Twistlock Brings Container-Native Security to Virtual Machines

Trusted by 25 percent of the Fortune 100, Twistlock is the most complete, automated and scalable cloud native cybersecurity platform. Purpose built for containers, serverless, and other leading technologies — Twistlock gives developers the speed they want, and CISOs the control they need.

Mar 5th, 2019 11:27am by B. Cameron Gain

Featued image for: Twistlock Brings Container-Native Security to Virtual Machines

Twistlock sponsored this podcast.

Twistlock Brings Container-Native Security to VMs

Also available on Apple Podcasts, Google Podcasts, Overcast, PlayerFM, Pocket Casts, Spotify, Stitcher, TuneIn

Many traditional security software providers have followed the gold rush to offer solutions for cloud native deployments. But finding a vendor that both meets the technology challenges associated with Kubernetes and microservices and offers a good fit for an organization’s specific needs can be a challenge — even while there has been a near explosion in purported solutions on offer that promise to offer “an exact fit.”

However, the security needs of virtual machines (VMs), while more mature as a technology, do not necessarily get the attention they deserve from third-party software security providers. The result is that organizations struggle to find security solution for VMs as well as for what is required for Kubernetes and microservices running on cloud native platforms and integrated with service meshes.

“One of the frustrations that a lot of customers have expressed to us is that the traditional market for VM security is really a market that’s been defined by taking legacy technologies that were built for on-premises data centers and traditional kind of server datacenter endpoint protection,” said John Morello, chief technology officer of Twistlock. “They are just kind of jamming that into a new marketing term, a new model and selling that as some sort of cloud-security product. But those products don’t really work well when you think about the way that people operate VMs in these modern stacks.”

The stack-level security that is required for VMs as well as for cloud native deployments and service meshes was discussed during a podcast that Alex Williams, founder and editor-in-chief of The New Stack, hosted with Morello.

With Twistlock’s latest 19.03 release, for example, the idea is to offer what the company describes as a comprehensive cloud native security platform for hosts, containers and serverless in a single product.

“We are expanding the cloud native security platform that we have to provide those same kinds of capabilities that we do for containers and for serverless to your virtual machines,” Morello said.

In many cases, organizations are subjected to what Morello described as “classic VM” security solutions that are installed by hand and manually updated.

“[It’s about] that whole notion of a pet versus cattle, versus what we’re talking about today, which is a modern virtual machine approach in which you operate those VMs and the workloads on them as cattle, as kind of a fleet of capacity,” Morello said. “You deploy it with automation, you manage it through some sort of tooling that again is also focused on automation and you’re not really worrying about any individual VMs or worried about kind of the fleet and the health of the overall application.”

With traditional security tools, you “typically had two big gaps when it came to managing that,” Morello said. The first gap consisted of how traditional security tools “were not very friendly for automation,” Morello said.

The second big gap was that “those tools are usually kind of single purpose in nature,” Morello said. “You know, you may have one of them that’s focused on vulnerability management, you run a different tool for compliance assessment, you run a third tool for some kind of runtime defense. And so you ended up with that problem that a lot of enterprises are familiar with, where you suddenly have half a dozen agents running on each one of your VMs soaking up a whole bunch of capacity and fighting with each other,” Morello said.

With Twistlock 19.03, “you have a singular platform as a cloud native app itself. You still deploy it and operate it as an app in Kubernetes or in [Docker] Swarm or wherever you are in your containers,” Morello said. “It’s still completely programmatically accessible, you can manage your security as code, if you will. You can push and pull rules to it through CI/CD processes and store them in Git and so forth,” Morello said.

Morello said Twistlock 19.03 was designed to “help us answer a request that we’ve been hearing from customers quite a lot for over a year.”

“As [customers] go on this whole cloud native journey and they put more things in containers and they use more serverless in their environments, they still have a good bit of stuff that’s running inside of VMs,” Morello said. “That stuff that’s inside a VM is often there for a really good practical business reason, like maybe the vendor only supports it as a VM, it’s already there, it just works so there’s no really reason to change it. Or it may have particular workloads that may still be better suited [for] VMs.”

In this Edition:

1:00: The announcement.
5:26: Exploring the new features in Twistlock 19.03, and relating these across service mesh technologies and distributed architectures.
8:15: Tell me about the service mesh angle, and how this fits in with the cloud native story that we’re hearing, and increasingly, the container security story?
13:19: Exploring the new radar view for hosts in Twistlock 19.03.
14:43: Tell us about RASP Defender.
18:17: Discussing the other features available in Twistlock 19.03 and the recent runc exploit.

Feature image via Pixabay.

BC Gain is founder and principal analyst for ReveCom Media. His obsession with computers began when he hacked a Space Invaders console to play all day for 25 cents at the local video arcade in the early 1980s. He then...