Map the attack surface of your applications.
Discover and rank vulnerabilities.
Find out what to fix first.
You can’t secure what you can’t see. ThreatMapper auto-discovers your production infrastructure. It identifies and interrogates cloud instances, Kubernetes nodes, and serverless resources, discovering the applications and containers and mapping their topology in real time. Use ThreatMapper to discover and visualize the external and internal attack surface for your applications and infrastructure.
Exploiting known vulnerabilities in common dependencies is one of the easiest ways for bad actors to gain a foothold within your infrastructure. ThreatMapper scans hosts, containers, and applications for known vulnerable dependencies, taking threat feeds from over 50 different sources. ThreatMapper augments any “shift left” scanning you do in your production pipeline, and scans third-party components such as monitoring, security, and load-balancing tools. ThreatMapper will identify fresh vulnerabilities in production that were not known at build or deploy time.
More than 18,000 new vulnerabilities are published each year by the National Vulnerability Database, and thousands of additional vulnerabilities come from other sources. It’s challenging to keep on top of a fast-moving security landscape. ThreatMapper ranks the discovered vulnerabilities based on CVSS and other severity signals, as well as their exploit method and proximity to your external attack surface. With ThreatMapper, you know what vulnerabilities pose the greatest threats, and what you must fix first.
Modern applications and microservices rely heavily on shared, open source components. This makes security a community effort. That’s one of the reasons why we make all of ThreatMapper’s features freely available to all under the Apache 2.0 license.
Scan build artifacts for vulnerabilities during Continuous Integration
Scan container registries for vulnerable containers before deployment
Scan production environments for host, container, and application vulnerabilities
Real-time discovery and visualization of applications in production
Topology mapping for interconnected, microservice applications
Continuous scanning of production to identify newly-published vulnerabilities
Classification of vulnerabilities based on CVSS scores
Ranking of vulnerabilities based on exploitability and proximity to attack surface
Single-page view of “What to Fix First” to reduce exposure to risk-of-exploit quickly
CI/CD integration to raise build failures to Development
Fine-grained production notification, supporting multiple apps and teams
Support for Slack, PagerDuty, Teams, Jira, Splunk, ElasticSearch, SumoLogic, and more
Scan hosts and containers to identify opportunities to harden configuration and security
Evaluate compliance against community and industry standard benchmarks
Capture and archive selected network traffic, decrypting TLS, for offline analysis
Capture “Indicators of Compromise” process and filesystem events from hosts and containers
If you’re looking for real-time security tools, Deepfence’s ThreatStryker is a fully-supported version of ThreatMapper that adds runtime telemetry and a sophisticated correlation engine that observes activity in your application in real time and detects emerging threats and attacks. Our future roadmap will move the real-time sensor and telemetry into ThreatMapper (open source), and ThreatStryker will be refactored into a separate real-time threat management tool.