Runtime Defense

Protection for Your Entire Cloud Native Stack at Scale

Runtime defense provides unmatched defense-in-depth to secure cloud native workloads and applications wherever you choose to deploy them. Twistlock is the only security tool you need to protect your cloud native environments, including, hosts, containers, orchestrator, and serverless apps, against vulnerabilities and active threats—using automated machine-learning to build 4D models of known good application behaviors.

Automated Modeling Powered by Machine Learning

Twistlock runtime protection uses machine learning to automatically build a 4D model of every application in your environment. Models define all the known-good behaviors of your hosts and containers, across process, network, file system, and system call sensors. Models are correlated to image IDs, so every time you build your app, you get a model uniquely calculated and tailored for that specific build.

A New Approach to Cloud Native Security

While traditional tools rely on static lists that try to predict every possible bad event that could happen, Twistlock helps you move to an explicit allow mode, in which only the specific activities and capabilities required by your application are in the model—and everything else is treated as anomalous and prevented. A long-pursued security dream, the core characteristics of containers and cloud native applications-their minimalistic, declarative, and predictable nature-enable Twistlock to apply machine learning to create these models automatically and scale security in ways previously impossible.

Identify and Prevent Threats and Anomalies

Twistlock Incident Explorer leverages machine intelligence to automatically identify attack patterns in your environment and display them in a clear, well-formatted UI. By correlating and analyzing events that span multiple actions and sensors, your SOC can view a chain of events cohesively, highlighting key indicators along the way and enabling more rapid and effective incident response.

Real Time Incident Response with Cloud Native Forensics

Twistlock efficiently collects forensic data on all your cloud native workloads as they run before an incident occurs, couples it with runtime defense and incident identification, and intelligently stores and shares this data for analysis automatically—think of it as a flight data recorder for every host and container. Twistlock integrates this data with Incident Explorer to provide deep visibility into the state of your microservices before, during, and after compromise—all safe from tampering by attackers and with minimal performance overhead.

Runtime Protection Across the Entire Cloud Native Stack

You have more options than ever when choosing how you want to run cloud native applications—which is why we built Twistlock to secure any type of host, containerized stack, PaaS platform, and serverless platform at runtime. Twistlock covers all the Kubernetes-as-a-Service platforms, Container-as-a-Service platforms like AWS Fargate and Pivotal Cloud Foundry, as well as being the first to support new technologies like Istio, Lambda Layers, and GKE On-Prem.

“Adding security to a container based implementation of DevOps is essential for vulnerability management, audit logging and permission management to realize economic benefit in software security.”

Jim Routh CISO, Aetna

We are very pleased with Twistlock’s integration with CVE databases and the support of multiple technologies for vulnerability detection. This allows us to continue to grow container adoption without worrying about security.”

Ariel Moskovich DevOps Lead, AppsFlyer

Twistlock’s container security technology is a real differentiation for Booz Allen Hamilton’s Government-facing initiatives. It facilitates our customers’ adoption of DevOps while ensuring compliance with stringent security requirements.”

Frank S. Digiacomo Director of Business Development, Booz Allen Hamilton
This guide breaks down the PCI DSS requirements section by section and provides clear instructions on how to design and operate a compliant containerized environment.
The Guide to PCI Compliance for Containers