Twistlock, the leading provider of container security solutions, today announced the release and immediate availability of Twistlock Runtime, a set of automated capabilities that defend against active threats targeting container environments. This is the market’s first completely automated threat protection capability, designed specifically to detect and stop sophisticated runtime attacks – including APTs and zero-day exploits – against containerized applications.
Leveraging the immutable nature of containers, Twistlock Runtime uses a declarative security model to build runtime protection. It performs static and dynamic analysis of container images and derives a set of declarative “DNA” profiles for the containers. The profiles fuel both container-specific and global smart rules to protect the production environment from active threats. One example of a declarative profile is a set of whitelisted processes that should run inside a particular container, which Twistlock Runtime can build automatically from image analysis and subsequently use to enforce the correct runtime behavior for protected environments.
“Declarative security is the only way to execute predictable and accurate runtime protection,” said John Morello, Chief Technology Officer for Twistlock. “Twistlock Runtime represents a brand new way of approaching runtime security – declarative, measurable, and with minimal false positives. APTs and active threats invariably trip the profiles and the corresponding rules, and therefore can be easily detected. As more and more critical applications move to the container environment, Twistlock Runtime arms organizations with a proactive defense layer that allows them to get ahead of the threat curve, while enabling the adoption of container technologies.”
With Twistlock Runtime, system administrators, security and operations teams can declaratively stipulate security policies applied to hosts, container engines, containers and applications, while having the confidence that these policies are carried out in the production environment with minimal required manual overhead.
Twistlock Runtime offers many runtime defense features and benefits, including:
Container DNA profiles: A feature that automatically builds runtime "DNA" profiles for each container based on static and dynamic analysis of the container image, and serves as the baseline for runtime anomaly and threat detection.
Automated smart rules: The smart rules are derived from the profiles directly to enforce policies and desired behavior in runtime. They also respond to changing threats and environments, leading to adaptive and targeted protection.
Enhanced commercial and proprietary threat intelligence: This includes leading commercial threat feeds as well as Twistlock’s own threat research and is added on top of open source threat and vulnerability feeds that already power Twistlock’s products.
Dev-to-production security mechanism: The industry’s first known approach – which takes static analysis knowledge of container images and from that, directly derives runtime protection rules, as opposed to traditional security measures that involve disparate code analysis and runtime protection.
Low management overhead: Twistlock Runtime doesn’t require admins or Ops teams to manually administer defense mechanisms, tune policies, or play catch-up to the latest threats.
“Twistlock has once again carved a new path for developers innovating in container environments,” said Ben Bernstein, CEO of Twistlock. “The launch of Twistlock Runtime, which follows the General Availability release of the Twistlock Container Security Suite and the free Developer Version, represents the next step in creating a comprehensive multi-layer security environment for containers, giving organizations the peace of mind they need to safely innovate in this space.”
Twistlock's Container Security Suite, which was announced and released in November, is the only dev-to-protection security product available on the market today. Twistlock Runtime is a component within the Container Security Suite. Existing Twistlock customers can enable Twistlock Runtime as part of the product refresh. Twistlock’s technology has been adopted by organizations across many industry verticals, including financial services, healthcare, media, hospitality, consumer technology services and government agencies. Many of these customers have deployed Twistlock in both development and mission-critical production environments, leveraging the solution to protect live services and valuable customer data.