This week I have some really exciting news to announce. Twistlock has entered into a partnership with Exodus Intelligence, one of the world’s premier zero-day vulnerability research companies. The experts at Exodus Intelligence are well-known zero-day hunters. Because zero days are vulnerabilities for which there are not yet patches and for the most part whose presence are not yet known, Exodus “detects the undetectable,” and now their research will help Twistlock customers safeguard their container applications.
The addition of Exodus’ zero-day intelligence materially advances the state of the art of container security. Prior to this, the extent of container vulnerability assessment has consisted of assessing a container image for known vulnerabilities. Few offerings have been able to search for and find zero-day vulnerabilities in containerized applications…until now.
Twistlock is integrating Exodus Intelligence’s intelligence feed directly into our vulnerability scanning and also runtime protection capabilities. The feed we get from Exodus gives us a certain amount of lead time before the general market is made aware of the zero days. So now when we scan a container image, not only will we look for known vulnerabilities as we always have, but we will also look for zero day vulnerabilities. With this capability, Twistlock can help our customers find zero-days and potentially shield their applications against new exploits and new attacks.
One of the important things about Exodus Intelligence is its coverage for applications that run on Linux, which of course is the underlying platform for containerized applications. Exodus realizes that enterprise applications are transitioning from the traditional monolithic applications to micro services, many of which run on Linux. So they have increased their focus on Linux. That’s great news for us!
The screenshot below shows an example of a zero-day vulnerability that Exodus found (this vulnerability has since been patched). It was a remote-execution vulnerability in Niagios XI, a popular network monitoring software for Linux hosts, that allows an anonymous attacker to execute arbitrary code. Not only Exodus found this vulnerability, they also delivered SNORT rules which customers can use to block exploits targeting the specific vulnerability.
With our integration of Exodus’ intelligence feed, Twistlock customers will get the same protection. Moreover, Twistlock customers are now protected by a multitude of methods. One is the traditional open source CVE feed of known vulnerabilities that we have always had. A second protection comes from our commercial malware signature feeds as well as Twistlock Labs’ proprietary research on container behavior models. And now, to the extent that Exodus can tell us about new zero-days, our customers will be protected from them and have a lead time before the general market knows about the vulnerabilities. And finally, in the event that there are still unknowns plaguing container images, Twistlock Runtime offers automated anomaly detection and active threat protection. It’s looking at behavioral characteristics and deviations from normal behavior patterns—essentially detecting indications of yet-to-be-discovered zero-days.
It’s worth noting that the people behind Exodus Intelligence are real rock stars in the security industry. In July 2014, Time Magazine featured the company in the article World War Zero: How Hackers Fight to Steal Your Secrets. Indeed, the Internet is a war zone, and the guys at Exodus Intelligence are warfighters. They find the vulnerabilities that sophisticated cyber attackers weaponize in targeted campaigns.
Twistlock customers will get the new Exodus Intelligence feed as a simple upgrade to their current installation. No special action is required other than upgrading. Exodus and Twistlock will be running joint demos at Blackhat at Twistlock’s booth at Innovation City 17. Come and visit us at Blackhat!
Follow us on Twitter
Keep up to date with the latest news from TwistlockLabs and TwistlockTeam.
Twistlock Releases Serverless Runtime Defense
A few months ago, we wrote a piece on “The Continuum of Cloud Native...
Why DevSecOps is No Longer Optional
DevSecOps has been a hot topic within tech conversations for a few yea...
Better Together: Announcing The Twistlock Advantage Program
It’s been about three years since we exited stealth with the first g...
My Security Toolset Today Vs 10 Years Ago
It can be easy to forget how sophisticated IT security tools are today...
How to crash the Linux Kernel with a CDROM interaction – CVE-2018-11506
I’ve recently discovered and reported a buffer overflow vulnerabilit...