Twistlock 2.0 Improves Container Security and Compliance

Twistlock adds new Compliance Explorer and Runtime Radar features, helping organizations better understand and control container deployments.


Container security vendor Twistlock is updating its namesake platform with a 2.0 release that aims to improve container visibility and security.

Twistlock unveiled its container security platform in November 2015, providing runtime security options for container deployments. The platform has evolved since then with a steady stream of updates. The new Twistlock 2.0 update includes several enhanced container security capabilities as well as a new back-end code infrastructure.

Prior to the 2.0 update, Twistlock used the open-source node.js JavaScript framework as the back-end coding technology, according to John Morello, CTO of Twistlock. As the scale and demands of Twistlock's customer base grew, there were some scaling limitations with node.js. To expand the scalability of Twistlock, the company ported the Twistlock 2.0 back end to the open-source Go programming language.

Since Twistlock is deployed as a container, users won't notice the shift to the Go back end from a usability perspective, but they will notice a difference with performance, Morello said. He added that the new Go-based Twistlock 2.0 back end has reduced memory consumption and better responsiveness overall.

With Twistlock 2.0, the company is adding its new Runtime Radar 2.0 capability, providing improved container interaction visibility. Morello explained that in prior releases of Runtime Radar, the feature showed administrators all of the containers running in an environment and how those containers connect to different services.

"In the past, we just showed a static view that was just about connectivity," Morello told eWEEK. "In Runtime Radar 2.0 we now overlay a rich set of data about what is going on in an environment."

So instead of simply identifying that one container image connects to another over a specific network port, Runtime Radar 2.0 will now provide contextual information about the given images. That information can include the vulnerability and compliance status for a container image, in an effort to provide an accurate representation of risk.

In previous releases of Twistlock, the Runtime Radar had relatively limited enforcement capabilities, Morello said.

"What we're doing in Runtime Radar 2.0 is we learn all the connectivity patterns and we learn them in the context of whatever orchestration tool you are using," he said.

For example, if an organization is using the Kubernetes container orchestration system, Twistlock 2.0 understands the connectivity between containers at a Kubernetes pod and service level.  Everything learned by Twistlock 2.0 about how containers connect for normal operations can be exported into a policy. That policy can be exported to a native Kubernetes networking policy that can be automatically enforced in a Kubernetes cluster, with the help of container networking technologies including Weave Net and Project Calico.

"The ability to automatically learn existing connectivity patterns and then express them in a container-centric way that can be consumed by the underlying networking engine is a real innovation that we've added in this release," Morello said.

Another key element included in the Twistlock 2.0 release is a new Compliance Explorer feature, which aims to help organizations operate containers in accordance with compliance regulations.

"We don't just give you alerting on compliance; we also provide active enforcement," Morello said. "Since we're in every host, if a user tries to do a deployment that is not compliant with policy, Twistlock will prevent the deployment."

Looking forward, Twistlock is already actively working on its 2.1 release, with plans to ship the next update inside of the next nine weeks. Morello said Twistlock will continue to work on enhancing features to help create autonomous policies that protect container applications. More work will also be done to further improve the visualization of container environments, he added.

"Today we show people all their container images and what's wrong with those images," Morello said. "We want to apply more intelligence to the process, so that we give customers data that is more actionable."

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.