This week I have some really exciting news to announce. Twistlock has entered into a partnership with Exodus Intelligence, one of the world’s premier zero-day vulnerability research companies. The experts at Exodus Intelligence are well-known zero-day hunters. Because zero days are vulnerabilities for which there are not yet patches and for the most part whose presence are not yet known, Exodus “detects the undetectable,” and now their research will help Twistlock customers safeguard their container applications.
The addition of Exodus’ zero-day intelligence materially advances the state of the art of container security. Prior to this, the extent of container vulnerability assessment has consisted of assessing a container image for known vulnerabilities. Few offerings have been able to search for and find zero-day vulnerabilities in containerized applications…until now.
Twistlock is integrating Exodus Intelligence’s intelligence feed directly into our vulnerability scanning and also runtime protection capabilities. The feed we get from Exodus gives us a certain amount of lead time before the general market is made aware of the zero days. So now when we scan a container image, not only will we look for known vulnerabilities as we always have, but we will also look for zero day vulnerabilities. With this capability, Twistlock can help our customers find zero-days and potentially shield their applications against new exploits and new attacks.
One of the important things about Exodus Intelligence is its coverage for applications that run on Linux, which of course is the underlying platform for containerized applications. Exodus realizes that enterprise applications are transitioning from the traditional monolithic applications to micro services, many of which run on Linux. So they have increased their focus on Linux. That’s great news for us!
The screenshot below shows an example of a zero-day vulnerability that Exodus found (this vulnerability has since been patched). It was a remote-execution vulnerability in Niagios XI, a popular network monitoring software for Linux hosts, that allows an anonymous attacker to execute arbitrary code. Not only Exodus found this vulnerability, they also delivered SNORT rules which customers can use to block exploits targeting the specific vulnerability.
With our integration of Exodus’ intelligence feed, Twistlock customers will get the same protection. Moreover, Twistlock customers are now protected by a multitude of methods. One is the traditional open source CVE feed of known vulnerabilities that we have always had. A second protection comes from our commercial malware signature feeds as well as Twistlock Labs’ proprietary research on container behavior models. And now, to the extent that Exodus can tell us about new zero-days, our customers will be protected from them and have a lead time before the general market knows about the vulnerabilities. And finally, in the event that there are still unknowns plaguing container images, Twistlock Runtime offers automated anomaly detection and active threat protection. It’s looking at behavioral characteristics and deviations from normal behavior patterns—essentially detecting indications of yet-to-be-discovered zero-days.
It’s worth noting that the people behind Exodus Intelligence are real rock stars in the security industry. In July 2014, Time Magazine featured the company in the article World War Zero: How Hackers Fight to Steal Your Secrets. Indeed, the Internet is a war zone, and the guys at Exodus Intelligence are warfighters. They find the vulnerabilities that sophisticated cyber attackers weaponize in targeted campaigns.
Twistlock customers will get the new Exodus Intelligence feed as a simple upgrade to their current installation. No special action is required other than upgrading. Exodus and Twistlock will be running joint demos at Blackhat at Twistlock’s booth at Innovation City 17. Come and visit us at Blackhat!
Follow us on Twitter
Keep up to date with the latest news from TwistlockLabs and TwistlockTeam.
Cryptomining Malware Emerges
I have been watching for the spread of malware that, primarily, uses c...
Calling the Twistlock API from PowerShell
The Problem This morning, a colleague was looking for situations where...
What Makes Distributed Security ‘Cloud Native’: Podcast Overview
I caught up with Scott Fulton III on this edition of The New Stack Mak...
Reflections on the 20th Anniversary of Open Source Technology
Exactly twenty years ago in February 1998, the term “open source” ...
Enhanced Syslog Data Streams: 2.3 Deep Dive
In each of our Twistlock releases, we publish some truly remarkable fe...