The big names in the container world such as Docker, Google, and Red Hat have all been ratcheting up the security of their container offerings over the last year or two. And that means there's less and less room for independent container security companies who hope to offer best-of-breed solutions. There's a serious danger many of them will be choked off before they can really thrive.
But one company that is still going head to head with the big boys is Twistlock, the San Francisco-based company named after a piece of equipment used to secure shipping containers. Twistlock came out of stealth mode and launched itself onto the container security scene back in 2015.
Since then the company had raised $30M up until August 15 2018, when it announced another $33 million in a series C round of funding. During that period it grew its customer base by over 350% each year, nabbing 25% of Fortune 100 companies as customers.
To stay in the game Twistlock has released a series of updates to its original product. This let container users monitor static container images and runtime container applications to identify risks as well as specify security baselines to ensure a container host had been hardened and containerized applications met certain quality and security standards.
Twistlock 2.5 Introduces Automated Forensic Data Collection and Correlation
The latest version of its platform, Twistlock 2.5, adds real time incident response and forensics capabilities to the offering. This provides automated forensic data collection and correlation across cloud native environments of any size, all with no additional resource overhead according to company claims.
It minimizes network overhead by automatically maintaining a spool of process and network activity on each node in a container environment, collating and correlating this data in the Twistlock Console only if and when an incident is detected.
This approach, says John Morello, Twistlock's chief technology officer, offers greater visibility into the state of applications prior to compromise than afforded by traditional forensic solutions without affecting performance.
"As more of our customers scale out their cloud-native environments, they're finding that traditional forensic solutions don't keep up — they're not built for microservices, and the resource load needed to effectively collect and surface data slows down the production environment.
"With the new forensic capabilities in Twistlock 2.5, we're providing a fully cloud-native approach that captures and stores forensic data pre-attack in a lightweight, decentralized fashion that can scale with even the most complex environment — yet still surface actionable signals in real time."
An Added Bonus for Amazon Fargate Customers
There's an added bonus here for customers who use Amazon's Fargate container hosting platform. These users can now make use of Twistlock's centralized policy creation and automated enforcement features with Fargate applications without the need for any manual configuration — unlike existing Fargate security solutions. Twistlock 2.5 allows security teams to automatically enforce security policy in Fargate applications from the same central console used to protect the rest of the cloud native environment.
One further feature worth mentioning in Twistlock 2.5 is the general availability of the runtime defense for severless functions that the company first unveiled in June. With this release, teams building applications to run in AWS Lambda or other serverless environments can now protect their functions from attack with the same automated policy deployment and centralized console used to protect the rest of their cloud native stack.
Additional New Features in Recent Twistlock Releases
The 2.5 release of Twistlock is the just the latest of a series of updates to the Twistlock platform since Version 2.0 was unveiled in April 2017.
Version 2.0 introduced a feature called Runtime Radar 2.0, which helps visualize how containers interact with each other and provides a single view into the status, connectivity, and risk state of an organization's container environment.
It also introduced Compliance Explorer, a feature that relies on predictive analytics to monitor an organization's current compliance state. It creates a dashboard displaying how compliant a company is at any given point in time, listing out those entities that are non-compliant.
Later the company added a Cloud Native App Firewall, or CNAF, and a Vulnerability Explorer, which gives users a stack-ranked view of the most critical risks in their environment, based on the organization's deployments.
Paul Rubens is a technology journalist and contributor to ServerWatch, EnterpriseNetworkingPlanet and EnterpriseMobileToday. He has also covered technology for international newspapers and magazines including The Economist and The Financial Times since 1991.