The 1st Continuous Observability Platform for Security & Compliance

DeepFactor uses ONE COMMAND—DFCTL—to observe ANY WORKLOAD without changing the code or build scripts. Simply run your app with this command and start seeing telemetry. You can run dfctl during dev, test, staging, pre-prod, or even prod.

Without additional effort, developers can automatically observe BILLIONS of live application telemetry events across 170+ parameters occurring in every thread/process of the application in traditional apps or containers/ Kubernetes/ Docker apps to identify and triage security and compliance risks across various layers of the application stack—system calls, library calls, and network, web, API, and configuration layers—within the DevOps pipeline.

DeepFactor is an industry-first Continuous Observability platform for security and compliance that automatically observes ACTUAL application behavior at RUNTIME to detect anomalies or ‘needles in the haystack’ and prioritize alerts.

Dfctl sends the billions of app events to the DeepFactor portal. This telemetry is analyzed, metrics are identified, and anomalies detected.

The DeepFactor portal includes the backend for collecting and analyzing telemetry, as well as the management portal UI. This can be setup in both cloud or on-premises. AWS and VMware environments are supported today.

DeepFactor’s portal has a fully integrated headless OWASP ZAP scanner, which is a great complement to any observability platform. Scans can be kicked off with zero setup and can greatly enhance applications’ code coverage, and augment DeepFactor’s telemetry and insights. In addition, DeepFactor also passes in the observed URIs back to the ZAP scanner and increases scan coverage.

DeepFactor's security and compliance insights are presented with actionable evidence such as stack traces, metrics, and more. Insights are grouped into 4 modules:

Code Execution Risks: risks in process, memory, filesystem, and network behaviors determined by observing system and library calls
Runtime use of Vulnerable Dependencies: prioritized list of vulnerable dependencies based on actual runtime usage and relevance, down to the function call level, to augment SCA tools & reduce alert fatigue
AppSec Compliance: deviations from expected app behaviors defined by policies specified by AppSec team
OWASP Scan Results (Web & API): results of built-in headless OWASP ZAP DAST Scanner

DeepFactor allows you to prioritize alerts by accepting default DeepFactor priorities or customizing alert priorities. The Appsec and Engineering teams have the ability to add comments and share alert details, evidence, information, and metrics. Additionally:

Automatically file JIRAs from the alert
Automatically notify Engineering teams via Slack or other tools
Configure custom policies

Similar to how ‘Infrastructure-as-Code’ enables DevOps engineers to orchestrate infrastructure using scripts, DeepFactor’s Observability-as-Code API enables DevSecOps engineers to leverage observability functionality in their CI pipeline and gate builds based on the security and compliance insights gathered by DeepFactor’s Continuous Observability platform.

DeepFactor’s Observability-as-Code API is available as a Swagger doc and enables customers to do the following:

Run your app with DeepFactor using the dfctl command
Get the list of insights determined by DeepFactor
Gate releases based on DeepFactor’s insights
Trigger headless OWASP ZAP scans

The DeepFactor portal also provides a centralized management and reporting interface to your SaaS or self-hosted deployment. DeepFactor comes with pre-packaged integrations with popular developer tools such as Jira, Jenkins, Slack, GitHub, and more so you can start integrating your favorite tools right away.

Observe ACTUAL app behavior at RUNTIME, detect anomalies, and identify security and compliance risks BEFORE production.

1. SOFTWARE BILL OF MATERIALS (SBOM)

Catalog of all dependencies—including open source and 3rd party—and OS packages used by the app, along with licensing information and runtime metrics such as processes, ports, files, and network connections; value-add for SOC2/other compliance processes.

2. SYSTEM CALL RISKS

3. BEHAVIOR VIOLATIONS

4. OWASP ZAP SCAN RESULTS (WEB)

5. API SCAN

6. DYNAMIC DEPENDENCY ANALYSIS

7. VULNERABLE OS PACKAGES

You can ship secure code without sacrificing productivity or drowning in alert fatigue!

Find and triage RUNTIME Security, Privacy, and Compliance risks within the Continuous Integration (CI) pipeline with one command and no code changes
Instantly pinpoint root cause and remediate runtime risks 'at the source' before shipping to production
Automatically observe millions of application telemetry events and detect anomalies
Receive low-volume, high-fidelity alerts with actionable evidence, such as stack traces and metrics
Compare the behavior of one version to another

You can accelerate productivity and decrease mean-time-to-remediate (MTTR) security and compliance risks pre-production!

Establish a ‘security first’ culture
Quick adoption via purpose-built tool designed by developers for developers and their leadership team
Leverage the Observability-as-Code API to integrate with any CI pipeline, including CircleCI, CloudBees, GitLab, GitHub, Jenkins, and more
Use with any workload from traditional/non-container to container/Kubernetes/Docker applications
Centralize management and reporting

Start Left and Secure at the Source

With Continuous Observability, find and triage potential security & compliance risks BEFORE they reach production.

Turn Developers into AppSec Champions