DZone
Security Zone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
  • Refcardz
  • Trend Reports
  • Webinars
  • Zones
  • |
    • Agile
    • AI
    • Big Data
    • Cloud
    • Database
    • DevOps
    • Integration
    • IoT
    • Java
    • Microservices
    • Open Source
    • Performance
    • Security
    • Web Dev
DZone > Security Zone > New Runtime Defense Architecture For Containers

New Runtime Defense Architecture For Containers

Latest release includes new security capabilities to eradicate vulnerabilities and prevent potential risks.

Tom Smith user avatar by
Tom Smith
CORE ·
Jan. 19, 17 · Security Zone · News
Like (1)
Save
Tweet
3.45K Views

Join the DZone community and get the full member experience.

Join For Free

Twistlock, provider of cloud container security solutions, unveiled a new runtime defense architecture for its Twistlock 1.7 container security platform that enables both predictive and threat-based active protection for running containers. Introducing an intent-based security model, Twistlock 1.7 allows organizations to conduct intent analysis for container applications, spot anomalies, and enforce runtime policy -- all in an automated fashion across hundreds of images with no user interaction.

Real-time Threat Detection and Incident Response Capabilities

“In general, it is difficult to look at applications and deduce their intent, but containers help the effort being single-purpose and immutable,” said John Morello, chief technology officer, Twistlock. “Add to this the power of Twistlock’s real-time threat detection and incident response capabilities: the new Twistlock 1.7 feature set uniquely enables organizations to do application intent analysis, monitoring, and anomaly detection automatically. From image analysis to role-based access control, Twistlock offers everything you need to secure your containerized applications.”

Twistlock’s runtime defense architecture automatically processes applications and models their intent -- all without user interaction. Then, in runtime the engine uses this intent as a baseline to monitor the execution of the application. Using Twistlock 1.7, organizations can automatically determine if an application’s behavior has deviated from its model, for example, when a container runs a process not included in the origin image or creates an unexpected network socket. It can also automatically detect compromises with new threat-based protection capabilities that enable security teams to detect when malware is added to a container or when a container connects to a botnet. Twistlock users get ahead of the threat curve by spotting indicators of compromise and proactively isolating threats and attacks.

Key features and benefits of Twistlock 1.7 include:

  • Enhanced Machine Learning Functionality: Using enhanced autonomous learning capabilities, Twistlock 1.7 captures data that includes inter-container network flows, post deployment process activity and system call behaviors to to detect anomalies in runtime.

  • Greater Visibility: Twistlock 1.7 introduces the concept of models, which are autonomously created descriptions of everything learned about a given image, including process, file system, network, and system call behaviors.

  • Simplified Sensor Rules: Twistlock 1.7 consolidates sensor rules into a single object. This not only saves developer teams time, but also speeds up time to market through automatic alerts created based on the models mentioned above.

  • Trusted images - A list of repositories and images that are trusted and provide access to simple policies that alert or block deployment of images outside this list. Trusted Images works with repositories on any registry, anywhere including Artifactory, Docker Trusted Registry, and services like AWS ECR and Google Container Registry.

  • Deployment templates - Support for deploying Defenders across Kubernetes clusters using Daemon Sets. Using a Daemon Set makes deployment simple and automatic, regardless of cluster size.

  • Windows support - Added support for protecting Windows images and registries.

Docker (software) Kubernetes Architecture

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • 12 Modern CSS Techniques For Older CSS Problems
  • Understanding Kubernetes Resource Types
  • MongoDB vs. DynamoDB Head-to-Head: Which Should You Choose?
  • Top ALM Tools and Solutions Providers

Comments

Security Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • MVB Program
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends:

DZone.com is powered by 

AnswerHub logo