How Deepfence’s Lightweight Sensors Work
Deepfence’s lightweight sensors gather data and telemetry and forward this to the Deepfence Console for analysis.
Vulnerability Scans
Query the host and running applications and containers for operating system and language dependencies. Dependency identifiers are submitted to the Deepfence Console for matching against vulnerability feeds. Vulnerability scans can be executed when a host registers with the Console, on a schedule or on-demand.
Compliance Checks
Query the host for local and network configuration, using a set of carefully curated OpenSCAP policies based on industry and community standard sources. Compliance Checking tests are run on-demand on each host.
Sensor Installation
Configure local sensors for process integrity, file system integrity, and network deep packet inspection (DPI) capture. Sensors are implemented by standard kernel features (fsnotify, eBPF, proc); no additional kernel modules are required. Sensor data is captured locally, pre-filtered, and then forwarded to the Console for reassembly, classification, and processing.
Deepfence goes beyond an agentless approach which fails to provide the deep visibility required, and avoids heavyweight, stateful agents that impact performance. Deepfence’s approach minimizes load on production infrastructure by performing the necessary inspection and processing on a separate Console.
