This technical deep dive highlights key capabilities released as part of Twistlock 19.07. To learn more about what’s included with Twistlock 19.07, check out our full release blog post.

Serverless security has come a long way in the last year. With our initial release of vulnerability and compliance scanning, we helped people understand their security posture and tighten up their functions. Next, Twistlock introduced runtime protection to allow teams to secure their running functions by shielding process and network activity from exploits.

Twistlock Radar is a key resource for cloud native computing that gives a deeper understanding about all your cloud workloads interact with each other. Our latest release extends our existing radar visualization, which already covers containers and virtual machines, to enable teams to visualize their serverless deployments end-to-end in real time.

What is serverless?

Serverless enables devops teams to run stateless functions on demand without managing the underlying resources. For each function you are executing, you don’t have to worry about servers, clusters, resource availability, or any of the other management overhead that typically comes with managing a cloud deployment. The cloud provider’s service, AWS Lambda, Google Functions or Azure Functions, will run your code on a shared resource. This configuration allows for very fast and efficient scalability, while only paying for the resources you use so the cost of unused resources can be saved.

Requirements for securing serverless functions

Serverless security is typically discussed in the context of protecting the function. For example, how do we know if we have any vulnerabilities and how do we ensure that when my function is invoked it runs as expected and hasn’t been exploited? These are important topics but equally important is understanding how functions are invoked and what other resources access in order to do their job.

Until the release of Twistlock Serverless Radar, getting the entire picture was a challenge. Users had to dig through cloud administration portals to find details to piece together. As functions change and you deploy new applications, understanding the entire environment becomes even more difficult. Serverless Radar makes this easier by showing you how your function fits into the overall execution life cycle. Radar helps you see your triggers, which functions they invoke, and the resources they connect to and use.


Triggers invoke serverless functions, so it is important to understand how they are configured and which functions they will invoke. In addition, Twistlock displays other metadata about the function, including the resource path, methods, URL, the authorization that is required as well as data about each trigger.


Functions are the serverless workloads. They will execute tasks such as updating a database or triggering a workflow. Twistlock will display information about the function such as the vulnerability and compliance posture of the image as well as any service permissions. Twistlock will detect vulnerabilities in the function’s runtime as well as any dependencies like Python packages or Node modules. From a permissions perspective we will show the resources they can access.


For any service you can click on it to see which functions can access the service. Twistlock will show a direct link between the services and functions. For example an S3 bucket, DynamoDB or RDS among others.


Twistlock has always been on the forefront of cloud native security. We introduced the first container security platform and were first through the gate offering serverless protection. Keeping with this theme we are proud to showcase our latest feature Serverless Radar. To provide real-time visualization and security awareness for your serverless environment.

← Back to All Posts Next Post →