Modal Title

Twistlock Expands Beyond Docker, Kubernetes with RASP Defender

Twistlock 19.03 introduces the Runtime Application Self Protection (RASP) Defender, which is a form of embedded security, one that solves security problems posed by containers and serverless.
Mar 7th, 2019 10:43am by
Featued image for: Twistlock Expands Beyond Docker, Kubernetes with RASP Defender

The annual RSA security conference is upon us this week and, as you might expect, securing containers and microservices is a recurring theme. At the same time, virtual machines have also re-emerged as a security focus, as seen with this week’s announcement by cloud native security provider Twistlock that its latest version will bring virtual machines (VMs) into the same security product that currently encompasses cloud native container deployments.

Previously, Twistlock had expanded to cover both containers and serverless deployments, but they found that customers were asking for VMs to be included as well.

“While many security providers already offer products that can run in VMs, they’re often just rehashed legacy endpoint protection and are not optimized for the kind of automation and statelessness that defines cloud native,” writes John Morello, chief technology officer of Twistlock. “In Twistlock 19.03, we’re proud to announce the world’s first truly comprehensive cloud native security platform — protecting across hosts, containers, and serverless in a singular product, cloud native and API enabled itself, covering all your workloads regardless of what underlying compute technology powers them.”

The New Stack founder and editor-in-chief Alex Williams caught up with Morello at the conference for a demonstration of the new product:

This wasn’t the only news to come from Twistlock this week, however. Beyond the expansion to include VMs, Twistlock 19.03 introduces several other new features that are of interest to those using containers and serverless technologies. The addition of native Helm support, for example, allows Twistlock users to now “generate ready to run charts for both Console and Defender directly from twistcli,” according to the blog post. Other features of note include custom runtime rules with Kubernetes Audit logging, which will now “provide even more control over discrete runtime behaviors for both containers and hosts”, and expanded cloud discovery and compliance, which has been expanded to “cover all cloud native services on Azure and Google Cloud Platform and show rich metadata about each service directly in the Console web UI.”

Twistlock 19.03 also introduces the Runtime Application Self Protection (RASP) Defender, which Morello explains is as a form of embedded security, rather than security provided by an external tool, which solves a problem posed by containers and serverless.

“As Docker has become a near-universal app package standard, we’ve seen a proliferation of services that, while they run Docker images, do not actually use Docker or OCI runtimes. For example, Pivotal Cloud Foundry PAS can run Docker images, but uses a non-Docker and OCI runtime,” writes Morello. “Other services, like AWS Fargate and Azure Container Instances, use a Docker runtime but in a highly constrained environment where Defender can’t run with the elevated access required. To solve both of these scenarios, we’re introducing the new RASP Defender.”

RASP Defender solves this problem by running as a “simple binary” that “starts before the protected app and then immediately invokes it, giving it a para-administrative capability over the app itself, regardless of the underlying runtime and without requiring privilege within the host OS.”

The RASP Defender is for all those scenarios beyond your standard Kubernetes and Docker deployments.

“Docker and Kubernetes are revolutionary… but they’re not the only way to run your cloud workloads,” writes Twistlock solutions architect Neil Carpenter, in a blog post explaining the technology. “You may want to leverage the power of services like Azure Container Instances or AWS Fargate to run containers without managing servers. You may want to run functions on AWS Lambda, Google Functions, or even self-hosted Function-as-a-Service alternatives. You may have legacy or specialized environments that don’t run on Container Runtime Interface platforms. And, yet, across all of these scenarios, you want to be able to monitor and protect your applications and data. With the 19.03 release of Twistlock, you can extend protection to all of these scenarios.”

Twistlock is a sponsor of The New Stack.

Feature image by Kyle Glenn on Unsplash.

Group Created with Sketch.
TNS owner Insight Partners is an investor in: The New Stack, Docker.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.