This technical deep dive highlights key capabilities released as part of Twistlock 19.07. To learn more about what’s included with Twistlock 19.07, check out our full release blog post.

As our own John Morello, Twistock CTO, so eloquently covered in his Trusted Images: Integral to Container Security blog, the use of trusted images is “one of the most critical security controls for any containerized environment”. The path to efficiently secure containerized applications is three fold:

  1. Leverage automated security scans checking for vulnerabilities and compliance violations early and continuously throughout your DevOps pipeline
  2. For images that pass these security and compliance checks, assign and enforce trust to ensure that only those verified images are deployed as containers
  3. Add runtime and firewall protection for your production deployments.

Twistlock has supported Trusted Images since Twistlock 1.7 way back in January of 2017. In our latest release, we have greatly enhanced this feature by adding automation, visibility, and extended granularity and enforcement via the following features:

  • Automated learning of trusted images based on running containers during a user defined learning period
  • Support for creation and management of Image Trust Groups
  • Support for trusted image compliance prevention rules that leverage Image Trust Groups
  • Visibility of trusted images in Runtime Radar

Automated image discovery via behavioral modeling

If you are into DevOps like I am, or just don’t have a huge team of security professionals at your disposal, automation is your friend. Our new Trusted Image feature will auto discover your running containers and automatically assign trust to the images associated with these containers during a user controlled learning period. Once that learning period is complete, only the images that were auto discovered will be “trusted”. If some malicious actor tries to use a spoofed image and deploy it into your environment, the image will be untrusted and with a simple rule in place, you can prevent the deployment.

Image trust groups

Behavior modeling is an awesome security technique due to it’s implicit automation; but as a security officer, you still may want finer-grained control over image access. Consequently, the Twistlock Platform provides for the creation of user-defined Image Trust Groups, as showning in the screenshot below:

The platform automatically creates image trust groups from images in your monitored registries or you can add images by SHA-256 Hash, image name, or image base layer to your user defined image trust group.

Fine-grained trust enforcement

Prior to our new release, enforcement of the deployment of trusted images was, shall I say, binary – either the image was trusted or not – and with one simple rule you could prevent the deployment of untrusted images. With the release of Twistlock 19.07, you can leverage the power of image trust groups and have fine-grained control over the deployment of containers based on the selection of one or more image trust groups.

For example, let’s say we want to enforce the use of Alpine-based images due to Alpine’s small footprint and excellent security record. We can create a simple rule and utilize image trust groups to enforce our desired deployment restriction.

In the Explicitly allowed groups section, we choose wither Create group or Select groups (if we have previously created appropriate trust groups) and then select the various groups we want to make up our complete set of trusted images. We can apply the rule to specific hosts or images or just apply it to all by leaving in the wild cards.

Image trust visibility

Twistlock already provided complete visibility into your containerized workloads via Radar. Radar includes vulnerability and compliance posture, container connections (network topology), and runtime events. We now include icons for completely trusted images and partially trusted images (images trusted on some hosts for example). Having one visualization for all things secure is not only cool, but extremely useful as well.

By adding behavior modeling and fine grained control over you trusted image inventory as well as flexible prevention policies and visualization, Twistlock made a great thing even better.

Ready to simplify your organization’s trusted repository and images? Request a live demo of Twistlock here.

← Back to All Posts Next Post →