Eliminate blind spots
Modern applications are highly distributed and constantly changing. Every microservice extends the attack surface. ThreatMapper captures and correlates telemetry from applications and the network, and ThreatStryker provides insights into evolving attack behavior.
ThreatStryker uses the Cyber Kill Chain to model the progress of potential attack, from Reconnaissance to Exfiltration, and assigns a risk measurement to attack events. ThreatStryker raises notifications, and can also perform automated actions once a suspected attack reaches a threshold in the Kill Chain.
The sources of identified bad network traffic can be automatically detected and firewalled, using the local networking tools (Kubernetes CNI, eBPF). ThreatStryker can block specific sources, external or internal, in order to neutralize an attack and prevent lateral spread.
ThreatStryker correlates network activity and on-host events (file and process integrity) to judge whether or not a host or container is tainted. ThreatStryker can then execute corresponding quarantine actions to isolate, terminate, or restart the workload.
Many attacks build up over a long period of time. An attacker may compromise one service or workload, and explore to find other targets. ThreatStryker archives suspicious behavior over long periods of time to build a picture of the increasing risk, and provide information for forensic investigation.
ThreatMapper can scan artifacts in your registries, including Docker, DockerHub, AWS ECR, Azure, GCR, Red Hat Quay, and JFrog. Perform a final check on containers, pods, and third-party applications before they are deployed to production.
ThreatMapper can be embedded into your CI pipeline, inspecting artifacts at build time and blocking the build if they fail to meet your vulnerability requirements.
Stay one step ahead of attackers with Deepfence.