Abstract image of a woman sitting on books and studying on a laptop

Open source cloud native security with threat mapper

L
LibbySchulze

ThreatMapper is an open source security observability platform that helps users secure their cloud native applications from development through production. It discovers an application's topology and attack surface, scans for vulnerabilities, and provides indicators of attacks. ThreatMapper is currently focused on mapping the attack surface, but future versions will incorporate additional features like gathering attack intelligence and providing indicators of compromise. It is part of Deepfence's overall strategy to help users "Shift Left" to build security into development and also "Secure Right" once applications are in production.

Internet
1 of 20
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Introduction to ThreatMapper Owen Garrett, owen@deepfence.io Sandeep Lahane, sandeep@deepfence.io
ThreatMapper protects the Cloud Native Continuum Where “Shift Left” ends, ThreatMapper takes over • DevOps: “It was fine when it was pushed to production” • AppSec: “I have no idea if it’s still secure” ThreatMapper reveals weaknesses in your attack surface Learn the topology and attack surface Discover components and infrastructure Supports multi-cloud, multi-modality apps Scan components and dependencies
ThreatMapper tiers Learn the attack surface 1 Gather attack intel 2 ThreatMapper Open source Security Observability platform Discover Topology Locate Vulnerabilities Indicators of Compromise Build Threat Map Platform Compliance Resource Anomalies Indicators of Attack Additional ecosystem solutions 3 https://github.com/deepfence/ThreatMapper
The Problem
“Shift Left” secures code to production 84% Percentage of OSS codebases surveyed that had at least one vulnerability - Synopsis 2021 OSSRA IBM Systems Science Institute / Deepsource 18,351 Number of CVEs published in 2020 - NVD / MITRE.org 17,826 CVEs published in 2021 (up to Nov 2021) - NVD / MITRE.org > 50% OSS vulnerabilities rated “high” or “critical” - Whitesource SoOSV 2021 > 12,000 Software Supply Chain attacks - Sonatype SoSSC 2021 528 Average number of OSS dependencies in an enterprise application - Synopsis 2021 OSSRA
“Shift Left” deals with half the problem Shift Left Secure Right Am I deploying secure code into production? Are my cloud and server platforms configured securely? Are my applications still secure? Are they under attack? How should I respond?
“Shift Left” deals with half the problem Limitations of Shift Left • Not all vulnerabilities can be patched before code is deployed to production • 3rd-party resources may not be subject to the “Shift Left” security pipeline • Unknown vulnerabilities may be discovered after a component is deployed 120thousand 120k Apache webservers vulnerable to unlimited path traversal exploit - CVE-2021-41773, Oct 2021 143million Customer records compromised as a result of Apache Struts vulnerability - Equifax 96% 3rd-party container apps deployed contain known vulnerabilities - Unit 42 4years/12weeks 4 years: Time to discover 12 weeks: Time to remediate software vulnerabilities - GitHub Octoverse 2020 Shift Left responsibility ends when code goes into production
In the past 12 months, what security incidents or issues related to containers and/or Kubernetes have you experienced? 94% of respondents experienced at least one security incident in their Kubernetes environments in the last 12 months
Dev Devops AppSec Infrastructure-wide: 10,000+ potential vulnerabilities Per-host: 100+ potential vulnerabilities Per-container: 10+ potential vulnerabilities Dev/DevOps and AppSec are not aligned “We cannot prioritize long lists of theoretical vulnerabilities.” “Developers are slapdash and don’t make time for security concerns.”
ThreatMapper Demo
Roadmap
ThreatMapper Now • Released October 2021 • Apache2 License • https://github.com/deepfence/ThreatMapper Learn the attack surface 1 ThreatMapper Open source Security Observability platform Discover Topology Locate Vulnerabilities Build Threat Map Platform Compliance
Open source cloud native security with threat mapper
ThreatMapper - Next Steps Learn the attack surface 1 Gather attack intel 2 ThreatMapper Open source Security Observability platform Discover Topology Locate Vulnerabilities Indicators of Compromise Build Threat Map Indicators of Attack Platform Compliance Resource Anomalies
Indicators of Attack ‘Indicators of Attack’ are precursors to ‘Indicators of Compromise’ • Deepfence uses eBPF probes to capture all required network traffic from all nodes • Traffic is matched against threat rules to identify reconnaissance, exploit, command-and-control and exfiltration activities Indicators of Attack Other solutions may say: Deepfence’ Indicators of Attack provide more insights We gather network traffic stats to identify anomalies Flow, Bandwidth and Connection counts are L4 data (“resource anomalies”). They are not equivalent to Deepfence’ L7 Indicators of Attack We capture traffic from Web Application Firewalls to get indicators of attack This only captures blocked traffic from the edge, using performance-reducing proxy. Deepfence is not proxy-based and captures all traffic from all locations We instrument Istio Mesh / Envoy to capture N/S and/or E/W network traffic This relies on support from a service mesh or other proxy-based technology. Deepfence works with all Mesh sidecars and in all non-mesh environments. We use eBPF to gather attack information eBPF for process or file anomalies eBPF for network traffic (Deepfence) == Indicator of Compromise == Indicator of Attack Indicators of Compromise
ThreatMapper - Ecosystem Learn the attack surface 1 Gather attack intel 2 ThreatMapper Open source Security Observability platform Discover Topology Locate Vulnerabilities Indicators of Compromise Build Threat Map Platform Compliance Resource Anomalies Indicators of Attack Additional ecosystem solutions 3
Deepfence Roadmap Learn the attack surface 1 Gather attack intel 2 Understand and respond 3 Deepfence ThreatMapper Open source Vulnerability Scanning Compliance, Sensors Platform API Deepfence ThreatStryker Ecosystem add-on Correlation and Protection API integration Deepfence ThreatMapper Open source Vulnerability Scanning Deepfence ThreatStryker Commercial, closed source Compliance, Sensors Correlation and Protection October 13, 2021 Open source ThreatMapper initial release Q4 2021 / Q1 2022 Open source ThreatMapper security observability platform Present (November 2021) Future (3-6 months)
Getting ThreatMapper
Getting ThreatMapper GitHub https://github.com/deepfence/ThreatMapper Find us on Slack $ wget https://github.com/deepfence/ThreatMapper/raw/master/deployment-scripts/docker-compose.yml $ docker-compose -f docker-compose.yml up –d
Shift Left. Secure Right. deepfence.io github.com/deepfence/ThreatMapper

