We are pleased to announce the release of Deepfence ThreatMapper 1.2.0, which offers significant feature upgrades since the first open source release in October 2021. ThreatMapper 1.2.0 adds the following capabilities:
This major release also includes plenty of community-inspired performance improvements and bugfixes, better support for Kubernetes and containerd hosted workloads, better registry scanning, improved report generation, and UI enhancements.
Since the open source release, the ThreatMapper project has grown to more than 1,000 stars on GitHub, seen 10,000’s of pulls from DockerHub, and has been instrumental in assisting users to identify vulnerable components, such as log4j instances, in their running applications. It’s scanned for vulnerabilities in diverse environments, including workloads running on a Raspberry Pi!
ThreatMapper’s primary purpose is to help you identify the key security vulnerabilities that need to be addressed first in your production applications because they present the greatest security risk. This latest release includes considerable enhancements that enable you do just that.
It is relatively easy to find services that directly face the internet by looking at VPC and security groups, but it’s much harder to find vulnerable services that are further downstream, behind proxies and indirectly receiving potentially malicious traffic. ThreatMapper helps find all these hidden attack paths by continuously correlating vulnerabilities with network traffic.
ThreatMapper’s new Attack Path Visualization displays the top most critical vulnerabilities in a single graphic, illustrating the potential route an external attacker might follow to locate and exploit these issues:
This visualization illustrates the potential attack route to exploit these vulnerabilities. You can respond with immediate action, such as securing application traffic with a Web Application Firewall, to limit the exposure, while your developers work on updating, testing, and redeploying the vulnerable applications.
ThreatMapper’s Most Exploitable Vulnerabilities calculation considers a variety of important characteristics about the discovered vulnerabilities in order to rank them based on their ease of exploitation - including severities of affected vulnerabilities, attack vectors, proximity to the external attack surface, and more. The 1.2.0 release brings enhancements to this calculation to place even greater weight on network accessibility and the presence of live network connections to the affected workloads, alongside other heuristics, in order to give a more representative assessment of the relative risks of high-severity vulnerabilities.
With capabilities added from our enterprise ThreatStryker product, ThreatMapper now fully supports AWS Fargate workloads. ThreatMapper consists of two components – a management console and a series of sensors that you deploy to your production platforms. In an AWS Fargate environment, ThreatMapper sensor agents are deployed as a sidecar container, using a task definition, and they automatically register with your ThreatMapper Management Console.
With this capability, you can monitor a broad application estate, both spanning multiple cloud and deployment environments, and multiple cloud modalities - containers, serverless, bare metal, and virtual machines.
We’ve added support for Google Chronicle to the range of notification, SIEM, and ticketing integrations in ThreatMapper. Google Chronicle is emerging as a common alternative to Splunk, Elasticsearch, and Sumo Logic. ThreatMapper can push the results of vulnerability scans and the audit logs of user activities to Google Chronicle for offline analysis and action.
Open source software doesn’t happen without an active open source community backing it. We are delighted that the 1.2.0 release features a community contribution to add ARM support for ThreatMapper sensors, which opens up security observability and threat mapping for both IoT and Edge use cases.
We’d love to give a shout out to community member armorvx for adapting the ThreatMapper sensor for ARM and proving it out by running the sensor on a Raspberry Pi!
In ThreatMapper 1.2.0, you’ll also see:
We’re excited about all the new features now available in ThreatMapper, and are very thankful for all the contributions and support from the growing open source ThreatMapper community.
Here are some resources to learn more and try it out:
Deepfence is dedicated to helping organizations secure their infrastructure and applications across the cloud native continuum. ThreatMapper open source scans, maps, and ranks vulnerabilities in running containers, images, hosts, and repositories. ThreatStryker elevates these capabilities by providing runtime attack analysis, threat assessment, and targeted protection.
Interested in learning more? Schedule a consultation with one of our security experts today.
.png)
