Check Point Acquires Developer Security Startup Spectral

‘By joining Check Point, we will be able to help more developers, across more regions, and build our community and open-source offering faster and more effectively,’ says Spectral CEO Dotan Nahum.

Check Point Software Technologies has bought Spectral to broaden its range of cloud application security use cases to include Infrastructure as Code scanning and hard-coded secrets detection.

The San Carlos, Calif.-based platform security vendor said Tel Aviv, Israel-based Spectral focuses on code safety and trust, fast code scanning and providing a simple developer experience. Spectral’s tools are used by developers from more than 300 organizations worldwide, deploy in less than five minutes, and deliver comprehensive and accurate results from fast code scanning within seconds, Check Point said.

“The acquisition of Spectral further emphasizes our commitment to cloud developers,” Check Point Chief Product Officer Dorit Dor said in a statement. “This is Check Point’s fifth cloud security acquisition in the last three years, reaffirming our commitment to support the cloud developer’s community and our mission of delivering cloud security automation, usability and trust across any cloud.”

[Related: Check Point To Acquire Email Security Startup Avanan]

Terms of the acquisition—which is expected to close soon—were not disclosed, and Check Point didn’t immediately respond to a request for additional comment. Check Point’s stock is up $0.75 (0.62 percent) to $121.76 in trading Tuesday morning, which is the highest the company’s stock has traded since Jan. 24.

Spectral was founded in 2020, employs 34 people and has raised $6.2 million in one round of outside funding, according to LinkedIn and Crunchbase. The company in February 2021 closed a seed funding round led by MizMaa Ventures and Amiti Ventures. Spectral was founded and led by Dotan Nahum, who previously served as CTO or chief architect at HiredScore, Klarna, Como and Conduit.

“Spectral’s undertaking is to enable developers to build and ship software without worry,” Nahum said in a statement. “By joining Check Point, we will be able to help more developers, across more regions, and build our community and open-source offering faster and more effectively.”

Combining Check Point’s cloud security capabilities and threat intelligence tools with Spectral’s security tools for developers will make it possible for organizations to embed security earlier in the software development life cycle, according to Nahum. Spectral’s tools will be integrated into Check Point’s Infinity security platform and will be available immediately via the CloudGuard cloud security product suite.

Spectral’s security tools support a wide range of automated code security use cases, including code tampering prevention; Infrastructure as Code scanning; hard-coded secrets detection; source controls and CI/CD (continuous integration and continuous delivery) security; and source code leakage detection. The company has a thriving open-source community, and its tools are used by thousands of developers.

The development of digital apps and services using cloud-native approaches such as low-code platforms poses clear and immediate security risks to cloud applications, including data leakage, exposed secrets and misconfigurations. To address this massive challenge, Check Point said developers need the right tools to ensure cloud security is implemented without compromising productivity.

This is Check Point’s seventh acquisition since 2018, according to Crunchbase. Check Point in August 2021 agreed to buy rising star Avanan for $234 million protect the remote workforce from malicious files, URLs and phishing across email, collaboration suites, web, networks and endpoints.

The company brought remote access security startup Odo Security in September 2020 to help enterprises enable secure remote access for employees to any application. In December 2019, Check Point purchased serverless security company Protego to help customers avoid having vulnerable code deployed into production.

A month earlier, Check Point bought security startup Cymplify to defend IoT devices against highly sophisticated attacks by hardening and protecting the devices’ firmware. In January 2019, Check Point acquired emerging web application and API protection vendor ForceNock to bolster its advanced machine learning protection capabilities.

And three months before that, Check Point purchased Dome9 to help customers secure multi-cloud deployments across Amazon Web Services, Microsoft Azure and Google Cloud. All told, Check Point has made 18 acquisitions over the course of its 29-year history, according to Crunchbase.