Our Customer Success Stories

The World's Leaders Trust Twistlock

Cutting edge startups, government agencies, and Fortune 500 enterprises alike trust Twistlock to protect their cloud native applications from modern threats. As the most complete full-stack, full-lifecycle cybersecurity platform, Twistlock allows developers to have more control over their container security.


Cloud Native Success Stories

Twistlock’s customers include 25% of the Fortune 100, half the US Cabinet level agencies, and all branches of the US Department of Defense. Read on to learn how Twistlock makes cybersecurity better for our customers – more automatic, more efficient and more effective.

The Customer

A leading financial services institution that processes millions of transactions daily while continuing to innovate at the speed of business.

The Challenge

To enable the requisite high level of innovation, the company migrated to a containerized environment. Tools-wise, they opted to leverage RedHat OpenShift for management of their staging and production environments, and to integrate both JFrog Artifactory and CloudBees Jenkins throughout the DevOps pipeline.

After migrating to this new environment, the customer experienced these 4 challenges:

  • The traditional tools used for vulnerability scanning of applications could not identify and isolate risks in container images.
  • Threat protection and firewall platforms currently in use were unable to protect constantly shifting traffic patterns in the OpenShift environments.
  • No existing tools allowed the company to enforce and prove PCI compliance to a QSA auditing the applications and systems.
  • More broadly, the tools and processes in place to reduce risk and prevent attacks lacked automation and integration.

The Solution

The customer implemented Twistlock to enforce quality gates throughout the CI pipeline and during deployment – ensuring code quality before applications reach production.

Additionally, the customer found Twistlock’s automatically created, whitelist based, security combined with our container-aware Layer 3 and Layer 7 firewalls to be extremely effective with running applications by:

  • learning expected application behavior and alerting on and/or blocking anomalous activities
  • providing network segmentation and traffic filtration within the OpenShift environment. In the end, this customer was able to provide clear proof of compliance to a QSA during audit, all the while automating what they called “protection that follows our applications”.

The Customer

A multinational media company with divisions spanning the gamut of offline and online entertainment wanted to create a common framework for developers and operations.

The Challenge

In order to integrate multiple properties under the main corporate brand and standards, while also capitalizing on economies of scale in building and delivering customer-facing applications, the customer chose to standardize upon Google Cloud Platform, with Kubernetes as the orchestrator, and Jenkins providing continuous integration and deployment automation.

Immediately, the customer ran into challenges:

  • The security team lacked the manpower or resources to work with individual development groups in a timely fashion.  Information around application vulnerabilities or non-compliance could not be readily surfaced, which slowed down or completely blocked the CI/CD process.
  • With the move to microservices, the number of entities in each environment rose into the thousands.  The traditional security and compliance tools in use were unable to display relevant information about risks in a consolidated, centralized fashion.

The Solution

The customer rolled out Twistlock to enforce quality gates throughout the automated build process, ensuring that container images are compliant with company policy and that critical vulnerabilities can be detected before application deployment. The customer also leveraged our native Jenkins plugin, which delivers precise vulnerability and compliance information within the DevOps toolchain.

By leveraging Twistlock to provide automated, full lifecycle security – this company has been able to rapidly scale their rate of delivery, allowing a single security architect to confidently protect environments where 100s of developers make dozens of deploys daily across over 10 distinct projects.

The Customer:

A top 5 global bank with over two hundred years of delivering commercial and consumer financial services was reorganizing their infrastructure as a part of a digital transformation strategy.

The Challenge:

As part of this modernization effort, this customer standardized their greenfield application delivery on Red Hat OpenShift across a variety of public and private cloud environments – for both internal and consumer-facing applications.

With the move to OpenShift, the security team found that their existing security tooling lacked several necessary features, including:

  • Visibility into running containers to detect signs of attack and block anomalous behavior or quarantine rogue containers.
  • East-west firewalling that had a view into inter-container traffic, and worked seamlessly with the dynamic orchestration provided by OpenShift.

Existing tools for vulnerability analysis provided visibility into container components – but had a higher than desired false positive rate.and required significant work to integrate scanning into the build process.

The Solution:

With Twistlock’s runtime defense and firewall features, this customer now deploys applications securely across their environment–without any roadblocks caused by manual policy creation that the customer had relied on in the past.

Twistlock’s automatically generated security policies ensure protection against threats and anomalous behavior, and the vulnerability scans provided by Twistlock returned significantly fewer false positives than the existing solution. With Twistlock’s per-layer analysis of container images – this data became far more actionable as well.

The customer replaced the component analysis and vulnerability tools used in the DevOps pipeline with Twistlock – reducing the number of tools in use and speeding up software delivery by providing better feedback to development groups.

Back to Top