ThreatMapper Integrates Steampipe to Enhance Security Observability

ThreatMapper Integrates Steampipe to Enhance Security Observability
August 16, 2022
Author:

Editor's Note: This post originally appeared on Steampipe's blog. Deepfence is excited that two of the fastest growing open source projects, ThreatMapper and Steampipe, were able to partner together to offer deep observability for the open source community's cloud native environments. By bringing compliance and security risk into a unified platform with our ThreatMapper 1.4 release, we hope to create a common framework by which security and compliance professionals can come together and holistically address risk throughout the enterprise. We are excited about this release and collaborating together in the future!

Deepfence's ThreatMapper has released an update that enables users to inventory cloud assets and check for compliance with standards supported by Steampipe. Open source users from both communities saw an opportunity to integrate compliance checks with threat mapping and security risk assessment. They contributed a core integration with Steampipe, and Deepfence added UI elements to help users prioritize remediation efforts.

"ThreatMapper is an open-source platform that provides enhanced security observability across multiple cloud environments, and enumerates runtime attack paths," says co-founder and CTO Shyam Krishnaswamy. "Its scanners work across the entire build and deployment lifecycle to check infrastructure and application images, for vulnerabilities, exposed secrets, malware and compliance misconfigurations."

ThreatMapper deploys into customers' cloud environments using Terraform scripts that can now deploy Steampipe in an AWS ECS task runner, or its equivalent for other clouds. Once deployed, customers use Steampipe to continuously run standard benchmarks that check their entire cloud infrastructure for misconfiguration. ThreatMapper enhances Steampipe results by prioritizing issues so users can focus on those that require immediate attention.

ThreatMapper initially evaluated the compliance-checking tools from the OpenSCAP foundation. Users can run these tools against individual hosts, but not their entire cloud infrastructure. By leveraging Steampipe, ThreatMapper now broadens its scope beyond the host layer to encompass cloud asset inventory and compliance checks.

Deepfence has often been asked in their community support forums to support a variety of compliance standards, most commonly PCI, CIS, FedRAMP and SOC2. Steampipe’s broad coverage of cloud compliance standards meets the need. "Everything our users ask for," says Krishnaswamy, "Steampipe already provides."

We are delighted that community insights and contributions drove this integration, and we look forward to continuing collaboration between the two projects.