AppSec Challenges Deepfactor Addresses


Starting left to right, Deepfactor helps address five use cases for enterprise customers looking to solve their application security problems.

On the left, starting with the bill of materials, the number one use case is, I am as a customer and selling my product into federal government, and I want to generate a bill of materials. I want to create those bill of materials in CycloneDX or SPDX formats. I want to tag them based on the version of my applications, I want to integrate that into my CI pipeline.

Deepfactor solves that use case for some of the large enterprise customers and helps these enterprises meet the Presidential Executive Order around bill of materials and supply chain security.

The second use case that Deepfactor commonly helps address is software composition analysis. The ability to scan containers for vulnerabilities as well as license violations during the development and testing phases, integrated into the CI pipeline, detecting these vulnerabilities as well as policy violations during the CI pipeline, and alerting the user, and possibly even getting the bills for that user.

These two use cases can be solved by the Deepfactor scanner tools or Deepfactor’s runtime engine. If a customer is using Deepfactor for other use cases that are runtime oriented, then they can use Deepfactor in combination with other scanner tools, such as Snyk, or Sonatype, or Mend security, et cetera. Deepfactor can co-exist with those tools.

The third use case, which is really unique to Deepfactor, is the ability to perform runtime software composition analysis. Now, this has two parts. Number one is the ability to scan containers, especially if you’re running in Kubernetes environments. As the pods are being spun up in Kubernetes, the ability to scan them for software composition analysis and container scan type scans to determine vulnerabilities, as well as license violations and generate bill of materials at scan time. This is useful for those containers that may not be part of your CI pipeline on the left.

The second important thing that falls under the umbrella of runtime software composition analysis is the ability to correlate the vulnerabilities that have been discovered at scan time, and be able to overlay on top of them which of those vulnerable components are actually being used at runtime. This enables customers to prioritize the vulnerabilities that have been discovered at scan time, and for example, be able to say something like, “Hey, look, I have 500 components that are vulnerable across my container images, but only 25 of them are loaded into memory and used at runtime. Therefore, I’m going to go prioritize fixing them first.”

This results in a much lower volume of alerts being shown back to your developers, significantly improving the chances of success of the DevSecOps programs and your developers taking AppSec feedback seriously.

As you follow the journey of the artifact along to the right, the next use case that Deepfactor really helps customers address is analysis of running applications and containers during dev and test to discover potential vulnerabilities or insecure behaviors that may not yet be known vulnerabilities. For example, if your application is reaching out to certain unwanted geographies, or if some third party code within your application that your developer accidentally brought in is touching certain parts of the file system, or scheduling CRON jobs, or launching shell processes, these are all behaviors that would be great to catch during dev and test stages, before your application goes into production.

This type of runtime analysis can help you detect issues or security behaviors that sometimes may get missed by SAST, or software composition analysis, or container scanning tools on the left, because they can only be identified by totally analyzing every process of your application as it is running in your dev and test, and possibly production environment as well.

Now, as you follow the journey of the artifact in through to production, Deepfactor’s use case in production is standard container runtime security that falls under the umbrella of CWPP, according to Gartner’s classification, the top right half of the CNAPP Gartner bucket. This allows Deepfactor to determine insecure behaviors, detect insecure network behaviors, file system, memory process, et cetera, behaviors as the applications are running in production, both from the point of view of catching malicious factors, as well as from the point of view of staying compliant with standards like SOC2 type two, et cetera.

The beautiful thing about use cases 3-5, is that you don’t need multiple different agents or multiple different approaches to gather the same set of results. You simply launch the Deepfactor’s tiny little library into your application processes, or use the Kubernetes web hook and Deepfactor if you’re using Kubernetes, and the same one integrated library or agent can help you solve the use cases three, four, and five together, saving you a lot of time as well as a lot of management footprint.