Twistlock Extends Container Security Platform to VMs

Twistlock announced it has extended the reach of its container security platform to include support for virtual machines running on-premises or in public clouds.

In addition, version 19.03 of the company’s namesake container security platform adds a RASP Defender, which makes it possible to deploy Twistlock container security software as a runtime self-protection (RASP) module directly within a containerized application. That capability will make it possible to secure cloud services that run Docker images but don’t make use of either Docker or Open Container Initiative (OCI) runtimes.

Twistlock is also adding support for a range of security capabilities for hosts, including a cloud-native Layer 3/4 firewall that is aware of specific application workloads, the ability to monitor host file systems for specific changes to directories and files by specific users and a host forensics capability that keeps a local log of forensic activity that will selectively forward data to the Twistlock Console pertaining to specific incidents.

Company CTO John Morello says Twistlock doesn’t necessarily see a need for every organization to supplant the existing cybersecurity technologies they rely on to secure virtual machines. But now there are plenty of instances where organizations are trying to secure a mix of cloud-native and traditional virtual machine applications running in the same environment. In those instances, Twistlock is now providing the ability to secure both classes of applications using a common security framework, he says.

Morello also notes that Twistlock may represent a significant improvement in virtual machine security for many organizations. By addressing container security requirements, the company took on the more difficult challenge first. Given the legacy nature of virtual machines, many cybersecurity professionals have become dissatisfied with the level of control they have over the tools used to secure virtual machines, he adds.

In general, Morello says Twistlock continues to distinguish itself by focusing on DevSecOps requirements as they pertain to cloud-native applications. Specific DevSecOps capabilities in the latest release of Twistlock include Native Helm support; the ability to download twistcli, the Jenkins plugin, the Defender image and Daemon Set YAML from the Twistlock Console web UI; real-time log ingestion, analytics and alerting for all Kubernetes audit events; and support for a custom runtime rule language that can be employed to create discrete runtime behaviors at a more precise level using existing rules.

Developers are naturally adverse to cybersecurity tools that require them to master a specific user interface. Acceptance of DevSecOps practices rise considerably when developers can avail themselves of application programming interfaces (APIs) to programmatically implement controls.

Twistlock is now effectively taking many larger cybersecurity rivals head on. Many larger cybersecurity vendors are now in the process of extending their existing platforms to add support for containers and serverless computing frameworks. Conversely, vendors such as Twistlock are now extending their reach into legacy virtual machine environments. It remains to be seen which vendors will prevail. But Twistlock is betting a modern security platform designed from the ground up to appeal to both cybersecurity professionals and developers alike will carry the day.

Mike Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Mike Vizard has 1615 posts and counting. See all posts by Mike Vizard