More Related Content

PDF
The New Pentest? Rise of the Compromise Assessment
Infocyte
 
PDF
Combining logs, metrics, and traces for unified observability
Elasticsearch
 
PDF
Penetration Testing SAP Systems
Onapsis Inc.
 
PPTX
Threat Hunting with Splunk
Splunk
 
PPTX
Introduction to PCI DSS
Saumya Vishnoi
 
PPTX
QRadar, ArcSight and Splunk
M sharifi
 
PDF
INCIDENT RESPONSE NIST IMPLEMENTATION
Sylvain Martinez
 
PPTX
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
The New Pentest? Rise of the Compromise Assessment
Infocyte
 
Combining logs, metrics, and traces for unified observability
Elasticsearch
 
Penetration Testing SAP Systems
Onapsis Inc.
 
Threat Hunting with Splunk
Splunk
 
Introduction to PCI DSS
Saumya Vishnoi
 
QRadar, ArcSight and Splunk
M sharifi
 
INCIDENT RESPONSE NIST IMPLEMENTATION
Sylvain Martinez
 
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 

What's hot (20)

PPTX
Security operation center (SOC)
Ahmed Ayman
 
PDF
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
PDF
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
PDF
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE - ATT&CKcon
 
PDF
CRA - overview of vulnerability handling
Olle E Johansson
 
PPT
OWASP - Building Secure Web Applications
alexbe
 
PPTX
Software Composition Analysis Deep Dive
Ulisses Albuquerque
 
PPTX
Social engineering presentation
pooja_doshi
 
PPTX
Cyber Defense Matrix: Revolutions
Sounil Yu
 
PDF
Présentation ELK/SIEM et démo Wazuh
Aurélie Henriot
 
PDF
Active Directory in ICS: Lessons Learned From The Field
Digital Bond
 
PPTX
The Elastic Stack as a SIEM
John Hubbard
 
PDF
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
PDF
Introduction: CISSP Certification
Sam Bowne
 
PPTX
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
PDF
Enterprise Security Architecture
Kris Kimmerle
 
PPTX
SIEM presentation final
Rizwan S
 
PDF
Deep Exploit@Black Hat Europe 2018 Arsenal
Isao Takaesu
 
PPT
The Security Vulnerability Assessment Process & Best Practices
Kellep Charles
 
