This technical deep dive highlights key capabilities released as part of Twistlock 19.07. To learn more about what’s included with Twistlock 19.07, check out our full release blog post.
In a previous blog post, we demonstrated Twistlock security capabilities for Windows containers and hosts. The last year has continued exponential growth in the adoption of Microsoft Azure and microservices. Windows-related features are added in every Twistlock release, with 19.07 focusing a key capabilities for Windows.
Enhancing our security capabilities for Windows
In the Twistlock 19.07, we’ve added the following Windows features:
- Radar: Windows network traffic is displayed within the Radar
- Host compliance: Windows host specific Compliance Checks
- Vulnerability capabilities: .NET vulnerability detection
Technical Deep Dive
Windows Cloud Native Network Firewall (CNNF)
In this release we added more CNNF capabilities. Importantly, these features can be applied to Windows containers to control what containers, both Windows and Linux, and external endpoints your Windows containers can communicate with. For example, the screenshot below shows that a servercore:1903 container is only allowed to communicate to Google’s public DNS server on port 53:
Within the servercore:1903 container, it can reach Google DNS on port 53:
But, not 443:
Twistlock surfaces the connection within Radar:
At the same time, the failed connection to port 443 appears in the CNNF audit logs:
Windows host-specific compliance checks have been added to the existing 400+ compliance checks included in the Twistlock Platform. These checks look at the Windows host’s configuration of the Windows Firewall, Windows Defender / anti-malware, and Windows Update configuration. I’ve surfaced these checks in the screenshot below:
For example, disabling the Windows Firewall Public profile advfirewall set public state off will be identified by Windows Host Compliance check #200300 Verify Windows Firewall public profile is enabled:
.NET Vulnerability Detection
.NET vulnerabilities are now included in the Twistlock Intelligence Stream. The Twistlock Intelligence Stream is a real-time feed that contains vulnerability data and threat intelligence from commercial providers, Twistlock Labs, and the open source community. Twistlock protects your containers by using this data to detect vulnerabilities and runtime anomalies.
With every release of Twistlock we expand our support for Windows hosts and containers.
Between releases we are continually integrating with Microsoft capabilities such as scanning images for vulnerabilities and compliance within an Azure DevOps workflow. We want to make sure that all of our customers know that Twistlock is there to support your adoption of Microsoft microservices.
- Twistlock Platform
Follow us on Twitter
Follow us on Twitter for real time updates on the cloud native ecosystem, Twistlock product, and cloud native security threats.
How to Lock Down the Kernel to Secure the Container HostRead the Blog
One Chapter Ends, Another BeginsRead the Blog
The Greatest Security Risks Lurking in Your CI/CD PipelineRead the Blog
Cloud Platform Radar: Powerful Cloud Asset IdentificationRead the Blog
Securing Serverless Functions: Visibility with Serverless RadarRead the Blog