Open Source and Enterprise Cloud Security Solutions

Open Source CNAPP

Enterprise CNAPP for Runtime Protection

Compare Open Source and Enterprise Versions

Online ThreatStryker Demo

Deepfence Cloud Security Solutions

More Observability, More Insights, Better Security

Protect Production Kubernetes Workloads

100% Open Source Cloud Security Solutions

Categorize and Prioritize Vulnerabilities

Deploy in AWS Fargate with Confidence

Protect and Isolate Workloads

Identify Weak Infrastructure Configuration

Maintain Control of Fast-Moving Containers

Thousands of security practitioners use Deepfence

Runtime protection like never before

The future of cloud protection

Unparalleled security insights

Cloud, network and application context

System and Organization Controls (SOC) 2 Type 2

Explore Community Resources and Support

Explore our library of videos, collateral and more

Documentation resources and support

Get support for ThreatMapper or ThreatStryker

The latest news and blogs on cloud security

The latest news and press

See our job openings

Learn more about us and our team

Get in touch

‍
‍

With over 4,000 stars on Github, the ThreatMapper CNAPP hunts for threats in your production platforms, and ranks these threats based on their risk-of-exploit. It uncovers vulnerable software components, exposed secrets and deviations from good security practice. It uses a combination of agent-based inspection and agentless monitoring to provide the widest possible coverage to detect threats.

SecretScanner can find unprotected secrets in container images or file systems. SecretScanner is included in ThreatMapper and also as a standalone tool that retrieves and searches container and host file systems, matching the contents against a database of approximately 140 secret types.

PacketStreamer is a high-performance remote packet capture and collection tool. It is used by Deepfences ThreatStryker security observability platform to gather network traffic on demand from cloud workloads for forensic analysis.

FlowMeter classifies packets and flows as benign or malicious with high true positives (TP) and low false positives (FP). Use the labeled data to reduce amount of traffic requiring deeper analysis. Additionally it categorizes packets into flows and shows a rich ensemble of flow data and statistics.

YaraHunter scans container images, running Docker containers, and file systems to find indicators of malware. It uses a YARA ruleset to identify resources that match known malware signatures, and may indicate that the container or filesystem has been compromised.

eBPFGuard is a library for managing Linux security policies. It is based on LSM hooks, but without necessity to write any kernel modules or eBPF programs directly. It allows to write policies in Rust (or YAML) in user space. Its based on eBPF and Aya library, but takes away the need to use them directly.