16th Release of Twistlock adds Cloud Workload Protection Platform features for full vulnerability management, compliance, runtime defense, firewalling and granular access control across all hosts in all clouds
PORTLAND, Ore., March 5, 2019 /PRNewswire/ — Twistlock, the leader in container and cloud native security, today announced the release of Twistlock 19.03. This newest release is the first comprehensive cloud native security platform, which protects across hosts, containers and serverless in a single product, cloud native and API-enabled, covering all workloads regardless of what underlying compute technology powers them.
“While many security providers already offer products that can run in VMs, they’re often just rehashed legacy endpoint protection and are not optimized for the kind of automation and statelessness that defines cloud native,” said John Morello, chief technology officer, Twistlock. “With that in mind, we set out to create a comprehensive cloud native security platform that wouldn’t just repack legacy technologies or focus on only a single aspect of host defense. This latest release of Twistlock provides vulnerability management, compliance, runtime defense, firewalling and access control across all VMs in all clouds.”
Today’s organizations are seeking a comprehensive platform that extends cloud native security features down the stack to encompass the same holistic coverage for hosts. Twistlock 19.03 answers this need with a new approach through its protection across the entire continuum.
“Server workloads in hybrid data centers spanning private and public clouds require a protection strategy different from end-user-facing devices. Security and risk management leaders should evaluate and deploy offerings specifically designed for cloud workload protection.” Gartner, Market Guide for Cloud Workload Protection Platforms1
“At its inception, Twistlock was conceived to be the first ever purpose-built solution for containers, and enterprises continue to adopt containers at a remarkable rate, so we’ll continue to heavily invest in them, but adding VMs provides comprehensive and consistent protection across all workloads — regardless of where on the continuum they’re run,” said Ben Bernstein, chief executive officer, Twistlock.
Key functionality included in Twistlock 19.03 includes:
- Cloud Native Network Firewall and Radar for Hosts: Cloud Native Network Firewall for hosts is a distributed layer 3 / 4 firewall that stresses automated learning and workload awareness to provide micro-segmentation of apps in a least privilege connectivity mesh.
- Host File Integrity Monitoring: File integrity monitoring enables monitoring of host file systems for specific changes to directories and files, key requirement in many compliance standards.
- Host Forensics: Host forensics works in a very similar manner to container forensics, keeping a self-managed, high performance local log of forensic activity and selectively forwarding this data to Console in case of incidents.
- Custom Runtime Rule Language: Custom runtime rule language is a simple, intuitive, expression-based approach to define discrete runtime behaviors such as preventing local access to cloud provider metadata or running processes with specific parameters.
- Cloud Compliance v2: This version adds coverage for all cloud native services on Azure and Google Cloud Platform and adds checks for the CIS Benchmarks for AWS.
- Assigned Collections: Assigned Collections to makes it easier to provide least privilege access to data within a Twistlock environment, such as allowing a given dev team to only see vulnerability data about their own images..
- RASP Defender: Twistlock 19.03 adds runtime defense for services that run Docker images, yet do not use Docker or OCI runtimes, like Pivotal PAS, as well as services that use a Docker runtime but in a highly constrained environment, like AWS Fargate or Microsoft Azure Container Instances. As infrastructure teams adopt these technologies, Twistlock is providing robust security capabilities for these types of deployments with RASP Defender.
Additional improvements in Twistlock 19.03 include:
- Native Helm support: Generation of ready-to-run charts for both Console and Defender directly from twistcli
- Direct download of twistcli, the Jenkins plugin, the Defender image and Daemon Set YAML directly from the Console web UI
- Upload debug data to our solution engineering team directly from the Console web UI
- Real time log ingestion, analytics, and alerting for all Kubernetes audit events
- Drag, drop and disablement of rules within policies
- Simplified vulnerability management policy
- Separate host and container policies for compliance and vulnerability management
- Enterprise proxy compatibility: integration with ingress and egress proxies that require authentication and/or perform TLS intercept
- IBM Security Advisor integration for alerting
- Updated support for Google Cloud Security Command Center
For more information, or to see Twistlock 19.03 in action, visit Twistlock.com.
For those attending RSA 2019, Twistlock can be found at Booth 3232, Moscone South.
1 Source: Gartner, “Market Guide for Cloud Workload Protection Platforms,” Neil MacDonald, 26 March 2018.
Trusted by 35% of the Fortune 100, Twistlock is the world’s first truly comprehensive cloud native security platform – providing holistic coverage across hosts, containers, and serverless in a single platform. Twistlock is cloud-native and API-enabled itself, protecting all your workloads regardless of what underlying compute technology powers them. For more information, please visit www.twistlock.com.
- Press Releases
Follow us on Twitter
Follow us on Twitter for real time updates on the cloud native ecosystem, Twistlock product, and cloud native security threats.
How to Lock Down the Kernel to Secure the Container HostRead the Blog
One Chapter Ends, Another BeginsRead the Blog
The Greatest Security Risks Lurking in Your CI/CD PipelineRead the Blog
Cloud Platform Radar: Powerful Cloud Asset IdentificationRead the Blog
Securing Serverless Functions: Visibility with Serverless RadarRead the Blog