Deepfence is targeting the container security space with a platform that can mimic a container to diffuse an attack at runtime and in production.
Sandeep Lahane, CEO and co-founder of Deepfence, explained the company’s platform uses a combination of rules and artificial intelligence (AI). These are combined into what it calls its Semantic Patching technology, and provide the protection scheme for a container runtime.
On the system side, Deepfence sits closer to the workloads, which allows it to have a better view into the traffic, file, and process activities inside the container.
This technology is deployed as a “lightweight sidecar container” that runs as a deployed container. This allows customers to deploy and orchestrate the product as a container alongside their production containers. Lahane said the platform does not rely on third-party kernel modules, manual behavior modeling, or user-defined rules and policies. Deepfence basically runs as a microservice that allows it to passively “sniff” network traffic.
“We fit alongside workloads, looking at what comes in and what goes out,” Lahane said. “We also look at what changes on every host and container and can link suspicious events using AI.”
Scalability can be handled through various container orchestrators. These include Docker, Kubernetes, Amazon EC2, and Microsoft Azure. Lahane said this allows customers to deploy Deepfence using channels they are already familiar with.
“We are a pure play security solution, from a customer point of view it is just one more container which looks after their containers,” Lahane said. “Deepfence is deployed as a container is deployed and orchestrated just as their workloads are orchestrated.”
Lahane said the platform is targeted specifically on applications running in a container environment as opposed to a broader view. He noted that the established container infrastructure providers like Amazon, Microsoft, and Google have solid security foundations for security.
“We believe that infrastructure providers have those other solutions like policy and RBAC [role-based access control] covered,” Lahane said. “We are just looking at the application side.”
Deepfence is different from policy-based container security platforms that Lahane said are great for helping to “reduce the blast radius,” or in containing a bad container. “They are really good at preventing containers from talking to other containers,” he said.
“We are focused on diffusing the bomb before it explodes,” Lahane said. “We are a prevention center for containers.”
Deepfence was founded in 2016, and is backed by IDG Ventures.