Virtualization Technology News and Information
Twistlock Releases Twistlock 2.2 with Incident Explorer to Arm Enterprises with More Actionable Intelligence to Thwart Attacks

Twistlock, the leading provider of container and cloud-native security solutions, today announced the availability of Twistlock 2.2. The latest release of Twistlock focuses on advanced threat analytics and prevention and includes several machine learning driven layers such as a Cloud Native Network Firewall and Incident Explorer. In addition, the release provides runtime defense down to the host OS and delivers comprehensive compliance monitoring and enforcement for Kubernetes.

Twistlock Incident Explorer applies machine learning to identify attack patterns in an organization's container environment and display security incidents in a clear, actionable format. Rather than requiring users to manually sift through data and correlate multiple actions from multiple sensors, Incident Explorer automatically builds a chain of events to give full visibility into an attack by highlighting key indicators ‒ enabling more rapid and effective incident response.

"Twistlock 2.2 broadens our application of machine learning into new spaces, like automatically building a full layer 3 firewall mesh for all your containerized apps and identifying sophisticated, multi-vector attack patterns against them," said John Morello, Twistlock Chief Technology Officer. "Using Twistlock, organizations have a centralized, comprehensive cybersecurity platform for protecting containers and cloud native apps  against real world attackers and APTs."

Incident Explorer

Incident Explorer is a new stand-out feature designed to apply machine intelligence to the correlation and analysis of events that span multiple actions and sensors. In the case of a compromised containerized app, Incident Explorer automatically identifies and correlates multiple  chains of events automatically, highlighting key indicators from both our behavioral and threat based sensors. When an attack occurs, rather than manually sifting through individual event and sensor data, an organization can be alerted to and view attack patterns in a clear, digestible format and, ultimately, respond to incidents much more quickly and effectively.  

Cloud Native Network Firewall

Cloud Native Network Firewall applies Twistlock's machine learning to model inter-container network behaviors at layer 3, understanding sources, destination, ports, and flows in a container centric way - between containers, pods, and services, rather than focusing on raw IPs.  This enables Twistlock to automatically build layer 3 firewalls for every part of every app, without requiring any manual configuration or supervised learning.  CNNF works across all orchestration platforms and enables organization to compartmentalize traffic per app without any changes to the images, containers, or orchestrators, and works on any cloud.

Additional new capabilities and features available in Twistlock 2.2 include:

  • Runtime defense for container hosts: In 2.2, our promise is simple: Twistlock is the only security platform you need on a host running containers.  We've long provided threat based runtime defense (IP reputation and malware) for your host OS, but in 2.2, we're delivering the same predictive model driven runtime defense as well.  Obviously, a host is different than a container and is far more likely to change over time as it's updated and upgraded.  Thus, we've tuned the ML algorithms we use for building models to create models that are optimized for host scenarios but provide the same automatic protection and explicit allow list approach to runtime security.

  • Native deployment on Swarm: In 2.0 and 2.1, Twistlock delivered a native experience for deploying and running Twistlock as pods and Daemon Sets on Kubernetes. In 2.2, Twistlock has added similar capabilities for Docker Swarm. If an organization is running Swarm as their orchestrator, they can now run Console as a service ‒ relying on Swarm for providing built in high availability ‒ and Defender as a global service. Whether 5 nodes or 500 nodes in a Swarm cluster, each can be protected with Twistlock in just a few clicks, in a couple of minutes.

  • Slack and JIRA push alerts: One of Twistlock's guiding principles is to ensure data is open and accessible, which more practically has meant supporting a diverse set of integrations for alerting and monitoring. In previous releases, integration with Slack and JIRA has been available via email. In 2.2, Twistlock takes this a step further, providing native Slack and JIRA integration in the box. This integration also includes centralized and simplified alert profiles, giving users control and granularity to define different providers and targets per rule, but with the ability to assign all of these from a central alert configuration page.

  • Compliance monitoring and enforcement for Kubernetes: Twistlock is proud to have contributed to the Kubernetes CIS Benchmark, which builds on the company's many other compliance focused contributions in the community, like NIST SP 800-190 and guides for PCI and HIPAA in containerized environments. In 2.2, Twistlock has added support for all 106 settings in the Kubernetes benchmark. Not only can organizations assess their compliance with these recommendations, but also actively enforce them. Even more valuably, the Twistlock Labs research team has analyzed each of the sections in the Kubernetes CIS Benchmark and scored them based on criticality, so organizations have a clear set of guidelines to enforce adherence to the controls that are most important to their company.

To learn more about Twistlock 2.2, visit the website.
Published Thursday, September 21, 2017 2:08 PM by David Marshall
Filed under: , ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<September 2017>