Deepfence today at the KubeCon + CloudNativeCon North America conference announced today it is making available a ThreatMapper tool that employs lightweight sensors that automatically scan, map and rank application vulnerabilities across serverless, Kubernetes, container and multi-cloud environments available as open source software.
Sandeep Lahane, Deepfence CEO, said ThreatMapper analyzes feeds from more than 50 different sources to provide security teams with a lower-cost tool that makes it simpler to identify threats and vulnerabilities after an application has been deployed.
That capability is critical in the age of the cloud because developers routinely now deploy applications using infrastructure-as-a-code tools such as Terraform without intervention from a centralized IT team being required, added Lahane. The issue this creates, however, is most developers today have limited cybersecurity experience, which Lahane noted means the odds are high that an application environment contains known vulnerabilities.
ThreatMapper, in addition to automatically discovering and mapping services, containers, cloud resources and application programming interfaces (APIs), will also rank those vulnerabilities by risk level to provide guidance on which threats security teams should prioritize.
In an ideal world, applications would be secure before they are deployed in a production environment. In practice, most organizations are unwilling to slow down the rate at which applications are being developed and deployed to achieve that goal. Instead, organizations are increasingly adopting DevSecOps best practices in the hope that the number of vulnerabilities that make it into a production environment can be minimized.
The challenge is that applications, once deployed, are now being continuously updated. Each update introduces another potential opportunity for a vulnerability to be inadvertently introduced. Cybersecurity teams that are already stretched thin simply can’t keep pace with the current rate at which applications are being built, deployed and updated.
ThreatMapper helps even those odds by providing cybersecurity teams with a set of lightweight scanning tools that can be easily deployed, said Lahane. Deepfence also provides a commercial offering based on ThreatMapper, dubbed ThreatStryker, to provide deep packet inspection (DPI) capabilities in real-time.
Going forward, Deepfence said ThreatMapper will also gain additional security observability capabilities, including the ability to scan for cloud misconfigurations, compliance-related hardening and additional runtime capabilities based on the extended Berkeley Packet Filter (eBPF) subsystem being added to operating systems. The ThreatMapper project will also make all observed threats and telemetry available through a series of public application programming interfaces (APIs).
It has become increasingly clear that security is a team sport. In addition to IT operations teams, developers are now more involved in application security than ever. Naturally, there’s still a long way to go before most developers acquire the level of cybersecurity expertise needed to ensure applications are less vulnerable. However, as long as applications are developed by a human being, there will always be mistakes. Cybersecurity professionals need to find a means to augment whatever cybersecurity expertise any developer may have in a way that allows them to quickly identify the vulnerabilities most likely to be exploited.
It may be a while before cybersecurity teams and application developers are able to strike that balance. At the very least, however, there’s now a much greater appreciation for the need to achieve that goal.