Deepfence Pronounces Open Supply Availability of ThreatMapper



SAN FRANCISCO – October 13, 2021 – Deepfence, a pioneer within the rising safety observability and safety area, as we speak introduced open supply availability of ThreatMapper, a signature providing that mechanically scans, maps and ranks software vulnerabilities throughout serverless, Kubernetes, container and multi-cloud environments.
ThreatMapper is the main open supply platform for seamlessly scanning runtime environments for software program provide chain vulnerabilities and contextualizing threats to assist organizations decide which to deal with and when. Constructed on Deepfence’s confirmed file of securing enterprise functions, and taking risk feeds from greater than 50 completely different sources, the great suite of ThreatMapper capabilities and options can be found on GitHub. ThreatMapper enhances a corporation’s current initiatives to “shift left” by scanning functions and infrastructure post-deployment, catching rising threats and scanning each first-party and third-party functions and parts.
“Trendy functions and companies rely tremendously on open supply componentry, and any vulnerabilities in such parts could be shortly exploited at vital scale. Securing these parts is most successfully completed as a group effort; accountable disclosure, public vulnerability feeds, and freely-available open supply tooling,” mentioned Owen Garrett, Head of Merchandise and Group at Deepfence who earlier led merchandise at NGINX. “By open-sourcing ThreatMapper, we purpose to assist groups to determine and prioritize threats shortly and simply. When the stress is on to launch early and infrequently, but vulnerabilities are reported at an ever growing charge, ThreatMapper’s means to seek out in-production vulnerabilities and determine which pose the best threats is a win for dev, cloud and safety operations groups.”
Deepfence ThreatMapper’s automated capabilities embrace:Mapped Topology of Purposes and Infrastructure: Utilizing light-weight, easy-to-deploy and non-invasive sensors, ThreatMapper auto-discovers and maps companies, containers, cloud sources and third-party APIs inside your infrastructure by passively observing community visitors.Steady Discovery of Vulnerabilities: ThreatMapper scans on-line hosts, containers and serverless environments for recognized weak dependencies, augmenting any “shift left” vulnerability scanning it’s possible you’ll do in your growth pipeline.Ranked Vulnerabilities by Assault Floor: ThreatMapper ranks found vulnerabilities, figuring out the highest-risk threats and the order by which they need to be addressed by using runtime visitors and cloud context.
With functions counting on an ever-increasing community of third-party dependencies, the vulnerability blast radius will get tougher and tougher to include. In actual fact, the variety of vulnerabilities (CVEs) revealed annually by MITRE has been trending upward yr over yr, with greater than 18,000 new vulnerabilities revealed in 2020, and tens of 1000’s of further vulnerabilities come from different sources. Additional, GitHub reported that vulnerabilities lie hidden for a mean of 4 years earlier than discovery, and it takes, on common, 14 weeks to develop and distribute a repair, leaving loads of alternative for cyber attackers to develop methods to take advantage of potential points.
“To say that it’s difficult to maintain on prime of software program vulnerabilities is a big understatement,” mentioned Mehul Patel, Director Safety & Infrastructure at Amyris. “ThreatMapper, nevertheless, has eased the burden not solely of scanning for the myriad vulnerabilities on the market, but additionally of determining which vulnerabilities demand probably the most and most-immediate consideration. We had ThreatMapper up and working in a matter of minutes, and now we have been in a position to shift our time to different duties, realizing that ThreatMapper is on patrol.”
ThreatMapper is a fast-evolving open supply undertaking, and can quickly achieve further safety observability capabilities, together with scanning for cloud misconfigurations, compliance associated hardening and extra runtime capabilities based mostly on eBPF. ThreatMapper will make all noticed threats and telemetry accessible by means of a collection of public APIs.
For enterprises on the lookout for a deeper runtime detection and safety, Deepfence affords a industrial resolution named ThreatStryker. ThreatStryker builds on the assault floor measured by ThreatMapper, and gathers wealthy runtime indicators utilizing cloud native deep packet inspection (DPI) to provide unprecedented visibility at runtime. ThreatStryker then correlates these runtime indicators with measured assault floor and deploys fine-grained, focused remediation to forestall the unfold of threats and cease attackers of their tracks, all this with out proxies, intrusive brokers or any inline parts.
To be taught extra or request a demo, please go to or cease by Deepfence’s sales space S56 at KubeCon + CloudNativeCon North America from October 11-15.

About Deepfence
Deepfence is an important safety observability platform for cloud and container native environments. Primarily based on a “safety as a microservice” mannequin, Deepfence measures and maps runtime assault surfaces, and gives full-stack safety from recognized and unknown threats. Deepfence ThreatMapper helps defend the more and more weak software program provide chain by mechanically scanning, mapping and rating software vulnerabilities in working containers, photos, hosts and repositories — from growth by means of manufacturing. Deepfence ThreatStryker makes use of trade assault heuristics to interpret ThreatMapper intelligence and telemetry, figuring out attacks-in-progress and deploying mitigating firewall and quarantine measures. To be taught extra, go to