DevOps teams like virtual containers, which speed the development process by making it easier for developers to move and update code, system libraries and other tools. Infosec professionals, not so much. Because of their reliance on software components created by third parties, containerized applications are susceptible to the same security issues that affect open source apps, namely components with security vulnerabilities that make it into production.
That said, container security options are just beginning to emerge. Given the relative lack of companies focused on virtual container security, it's no wonder that Twistlock, a startup founded by veterans of Microsoft's R&D center in Israel, earlier this month raised $10 million in a Series A round of funding led by TenEleven Ventures, bringing its total funding to $13.1 million.
How Twistlock Makes Containers More Secure
The San Francisco-based company's software addresses risks on the host and within applications of the container, enabling enterprises to consistently enforce security policies, monitor and audit activity and identify and isolate threats in a container or a cluster of containers.
Twistlock's automated policy framework makes management and governance of containers simpler and its Twistlock Trust technology scans images and registries to detect vulnerabilities in the code and configuration errors. In May the company introduced Twistlock Runtime, which provides real-time threat protection and policy enforcement for containerized applications.
This active threat protection is "getting a lot of traction," with Twistlock's 30 or so customers, said Chenxi Wang, the company's chief strategy officer.
"After you deploy a containerized application, at the end of the day it's a piece of software that can have vulnerabilities and bugs you do not know about; no matter what you do in governance, you can still be at risk," she said. "So we look for active compromises and attacks against your applications in runtime and either detect or stop them. We had some basic runtime functionality in the beginning, but now our runtime capabilities use more logic, machine learning capabilities and behavior-based analytics."
Breaking Barriers to Adoption
Twistlock's solution is delivered as a containerized app. This "very deliberate architectural decision" aims to make the software easier to use, Wang said.
"We want our customers to deploy us in the same way they would deploy other ecosystem functionality using the existing tool," she said. "Today they typically use Docker Swarm or Apache Mesos or Kubernetes to deploy these containerized apps. If we require them to use a different tool to deploy our solution, then it's another adoption barrier that we don't want to have."
She said Twistlock's customers tend to fall into one of two categories: startups that "have the luxury of engineering a completely new infrastructure and new applications and so tend to go with the newest technologies" and larger companies with innovation budgets and enough resources to take on new projects.
The most important success factor for customers appears to be security and DevOps teams that work well together, she said. "If there is friction, it is hard to bring us in. But at many of our customers the DevOps team brings us in as tool set to test; then the security team gets involved, with the security team then becoming the internal champion."
While most of Twistlock's current customers engaged with the company through a direct sales model, Wang said it is now partnering with providers of large cloud platforms such as Amazon AWS, Google Container Services and Microsoft Azure.
Plans for the Future
Twistlock plans to invest in customer service/support resources in the coming months, Wang said. "We absolutely need more hands on deck now that we have a healthy first batch of customers." It also intends to double the size of its R&D team, which is led by co-founder Dima Stopel, within two years.
In the near term, the company plans "to enhance our runtime capabilities so we become the go-to solution for all kinds of real-time threats," she said. "Right now we can detect and protect against certain types of zero day exploits but we'd like to do it for the entire stack. So, for example, if there was an exploit against the host versus the application, we'd like to protect against that too."
Offering more advanced application logic is also on the product roadmap, she said. "We want to understand what apps are supposed to do a lot more quickly so we can develop policies to protect the apps more easily. It's really about making the runtime functionality more robust and adding more sophisticated logic to it."
The Twistlock team believes containers will become a predominant technology, Wang said, and when it does the company is well positioned to be a leading security provider because of its platform approach.
"If you look at our offering, we do vulnerability management, real-time protection, access control," she said. "In the traditional security market, you see many different providers providing all those different pieces of technology. We have these things in the same product suite, so we are optimistic that when container infrastructure becomes the de-facto infrastructure we'll be a huge security provider, if not the biggest. That is the future we are striving for."
Fast Facts about Twistlock
Founders: Ben Bernstein, CEO, and Dima Stopel, VP of R&D
HQ: San Francisco
Product: Twistlock Container Security Suite
Customers: 30-plus, including InVision, Wix and AppsFlyer
Employees: 10- 20
Funding: $13.1 million, with investors including Rally Ventures, Ten Eleven Ventures and YL Ventures
Ann All is the editor of Enterprise Apps Today and eSecurity Planet. She has covered business and technology for more than a decade, writing about everything from business intelligence to virtualization.