DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
  1. DZone
  2. Software Design and Architecture
  3. Microservices
  4. New Runtime Defense Architecture For Containers

New Runtime Defense Architecture For Containers

Latest release includes new security capabilities to eradicate vulnerabilities and prevent potential risks.

Tom Smith user avatar by
Tom Smith
CORE ·
Jan. 19, 17 · News
Like (1)
Save
Tweet
Share
3.67K Views

Join the DZone community and get the full member experience.

Join For Free

Twistlock, provider of cloud container security solutions, unveiled a new runtime defense architecture for its Twistlock 1.7 container security platform that enables both predictive and threat-based active protection for running containers. Introducing an intent-based security model, Twistlock 1.7 allows organizations to conduct intent analysis for container applications, spot anomalies, and enforce runtime policy -- all in an automated fashion across hundreds of images with no user interaction.

Real-time Threat Detection and Incident Response Capabilities

“In general, it is difficult to look at applications and deduce their intent, but containers help the effort being single-purpose and immutable,” said John Morello, chief technology officer, Twistlock. “Add to this the power of Twistlock’s real-time threat detection and incident response capabilities: the new Twistlock 1.7 feature set uniquely enables organizations to do application intent analysis, monitoring, and anomaly detection automatically. From image analysis to role-based access control, Twistlock offers everything you need to secure your containerized applications.”

Twistlock’s runtime defense architecture automatically processes applications and models their intent -- all without user interaction. Then, in runtime the engine uses this intent as a baseline to monitor the execution of the application. Using Twistlock 1.7, organizations can automatically determine if an application’s behavior has deviated from its model, for example, when a container runs a process not included in the origin image or creates an unexpected network socket. It can also automatically detect compromises with new threat-based protection capabilities that enable security teams to detect when malware is added to a container or when a container connects to a botnet. Twistlock users get ahead of the threat curve by spotting indicators of compromise and proactively isolating threats and attacks.

Key features and benefits of Twistlock 1.7 include:

  • Enhanced Machine Learning Functionality: Using enhanced autonomous learning capabilities, Twistlock 1.7 captures data that includes inter-container network flows, post deployment process activity and system call behaviors to to detect anomalies in runtime.

  • Greater Visibility: Twistlock 1.7 introduces the concept of models, which are autonomously created descriptions of everything learned about a given image, including process, file system, network, and system call behaviors.

  • Simplified Sensor Rules: Twistlock 1.7 consolidates sensor rules into a single object. This not only saves developer teams time, but also speeds up time to market through automatic alerts created based on the models mentioned above.

  • Trusted images - A list of repositories and images that are trusted and provide access to simple policies that alert or block deployment of images outside this list. Trusted Images works with repositories on any registry, anywhere including Artifactory, Docker Trusted Registry, and services like AWS ECR and Google Container Registry.

  • Deployment templates - Support for deploying Defenders across Kubernetes clusters using Daemon Sets. Using a Daemon Set makes deployment simple and automatic, regardless of cluster size.

  • Windows support - Added support for protecting Windows images and registries.

Docker (software) Kubernetes Architecture

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • What Is Policy-as-Code? An Introduction to Open Policy Agent
  • SAST: How Code Analysis Tools Look for Security Flaws
  • Mr. Over, the Engineer [Comic]
  • Why Open Source Is Much More Than Just a Free Tier

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: