Twistlock has announced the release of Twistlock Runtime, a set of automated capabilities that defend against active threats targeting container environments.
The platform is designed specifically to detect and stop sophisticated runtime attacks – including APTs and zero-day exploits – against containerized applications. Twistlock Runtime is a component within the Container Security Suite which was launched in November.
Twistlock Runtime utilizes a declarative security model to build runtime protection. It performs static and dynamic analysis of container images and derives a set of declarative “DNA” profiles for the containers. The profiles offer both container-specific and global smart rules to protect the production environment from active threats.
One example of a declarative profile is a set of whitelisted processes that should run inside a particular container, which Twistlock Runtime can build automatically from image analysis and use that to enforce the correct runtime behavior for protected environments.
With Twistlock Runtime, system administrators, security and operations teams can declaratively stipulate security policies applied to hosts, container engines, containers and applications. Twistlock Runtime offers the following runtime defense features and benefits:
- Container DNA profiles: A feature that automatically builds runtime 'DNA' profiles for each container based on static and dynamic analysis of the container image, and serves as the baseline for runtime anomaly and threat detection.
- Automated smart rules: The smart rules are derived from the profiles directly to enforce policies and desired behavior in runtime. They also respond to changing threats and environments, leading to adaptive and targeted protection.
- Enhanced commercial and proprietary threat intelligence: This includes leading commercial threat feeds as well as Twistlock’s own threat research and is added on top of open source threat and vulnerability feeds that already power Twistlock’s products.
- Dev-to-production security mechanism: The industry’s first known approach – which takes static analysis knowledge of container images and from that, directly derives runtime protection rules, as opposed to traditional security measures that involve disparate code analysis and runtime protection.
- Low management overhead: Twistlock Runtime doesn’t require admins or Ops teams to manually administer defense mechanisms, tune policies, or play catch-up to the latest threats.