One of the first companies dedicated to enhancing the security of containers was Twistlock, a San Francisco-based company named after a piece of equipment used to secure shipping containers.
When Twistlock came out of stealth mode in 2015, the product let container users:
- Monitor static container images and runtime container applications to identify risks.
- Specify security baselines to ensure a container host has been hardened and containerized applications meets certain quality and security standards before they can be pushed into production.
Since then the container landscape has changed dramatically, and many other companies — and particularly container pioneers Docker and CoreOS — have security offerings of their own. So it’s perhaps not surprising that Twistlock has been driving its technology forward, and recently the company upped the ante by releasing version 2.1 of its security product.
So what’s new?
Twistlock 2.1 introduces a Cloud Native App Firewall, or CNAF for short. Twistlock 2.1’s CNAF is designed to protect users’ applications with little manual interaction, in what Twistlock calls a “software-defined” manner. And all without having to make any changes to container images, running containers, or container infrastructure, according to the company.
“Twistlock can dynamically learn where to apply these filters, transparently filter application traffic against common attack patterns like SQL injection and cross-site scripting, transparently block requests from malicious endpoints, and ensure that only safe traffic reaches an organization’s app, all without having to configure external devices or ever enter an IP address,” the company claims.
Twistlock 2.1 also introduces a feature called Vulnerability Explorer, giving users a stack-ranked view of the most critical risks in their environment, based on the organization’s deployments. “For example, Twistlock will prioritize vulnerabilities that impact containers exposed to the internet or running without a mandatory security profile. This visibility provides the knowledge of which risks are most important, so teams can prioritize their work to identify and remediate critical problems more rapidly,” Twistlock says.
The newest version of Twistlock also adds a few more new features and capabilities:
- Twistlock Collections, which enable a company to create and manage pre-defined filters in rules and views across the product centrally. This is designed for companies with different teams working on many different applications sharing the same environments.
- Secrets Manager, which allows customers to integrate their secret management platforms, such as HashiCorp or CyberArk, and securely distribute secrets from those stores into specified containers.
- Vulnerability push alerts, which allow organizations to create configurable alerts and automated processes for development teams to get push notifications about new vulnerabilities discovered in the apps they maintain.
Twistlock 2.1 vs Twistlock 2.0 and Earlier Releases
This 2.1 release follows hot on the heels of version 2.0, which was released in April of this year.
With version Twistlock 2.0, the company introduced a feature called Runtime Radar 2.0, which helps visualize how containers interact with each other and provides a single view into the status, connectivity, and risk state of an organization’s container environment.
It also introduced Compliance Explorer, a feature that relies on predictive analytics to monitor an organization’s current compliance state. It creates a dashboard displaying how compliant a company is at any given point in time, listing out those entities that are non-compliant.
Other new features included embedded secrets detection and blocking, certificate authentication, Jenkins Pipeline support, and a set of additions to help assure file integrity. These included certificate monitoring within images, user-defined file monitoring, and advanced heuristics to detect anomalous behavior.
There’s little doubt that dedicated container security software is something the container movement needs, and it’s also a product category that was in very short supply as recently as a year or so ago.
But companies like Twistlock have worked hard to plug the security gaps so that container technology can be made “enterprise ready.” And there can be little doubt that they have succeeded: Twistlock alone has found over 60 enterprise customers, including a top five financial institution, a top five industrial and IoT manufacturer, and various US defense and intelligence agencies.
The upshot is that the container landscape looks very different, and very much more secure, than it did just two short years ago.
Paul Rubens is a technology journalist and contributor to ServerWatch, EnterpriseNetworkingPlanet and EnterpriseMobileToday. He has also covered technology for international newspapers and magazines including The Economist and The Financial Times since 1991.