Red Hat OpenShift Security

End-to-End Security for OpenShift

Enterprises across government, healthcare, financial services, and the intelligence community that use Red Hat OpenShift to build, deploy, and manage their containers also use Twistlock to provide complete security protection for their environments. Twistlock open source contributions are already part of OpenShift, and since Twistlock runs as a native OpenShift app, it’s easy to deploy. As an OpenShift Primed partner and Kubernetes Technology Partner, you can trust Twistlock to provide reliable, well-integrated defense for your OpenShift environment.

Vulnerability Prevention from Development to Runtime

Twistlock prevents the deployment of vulnerable images across your environment with alerting and enforcement policies covering the entire CI/CD process as you build, ship, and run your applications using OpenShift. Whether you’re using Jenkins, or another CI tool, and the OpenShift Registry, Artifactory, or anything else, Twistlock secures your pipeline from beginning to end.

Enterprise Compliance

With over 200 built-in checks for the Docker and Kubernetes CIS Benchmarks, Twistlock can automatically enforce compliance policies across the container application lifecycle. Use built-in compliance templates for standards like PCI, GDPR, HIPAA, and NIST SP 800-190, or import your own custom SCAP policies. Operate in high security environments with full support for air-gapped environments — with Twistlock all your data is completely under your control at all times.

Advanced Threat Intelligence

The Twistlock Intelligence Stream sources and aggregates vulnerability information directly from 30+ upstream projects, commercial sources, and proprietary research from Twistlock Labs — providing data others can’t, so you have the most precise and comprehensive vulnerability and threat data to protect your images and containers. Twistlock has built-in coverage of Red Hat CVEs directly from the Red Hat OVAL feed and provides custom-developed and tested seccomp policies for common OpenShift workloads.

Risk Prioritization Tailored to Your Environment

Twistlock ranks vulnerabilities by leveraging our proprietary risk score, a combination of CVSS score and metrics about your specific environment, so you can measure and prioritize remediation of top vulnerabilities. Twistlock uses Red Hat specific vulnerability data, resulting in the most precise, layer-aware vulnerability analysis with zero false positives.

Runtime Security for OpenShift

From network and application firewalls, to container runtime defense, to host protection — Twistlock is the only security tool you need to defend your OpenShift environment against vulnerabilities and active threats. Twistlock creates models for every image deployed in every pod in OpenShift, hunts for anomalies, and automatically prevents attacks, all while working with your existing OpenShift logging and monitoring interfaces.

Support for Open Container Standards

Twistlock supports open container standards like runC and containerd and works with runtimes including Docker, cri-o, and cri-containerd.

Now Tech: Container Security, Q4 2018 Forrester’s Overview of 24 Container Security Vendors
Security pros, infrastructure architects, and devops leaders can use this report to understand the value of a container security provider and review the current market landscape.
Kubernetes Deployment & Security Patterns
Shine a light on answering the question: How well does Kubernetes work in production? Get data research and findings about Kubernetes deployment and security practices.