































Map threats.
Observe attack behavior.
Stay ahead of attackers and neutralize zero-day attacks.
Deepfence ThreatStryker discovers all running containers, processes, and online hosts, and presents a live and interactive color-coded view of the topology. It audits containers and hosts to detect vulnerable components, and interrogates configuration to identify file system, process, and network related misconfigurations. ThreatStryker assesses compliance using industry and community standard benchmarks.
ThreatStryker performs deep inspection of network traffic, system, and application behavior, and accumulates suspicious events over time. Events are classified and correlated against known vulnerabilities and suspicious patterns of behavior, in order to detect active threats with minimal false positives.
When suspicious patterns of behavior are detected, the intent of the behavior is deduced and ThreatStryker takes appropriate and contained remedial action. Tainted workloads are deleted, frozen, or restarted, sources of attack traffic are temporarily or permanently blocked, and alerts are raised to SIEM and monitoring systems. Attackers are stopped in their tracks, attacks are neutralized, and lateral spread is prevented.
ThreatStryker is built on the Deepfence ThreatMapper open source security observability platform. ThreatStryker extends ThreatMapper with a real-time correlation engine that matches the threat map with real-time telemetry. The correlation engine can identify attacks in progress and ThreatStryker will then deploy mitigations to neutralize attacks and prevent lateral spread.
Scan build artifacts for vulnerabilities during Continuous Integration
Scan container registries for vulnerable containers before deployment
Scan production environments for host, container and application vulnerabilities
Capture selected network traffic, decrypting TLS, to identify “Signals of Attack”
Capture “Indicators of Compromise” process and filesystem events from hosts and containers
Classify traffic and events against threat feeds and attack models
Scan hosts and containers to identify opportunities to harden configuration and security
Evaluate compliance against community and industry standard benchmarks
Automatic quarantine of compromised workloads in event of compromise
Automatic, targeted firewalling of attack traffic in event of signals of attack
Fine-grained control based on attacker behavior and compliance policies
Classification of vulnerabilities based on CVSS scores
Ranking of vulnerabilities based on exploitability and proximity to attack surface
Single-page view of “What to Fix First” to reduce exposure to risk-of-exploit quickly
CI/CD Integration to raise build failures to Development
Fine-grained production notification, supporting multiple apps and teams
Support for Slack, PagerDuty, Teams, Jira, Splunk, ElasticSearch, SumoLogic, and more
Real-time discovery and visualization of applications in production
Topology mapping for interconnected, microservice applications
Continuous scanning of production to identify newly-published vulnerabilities
Advanced correlation engine to identify attack attempts in-progress
Cyber-Kill-Chain modeling of attack, from recon through spread to exfiltration
Forensic analysis of signals and indicators across long time windows
ThreatStryker is built on the open source security observability platform, ThreatMapper. It’s easy to get started with ThreatMapper on GitHub. Or you can learn more and compare products to find out which one is right for you.