May 25th, 2018, the implementation deadline for EU General Data Protection Regulation (GDPR), is quickly approaching. Implementation of GDPR is a complex task for most enterprises, involving all people, processes, and technologies that touch personal data in any way; however, for Cloud Native, containerized services, Twistlock can help to evaluate compliance with best practice configurations, to reduce the exposure of personal data to risk, and to monitor for and prevent anomalous behavior that may be the precursor of a data breach. Additionally, Twistlock can be integrated into a data analytics platform such as Sumo Logic to enable Data Protection Officers and security operations organizations to coalesce telemetry from their Cloud Native infrastructure into their estate-wide monitoring and alerting.


There are several GDPR requirements that a Twistlock implementation can support.

Establish a Cybersecurity Framework

While GDPR doesn’t establish specific technical benchmarks, it does require companies to build a framework of “appropriate technical and organizational security measures” and, in particular, “the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services” (ST 5419 2016 INIT Article 32). Twistlock provides checking for and enforcement of over 200 compliance benchmarks including the Center for Internet Security’s benchmarks for Docker and Kubernetes. Our researchers have helpfully created a template that applies the benchmarks we believe are directly relevant for applying a cybersecurity framework for GDPR:

In the default configuration, Twistlock will alert when hosts and images are configured incorrectly; however, it can also block your hosts from running non-compliant images as well.

Additionally, managing and understanding the vulnerable executables, framework, and modules contained within a service is a part of developing organizational security measures. Twistlock provides comprehensive vulnerability assessment for hosts and images, highlighting the most critical vulnerabilities present in the estate and providing the information that developers need to resolve them.

Breach Notification

One of the key components of GDPR is the timely notification of individuals when their personal data is breached. This increases the pressure on enterprises to reduce the time-to-detection for security incidents. Twistlock is an integral part of monitoring hosts and services in a Cloud Native environment, detecting potential security incidents, and providing responders with actionable data.

Integrating Into Enterprise Security Analytics

Twistlock provides a wealth of data about vulnerabilities, compliance issues, and potential security incidents in protected systems; however, for companies that use a platform such as Sumo Logic, that’s not the end of it. All of Twistlock’s rich telemetry can be fed into the Sumo Logic platform where it can be layered with other sources of information (border firewalls, authentication providers, etc) to enhance security operations and to provide Data Privacy Officers with critical dashboard views and monitoring options.

Twistlock can be configured to output audit events, data from vulnerability and compliance scans, and details runtime process activity to syslog:

Once this output is enabled, ensure that syslog output is directed to a collector such as SumoLogic/sumologic-docker-collector and, in this case, that the collector is configured to forward data to a Sumo Logic account.

Optionally, the next step is to configure field extraction rules in Sumo Logic so that fields are extracted from Twistlock’s syslog output. This will enable more targeted processing of the output. Sample rules are available in our sample code Github.

Now, I can search for data; for example, if I wanted to search for all security incidents for things like the data exfiltration incident pictured above, I could run a search:

Once I’ve done this, I can create an alert to generate e-mail or take other actions whenever a new incident is triggered:

I can also turn the data into functional dashboards. For example, if I want to see the current status of images in my registry on my dashboard, I can first create a search that aggregates this data:

Then, I can save it to my dashboard, giving my Data Protection Officer immediate feedback:

This is just a taste of what can be accomplished by integrating Twistlock into a modern data analytics platform like Sumo Logic. It gives Data Protection Officers, secops, and other participants in implementing GDPR a versatile toolbox to demonstrate and monitor compliance.

In summary, integrating Twistlock and Sumo Logic provides security professionals with a unified solution for visibility and automated protection of containers and critical applications. This powerful combined solution provides organizations with advanced and actionable analytics to support many facets of their GDPR compliance monitoring and management needs.

Related GDPR Compliance Posts:

← Back to All Posts Next Post →