ThreatMapper Is Now 100% Open Source! — Deepfence

We’re excited to announce today that ThreatMapper is now 100% open source under the Apache 2.0 license! If you’re not familiar with ThreatMapper, it’s a cloud native security observability platform that scans, maps, and ranks vulnerabilities from development through production across serverless, Kubernetes, container, and multi-cloud environments.

Because modern applications and services rely heavily on shared, open source components, securing them is best done as a collaborative, community effort. By open sourcing ThreatMapper, we aim to help developers, DevOps, DevSecOps, and security teams identify and prioritize threats quickly and easily, and focus their efforts on the vulnerabilities that need to be fixed first.

When we initially launched ThreatMapper, we first made it available as a freemium edition and worked closely with dozens of early adopters to evolve it into the robust cloud native security platform that it is today. By working alongside security professionals securing modern application environments, not only were we able to build out a rich set of features and capabilities that solve real-world challenges, but we were also able to see ThreatMapper make a tangible impact on security teams.

To say that it’s challenging to keep on top of software vulnerabilities is a huge understatement. ThreatMapper, however, has eased the burden not only of scanning for the myriad vulnerabilities out there, but also of figuring out which vulnerabilities demand the most and most-immediate attention. We had ThreatMapper up and running in a matter of minutes, and we have been able to shift our time to other tasks, knowing that ThreatMapper is on patrol.

- Mehul Patel, Director Security & Infrastructure at Amyris

Benefits of Using ThreatMapper

Here are just some of the benefits you get by using ThreatMapper to secure your applications and infrastructure:

• See the topology of your applications and infrastructure: ThreatMapper auto-discovers your production infrastructure — including cloud instances, Kubernetes nodes, serverless resources, and containers — and maps the topology of your applications in real time.
• Discover vulnerabilities, including fresh vulnerabilities in production that were not known at build or deploy time: ThreatMapper scans hosts, containers, and applications for known vulnerable dependencies, taking threat feeds from more than 50 different sources. ThreatMapper augments any “shift left” vulnerability scanning you may do in your development pipeline, and scans third-party components such as monitoring and load-balancing tools.
• Prioritize vulnerabilities by “risk-of-exploit”: ThreatMapper then scores the vulnerabilities based on their attack vector (e.g. network vs local), severity, and on topology. Vulnerabilities on workloads on the edge of the attack surface are at greater risk of exploit, and vulnerabilities on workloads that are actively receiving external traffic are scored at the highest risk. ThreatMapper’s “Attack Path” visualization charts the top routes to reach vulnerable workloads.

Together, this information uncovers newly-published vulnerabilities and tracks vulnerabilities that were permitted through any prior scanning. The prioritization informs you as to which vulnerabilities you must address first, as they pose the highest risk-of-exploit.

Roadmap

ThreatMapper is a fully open source platform that makes it easy to scan for vulnerabilities and build a map of threats across multiple clouds and application types. ThreatStryker (our commercial offering) extends ThreatMapper with compliance scanning, runtime sensors, and a correlation and protection engine.

Our intent is to migrate all security and observability capabilities, including compliance scanning and runtime sensors, into the open source ThreatMapper platform. ThreatMapper will make all threat and runtime data available through public APIs, for dashboards, SIEM and other external applications to consume.

ThreatStryker is to be refactored as a standalone application that consumes vulnerability and telemetry data from the ThreatMapper platform using the public APIs, and provides run-time attack analysis and protection. Stay up-to-date with ThreatMapper on GitHub.

Summary & What’s Next?

Thank you to everyone who helped us on our journey so far to make ThreatMapper the robust open source security tool that we’re announcing today. We’re so grateful for the many design partners, customers, security professionals, advisors, and members of the Deepfence team (the Deepforce!) who helped us achieve this amazing milestone.

While open sourcing ThreatMapper was always on our roadmap — today is only the beginning! We’ll continue to build and release new features on our mission to protect the cloud native continuum:

• Download, try, and contribute to open source ThreatMapper.
• Join the conversation in our community Slack.
• Or contact us to schedule a personalized demo.

Originally published at https://deepfence.io on October 13, 2021.