Twistlock has announced the latest release of its cloud-native security platform. Twistlock 19.03 is designed to expand the company’s security capabilities to hosts, containers and serverless solutions.

“Our approach is different because we’re not repacking legacy technologies or focusing on only a single aspect of host defense. Instead, Twistlock provides vulnerability management, compliance, runtime defense, and firewalling across all your VMs in all your clouds. We’re able to do this because we started on the harder problem first – containers, where you have many more entities, they’re all ephemeral, and they’re changing all the time,” John Morello, CTO for Twistlock, wrote in a blog post.

According to Morello, while VMs have been around for quite some time and are used for a number of different scenarios, the company is focusing on modern, cloud-focused deployments. “we continue to heavily invest in container and serverless features but adding VMs provides truly comprehensive and consistent protection across all your workloads regardless of where on the continuum they’re run,” he explained.

Key features of the release include:

    • Cloud native network firewall and radar for hosts: One of the key challenges of cloud-based VMs is the ability to maintain a least privilege networking mode for apps they run, Morello explained. Cloud native network firewall for hosts is designed to automate learning and workload awareness. Radar for hosts aims to display vulnerabilities, compalice and runtime status.
    • Host file integrity monitoring: A central place for security and compliance policy. According to Morello, it “enables monitoring of host file systems for specific changes to directors and files by specific users.”
    • Host forensics: First introduced in Twistlow 2.5 and known for its continuous forensic capability or ‘flight data recorder’ for containers, host forensics aims to behave similarly to container forensics and designed to keep a self-managed local log of forensic activity.
    • Customer runtime rule language: Designed to provide control over discrete runtime behaviors in containers and hosts. “These custom rules enable you to specify exact conditions to watch for and exact actions to take when they’re encountered,” Morello wrote.
    • Cloud compliance v2: Provides deeper compliance capabilities for AWS and includes the CIS AWS Foundations Benchmark checks.
    • Assigned collections: Aims to make it easier to provide least privilege access to data within a Twistlock environment, such as allowing a given dev team to only see vulnerability data about their own images.
    • RASP defender: “RASP (Runtime Application Self Protection) is an industry term for embedding security within an app, rather than relying on an external tool. RASP Defender is a simple binary that runs as part of an app (even a non-containerized app) and provides automatic process and network based runtime defense, such as preventing anomalous processes from starting and blocking access to undesired DNS namespaces,” Morello explained.







Additionally, Morello says the release has a number of smaller improvements that include native Helm support, the ability to upload debug data, real-time log ingestion, simplified vulnerability management policy and separate host and container policies.