From network and application firewalls, to container runtime defense, to host protection — Twistlock is the only security tool you need to defend your container environment against vulnerabilities and active threats. Machine-learning powered runtime protection secures your entire environment: network, file system, processes and system calls.
Twistlock Incident Explorer applies this same machine intelligence to automatically identify attack patterns in your environment and display them in a clear, well-formatted UI. By correlating and analyzing events that span multiple actions and sensors, your SOC can view a chain of events automatically, highlighting key indicators along the way and enabling more rapid and effective incident response.
Twistlock runtime protection uses machine learning to automatically build a model of every application in your environment. Models define all the known-good behaviors of your containers, across process, network, file system, and system call sensors. Models are correlated to image IDs, so every time you build your app, you get a model uniquely calculated and tailored for that specific build.
While traditional tools rely on static lists that try to predict every possible bad event that could happen, Twistlock helps you move to an explicit allow mode, in which only the specific activities and capabilities required by your application are in the model — and everything else is looked at as anomalous and prevented. A long-pursued security dream, the core characteristics of containers, their minimalistic, declarative, and predictable nature, enable Twistlock to apply machine learning to create these models automatically and scale security in ways previously impossible.
Twistlock Labs, which is comprised of talented researchers and engineers, focuses on unique, first-party security research in the container and cloud native ecosystem. We’ve found 0-days in popular operating systems and orchestrators and shown how attackers are abusing misconfigured registries exposed to the internet. Our research directly informs the way we build models and how Incident Explorer detects attack patterns and this knowledge is continuously updated through the Intelligence Stream, so your environment is being protected from real world, in the wild attacks specifically focused on the stack you run.
Twistlock efficiently collects forensic data on all your cloud native workloads as they run – before an incident occurs, couples it with runtime defense and incident identification, and intelligently stores and shares this data for analysis automatically. Think of it as a flight data recorder for every container. Twistlock integrates this data with Incident Explorer to provide unmatched visibility into the state of your microservices before, during, and after compromise — all safe from tampering by attackers and with minimal performance overhead.
Adding security to a container based implementation of DevOps is essential for vulnerability management, audit logging and permission management to realize economic benefit in software security.”
We are very pleased with Twistlock’s integration with CVE databases and the support of multiple technologies for vulnerability detection. This allows us to continue to grow container adoption without worrying about security.”
Twistlock’s container security technology is a real differentiation for Booz Allen Hamilton’s Government-facing initiatives. It facilitates our customers’ adoption of DevOps while ensuring compliance with stringent security requirements.”
