Twistlock, provider of container and cloud-native security solutions, announced this week availability of Twistlock 2.2. The latest release of Twistlock focuses on advanced threat analytics and prevention and includes several machine learning driven layers such as a Cloud Native Network Firewall and Incident Explorer. In addition, the release provides runtime defense down to the host OS and delivers comprehensive compliance monitoring and enforcement for Kubernetes.
Incident Explorer is a new stand-out feature designed to apply machine intelligence to the correlation and analysis of events that span multiple actions and sensors. In the case of a compromised containerized app, Incident Explorer automatically identifies and correlates multiple chains of events automatically, highlighting key indicators from both our behavioral and threat based sensors.
When an attack occurs, rather than manually sifting through individual event and sensor data, an organization can be alerted to and view attack patterns in a clear, digestible format and, ultimately, respond to incidents much more quickly and effectively.
Twistlock Incident Explorer applies machine learning to identify attack patterns in an organization’s container environment and display security incidents in a clear, actionable format.
Rather than requiring users to manually sift through data and correlate multiple actions from multiple sensors, Incident Explorer automatically builds a chain of events to give full visibility into an attack by highlighting key indicators ‒ enabling more rapid and effective incident response.
Cloud Native Network Firewall applies Twistlock’s machine learning to model inter-container network behaviors at layer 3, understanding sources, destination, ports, and flows in a container centric way – between containers, pods, and services, rather than focusing on raw IPs. This enables Twistlock to automatically build layer 3 firewalls for every part of every app, without requiring any manual configuration or supervised learning.
CNNF works across all orchestration platforms and enables organization to compartmentalize traffic per app without any changes to the images, containers, or orchestrators, and works on any cloud.
Twistlock delivers a native experience for deploying and running Twistlock as pods and Daemon Sets on Kubernetes. In 2.2, Twistlock has added similar capabilities for Docker Swarm. If an organization is running Swarm as their orchestrator, they can now run Console as a service ‒ relying on Swarm for providing built in high availability ‒ and Defender as a global service. Whether 5 nodes or 500 nodes in a Swarm cluster, each can be protected with Twistlock in just a few clicks, in a couple of minutes.
One of Twistlock’s guiding principles is to ensure data is open and accessible, which more practically has meant supporting a diverse set of integrations for alerting and monitoring. In previous releases, integration with Slack and JIRA has been available via email.
In 2.2, Twistlock takes this a step further, providing native Slack and JIRA integration in the box. This integration also includes centralized and simplified alert profiles, giving users control and granularity to define different providers and targets per rule, but with the ability to assign all of these from a central alert configuration page.
Twistlock is proud to have contributed to the Kubernetes CIS Benchmark, which builds on the company’s many other compliance focused contributions in the community, like NIST SP 800-190 and guides for PCI and HIPAA in containerized environments.
In 2.2, Twistlock has added support for all 106 settings in the Kubernetes benchmark. Not only can organizations assess their compliance with these recommendations, but also actively enforce them. Even more valuably, the Twistlock Labs research team has analyzed each of the sections in the Kubernetes CIS Benchmark and scored them based on criticality, so organizations have a clear set of guidelines to enforce adherence to the controls that are most important to their company.
“Twistlock 2.2 broadens our application of machine learning into new spaces, like automatically building a full layer 3 firewall mesh for all your containerized apps and identifying sophisticated, multi-vector attack patterns against them,” said John Morello, Twistlock Chief Technology Officer. “Using Twistlock, organizations have a centralized, comprehensive cybersecurity platform for protecting containers and cloud native apps against real world attackers and APTs.”