PDF
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
SlideTeam
 
Security operation center (SOC)
Ahmed Ayman
 
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE - ATT&CKcon
 
CRA - overview of vulnerability handling
Olle E Johansson
 
OWASP - Building Secure Web Applications
alexbe
 
Software Composition Analysis Deep Dive
Ulisses Albuquerque
 
Social engineering presentation
pooja_doshi
 
Cyber Defense Matrix: Revolutions
Sounil Yu
 
Présentation ELK/SIEM et démo Wazuh
Aurélie Henriot
 
Active Directory in ICS: Lessons Learned From The Field
Digital Bond
 
The Elastic Stack as a SIEM
John Hubbard
 
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
Introduction: CISSP Certification
Sam Bowne
 
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
Enterprise Security Architecture
Kris Kimmerle
 
SIEM presentation final
Rizwan S
 
Deep Exploit@Black Hat Europe 2018 Arsenal
Isao Takaesu
 
The Security Vulnerability Assessment Process & Best Practices
Kellep Charles
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
SlideTeam
 
Ad

Similar to Open source cloud native security with threat mapper (20)

PPTX
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Jeff Williams
 
PPTX
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
Eoin Keary
 
PPTX
Continuous security: Bringing agility to the secure development lifecycle
Rogue Wave Software
 
PDF
The Intersection of Security and DevOps
Alert Logic
 
PPTX
7 Reasons Your Applications are Attractive to Adversaries
Derek E. Weeks
 
PDF
The Intersection of Security & DevOps
Alert Logic
 
PDF
edgescan vulnerability stats report (2018)
Eoin Keary
 
PPTX
Enterprise Linux Exploit Mapper (ELEM) Demo
jasoncallaway
 
PPT
FireEye Report.ppt
DubemJavapi
 
PDF
The Intersection of Security & DevOps
Alert Logic
 
PPTX
Empowering Application Security Protection in the World of DevOps
Black Duck by Synopsys
 
PPTX
Empowering Application Security Protection in the World of DevOps
IBM Security
 
PDF
Application security in current era
ajitdhumale
 
PPTX
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
lior mazor
 
PPT
Web Application Testing for Today’s Biggest and Emerging Threats
Alan Kan
 
PPTX
Security in the age of open source - Myths and misperceptions
Tim Mackey
 
PDF
RADAR - Le nouveau scanner de vulnérabilité par F-Secure
NRC
 
PPTX
In-kernel Analytics and Tracing with eBPF for OpenStack Clouds
PLUMgrid
 
PPTX
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Black Duck by Synopsys
 
PDF
Open Source and Security: Engineering Security by Design - Prague, December 2011
Jeremy Brown
 
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Jeff Williams
 
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
Eoin Keary
 
Continuous security: Bringing agility to the secure development lifecycle
Rogue Wave Software
 
The Intersection of Security and DevOps
Alert Logic
 
7 Reasons Your Applications are Attractive to Adversaries
Derek E. Weeks
 
The Intersection of Security & DevOps
Alert Logic
 
edgescan vulnerability stats report (2018)
Eoin Keary
 
Enterprise Linux Exploit Mapper (ELEM) Demo
jasoncallaway
 
FireEye Report.ppt
DubemJavapi
 
The Intersection of Security & DevOps
Alert Logic
 
Empowering Application Security Protection in the World of DevOps
Black Duck by Synopsys
 
Empowering Application Security Protection in the World of DevOps
IBM Security
 
Application security in current era
ajitdhumale
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
lior mazor
 
Web Application Testing for Today’s Biggest and Emerging Threats
Alan Kan
 
Security in the age of open source - Myths and misperceptions
Tim Mackey
 
RADAR - Le nouveau scanner de vulnérabilité par F-Secure
NRC
 
In-kernel Analytics and Tracing with eBPF for OpenStack Clouds
PLUMgrid
 
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Black Duck by Synopsys
 
Open Source and Security: Engineering Security by Design - Prague, December 2011
Jeremy Brown
 
Ad

More from LibbySchulze (20)

PDF
Running distributed tests with k6.pdf
LibbySchulze
 
PPTX
Extending Kubectl.pptx
LibbySchulze
 
PPTX
Enhancing Data Protection Workflows with Kanister And Argo Workflows
LibbySchulze
 
