Deepfence, a security observability provider, today announced open source availability of ThreatMapper, an offering that automatically scans, maps and ranks application vulnerabilities across serverless, Kubernetes, container and multi-cloud environments.
ThreatMapper is the leading open source platform for scanning runtime environments for software supply chain vulnerabilities and contextualizing threats to help organizations determine which to address and when.
Built on Deepfence’s proven record of securing enterprise applications, and taking threat feeds from more than 50 different sources, the comprehensive suite of ThreatMapper capabilities and features are available on GitHub. ThreatMapper complements an organisation’s existing initiatives to “shift left” by scanning applications and infrastructure post-deployment, catching emerging threats and scanning both first-party and third-party applications and components.
“Modern applications and services depend greatly on open source componentry, and any vulnerabilities in such components can be quickly exploited at significant scale. Securing these components is most effectively done as a community effort; responsible disclosure, public vulnerability feeds, and freely-available open source tooling,” said Owen Garrett, head of products and community at Deepfence who earlier led products at NGINX.
Deepfence ThreatMapper’s automated capabilities include mapped topology of applications and infrastructure, continuous discovery of vulnerabilities and
ranked vulnerabilities by attack surface.
According to the company, with applications relying on an ever-increasing network of third-party dependencies, the vulnerability blast radius gets harder and harder to contain. In fact, the number of vulnerabilities (CVEs) published each year by MITRE has been trending upward year over year, with more than 18,000 new vulnerabilities published in 2020, and tens of thousands of additional vulnerabilities come from other sources.
Further, GitHub reported that vulnerabilities lie hidden for an average of 4 years before discovery, and it takes, on average, 14 weeks to develop and distribute a fix, leaving plenty of opportunity for cyber attackers to develop techniques to exploit potential issues.
ThreatMapper is a fast-evolving open source project, and will rapidly gain additional security observability capabilities, including scanning for cloud misconfigurations, compliance related hardening and additional runtime capabilities based on eBPF. ThreatMapper will make all observed threats and telemetry available through a series of public APIs, the company said in a release.
For enterprises looking for a deeper runtime detection and protection, Deepfence offers a commercial solution named ThreatStryker. ThreatStryker builds on the attack surface measured by ThreatMapper, and gathers rich runtime signals using cloud native deep packet inspection (DPI) to give unprecedented visibility at runtime. ThreatStryker then correlates these runtime signals with measured attack surface and deploys fine-grained, targeted remediation to prevent the spread of threats and stop attackers in their tracks, all this without proxies, intrusive agents or any inline components.