Twistlock passed a major milestone in June – a year since coming out of stealth mode and successfully closed a Series A funding round. I thought it would be good to look back at how our container security product has evolved over this past year and reflect on the changes that not only have impacted our company, but also our technology. We give our customers credit for what we have achieved so far because they have guided and encouraged us all along the way.
The very first iteration of our product (even prior to our formal launch) was basic access control for Docker and lightweight vulnerability scanning for Docker containers. There is a real need for access control because Docker itself lacks fine-grained access control. Our beta customers liked what we provided but they told us that they wanted broader functionality, including more extensive image analysis, hardening checks, and full featured vulnerability management, so that’s what the Twistlock engineering team built next.
By the time our company launched in 2015, the product had good vulnerability management functions as well as granular access control functionality for Docker resources. The product went through quite a few beta deployments over the next few months. With encouraging feedback from these initial users, we were able to refine both the vulnerability management and the access control functions.
One of the improvements customers asked us was Continuous Integration/Continuous Delivery support. To many customers, CI/CD pipeline is where defects, including security flaws, should be dealt with. Our team quickly came to market with CI/CD support and dedicated plugins for both Jenkins and TeamCity.
The second improvement was registry support. We started out with Docker Hub, but quickly customer requests extended to Artifactory, Google Container Registry, Amazon EC2 Container Registry, and any form of private registry. We developed our registry scanning capabilities leveraging Docker registry APIs – any registry conforming to the Docker registry API is supported by us seamlessly. This gained us a big thumbs up in a few large accounts where the company used multiple registry formats.
Another critical decision we made early on in was that we recognized the importance of being in both the development lifecycle and the production environment. The plan always has been to be an integral part of the development tools to look for and fix vulnerabilities and get the container image to be as robust and clean as possible before being deployed. But equally as important, our product has a place in the production environment where we can enforce relevant policies in runtime. This enables us to control the container robustness, source of deployment, as well as enforcing consistent policies from development to scale. Our beta customers loved that.
Never ones to sit still, the Twistlock engineers took the policy enforcement capabilities even further. We realized that, because of our strategic position on the production host, we are able to observe the runtime behavior of the application containers that we aim to protect. This gives us a way to understand whether or not a container is doing something suspicious. We tie that back to the image analysis that we perform statically, and this leads us to our runtime defense capability, which detects and protects against known and unknown threats.
The runtime defense capability automatically develops a runtime profile for each container and then uses that profile to detect anomalies and the presence of active threats. Both in our own test environment as well as some of our customers’ environments, we are able to stop from the get-go some of the suspicious exploits with which we came to contact. This really opened up a whole new way of thinking for our product line whereby we are not just providing governance, but more importantly threat detection and defense, which are more classic security function.
Our market has responded very positively to our product playing a strong role in container application security. Once we had this capability, some very large customers came knocking on our door, including one of the biggest medical research centers in the US, a Fortune 50 insurance company, and one of the largest federal service providers that deployed our technology in many of their government clients’ environments.
In the beginning of 2016, we launched our free Developer Edition which is aimed at individual developers or small development teams that basically want to try it out to see if Twistlock meets their needs. This edition has gained great traction with weekly new downloads from interested developers. Better yet, we are seeing a healthy conversion rate from the Developer Edition to the Enterprise Edition, indicating a commitment to our product suite.
In May of this year, we released enhanced features of Runtime Defense which allows us now to have deep anomaly detection functionality and automatic learning capabilities to defend against zero day threats and exploits in the production environment. This provides a big boost in our security capabilities.
In this yearlong journey of ongoing product development, we have worked extensively with DevOps teams in various organizations. They like working with Twistlock because our product doesn’t impede their existing processes, and at the same time allowing them to build security in to make better applications. Also an added benefit is that with Twistlock, the DevOps team can now easily gain IT security’s stamp of approval to move to containers.
We’ve also earned the trust of the folks from Google Cloud Platform and AWS. Both Google and Amazon rolled out their own container registry services in late 2015, and both chose Twistlock as their sole security launch partner to go to market with. Needless to say, we’re thrilled to be working with two of the biggest cloud platform providers in the world. Most recently, we added Microsoft Azure to that list.
It’s been a great first year, but the best is yet to come. Docker and other platforms strengthening their security capabilities was a great validation of the market. We are seeing unprecedented interest from customers and prospects. Our engineering team is cranking out one milestone after another. We are confident that as the broader market evolves, Twistlock will continue to lead the container security innovation curve.
Follow us on Twitter
Follow us on Twitter for real time updates on the cloud native ecosystem, Twistlock product, and cloud native security threats.
5 Questions to Ask When Choosing a Cloud Native Security Platform for DevOpsRead the Blog
CVE-2018-1002105: Critical K8s VulnerabilityRead the Blog
Advanced runc Debugging for Fun and ProfitRead the Blog
Introducing Twistlock Support for AWS Lambda LayersRead the Blog
Cloud Native Security Intelligence: Integrating with AWS Security HubRead the Blog