Sunday, September 25, 2022
HomeCyber SecurityDeepfence ThreatMapper 1.4 Unveils Open Supply Menace Graph to Visualize Cloud-Native Menace...

Deepfence ThreatMapper 1.4 Unveils Open Supply Menace Graph to Visualize Cloud-Native Menace Panorama


SAN FRANCISCO—Deepfence,
a pioneer within the rising safety observability and safety house,
in the present day introduced the 1.4 launch of its open supply venture ThreatMapper,
a cutting-edge, cloud native providing that expands assault path
visualization, provides enterprise-grade cloud safety posture administration,
and now consists of the business’s first cloud native, YARA-based malware
scanner.

“Safety is a collective good and a
fundamental proper, and we’re proud to supply an open platform that addresses
essentially the most urgent day one wants of cloud safety groups”

ThreatMapper is an open platform for scanning, mapping, and rating
vulnerabilities in working pods, photos, hosts, and repositories.
ThreatMapper scans for recognized and unknown vulnerabilities, secrets and techniques, cloud
misconfigurations after which places these findings in context. With
ThreatMapper, the scans occur as a part of CI/CD or at runtime. This
empowers organizations to not solely determine threats but additionally to
decide how–and the way rapidly–to take care of them. In a globally linked
atmosphere wherein a single vulnerability can put untold numbers of
organizations and their prospects in danger (e.g. Log4j), a platform like
ThreatMapper is important.

Deepfence is a agency believer in a community-based strategy to safety,
and open supply ThreatMapper 1.4 gives extra complete risk
mapping — of vulnerabilities, delicate secrets and techniques, and, now, cloud
misconfigurations and malware — in addition to the flexibility to contextualize
and correlate scan ends in an intuitive graph that makes it simpler to
see, reply to, and proactively forestall potential assaults. That is
really an business first. There is no such thing as a different venture, open supply or
industrial, that applies these complete options and capabilities
throughout the cloud native continuum.

Particularly, ThreatMapper 1.4 consists of:

  • ThreatGraph, a robust a brand new characteristic that makes use of runtime context like
    community flows to prioritize risk scan outcomes and allows
    organizations to slender down assault path alerts from hundreds to a
    handful of essentially the most significant (and threatening)
  • Agentless cloud safety posture administration (CSPM) of cloud belongings
    mapped to varied compliance controls like CIS, HIPAA, GDPR, SOC 2, and
    extra
  • YaraHunter, the business’s first open supply malware scanner for cloud native environments

“The cloud native ecosystem is constructed on OSS libraries and elements,
but nearly all of instruments out there to safe cloud native workloads are
closed supply proprietary software program which you can by no means absolutely perceive
how they work, and which solely corporations with deep pockets can afford. If
we really wish to materially enhance safety of our cloud native
workloads, we have to make the tooling accessible to everybody within the
group, so we will construct and innovate collectively. With ThreatMapper 1.4,
Deepfence is rolling out what I see as one other credible open supply win
for the business – ThreatGraph, which gives a substantive vary of
risk detection, and extra – mixed right into a single, easy-to-use open
supply instrument,” mentioned Nick Reva, Engineering Supervisor, Safety Engineering,
Snapchat.

ThreatMapper 1.4 allows organizations to seek out and rank potential threats, such because the Log4j2 vulnerability,
so safety groups could make knowledgeable choices and shore up important
gaps that will have in any other case gone unnoticed. This builds on the superior
safety instruments in Deepfence ThreatMapper 1.3,
akin to secret scanning at runtime and runtime Software program Invoice of
Supplies (SBOMs), defending not solely particular person organizations but additionally
our ever-more-interconnected society as a complete.

“Safety is a collective good and a fundamental proper, and we’re proud to
provide an open platform that addresses essentially the most urgent day one wants of
cloud safety groups,” mentioned Sandeep Lahane, Co-founder and CEO of
Deepfence. “ThreatMapper 1.4 is a big leap ahead for the safety
group, offering essentially the most complete safety features and
capabilities that safety groups want, freed from any price or limitations.
With model 1.4 we have strengthened ThreatMapper’s capabilities to the
level that we’re not conscious of another product – open supply or
industrial – that may match it.”

ThreatMapper 1.4 is 100% open supply and out there on GitHub. Be taught extra concerning the newest options within the launch weblog right here.

About Deepfence

Deepfence is a necessary safety observability and safety platform
for cloud-native and container environments. Deepfence measures, maps,
and visualizes your runtime assault surfaces, and gives full-stack
safety from recognized and unknown threats. Deepfence ThreatMapper helps
shield the more and more weak software program provide chain by
mechanically scanning, mapping, and rating utility vulnerabilities
and delicate secrets and techniques in working containers, photos, hosts, and
repositories — from growth via manufacturing. Deepfence
ThreatStryker makes use of business assault heuristics to interpret ThreatMapper
intelligence and telemetry, figuring out attacks-in-progress and
deploying mitigating firewall and quarantine measures. To be taught extra,
go to deepfence.io.

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular