leakage and misconfiguration.

Spectral’s tools supposedly address these risks by supporting a variety of automated code security uses, including infrastructure-as-code scanning, code tampering prevention, hard-coded secret detection, source controls and CI/CD security, and source code leakage detection. It claims to be deployable in less than five minutes, with its code-scanning tools delivering “comprehensive and accurate” results in seconds. It already has over 300 customer organisations signed up.

Going forward, its toolset will integrate into Check Point’s Infinity security platform as part of its CloudGuard suite, and its products are available immediately under the Check Point banner.