Today, at Black Hat USA 2022, Deepfence announced the 1.4 release of its open source project ThreatMapper, cloud native offering that expands attack path visualization, adds cloud security posture management, and now includes the cloud native, YARA-based malware scanner.
ThreatMapper is an open platform for scanning, mapping, and ranking vulnerabilities in running pods, images, hosts, and repositories. ThreatMapper scans for known and unknown vulnerabilities, secrets, cloud misconfigurations and then puts those findings in context.
With ThreatMapper, the scans happen as part of CI/CD or at runtime. This empowers organizations to not only identify threats but also to determine how–and how quickly–to deal with them. In a globally connected environment in which a single vulnerability can put untold numbers of organizations and their customers at risk (e.g. Log4j), a platform like ThreatMapper is critical.
Deepfence is a firm believer in a community-based approach to security, and open source ThreatMapper 1.4 provides threat mapping — of vulnerabilities, sensitive secrets, and, now, cloud misconfigurations and malware — as well as the ability to contextualize and correlate scan results in an intuitive graph that makes it easier to see, respond to, and prevent potential attacks.
ThreatMapper 1.4 includes:
- ThreatGraph, a new feature that uses runtime context like network flows to prioritize threat scan results and enables organizations to narrow down attack path alerts from thousands to a handful of the most meaningful (and threatening)
- Agentless cloud security posture management (CSPM) of cloud assets mapped to various compliance controls like CIS, HIPAA, GDPR, SOC 2, and more
- YaraHunter, the industry’s first open source malware scanner for cloud native environments
“The cloud native ecosystem is built on OSS libraries and components, yet the majority of tools available to secure cloud native workloads are closed source proprietary software that you can never fully understand how they work, and which only companies with deep pockets can afford. If we truly want to materially improve security of our cloud native workloads, we need to make the tooling accessible to everyone in the community, so we can build and innovate together. With ThreatMapper 1.4, Deepfence is rolling out what I see as another credible open source win for the industry – ThreatGraph, which provides a substantive range of threat detection, and more – combined into a single, easy-to-use open source tool,” said Nick Reva, Engineering Manager, Security Engineering, Snapchat.
ThreatMapper 1.4 enables organizations to find and rank potential threats, such as the Log4j2 vulnerability, so security teams can make informed decisions and shore up critical gaps that may have otherwise gone unnoticed.
This builds on security tools in Deepfence ThreatMapper 1.3, such as secret scanning at runtime and runtime Software Bill of Materials (SBOMs), protecting not only individual organizations but also our ever-more-interconnected society as a whole.
“Security is a collective good and a basic right, and we are proud to offer an open platform that addresses the most pressing day one needs of cloud security teams,” said Sandeep Lahane, Co-founder and CEO of Deepfence.
“ThreatMapper 1.4 is a giant leap forward for the security community, providing the most comprehensive security features and capabilities that security teams need, free of any cost or limitations. With version 1.4 we’ve strengthened ThreatMapper’s capabilities to the point that we’re not aware of any other product – open source or commercial – that can match it.”, Lahane continued.
ThreatMapper 1.4 is 100% open source and available on GitHub.