PDF
Fallacies in Platform Engineering.pdf
LibbySchulze
 
PDF
Intro to Fluvio.pptx.pdf
LibbySchulze
 
PPTX
Enhance your Kafka Infrastructure with Fluvio.pptx
LibbySchulze
 
PDF
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
LibbySchulze
 
PDF
Oh The Places You'll Sign.pdf
LibbySchulze
 
PPTX
Rancher MasterClass - Avoiding-configuration-drift.pptx
LibbySchulze
 
PPTX
vFunction Konveyor Meetup - Why App Modernization Projects Fail - Aug 2022.pptx
LibbySchulze
 
PPTX
CNCF Live Webinar: Low Footprint Java Containers with GraalVM
LibbySchulze
 
PDF
EnRoute-OPA-Integration.pdf
LibbySchulze
 
PDF
AirGap_zusammen_neu.pdf
LibbySchulze
 
PDF
Copy of OTel Me All About OpenTelemetry The Current & Future State, Navigatin...
LibbySchulze
 
PDF
OTel Me All About OpenTelemetry The Current & Future State, Navigating the Pr...
LibbySchulze
 
PDF
CNCF_ A step to step guide to platforming your delivery setup.pdf
LibbySchulze
 
PDF
CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdf
LibbySchulze
 
PDF
Securing Windows workloads.pdf
LibbySchulze
 
PDF
Securing Windows workloads.pdf
LibbySchulze
 
PDF
Advancements in Kubernetes Workload Identity for Azure
LibbySchulze
 
Running distributed tests with k6.pdf
LibbySchulze
 
Extending Kubectl.pptx
LibbySchulze
 
Enhancing Data Protection Workflows with Kanister And Argo Workflows
LibbySchulze
 
Fallacies in Platform Engineering.pdf
LibbySchulze
 
Intro to Fluvio.pptx.pdf
LibbySchulze
 
Enhance your Kafka Infrastructure with Fluvio.pptx
LibbySchulze
 
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
LibbySchulze
 
Oh The Places You'll Sign.pdf
LibbySchulze
 
Rancher MasterClass - Avoiding-configuration-drift.pptx
LibbySchulze
 
vFunction Konveyor Meetup - Why App Modernization Projects Fail - Aug 2022.pptx
LibbySchulze
 
CNCF Live Webinar: Low Footprint Java Containers with GraalVM
LibbySchulze
 
EnRoute-OPA-Integration.pdf
LibbySchulze
 
AirGap_zusammen_neu.pdf
LibbySchulze
 
Copy of OTel Me All About OpenTelemetry The Current & Future State, Navigatin...
LibbySchulze
 
OTel Me All About OpenTelemetry The Current & Future State, Navigating the Pr...
LibbySchulze
 
CNCF_ A step to step guide to platforming your delivery setup.pdf
LibbySchulze
 
CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdf
LibbySchulze
 
Securing Windows workloads.pdf
LibbySchulze
 
Securing Windows workloads.pdf
LibbySchulze
 
Advancements in Kubernetes Workload Identity for Azure
LibbySchulze
 

Recently uploaded (20)

PDF
Black and White Modern Technology Presentation.pdf
DMP School
 
PDF
Toolkit of the MultiCloud DevOps Professional.pdf
DiarioMario
 
PPTX
Introduction: Living in the IT ERA.pptx
joycecueva07
 
PPT
Expect The Impossiblesssssssssssssss.ppt
LAWRENCEJEREMYBRIONE
 
PPTX
Basic_of_Computer_System.pptx class-8 com
skaur23305
 
PDF
Technical SEO Explained: How To Make Your Website Search-Friendly
cinzel communication llp
 
PPTX
PORTFOLIO SAMPLE…….………………………………. …pptx
funmiajibola16
 
PPTX
购买林肯大学毕业证|i20Lincoln成绩单GPA修改本科毕业证书购买学历认证
南昆士兰大学毕业证学历文凭如可办理【Q微号:1954 292 140】USQ成绩单
 
PPTX
Cyber Bullying - How to deal with Cyber bullying pptx
AfnanAhmed71
 
PDF
B450721.pdf American Journal of Multidisciplinary Research and Review
American Journal of Multidisciplinary Research and Review
 
PPTX
Unguided-Transmission-Media-Wireless-Communication-Explained.pptx
OwaisShafi8
 
