ThreatMapper provides detailed security insights into the vulnerable dependencies, configuration, and runtime behavior of your applications and production environment. ThreatStryker adds to these capabilities, enabling you to also install security policy modules to identify and block network traffic.
Deepfence achieves this using lightweight sensors on each host (Kubernetes node, Docker host, bare metal, VM, or serverless instance).
Deepfence’s lightweight sensors gather data and telemetry and forward this to the Deepfence Console for analysis.
Query the host and running applications and containers for operating system and language dependencies. Dependency identifiers are submitted to the Deepfence Console for matching against vulnerability feeds. Vulnerability scans can be executed when a host registers with the Console, on a schedule or on-demand.
Query the host for local and network configuration, using a set of carefully curated OpenSCAP policies based on industry and community standard sources. Compliance Checking tests are run on-demand on each host.
Configure local sensors for process integrity, file system integrity, and network deep packet inspection (DPI) capture. Sensors are implemented by standard kernel features (fsnotify, eBPF, proc); no additional kernel modules are required. Sensor data is captured locally, pre-filtered, and then forwarded to the Console for reassembly, classification, and processing.
Deepfence goes beyond an agentless approach which fails to provide the deep visibility required, and avoids heavyweight, stateful agents that impact performance. Deepfence’s approach minimizes load on production infrastructure by performing the necessary inspection and processing on a separate Console.
Lightweight to minimize impact on production infrastructure
On-host sensors for deep visibility into dependencies and activity
Secure host-to-console communications ensure data remains private
Sensors support a wide range of deployment options
Sensors are deployed as a daemonset, a common pattern for log, metrics, monitoring, and security services that run alongside Kubernetes workloads in a non-intrusive manner.
Sensors are deployed as a Docker container on each Docker host.
Agents are deployed as a Docker container on each Linux operating system instance using a Docker runtime.
Deepfence supports AWS Fargate, where sensors are deployed as a daemon service alongside each serverless instance.