Red Hat OpenShift Security

Full Lifecycle Security for Red Hat OpenShift

Enterprises across government, healthcare, financial services, and the intelligence community that use Red Hat OpenShift to build, deploy, and manage their containers also use Twistlock to provide complete security protection for their environments. Twistlock open source contributions are already part of OpenShift, and since Twistlock runs as a native OpenShift app, it’s easy to deploy. As a Red Hat OpenShift Primed partner and Kubernetes Technology Partner, you can trust Twistlock to provide reliable, well-integrated defense for OpenShift.

Vulnerability Prevention from Development to Runtime

Twistlock prevents the deployment of vulnerable images across your environment with alerting and enforcement policies covering the entire CI/CD process as you build, ship, and run your applications using OpenShift. Whether you’re using Jenkins, or another CI tool, and the OpenShift Registry, Artifactory, or anything else, Twistlock secures your pipeline from beginning to end.

Enterprise Compliance

With over 300 built-in checks for the Docker, Kubernetes, and Linux CIS Benchmarks, Twistlock can automatically enforce compliance policies across the container application lifecycle. Use built-in compliance templates for standards like PCI, GDPR, HIPAA, and NIST SP 800-190, or import your own custom SCAP policies. Operate in high security environments with full support for air-gapped environments — with Twistlock all your data is completely under your control at all times.

Advanced Threat Intelligence

The Twistlock Intelligence Stream sources and aggregates vulnerability information directly from 30+ upstream projects, commercial sources, and proprietary research from Twistlock Labs — providing data others can’t, so you have the most precise and comprehensive vulnerability and threat data to protect your images and containers. Twistlock has built-in coverage of Red Hat CVEs directly from the Red Hat OVAL feed and provides custom-developed and tested seccomp policies for common OpenShift workloads.

Risk Prioritization Tailored to Your Environment

Twistlock ranks vulnerabilities by leveraging our proprietary risk score, a combination of CVSS score and metrics about your specific environment, so you can measure and prioritize remediation of top vulnerabilities. Twistlock uses Red Hat specific vulnerability data, resulting in the most precise, layer-aware vulnerability analysis with zero false positives.

OpenShift Security During Runtime

From network and application firewalls, to container runtime defense, to host protection — Twistlock is the only security tool you need to defend your OpenShift environment against vulnerabilities and active threats. Twistlock creates models for every image deployed in every pod in OpenShift, hunts for anomalies, and automatically prevents attacks, all while working with your existing OpenShift logging and monitoring interfaces.

Support for Open Container Standards

Twistlock supports open container standards like runC and containerd and works with runtimes including Docker, cri-o, and cri-containerd.

Guide to Modernizing Traditional Security

Get it now

“Containerization is the future of platform infrastructure and a technology enabling agile modern software development. Booz Allen Hamilton’s federal clients want to move fast with the highest level of confidence that their code is secure. With Twistlock, we are able to deliver the best of both worlds.”

Dan Tucker Vice President, Booz Allen Hamilton
Kubernetes Deployment & Security Patterns
Shine a light on answering the question: How well does Kubernetes work in production? Get data research and findings about Kubernetes deployment and security practices.