The largest pain-point today for organizations moving to a container strategy is that containers are being adopted and managed by developers. Operations and security do not have the level of visibility and control that they are accustomed to. At the same time, for DevOps to succeed, security and operations controls must be as agile and move as quickly as the assets to be protected.
In this podcast recorded at RSA Conference 2016, John Morello, CTO at Twistlock, talks about the Twistlock Container Security Suite. Key features:
Full stack vulnerability management: Twistlock scans containerized applications in both image registries and in runtime to detect vulnerabilities present in the Linux distribution, application frameworks and custom-developed application code.
Advanced access control: Twistlock extends enterprise access control logic and policies to the container environment, controlling access to Docker and Kubernetes resources. The product also provides user-access analytics.
Smart runtime defense: Twistlock detects misconfigurations, malicious activities and compromises in runtime with activity monitoring and smart profiling. Smart runtime defense can prevent misconfigured containers from being launched, stop policy-violating network activities and kill misbehaving containers dynamically.
The Twistlock Container Security Suite is deployed at customer organizations spanning financial services, media, hospitality, consumer technology services and government agencies. What is more, eight of the 15 customers have already deployed Twistlock in mission-critical environments, protecting live services and customer data.