PDF
Role of Data & Analytics in Modern Shopify App Development.pdf
CartCoders
 
PPTX
WEEK 15.pptx WEEK 15.pptx WEEK 15.pptx WEEK 15.pptx
RayanRegalado
 
DOCX
Audio to Video AI Technology Revolutiona
zhsjsiushsossushksis
 
PDF
Cybersecurity: Understanding Threats, Attacks, and Protective Measures in the...
Riwaz Mahat
 
PPTX
IOT LECTURE IOT LECTURE IOT LECTURE IOT LECTURE
pratik695690
 
PDF
JuanConnect E-Wallet Guide for new users.pdf
reggiepongasi2
 
PDF
Tailieuhoctiengnhat.com__(N5) 1021 từ vựng tổng hợp.pdf
bonlu631
 
PPTX
Data Flows presentation hubspot crm.pptx
blamine1
 
PPTX
National-Historical-Commission-of-the-PhilippinesNHCP.pptx
atjrreyn
 
Black and White Modern Technology Presentation.pdf
DMP School
 
Toolkit of the MultiCloud DevOps Professional.pdf
DiarioMario
 
Introduction: Living in the IT ERA.pptx
joycecueva07
 
Expect The Impossiblesssssssssssssss.ppt
LAWRENCEJEREMYBRIONE
 
Basic_of_Computer_System.pptx class-8 com
skaur23305
 
Technical SEO Explained: How To Make Your Website Search-Friendly
cinzel communication llp
 
PORTFOLIO SAMPLE…….………………………………. …pptx
funmiajibola16
 
购买林肯大学毕业证|i20Lincoln成绩单GPA修改本科毕业证书购买学历认证
南昆士兰大学毕业证学历文凭如可办理【Q微号:1954 292 140】USQ成绩单
 
Cyber Bullying - How to deal with Cyber bullying pptx
AfnanAhmed71
 
B450721.pdf American Journal of Multidisciplinary Research and Review
American Journal of Multidisciplinary Research and Review
 
Unguided-Transmission-Media-Wireless-Communication-Explained.pptx
OwaisShafi8
 
Role of Data & Analytics in Modern Shopify App Development.pdf
CartCoders
 
WEEK 15.pptx WEEK 15.pptx WEEK 15.pptx WEEK 15.pptx
RayanRegalado
 
Audio to Video AI Technology Revolutiona
zhsjsiushsossushksis
 
Cybersecurity: Understanding Threats, Attacks, and Protective Measures in the...
Riwaz Mahat
 
