New Incident Explorer uses machine intelligence to identify attack patterns and allow for more rapid and effective incident response
SAN FRANCISCO — September 21, 2017 — Twistlock, the leading provider of container and cloud-native security solutions, today announced the availability of Twistlock 2.2. The latest release of Twistlock’s flagship product focuses on advanced threat analytics and prevention and includes several machine learning driven layers such as a Cloud Native Network Firewall and Incident Explorer. In addition, the release provides runtime defense down to the host OS and delivers comprehensive compliance monitoring and enforcement for Kubernetes.
Twistlock’s Incident Explorer applies machine learning to identify attack patterns in an organization’s container environment and display security incidents in a clear, actionable format. Rather than requiring users to manually sift through data and correlate multiple actions from multiple sensors, Incident Explorer automatically builds a chain of events to give full visibility into an attack by highlighting key indicators ‒ enabling more rapid and effective incident response.
“Twistlock 2.2 broadens our application of machine learning into new spaces, like automatically building a full layer 3 firewall mesh for all your containerized apps and identifying sophisticated, multi-vector attack patterns against them,” said John Morello, Twistlock Chief Technology Officer. “Using Twistlock, organizations have a centralized, comprehensive cybersecurity platform for protecting containers and cloud native apps against real world attackers and APTs.”
Incident Explorer is a new stand-out feature designed to apply machine intelligence to the correlation and analysis of events that span multiple actions and sensors. In the case of a compromised containerized app, Incident Explorer automatically identifies and correlates multiple chains of events automatically, highlighting key indicators from both our behavioral and threat based sensors. When an attack occurs, rather than manually sifting through individual event and sensor data, an organization can be alerted to and view attack patterns in a clear, digestible format and, ultimately, respond to incidents much more quickly and effectively.
Cloud Native Network Firewall
Cloud Native Network Firewall applies Twistlock’s machine learning to model inter-container network behaviors at layer 3, understanding sources, destination, ports, and flows in a container centric way – between containers, pods, and services, rather than focusing on raw IPs. This enables Twistlock to automatically build layer 3 firewalls for every part of every app, without requiring any manual configuration or supervised learning. CNNF works across all orchestration platforms and enables organization to compartmentalize traffic per app without any changes to the images, containers, or orchestrators, and works on any cloud.
Additional new capabilities and features available in Twistlock 2.2 include:
- Runtime defense for container hosts: In 2.2, our promise is simple: Twistlock is the only security tool you need on a host running containers. We’ve long provided threat based runtime defense (IP reputation and malware) for your host OS, but in 2.2, we’re delivering the same predictive model driven runtime defense as well. Obviously, a host is different than a container and is far more likely to change over time as it’s updated and upgraded. Thus, we’ve tuned the ML algorithms we use for building models to create models that are optimized for host scenarios but provide the same automatic protection and explicit allow list approach to runtime security.
- Native deployment on Swarm: In 2.0 and 2.1, Twistlock delivered a native experience for deploying and running Twistlock as pods and Daemon Sets on Kubernetes. In 2.2, Twistlock has added similar capabilities for Docker Swarm. If an organization is running Swarm as their orchestrator, they can now run Console as a service ‒ relying on Swarm for providing built in high availability ‒ and Defender as a global service. Whether 5 nodes or 500 nodes in a Swarm cluster, each can be protected with Twistlock in just a few clicks, in a couple of minutes.
- Slack and JIRA push alerts: One of Twistlock’s guiding principles is to ensure data is open and accessible, which more practically has meant supporting a diverse set of integrations for alerting and monitoring. In previous releases, integration with Slack and JIRA has been available via email. In 2.2, Twistlock takes this a step further, providing native Slack and JIRA integration in the box. This integration also includes centralized and simplified alert profiles, giving users control and granularity to define different providers and targets per rule, but with the ability to assign all of these from a central alert configuration page.
- Compliance monitoring and enforcement for Kubernetes: Twistlock is proud to have contributed to the Kubernetes CIS Benchmark, which builds on the company’s many other compliance focused contributions in the community, like NIST SP 800-190 and guides for PCI and HIPAA in containerized environments. In 2.2, Twistlock has added support for all 106 settings in the Kubernetes benchmark. Not only can organizations assess their compliance with these recommendations, but also actively enforce them. Even more valuably, the Twistlock Labs research team has analyzed each of the sections in the Kubernetes CIS Benchmark and scored them based on criticality, so organizations have a clear set of guidelines to enforce adherence to the controls that are most important to their company.
Twistlock is the leading provider of container and cloud native cybersecurity solutions for modern applications. From precise, actionable vulnerability management to automatically deployed runtime protection and firewalls, Twistlock protects applications across the development lifecycle and into production. Purpose built for containers, serverless, and other leading technologies – Twistlock gives developers the speed they want, and CISOs the controls they need. Twistlock’s mission is to provide a full, enterprise-grade security stack for containers, so organizations can confidently adopt and maximize the benefits of containers in their production environment. For more information, please visit www.twistlock.com
- Press Releases
Follow us on Twitter
Follow us on Twitter for real time updates on the cloud native ecosystem, Twistlock product, and cloud native security threats.
Cloud Platform Discovery: Identifying All Your Cloud Native ServicesRead the Blog
Using Twistlock to Secure Workloads on Pivotal Cloud FoundryRead the Blog
Twistlock, Azure Container Instances, and AKS virtual nodesRead the Blog
Twistlock 18.11 Release NotesRead the Blog
5 Questions to Ask When Choosing a Cloud Native Security Platform for DevOpsRead the Blog