News, news analysis, and commentary on the latest trends in cybersecurity technology.
ThreatMapper Updated With New Scanning Tools
ThreatMapper 1.3.0 features secret scanning and the ability to enumerate a software bill of materials at runtime to help secure serverless, Kubernetes, container, and multicloud environments.
The latest version of ThreatMapper, an open source security observability platform, now comes with a tool to scan for secrets in production workloads and maintain a runtime software bill of materials, says Deepfence, the company maintaining the tool.
ThreatMapper is a cloud-native tool security teams can use to scan, map, and rank vulnerabilities and other potential security issues in serverless, Kubernetes, container, and multicloud environments. Deepfence released ThreatMapper as an open source tool last October.
In the latest update, Deepfence added the popular SecretScanner tool to ThreatMapper to scan production workloads and container images in registries and report whether any sensitive secrets – such as API keys, passwords, encryption keys, authentication tokens, and other sensitive credentials – have been left behind. SecretScanner can look for over 140 different secret types, Deepfence says. With this capability, security teams get a complete list of all sensitive secrets exposed in the production environment. SecretScanner can be accessed through the ThreatMapper user interface as well as the API.
ThreatMapper 1.3.0 also now has the ability to enumerate a software bill of materials at runtime. By looking at what is actually running in production environments – packages, processes, and other activities – users would be able to detect whether anything new has been added without their awareness.
Read more about the new features in ThreatMapper 1.3.0 from Deepfence.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024