Twistlock Expands Cloud Native Cybersecurity Platform for Hosts, Containers, and Serverless Across the DevSecOps Lifecycle

“While many security providers already offer products that can run in VMs, they’re often just rehashed legacy endpoint protection and are not optimized for the kind of automation and statelessness that defines cloud native,” said John Morello, chief technology officer, Twistlock. “With that in mind, we set out to create a comprehensive cloud native security platform that wouldn’t repack legacy technologies or focus on only a single aspect of host defense. This latest release of Twistlock provides vulnerability management, compliance, runtime defense, firewalling, and access control across all VMs in all clouds.”

Today’s organizations are seeking a comprehensive platform that moves beyond legacy endpoint protection and are optimized for the kind of automation and statelessness that defines cloud native. Twistlock 19.03 offers a new approach through its protection across the entire continuum.

“Server workloads in hybrid data centers spanning private and public clouds require a protection strategy different from end-user-facing devices. Security and risk management leaders should evaluate and deploy offerings specifically designed for cloud workload protection.Gartner, Market Guide for Cloud Workload Protection Platforms1

“Our approach is different because we’re not repacking legacy technologies or

focusing on only a single aspect of host defense,” said Ben Bernstein, chief executive officer, Twistlock. “This isn’t a shift in strategy, but an expansion of it.  We’ll continue to heavily invest in container and serverless features but adding VMs provides comprehensive and consistent protection across all workloads regardless of where on the continuum they’re run.”

Key functionality included in Twistlock 19.03 includes:

  • Cloud Native Network Firewall and Radar for Hosts: Cloud Native Network Firewall for hosts is a distributed layer 3 / 4 firewall that stresses automated learning and workload awareness to effectively isolate apps in a least privilege connectivity mesh.
  • Host File Integrity Monitoring: File integrity Monitoring enables monitoring of host file systems for specific changes to directories and files  by specific users.
  • Host Forensics: Host forensics works in a very similar manner to container forensics, keeping a self-managed, high performance local log of forensic activity and selectively forwarding this data to Console only in case of incidents.
  • Custom Runtime Rule Language: Custom runtime rule language is a simple, intuitive, expression-based approach to define discrete runtime behaviors at a level of precision beyond what’s possible with existing rules.
  • Cloud Compliance V. 2: This version covers all cloud native services on Azure and Google Cloud Platform and shows rich metadata about each service directly in the Console web UI.
  • Assigned Collections: Twistlock introduces Assigned Collections to make it easier to provide least privilege access to data within any given Twistlock Project or environment.
  • RASP Defender: Twistlock 19.03 supports services that run Docker images, yet do not use Docker or OCI runtimes, like Pivotal PAS, as well as services that use a Docker runtime but in a highly constrained environment where Defender can’t run with the elevated access required, like AWS Fargate or Microsoft ACI. As infrastructure teams adopt these technologies, Twistlock is providing robust security capabilities for these types of deployments with RASP Defender.

Additional improvements in Twistlock 19.03 include:

  • Native Helm support: Generation of ready-to-run charts for both Console and Defender directly from twistcli
  • Direct download of twistcli, the Jenkins plugin, the Defender image, and Daemon Set YAML directly from the Console web UI
  • Upload debug data to our solution engineering team directly from the Console web UI
  • Real time log ingestion, analytics, and alerting for all Kubernetes audit events
  • Drag, drop, and disablement of rules within policies
  • Simplified vulnerability management policy
  • Separate host and container policies for compliance and vulnerability management
  • Enterprise proxy compatibility: integration with ingress and egress proxies that require authentication and/or perform TLS intercept
  • IBM Security Advisor integration for alerting
  • Updated support for Google Cloud Security Command Center

For more information, or to see Twistlock 19.03 in action, visit

1Source: Gartner, “Market Guide for Cloud Workload Protection Platforms”, Neil MacDonald, 26 March 2018.

About Twistlock

Trusted by 35% of the Fortune 100, Twistlock is the world’s first truly comprehensive cloud native security platform – providing holistic coverage across hosts, containers, and serverless in a single platform. Twistlock is cloud-native and API-enabled itself, protecting all your workloads regardless of what underlying compute technology powers them. For more information, please visit