Twistlock can detect vulnerabilities within the Linux distribution layer (e.g., Debian, Alpine LInux, Fedora), libraries, Gems, app frameworks (Node.js, Python, Java), and even your custom application packages. We decompose a container image down to the individual layers and identify vulnerabilities exist within each layer with content fingerprinting and custom identification technologies.
Twistlock's intelligence service sources and aggregates vulnerability information directly from upstream projects, such as ubuntu, redhat, debian, etc., commercial and proprietary sources including our own labs. The vulnerability information is sent in real time to the Twistlock Console, which is the central brain for vulnerability management.
Twistlock analyzes images stored in a registry, on a developer’s workstation, and all the way to containers being launched on a production host. Our centralized intelligence allows us to leverage information gathered in dev time and utilize in runtime for optimized differential scanning as well as the ability to spot vulnerabilities without rescanning known components.
Twistlock supports an extensive set of APIs for developers to access almost all of our core functions, supporting limitless automation possibilities. Key use cases include auto-scaling, rule creation, access management, enterprise ticket integration, customized reporting, and forensics information gathering.
Twistlock uses a set of automatic profiling policies to detect anomalies in runtime. These policies are derived from system call profiling, malicious behavior fingerprinting, user access analysis, and intelligence from image scanning during development. These policies require no or little intervention from sysadmins and are a powerful tool to detect active threats and compromises.
We report which libraries, packages, frameworks contained a specific vulnerability, point to the CVE source, and when applicable, detail the steps for remediation. Our reporting can be specific to a container or in aggregate – i.e., how many containers (and where) are running a vulnerable version of a library at this point in time.