Access Control

Complete Access Control for Cloud Workloads and Cloud Native Apps

Establish and monitor proper access control measures for cloud workloads and cloud native applications. Enterprises leverage Twistlock across the cloud native stack to protect their underlying hosts, Docker, and Kubernetes while integrating with IAM and secrets management tools along with other core technologies.

Real Time Kubernetes Audit Event Stream Processing

Twistlock is a Kubernetes audit dynamic backend, consuming all the audit events from all your clusters. Create powerful, specific stream parsers right in the Twistlock UI or choose from our library of recommended filters, updated via the Intelligence Stream. Detect and alert on events like running privileged pods, mounting host namespaces, and any other events you care about.

Integrated, Full-Spectrum Secrets Management

Twistlock built the authorization framework used in Docker and OpenShift, as well as the pluggable secrets management capability within Docker Swarm. Twistlock integrates with the secrets management tools organizations use to build and deploy modern applications at scale, like Hashicorp Vault, CyberArk Enterprise Password Vault, AWS Secrets Manager, and Microsoft Azure Key Vault, ensuring not just safe distribution of secrets but also detection and prevention of unsafe usage with robust compliance features.

Host Auditing Capabilities

Twistlock provides high-fidelity audit details for sensitive operations across all your hosts in real time within a single dashboard, including sudo, sshd, and Docker API access.

File Integrity Monitoring

Built-in file integrity monitoring enables you to meet compliance objectives by watching for specific kinds of file access to specific files and paths. Get alerted to changes to config files, read access to customer data, or any other file access important to your organization.

Log File Inspection

Twistlock can ingest security log files from any application or service, including sshd, sudo, and nginx, parse them for interesting events, and push alerts into your existing security workflows. Write precise regexes to process logs at scale from across all your hosts in all your clouds.

Enterprise-Grade IAM Integrations

Twistlock provides the broadest enterprise identity support, integrating with Active Directory, OpenLDAP, Ping, Okta, Shibboleth, Azure AD, and G Suite, allowing you to implement central credential management in the Twistlock Platform. Define accounts and IAM roles to integrate with your loud providers in one place and reuse them across the product. Fully pluggable cryptography allows you to bring your own certificates, not just for TLS, but also supporting smart card authentication to Console and the Docker socket.

Docker Role Based Access Control

Based on Twistlock contributions to the authorization frameworks in Docker and OpenShift, Twistlock enables fine-grained RBAC for diverse solution patterns, especially for organizations building their stack mostly on open source components.

“Adding security to a container based implementation of DevOps is essential for vulnerability management, audit logging and permission management to realize economic benefit in software security.”

Jim Routh CISO, Aetna
This guide breaks down the PCI DSS requirements section by section and provides clear instructions on how to design and operate a compliant containerized environment.
The Guide to PCI Compliance for Containers