BT

Your opinion matters! Please fill in the InfoQ Survey!

Twistlock 2.1 Container Security Suite Released

| by Hrishikesh Barua Follow 4 Followers on Jul 16, 2017. Estimated reading time: 2 minutes |

A note to our readers: As per your request we have developed a set of features that allow you to reduce the noise, while not losing sight of anything that is important. Get email and web notifications by choosing the topics you are interested in.

Twistlock announced the general availability of version 2.1 of their container security product. Highlights of the release include an integrated firewall that understands application traffic, vulnerability detection, secrets management via integration with third party tools, and compliance alerting and enforcement.

The integrated firewall, called Cloud Native Application Firewall (CNAF) can understand application traffic (Layer 7) and protect against known vulnerabilities like SQL Injection. However, ports and traffic content will differ based on the applications that are running, so how does Twistlock support this feature? InfoQ got in touch with John Morello, CTO of Twistlock, to know more:

We have deep knowledge of a set of common apps like Apache, WordPress, nginx, and others that covers a wide range of behavioral characteristics. However, even for an app we’ve never seen before we provide core security capabilities like protecting against SQLi and XSS type attacks and filtering ingress traffic based on a real time dataset of malicious endpoints.

For "well known" application stacks, the ports are known beforehand. For others, CNAF can "automatically determine what ports it listens on and dynamically reroute traffic through the Twistlock Defender to protect it", says Morello.

Twistlock was released a few years ago with an integration with Google Container Engine (GKE), followed by a partnership with Amazon Web Services. Both of these cloud providers do have their own configurable firewalls. Twistlock adds to this security layer at the application level by understanding the kind of traffic that flows in and out from them. "Nothing we do is tied to any specific cloud provider", says Morello.

Twistlock also offers vulnerability detection. The vulnerability data is pulled directly from over 30 vendors and commercial threat feeds. This information is analyzed and aggregated into the product’s intelligence stream.  Since the data is sourced directly from a range of providers Twistlock can ensure a lower false positive rate than other tools, according to Morello. There are other vulnerability detection tools like vuls and Clair. To a question about how Twistlock compares to such tools, Morello responded with some points:

  • Twistlock’s sources for Common Vulnerabilities and Exposures (CVE) data are more robust than what's supported by either vuls or Clair currently. Twistlock generates fewer false positives than either of those tools.
  • Twistlock’s scanning has native plugins to CI/CD tooling. It does not just look at images in a registry, but can also actively block builds based on CVE findings. Twistlock can also identify and isolate running containers impacted by newly discovered CVEs.
  • Every CVE detected is given an automatically-generated risk score - based on Twistlock’s view into the environment and applications, so that the right issues can be prioritized. In contrast, Clair/vuls and others simply report detected CVEs.
  • Twistlock can create control gates throughout the CI/CD process to require baselines for vulnerability and compliance state before images leave development and before they’re run in production. For example, with Twistlock one can define a policy like "prevent deploying any containers into the production environment that have a medium severity or higher Java vulnerability."

Twistlock’s latest release integrates with secrets management software like Hashicorp’s Vault and CyberArk Enterprise Password Vault to store passwords and other secure tokens. This is also part of an open source effort to make Docker Swarm’s secret management pluggable, to which Twistlock has contributed code.

Some other features of this release include compliance alerting via the Jenkins plugin, a "Collections" abstraction to create reusable regex-based text filters for matching containers and images across projects and organizational hierarchies, and a revamped dashboard.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT