ThreatMapper: Open source platform for scanning runtime environments
Deepfence announced open source availability of ThreatMapper, a signature offering that automatically scans, maps and ranks application vulnerabilities across serverless, Kubernetes, container and multi-cloud environments.
Scanning runtime environments
ThreatMapper is an open source platform for scanning runtime environments for software supply chain vulnerabilities and contextualizing threats to help organizations determine which to address and when. Taking threat feeds from more than 50 different sources, the comprehensive suite of ThreatMapper capabilities and features are available on GitHub.
ThreatMapper complements an organization’s existing initiatives to “shift left” by scanning applications and infrastructure post-deployment, catching emerging threats and scanning both first-party and third-party applications and components.
“Modern applications and services depend greatly on open source componentry, and any vulnerabilities in such components can be quickly exploited at significant scale. Securing these components is most effectively done as a community effort; responsible disclosure, public vulnerability feeds, and freely-available open source tooling,” said Owen Garrett, Head of Products and Community at Deepfence.
ThreatMapper’s automated capabilities include:
Mapped topology of applications and infrastructure: Using lightweight, easy-to-deploy and non-invasive sensors, ThreatMapper auto-discovers and maps services, containers, cloud resources and third-party APIs within your infrastructure by passively observing network traffic.
Continuous discovery of vulnerabilities: ThreatMapper scans online hosts, containers and serverless environments for known vulnerable dependencies, augmenting any “shift left” vulnerability scanning you may do in your development pipeline.
Ranked vulnerabilities by attack surface: ThreatMapper ranks discovered vulnerabilities, identifying the highest-risk threats and the order in which they should be addressed by utilizing runtime traffic and cloud context.
With applications relying on an ever-increasing network of third-party dependencies, the vulnerability blast radius gets harder and harder to contain. In fact, the number of CVEs published each year by MITRE has been trending upward year over year, with more than 18,000 new vulnerabilities published in 2020, and tens of thousands of additional vulnerabilities come from other sources. Further, GitHub reported that vulnerabilities lie hidden for an average of 4 years before discovery, and it takes, on average, 14 weeks to develop and distribute a fix, leaving plenty of opportunity for cyber attackers to develop techniques to exploit potential issues.
“To say that it’s challenging to keep on top of software vulnerabilities is a huge understatement,” said Mehul Patel, Director Security & Infrastructure at Amyris. “ThreatMapper, however, has eased the burden not only of scanning for the myriad vulnerabilities out there, but also of figuring out which vulnerabilities demand the most and most-immediate attention. We had ThreatMapper up and running in a matter of minutes, and we have been able to shift our time to other tasks, knowing that ThreatMapper is on patrol.”
ThreatMapper is a fast-evolving open source project, and will rapidly gain additional security observability capabilities, including scanning for cloud misconfigurations, compliance related hardening and additional runtime capabilities based on eBPF. ThreatMapper will make all observed threats and telemetry available through a series of public APIs.