Recently, Twistlock released a major update to their flagship software. Twistlock 2.3 added comprehensive intelligence tools and a thorough upgrade to various systems already in place. This update is aimed to provide customers with a more exhaustive cloud security platform.
Twistlock’s CTO, John Morello, stated, “Twistlock 2.3 is all about going deeper — taking existing features and broadening their capabilities, incorporating real-world threat research from Twistlock Labs, delivering Twistlock protection to new platforms, and responding to enterprise management requirements from our customers.”
One of the most significant additions to Twistlock is the new serverless security function. A few months ago, Twistlock released a version of their serverless security in beta. This beta was a rousing success and consumers were incredibly pleased. Thus, Twistlock took the positive feedback and decided to include fully supported vulnerability management for serverless functions built into 2.3.
Enhanced vulnerability analysis
In Twistlock’s previous update, 2.2, it was made easier to understand what image layers have vulnerabilities. 2.3 has improved this by introducing the ability to automatically correlate vulnerabilities to layers and provide this information to the right teams to correct them. Additionally, 2.3 provides a more thorough Vulnerability Explorer app, which scores what threats are the most pressing. The scores use attack vector, attack complexity, and the existence of exploit code as additional inputs when calculating risk scores.
Improvements to CNAF
Twistlock has improved their cloud-native app firewall (CNAF), which already provided layer 7 traffic inspection and protection. In 2.3 they’ve bolstered CNAF with anti-reconnaissance, anti-authentication grinding, and file upload filtering. These new features improve Twistlock’s ability to provide layer 7 protections for containerized apps, regardless of where they are.
App aware system call defense
2.3 also provides an enhanced app aware system call defense. They’ve re-architectured their system call runtime defense capabilities to be independent of the app frameworks and languages used. Whenever an app is opened, the program automatically injects the proper seccomp policy without any human interaction required. If a program has no app-specific policy, Twistlock injects a broadly-applicable policy so no protection is lost.
Upgraded logging and syslog data streams
Twistlock decided to improve their logging and syslog data streams in 2.3. In previous versions, they focused on finding active threats in the environment. Twistlock has listened to customer feedback and concluded that some of their users prefer their SIEM to collect verbose information about their environment. 2.3 includes an enhanced version of their syslog output to include detailed information about all process activity.
Latest posts by Tyler W. Stearns (see all)
- Survey: Sonatype Illustrates the Importance of DevOps Security - April 18, 2018
- RSAC DevOps Connect: Developing DevSecOps Strategies - April 18, 2018
- Twistlock Increases Scaling Capabilities with Twistlock 2.4 - April 17, 2018