IOT LECTURE IOT LECTURE IOT LECTURE IOT LECTURE
pratik695690
 
JuanConnect E-Wallet Guide for new users.pdf
reggiepongasi2
 
Tailieuhoctiengnhat.com__(N5) 1021 từ vựng tổng hợp.pdf
bonlu631
 
Data Flows presentation hubspot crm.pptx
blamine1
 
National-Historical-Commission-of-the-PhilippinesNHCP.pptx
atjrreyn
 

Open source cloud native security with threat mapper

  • 2. ThreatMapper protects the Cloud Native Continuum Where “Shift Left” ends, ThreatMapper takes over • DevOps: “It was fine when it was pushed to production” • AppSec: “I have no idea if it’s still secure” ThreatMapper reveals weaknesses in your attack surface Learn the topology and attack surface Discover components and infrastructure Supports multi-cloud, multi-modality apps Scan components and dependencies
  • 3. ThreatMapper tiers Learn the attack surface 1 Gather attack intel 2 ThreatMapper Open source Security Observability platform Discover Topology Locate Vulnerabilities Indicators of Compromise Build Threat Map Platform Compliance Resource Anomalies Indicators of Attack Additional ecosystem solutions 3 https://github.com/deepfence/ThreatMapper
  • 5. “Shift Left” secures code to production 84% Percentage of OSS codebases surveyed that had at least one vulnerability - Synopsis 2021 OSSRA IBM Systems Science Institute / Deepsource 18,351 Number of CVEs published in 2020 - NVD / MITRE.org 17,826 CVEs published in 2021 (up to Nov 2021) - NVD / MITRE.org > 50% OSS vulnerabilities rated “high” or “critical” - Whitesource SoOSV 2021 > 12,000 Software Supply Chain attacks - Sonatype SoSSC 2021 528 Average number of OSS dependencies in an enterprise application - Synopsis 2021 OSSRA
  • 6. “Shift Left” deals with half the problem Shift Left Secure Right Am I deploying secure code into production? Are my cloud and server platforms configured securely? Are my applications still secure? Are they under attack? How should I respond?
  • 7. “Shift Left” deals with half the problem Limitations of Shift Left • Not all vulnerabilities can be patched before code is deployed to production • 3rd-party resources may not be subject to the “Shift Left” security pipeline • Unknown vulnerabilities may be discovered after a component is deployed 120thousand 120k Apache webservers vulnerable to unlimited path traversal exploit - CVE-2021-41773, Oct 2021 143million Customer records compromised as a result of Apache Struts vulnerability - Equifax 96% 3rd-party container apps deployed contain known vulnerabilities - Unit 42 4years/12weeks 4 years: Time to discover 12 weeks: Time to remediate software vulnerabilities - GitHub Octoverse 2020 Shift Left responsibility ends when code goes into production
  • 8. In the past 12 months, what security incidents or issues related to containers and/or Kubernetes have you experienced? 94% of respondents experienced at least one security incident in their Kubernetes environments in the last 12 months
  • 9. Dev Devops AppSec Infrastructure-wide: 10,000+ potential vulnerabilities Per-host: 100+ potential vulnerabilities Per-container: 10+ potential vulnerabilities Dev/DevOps and AppSec are not aligned “We cannot prioritize long lists of theoretical vulnerabilities.” “Developers are slapdash and don’t make time for security concerns.”
  • 12. ThreatMapper Now • Released October 2021 • Apache2 License • https://github.com/deepfence/ThreatMapper Learn the attack surface 1 ThreatMapper Open source Security Observability platform Discover Topology Locate Vulnerabilities Build Threat Map Platform Compliance
  • 14. ThreatMapper - Next Steps Learn the attack surface 1 Gather attack intel 2 ThreatMapper Open source Security Observability platform Discover Topology Locate Vulnerabilities Indicators of Compromise Build Threat Map Indicators of Attack Platform Compliance Resource Anomalies
  • 15. Indicators of Attack ‘Indicators of Attack’ are precursors to ‘Indicators of Compromise’ • Deepfence uses eBPF probes to capture all required network traffic from all nodes • Traffic is matched against threat rules to identify reconnaissance, exploit, command-and-control and exfiltration activities Indicators of Attack Other solutions may say: Deepfence’ Indicators of Attack provide more insights We gather network traffic stats to identify anomalies Flow, Bandwidth and Connection counts are L4 data (“resource anomalies”). They are not equivalent to Deepfence’ L7 Indicators of Attack We capture traffic from Web Application Firewalls to get indicators of attack This only captures blocked traffic from the edge, using performance-reducing proxy. Deepfence is not proxy-based and captures all traffic from all locations We instrument Istio Mesh / Envoy to capture N/S and/or E/W network traffic This relies on support from a service mesh or other proxy-based technology. Deepfence works with all Mesh sidecars and in all non-mesh environments. We use eBPF to gather attack information eBPF for process or file anomalies eBPF for network traffic (Deepfence) == Indicator of Compromise == Indicator of Attack Indicators of Compromise
  • 16. ThreatMapper - Ecosystem Learn the attack surface 1 Gather attack intel 2 ThreatMapper Open source Security Observability platform Discover Topology Locate Vulnerabilities Indicators of Compromise Build Threat Map Platform Compliance Resource Anomalies Indicators of Attack Additional ecosystem solutions 3
  • 17. Deepfence Roadmap Learn the attack surface 1 Gather attack intel 2 Understand and respond 3 Deepfence ThreatMapper Open source Vulnerability Scanning Compliance, Sensors Platform API Deepfence ThreatStryker Ecosystem add-on Correlation and Protection API integration Deepfence ThreatMapper Open source Vulnerability Scanning Deepfence ThreatStryker Commercial, closed source Compliance, Sensors Correlation and Protection October 13, 2021 Open source ThreatMapper initial release Q4 2021 / Q1 2022 Open source ThreatMapper security observability platform Present (November 2021) Future (3-6 months)
  • 19. Getting ThreatMapper GitHub https://github.com/deepfence/ThreatMapper Find us on Slack $ wget https://github.com/deepfence/ThreatMapper/raw/master/deployment-scripts/docker-compose.yml $ docker-compose -f docker-compose.yml up –d
  • 20. Shift Left. Secure Right. deepfence.io github.com/deepfence/ThreatMapper