Virtualization Technology News and Information
Twistlock Releases Twistlock 2.1, Announces First-of-its-Kind Cloud Native App Firewall Enabling Organizations to Stop an Attack Before It Starts

Twistlock, the leading provider of cloud container security solutions, today announced the availability of Twistlock 2.1. The latest release of Twistlock's flagship product includes a first of its kind cloud native app firewall, vulnerability risk ranking that uses knowledge of an enterprise's unique environment to prioritize what to fix first, a brand new dashboard and integrated secrets management based on Twistlock's latest work in the Docker open source project.

Twistlock's 2.1 release comes on the heels of continued momentum for the company. In April, Twistlock announced its $17M Series B funding round led by Polaris Partners, with participation from existing investors YL Ventures, TenEleven and Rally Ventures. Twistlock also announced significant updates to its product in the 2.0 release. Twistlock is proud to be protecting mission critical cloud native workloads at over 60 enterprise customers. Recent customer additions include a top 5 financial institution, a top 5 industrial and IoT manufacturer, the industry-leading gaming engine, additional agencies in the US defense and intelligence community, and a top 5 global coffeehouse chain.

"Twistlock 2.1 uses our deep knowledge of container threats to give organizations all the tools needed to prevent problems before they occur," said John Morello, chief technology officer at Twistlock. "As the industry's most comprehensive, automated and scalable container security solution, Twistlock dynamically simplifies the flow of app traffic to prevent attacks on organizations, making it an obvious choice to secure their containers against the next generation of threats."

Cloud Native App Firewall

In 2.1, Twistlock introduces a Cloud Native App Firewall (CNAF) that combines Twistlock's knowledge, placement and visibility, and automatically protects customers' apps at scale, with far less manual interaction and in a completely ‘software defined' manner. Critically, this all happens without having to change anything in an organization's images, containers, or infrastructure. Twistlock can dynamically learn where to apply these filters, transparently filter application traffic against common attack patterns like SQL injection and cross site scripting, transparently block requests from malicious endpoints, and ensure that only safe traffic reaches an organization's app, all without having to configure external devices or ever enter an IP address.

Vulnerability Explorer

Twistlock has always looked at vulnerability management broadly and focused on giving enterprises the tools to prevent problems before they occur. Twistlock 2.1 takes this a step further by giving customers an actionable, stack-ranked view of the most critical risks in the environment, based on the organization's unique deployments. For example, Twistlock will prioritize vulnerabilities that impact containers exposed to the internet or running without a mandatory security profile. This visibility provides the knowledge of which risks are most important, so teams can prioritize their work to identify and remediate critical problems more rapidly.  

Additional new capabilities and features available in Twistlock 2.1 include:
  • Twistlock collections: For organizations that have different teams working on many different apps sharing the same environments, collections enable the company to centrally create and manage pre-defined filters in rules and views across the product. Collections provide multi-tenancy and can be created for any arbitrary structures a company would like, such as by project, organizational hierarchy, geography or some combination thereof.

  • Compliance alerting and enforcement in Jenkins: Twistlock has long supported the ability to alert on and enforce vulnerability thresholds during the CI process via the native Jenkins plugin. In Twistlock 2.1, this CI integration is expanding to cover image compliance. A company can now use Twistlock to check, alert on, and fail builds based on compliance posture. This capability is all about the ‘shift left' concept, helping organizations move both security and compliance further upstream in the development process.
  • Secrets manager: The new Secrets Manager in Twistlock 2.1 allows customers to integrate their secret management platforms, such as HashiCorp or CyberArk, and securely distribute secrets from those stores into specified containers. Twistlock's secrets manager is built on the latest work Twistlock is contributing to the open source Docker project, enabling pluggable secrets stored directly in Docker Swarm.
  • Vulnerability push alerts: Enhanced capabilities in Twistlock 2.1 allow organizations to create configurable alerts, and automated processes for development teams to get push notifications about new vulnerabilities discovered in the apps they maintain.
To learn more about Twistlock 2.1, visit their website.
Published Tuesday, July 11, 2017 1:36 PM by David Marshall
Filed under: , ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<July 2017>