Twistlock Runtime is everything you will need for runtime security. It offers policy enforcement, anomaly detection, and protects your containerized applications from active threats and compromises. Twistlock Runtime incorporates innovative machine learning and behavioral analytics to spot indicators of compromise and proactively isolates threats and attacks.

DNA Profiles

From image analysis, we automatically build behavior profiles for containers. These profiles cover networking behavior, system calls, storage, and process behavior. Using these profiles, we can spot “mutation” behaviors such as suspicious communications, spurious processes, unusual system calls, and malicious writes. When mutations occur, we can notify, log, block user access, or kill compromised containers.

Automatic smart policies

Twistlock Runtime derives declarative policies automatically from the “DNA” profiles and uses the policies to perform runtime anomaly detection. The policies also adapt to changing threats and newly discovered vulnerabilities. Best of all, they require no or little intervention from sysadmins and represent powerful utilities to detect active threats and compromises.

Role-based Access Control

Twistlock Runtime provides a flexible yet powerful framework that governs user access to individual functions/APIs of Docker Engine, Kubernetes, and Docker Swarm. We provide LDAP/AD integration so you can use your existing user and group concepts for access control policies. Our access control rule engine can stipulate specific containers & hosts to which the policy applies. We also provide user access logs and audit trails.

Runtime policy enforcement

Twistlock Runtime provides policy enforcement capabilities to ensure that certain runtime practices are followed. For instance, the requirement to only deploy images that have been scanned by a trusted tool or from a sanctioned registry is an enterprise policy that many organizations desire. Twistlock Runtime also has a set of built-in policies from CIS Docker benchmark, which organizations can enable with one click.

Environment checks

Twistlock Runtime performs a set of environment checks to ensure that hosts, operating systems, and the container engine is configured correctly before application containers are deployed. Some of the checks involve verification of hardware root of trust all the way to application integrity.

Real-time threat intelligence

The Twistlock Intelligence Stream includes real-time threat feeds from open source CVE feeds, commercial threat and vulnerability sources, as well as Twistlock Lab research. Our real-time intelligence feed include vulnerability info, malware signatures, IPs of command & control servers, and attack signatures. Twistlock Defenders use this information to detect compromised containers and the existence of active threats.

Twistlock Runtime Architecture

The Twistlock Intelligence Service

This service runs in the Twistlock cloud. It aggregates real-time threat and vulnerability info from a variety of sources and updates the Twistlock Console.

The Twistlock Console

A central dashboard and a policy configuration portal. Runs in the cloud or on premises.

Twistlock Defenders

A Defender runs as a privileged container on the host with protected app containers. It monitors runtime behavior, reports violations, and executes corrective actions.

“This is exactly what we have been looking for – the ability to enforce certified base images and sanctioned processes in runtime and still give developers the freedom to do their work.”

Director of IT Operations,
A US government agency

“The ability to build a trusted registry with Twistlock’s Container Security Suite allowed our Ops team a simple yet elegant way to control the deployment process, while preserving DevOps efficiency and flexibility for our development teams”

Director of IT Operations,
A civilian government agency

“Our company deals with regulated data and it’s vital that we can show our auditors how we comply with data protection regulations. Twistlock made it easy for us to create a set of policies that mirrors our audit requirements and ensures that our developers adhere to them as they build their images.”

Principal engineer,
A leading digital media company

”We experienced a huge amount of image drift prior to deploying Twistlock. With Twistlock, we are able to reign in configuration drift in both images and also production hosts by ensuring that only gold images are deployed and all hosts are configured in the same secure way.”

Director of Cloud Infrastructure,
A large medical research center

See Twistlock in action