Protecting Customer Workloads on Microsoft Azure Twistlock

A number of Twistlock’s customers deploy their systems on Microsoft Azure. We have been working with the Azure team to ensure that deploying secure containerized applications on Microsoft Azure is a seamless experience for our customers.

In particular, we are excited to see the recent launch of  Azure Container Service (ACS). ACS provides a simple way to manage and scale containerized apps using open source frameworks like DC/OS and Swarm.  Because it’s built on the same open source technologies already available, Twistlock is able to protect workloads on Azure Container Service just as effectively as if you’re running them in your own datacenter, in another cloud provider, or even just on Azure VMs directly.

To illustrate how this is done, Tom Shinder of Microsoft and myself co-wrote a blog and it is published on the Azure security blog. I am providing an excerpt here. The entire text of the blog is available on the Azure security blog.


At Twistlock, we believe that with the right tools, containers can improve your security relative to running the same apps in a more traditional architecture.  This is because of 3 essential characteristics of containers:

  1. Containers are immutable – you don’t service a deployed container when you want to update your app, you destroy it and create a new one
  2. Containers are minimal – they do one thing well and have just the bits they need to do it
  3. Containers are declarative – a container is built from an image, an image is composed of layers, and layers are described in a Dockerfile

For a security company like us, this means we can apply lots of advanced intelligence to container images throughout the development lifecycle. This helps us understand what they’re intended to do at runtime. Then, throughout the entire time a container is running, we compare what it’s actually doing to this reference model.  When we see a variance, it can be an indicator of compromise (IoC) and we provide a policy framework so you can decide how to handle it (maybe you just want to alert in your test environment, but block in your PCI environment).

Azure Container Service provides a great platform for running containers and we’re proud to have a solution that helps customers today.  However, there’s even more to come.  We’ve also been doing work with the Operations Management Suite team so our security alerts can be integrated into the OMS data warehouse and presented in the same familiar dashboards as other Operations Management Suite data.  Of course, we’re also excited about Windows Containers and you might guess that a team of ex-softies is going to make sure they’re protected too.

Read the rest of this blog and a demo description of Twistlock with ACS on the Azure security blog.

← Back to All Posts Next Post →