Securing Cloud Native Apps with Layer 4 and Layer 7 Firewalling

The Twistlock Platform empowers security teams to move beyond manually managing whitelisted IP addresses by offering firewalls built for cloud native environments. Twistlock provides layer 4 and layer 7 firewalls that automatically learn the network topology of your applications and provide application-tailored microsegmentation for all your microservices.

Automation Combined with Machine Learning

Automation is the key enabler of Twistlock firewalls. The Twistlock Platform automatically maps, identifies, and allows valid traffic flows in your environment based on our proximity to your applications and our knowledge of how they behave. Twistlock dynamically creates filters that automatically allow valid connections and drop suspicious connections, regardless of where your containers are running in the cluster. This process all happens without requiring you to change the way you build, deploy, or run the apps we protect.

Purpose-Built for Cloud Native Applications

The Twistlock Cloud Native Application Firewall (CNAF) combines our knowledge, placement, and visibility of your environment to automatically filter web traffic sent to your applications regardless of what cloud, cluster node, IP address, or port they happen to be running on. With CNAF, Twistlock automatically knows where your applications are running, automatically re-routes inbound traffic through Twistlock Defender, and applies an optimized, application-specific, layer-7 filter to it, sending only clean traffic to the actual app container.

Purpose-Built for Cloud Native Networks

The Twistlock Cloud Native Network Firewall (CNNF) is a microservices-aware, machine-learning driven, layer 4 firewall that works in any cloud and orchestrator. This powerful feature automatically models all the traffic flows between all your microservices and allows security teams to centrally view and enforce safe traffic flows while automatically blocking anomalies without requiring manual rule creation or supervision. CNNF protects hosts and containers and provides a granular enterprise policy engine with comprehensive manageability features.

A Real-Time Lense Into Your Environment

Twistlock Radar offers unprecedented views of the real-time connections in your environment—across hosts, containers, Kubernetes, Istio, and serverless apps—integrated with vulnerability, compliance, and runtime intelligence so you can easily visualize the topology and security posture of your environment.

“Adding security to a container based implementation of DevOps is essential for vulnerability management, audit logging and permission management to realize economic benefit in software security.”

Jim Routh CISO, Aetna

We are very pleased with Twistlock’s integration with CVE databases and the support of multiple technologies for vulnerability detection. This allows us to continue to grow container adoption without worrying about security.”

Ariel Moskovich DevOps Lead, AppsFlyer

Twistlock’s container security technology is a real differentiation for Booz Allen Hamilton’s Government-facing initiatives. It facilitates our customers’ adoption of DevOps while ensuring compliance with stringent security requirements.”

Frank S. Digiacomo Director of Business Development, Booz Allen Hamilton
This guide breaks down the PCI DSS requirements section by section and provides clear instructions on how to design and operate a compliant containerized environment.
The Guide to PCI Compliance for Containers