The Customer: Flexport

Flexport is on a mission to make global trade easy and accessible for everyone. That’s why they built the Flexport Platform for global logistics—a cloud software and data analytics platform that empowers buyers, sellers, and their logistics partners with the technology and services they need. Today, more than 10,000 leading brands rely on Flexport as their Operating System for Global Trade. Securing this global, always-on supply chain technology platform from potential threats is critically important and is the charter of Flexport’s security team.


We were looking for a security solution that would help us perform
runtime analysis on internal and external application traffic patterns,
so we looked for tools to add to our arsenal and we were
very impressed by the feature set that Deepfence offers.”

– Kevin Page, CISO

Flexport Logo
ThreatStryker vulnerability detection

The Challenge

Flexport’s CISO, Kevin Paige, was looking to augment their existing security toolset to help them achieve full lifecycle security observability across their growing AWS environment, from vulnerability scanning through runtime network protection. Flexport had an existing vulnerability scanning tool, but was looking for an alternate solution that could better support their Ruby stack. And for runtime protection, Flexport needed a security solution that could help them perform traffic analysis on both their east-west and north-south boundaries. Their infrastructure was growing, and over time would continue to become even larger and more distributed. Being able to understand what is flowing in their infrastructure and applications as their business scaled was very important. 


Deepfence is lightweight, scales well, and is the only
solution that protects the entire cloud native continuum
of Kubernetes, virtual machines, and serverless.”

– Kevin Page, CISO

Flexport Logo

The Solution

Flexport chose Deepfence ThreatStryker due to the ability to perform Deep Packet Inspection of inter-container and inter-virtual machine traffic without adding latency to their data path. Deepfence provides Flexport with vulnerability managementdeep packet inspection of both north-south and east-west network traffic and a real-time correlation engine that matches the threat map with real-time telemetry. Flexport’s Deepfence deployment consists of two main components: the Deepfence console, which is deployed on-premises so that sensitive application data never needs to leave their secured perimeter, and lightweight sensors, which are deployed as microservices across their production AWS environment to gather data and telemetry. The sensors then forward this information to the console for analysis and visibility. 

malicious network and host alerts with ThreatStryker
ThreatStryker runtime alert classes

The Results

Flexport’s infrastructure consists of several hundred servers spread across various AWS accounts and different regions. With Deepfence, Flexport is able to get a simple and easy-to-use UI to view their security posture across all of their infrastructure. In addition, they can drill down and see as many details as they need, including visibility into their Kubernetes clusters, running containers, pods, resource usage patterns for their servers, and more with just a few clicks. This means that Flexport’s security team can use Deepfence to secure their infrastructure and support approximately 800 megabits per second of live traffic, and even more as business continues to scale. Plus, they no longer need to deploy separate tools for vulnerability scanning and runtime network protection because Deepfence provides both capabilities within a single platform.

Looking to get started with open source ThreatMapper?

ThreatStryker is built on the open source security observability platform, ThreatMapper. It’s easy to get started with ThreatMapper on GitHub. Or you can learn more and compare products to find out which one is right for you.

Ready to see ThreatStryker?