Embrace Docker containers without compromising on security

Containers are the next big thing when it comes to DevOps and rapid application development. The concept of containers has taken off thanks in no small part to Docker, but for many organizations there are inherent security concerns to address in order to use container technologies with confidence. Twistlock wants to help organizations solve the security challenge and take advantage of containers.

Docker seems to be virtually everywhere now. The number of developers relying on Docker and the volume of containerized apps supported by Docker is escalating exponentially with each passing day. Creating stable, cost efficient applications can’t come at the expense of security, though. Security needs to be integral to container development rather than the collateral damage of it. Microsoft recently introduced Hyper-V Containers to address the security dilemma with containers, but Twistlock has an approach designed to help secure the Docker containers organizations are already using.

Twistlock is a based in Israel and was founded by Ben Bernstein and Dima Stopel. The pair bring extensive enterprise security expertise in both the defense and private sector—both having spent more than 10 years in the Microsoft R&D center in Israel and served in the Israel Defense Force’s (IDF) intelligence corps. Bernstein and Stopel recognized an opportunity to help enterprises get ahead of the risks and developed the Twistlock security suite to support their secure adoption.

“Enterprises are in the midst of a data center revolution,” said Ben Bernstein, CEO and co-founder of Twistlock. “Twistlock’s container security suite provides the fuel enterprises need to accelerate their ability to use containers to develop, share and scale the applications that drive their business forward. With our solution, security operation teams finally have the visibility and granular controls they need over their ‘Dockerized’ workloads.”

Twistlock addresses risk on both the host and the application containers themselves. Twistlock claims to enable enterprises to enforce security policies, monitor and audit activity, and identify and isolate threats in a container or cluster of containers. The Twistlock security suite promises to:

· Monitor both static container images and runtime container applications to identify risks.

  • Specify security baselines to ensure the host has been hardened and the application meets certain quality and security standards before it can be pushed into production.
  • Protect containers deployed both in the cloud and on-premises in a virtual data center.
  • Keep up with the dynamic security concerns associated with the continuous integration of micro services.

Twistlock works in three layers. The Static Layer provides the ability to monitor images pulled from various registries and validate that they pass appropriate security gates. The Dynamic Layer monitors containers and container clusters, collects audit information, and provides an at-a-glance view to verify that security measures are being applied in real-time. Finally, the Policy Authoring Layer gives organizations the ability to configure security profiles to be applied at runtime for containers, and define alerts to enable admins to respond as quickly as possible when issues arise.

Hardening the Docker host machine is important but it’s not enough in and of itself. Organizations need to ensure the entire container environment is secure from end-to-end. Twistlock promises a complete audit trail, real-time protection, and a variety of security mechanisms to safeguard your Docker containers.

Avatar

Tony Bradley

I have a passion for technology and gadgets--with a focus on Microsoft and security--and a desire to help others understand how technology can affect or improve their lives. I also love spending time with my wife, 7 kids, 2 dogs, 4 cats, 3 rabbits, 2 ferrets, pot-bellied pig and sulcata tortoise, and I like to think I enjoy reading and golf even though I never find time for either. You can contact me directly at tony@techspective.net. For more from me, you can follow me on Twitter and Facebook.

Tony Bradley has 45 posts and counting. See all posts by Tony Bradley

One thought on “Embrace Docker containers without compromising on security

Comments are closed.