Latest release goes deeper with existing features and broadens capabilities for customers; revealing attack scenarios “in the wild”

SAN FRANCISCO — January 3, 2018 — Twistlock, the leading provider of container and cloud native cybersecurity solutions, today announced the availability of Twistlock 2.3. The latest version represents the 12th major release of Twistlock’s flagship product and arms customers with a more comprehensive platform for cloud native security. 2.3 includes even more intelligent tools – enhanced runtime defense based on real world research, security for serverless functions across all major cloud providers, app aware syscall defense, and image layer aware vulnerability analysis. In addition, Twistlock 2.3 includes updates to the enterprise-grade cloud native app firewall providing layer 7 protection to containerized apps anywhere they run and also adds built-in compliance templates for major standards like PCI, HIPAA, GDPR, and NIST SP 800-190.

Twistlock Runtime Defense has always used machine learning generated app models to provide enterprises with automatic protection against attacks. Twistlock 2.3 takes this a step further by adding specific heuristics for attack scenarios observed in the wild to identify and prevent container specific attacks. Through the research of Twistlock Labs, presented at DockerCon Europe, Twistlock Incident Explorer now includes specific protection for scenarios including lateral movement in orchestrated environments, poisoned registries used for cryptocurrency mining, and attacks against weak defaults in popular container images.

“Twistlock 2.3 equips our customers with deeper defense, more actionable knowledge, and intelligent tools to deliver protection to their cloud native stacks, from top to bottom.” said John Morello, Twistlock Chief Technology Officer. “Twistlock is the most comprehensive solution for cloud native cybersecurity and we’re taking the platform to even more scenarios and environments in 2018.”

Serverless Security

A few months ago, Twistlock announced the beta release of serverless security. In response to great interest from customers, 2.3 includes the built-in, fully supported version of vulnerability management for serverless functions. Twistlock uses the same precise data sources for identifying vulnerabilities in serverless functions as for container image analysis, and the entire experience is a native part of the platform. Twistlock supports AWS Lambda, Azure Functions, and Google Cloud Functions and scanning can both be performed automatically through the UI and integrated into any CI/CD process.

Enterprise grade CNAF

Twistlock’s Cloud Native App Firewall enhances the traditional web application firewall for cloud native scenarios, providing layer 7 traffic inspection and protection that follows the app, regardless of the cloud, node, IP, or port it’s bound to and without any complex routing required. In 2.3, Twistlock has fortified CNAF with a variety of additional protective capabilities, including anti-reconnaissance, anti-authentication grinding, and file upload filtering. These features enhance CNAF’s existing capabilities, delivering strong layer 7 protection for containerized apps wherever they are.

Built-in compliance templates, covering 200+ best practices

Twistlock led the industry by releasing the first guides for PCI and HIPAA compliance in containers and leading the development of NIST SP 800-190. In 2.3, Twistlock has made compliance even simpler by delivering a built-in policy library with templates for PCI, HIPAA, NIST, and GDPR compliance. These policies are built onto Twistlock’s existing compliance framework, covering over 200 best practices from CIS Benchmarks for Docker, Kubernetes, and Twistlock Labs research.

Enhanced app aware system call defense

Twistlock pioneered the automatic creation and usage of app specific system call policies to provide fine grained, least privileged capability controls to containers. In 2.3, Twistlock Labs provides a broad, curated seccomp policy library defining the minimal set of syscalls required by common containerized apps like Mongo, MySQL, Redis, Nginx, and others. During our normal runtime learning, Twistlock matches the app within the container with the relevant policy, with no human interaction required. Policies are updated by Twistlock Labs and distributed via the Intelligence Stream, ensuring that your apps are constrained by a custom tailored, minimalist set of system capabilities.

Vulnerability Explorer

In 2.3, Twistlock has expanded the intelligence and threat knowledge in Vulnerability Explorer to give customers an even more actionable understanding and prevention of the risks in their environment. For example, Vulnerability Explorer now uses attack vector, attack complexity and the existence of exploit code as additional inputs when calculating risk scores.

Per layer vulnerability analysis

In addition to the full image vulnerability details Twistlock has always provided, Twistlock 2.3 automatically correlates vulnerabilities to specific layers so customers can instantly identify which layers in an image introduce vulnerabilities and quickly involve the right teams to correct them.

About Twistlock

Twistlock is the leading provider of container and cloud native cybersecurity solutions for the modern enterprise. From precise, actionable vulnerability management to automatically deployed runtime protection and firewalls, Twistlock protects applications across the development lifecycle and into production. Purpose built for containers, serverless, and other leading technologies – Twistlock gives developers the speed they want, and CISOs the controls they need. Twistlock’s mission is to provide a full, enterprise-grade security stack for containers, so organizations can confidently adopt and maximize the benefits of containers in their production environment. For more information, please visit

← Back to All Posts Next Post →