New solution targets threats to containerized apps
Running applications in containers is increasingly popular, but whilst it offers benefits in terms of the flexibility to run apps anywhere, it raises fresh challenges for keeping them secure.
A new set of automated capabilities that defend against active threats targeting container environments is being launched by security solutions company Twistlock. Twistlock Runtime is fully automated and designed to detect and stop sophisticated runtime attacks -- including APTs and zero-day exploits.
It uses a 'declarative' security model to build runtime protection. It performs static and dynamic analysis of container images and derives a set of declarative 'DNA' profiles for the containers. The profiles provide both container-specific and global smart rules to protect the production environment from active threats.
For example, a set of whitelisted processes that should run inside a particular container, can be automatically built by Twistlock Runtime from image analysis and subsequently used to enforce the correct runtime behavior for protected environments.
"Declarative security is the only way to execute predictable and accurate runtime protection," says John Morello, chief technology officer for Twistlock. "Twistlock Runtime represents a brand new way of approaching runtime security -- declarative, measurable and with minimal false positives. APTs and active threats invariably trip the profiles and the corresponding rules, and therefore can be easily detected. As more and more critical applications move to the container environment, Twistlock Runtime arms organizations with a proactive defense layer that allows them to get ahead of the threat curve, while enabling the adoption of container technologies".
Benefits include container DNA profiles based on static and dynamic analysis of the container image, and used as the baseline for runtime anomaly and threat detection. Automated smart rules are derived from the profiles directly to enforce policies and desired behavior in runtime. They also respond to changing threats and environments, leading to adaptive and targeted protection.
It uses leading commercial threat feeds as well as Twistlock's own threat research and open source threat and vulnerability feeds that already power Twistlock's products. Twistlock Runtime can also help the transition from development to production by taking static analysis of container images and from that directly deriving runtime protection rules with no need for separate analysis. As there's no need for admins or ops teams to manually administer defense mechanisms or tune policies, there are low management overheads too.
You can find out more and sign up to get a free trial on the Twistlock website.
Photo Credit: igor.stevanovic/Shutterstock