Observe attack behavior.
Stay ahead of attackers and neutralize zero-day attacks.
Deepfence ThreatStryker discovers all running containers, processes, and online hosts, and presents a live and interactive color-coded view of the topology. It audits containers and hosts to detect vulnerable components, and interrogates configuration to identify file system, process, and network related misconfigurations. ThreatStryker assesses compliance using industry and community standard benchmarks.
ThreatStryker performs deep inspection of network traffic, system, and application behavior, and accumulates suspicious events over time. Events are classified and correlated against known vulnerabilities and suspicious patterns of behavior, in order to detect active threats with minimal false positives.
When suspicious patterns of behavior are detected, the intent of the behavior is deduced and ThreatStryker takes appropriate and contained remedial action. Tainted workloads are deleted, frozen, or restarted, sources of attack traffic are temporarily or permanently blocked, and alerts are raised to SIEM and monitoring systems. Attackers are stopped in their tracks, attacks are neutralized, and lateral spread is prevented.
ThreatStryker is built on the Deepfence ThreatMapper open source security observability platform. ThreatStryker extends ThreatMapper with a real-time correlation engine that matches the threat map with real-time telemetry. The correlation engine can identify attacks in progress and ThreatStryker will then deploy mitigations to neutralize attacks and prevent lateral spread.
ThreatStryker is built on the open source security observability platform, ThreatMapper. It’s easy to get started with ThreatMapper on GitHub. Or you can learn more and compare products to find out which one is right for you.