Deepfence, a pioneer in the emerging security observability and protection space, announced open source availability of ThreatMapper, a signature offering that automatically scans, maps and ranks application vulnerabilities across serverless, Kubernetes, container and multi-cloud environments.
ThreatMapper is the leading open source platform for seamlessly scanning runtime environments for software supply chain vulnerabilities and contextualizing threats to help organizations determine which to address and when. Built on Deepfence’s proven record of securing enterprise applications, and taking threat feeds from more than 50 different sources, the comprehensive suite of ThreatMapper capabilities and features are available on GitHub. ThreatMapper complements an organization’s existing initiatives to “shift left” by scanning applications and infrastructure post-deployment, catching emerging threats and scanning both first-party and third-party applications and components.
“Modern applications and services depend greatly on open source componentry, and any vulnerabilities in such components can be quickly exploited at significant scale. Securing these components is most effectively done as a community effort; responsible disclosure, public vulnerability feeds, and freely-available open source tooling,” said Owen Garrett, Head of Products and Community at Deepfence who earlier led products at NGINX. “By open-sourcing ThreatMapper, we aim to help teams to identify and prioritize threats quickly and easily. When the pressure is on to release early and often, yet vulnerabilities are reported at an ever increasing rate, ThreatMapper’s ability to find in-production vulnerabilities and identify which pose the greatest threats is a win for dev, cloud and security operations teams.”
Deepfence ThreatMapper’s automated capabilities include:
- Mapped Topology of Applications and Infrastructure: Using lightweight, easy-to-deploy and non-invasive sensors, ThreatMapper auto-discovers and maps services, containers, cloud resources and third-party APIs within your infrastructure by passively observing network traffic.
- Continuous Discovery of Vulnerabilities: ThreatMapper scans online hosts, containers and serverless environments for known vulnerable dependencies, augmenting any “shift left” vulnerability scanning you may do in your development pipeline.
- Ranked Vulnerabilities by Attack Surface: ThreatMapper ranks discovered vulnerabilities, identifying the highest-risk threats and the order in which they should be addressed by utilizing runtime traffic and cloud context.
With applications relying on an ever-increasing network of third-party dependencies, the vulnerability blast radius gets harder and harder to contain. In fact, the number of vulnerabilities (CVEs) published each year by MITRE has been trending upward year over year, with more than 18,000 new vulnerabilities published in 2020, and tens of thousands of additional vulnerabilities come from other sources. Further, GitHub reported that vulnerabilities lie hidden for an average of 4 years before discovery, and it takes, on average, 14 weeks to develop and distribute a fix, leaving plenty of opportunity for cyber attackers to develop techniques to exploit potential issues.
“To say that it’s challenging to keep on top of software vulnerabilities is a huge understatement,” said Mehul Patel, Director Security & Infrastructure at Amyris. “ThreatMapper, however, has eased the burden not only of scanning for the myriad vulnerabilities out there, but also of figuring out which vulnerabilities demand the most and most-immediate attention. We had ThreatMapper up and running in a matter of minutes, and we have been able to shift our time to other tasks, knowing that ThreatMapper is on patrol.”
ThreatMapper is a fast-evolving open source project, and will rapidly gain additional security observability capabilities, including scanning for cloud misconfigurations, compliance related hardening and additional runtime capabilities based on eBPF. ThreatMapper will make all observed threats and telemetry available through a series of public APIs.
For enterprises looking for a deeper runtime detection and protection, Deepfence offers a commercial solution named ThreatStryker. ThreatStryker builds on the attack surface measured by ThreatMapper, and gathers rich runtime signals using cloud native deep packet inspection (DPI) to give unprecedented visibility at runtime. ThreatStryker then correlates these runtime signals with measured attack surface and deploys fine-grained, targeted remediation to prevent the spread of threats and stop attackers in their tracks, all this without proxies, intrusive agents or any inline components.
[To share your insights with us, please write to firstname.lastname@example.org]