Strong security isn’t about a single line of defense – it requires protection across multiple, redundant layers. Applications protected by Twistlock today are kept safe by our runtime defense capabilities – which use machine learning to automatically secure container applications.  With Twistlock 2.1, we’re excited to take this protection even further – and provide another layer of security to our customers with the release of the Twistlock Cloud Native Application Firewall (CNAF).

Twistlock Cloud Native Application Firewall (CNAF)

The challenge with adapting traditional Web Application Firewalls to containers has been one of scale and information sharing. WAFs need to know how to filter and direct traffic for the applications they protect – what IPs are in use, and the anticipated routes of traffic.  As your environment grows, these rules have to be updated with the latest, most accurate information to prevent rot – and a breakdown in security.  

Twistlock’s CNAF is built for the Modern Enterprise

When running container applications at scale, the flows of traffic, and even the IP addresses of your applications isn’t something preset – Kubernetes or your other orchestration layer will shape this depending on the needs of the environment. This, plus the the rapid rate of scaling up/down in containerized environments – makes maintaining protection via a traditional WAF all but impossible.

To address that challenge, our team applied the same machine-learning driven analysis and security model creation that powers Twistlock today, and used this to create and enforce layer 7 rules via an application firewall. The CNAF runs within the Twistlock Defender, and like the rest of Twistlock, requires no changes to your environment nor manual configuration for it to begin filtering network traffic. The CNAF automatically learns about your applications and the contexts in which they run – and uses this to create its rules. Common attacks like SQL injection or XSS are stopped before they reach your containers – and malicious traffic is blocked as well.

The CNAF, coupled with Twistlock’s whitelist based protection of running applications, provides organizations using containers and other cloud native technologies industry-leading protection against known and 0-day threats. Over the next few weeks, we’ll go into more depth on how the CNAF works; use cases and real-world examples, as well as some of the other features you can see in Twistlock 2.1 — and what’s coming next.  In the meantime, get in touch with questions, or request an evaluation license today.

← Back to All Posts Next Post →