a pioneer within the rising safety observability and safety house,
right now introduced the 1.4 launch of its open supply mission ThreatMapper,
a cutting-edge, cloud native providing that expands assault path
visualization, provides enterprise-grade cloud safety posture administration,
and now consists of the trade’s first cloud native, YARA-based malware
scanner.
“Safety is a collective good and a
fundamental proper, and we’re proud to supply an open platform that addresses
essentially the most urgent day one wants of cloud safety groups”
ThreatMapper is an open platform for scanning, mapping, and rating
vulnerabilities in working pods, pictures, hosts, and repositories.
ThreatMapper scans for recognized and unknown vulnerabilities, secrets and techniques, cloud
misconfigurations after which places these findings in context. With
ThreatMapper, the scans occur as a part of CI/CD or at runtime. This
empowers organizations to not solely determine threats but in addition to
decide how–and the way rapidly–to take care of them. In a globally linked
atmosphere wherein a single vulnerability can put untold numbers of
organizations and their clients in danger (e.g. Log4j), a platform like
ThreatMapper is vital.
Deepfence is a agency believer in a community-based method to safety,
and open supply ThreatMapper 1.4 gives extra complete menace
mapping — of vulnerabilities, delicate secrets and techniques, and, now, cloud
misconfigurations and malware — in addition to the power to contextualize
and correlate scan ends in an intuitive graph that makes it simpler to
see, reply to, and proactively stop potential assaults. That is
actually an trade first. There is no such thing as a different mission, open supply or
industrial, that applies these complete options and capabilities
throughout the cloud native continuum.
Particularly, ThreatMapper 1.4 consists of:
-
ThreatGraph, a strong a brand new function that makes use of runtime context like
community flows to prioritize menace scan outcomes and permits
organizations to slim down assault path alerts from 1000’s to a
handful of essentially the most significant (and threatening) -
Agentless cloud safety posture administration (CSPM) of cloud belongings
mapped to numerous compliance controls like CIS, HIPAA, GDPR, SOC 2, and
extra - YaraHunter, the trade’s first open supply malware scanner for cloud native environments
“The cloud native ecosystem is constructed on OSS libraries and parts,
but the vast majority of instruments accessible to safe cloud native workloads are
closed supply proprietary software program you could by no means totally perceive
how they work, and which solely firms with deep pockets can afford. If
we actually need to materially enhance safety of our cloud native
workloads, we have to make the tooling accessible to everybody within the
neighborhood, so we are able to construct and innovate collectively. With ThreatMapper 1.4,
Deepfence is rolling out what I see as one other credible open supply win
for the trade – ThreatGraph, which gives a substantive vary of
menace detection, and extra – mixed right into a single, easy-to-use open
supply software,” mentioned Nick Reva, Engineering Supervisor, Safety Engineering,
Snapchat.
ThreatMapper 1.4 permits organizations to seek out and rank potential threats, such because the Log4j2 vulnerability,
so safety groups could make knowledgeable choices and shore up vital
gaps that will have in any other case gone unnoticed. This builds on the superior
safety instruments in Deepfence ThreatMapper 1.3,
similar to secret scanning at runtime and runtime Software program Invoice of
Supplies (SBOMs), defending not solely particular person organizations but in addition
our ever-more-interconnected society as a complete.
“Safety is a collective good and a fundamental proper, and we’re proud to
supply an open platform that addresses essentially the most urgent day one wants of
cloud safety groups,” mentioned Sandeep Lahane, Co-founder and CEO of
Deepfence. “ThreatMapper 1.4 is a big leap ahead for the safety
neighborhood, offering essentially the most complete safety features and
capabilities that safety groups want, freed from any price or limitations.
With model 1.4 we have strengthened ThreatMapper’s capabilities to the
level that we’re not conscious of another product – open supply or
industrial – that may match it.”
ThreatMapper 1.4 is 100% open supply and accessible on GitHub. Be taught extra concerning the newest options within the launch weblog right here.
About Deepfence
Deepfence is a necessary safety observability and safety platform
for cloud-native and container environments. Deepfence measures, maps,
and visualizes your runtime assault surfaces, and gives full-stack
safety from recognized and unknown threats. Deepfence ThreatMapper helps
defend the more and more susceptible software program provide chain by
routinely scanning, mapping, and rating utility vulnerabilities
and delicate secrets and techniques in working containers, pictures, hosts, and
repositories — from improvement by way of manufacturing. Deepfence
ThreatStryker makes use of trade assault heuristics to interpret ThreatMapper
intelligence and telemetry, figuring out attacks-in-progress and
deploying mitigating firewall and quarantine measures. To be taught extra,
go to deepfence.io.
