Twistlock today announced the 2.2 release of its container security platform, featuring a new Incident Explorer tool that uses machine learning to analyze individual security events and provide clearer visibility into attack patterns.
Prior to version 2.2, a user investigating a potential attack would have to manually sift through discrete audit events caused by anomalous activity to connect the dots, explained John Morello, CTO of Twistlock, in a blog post. Now, Incident Explorer applies artificial intelligence (AI) technologies to perform this task automatically and present its findings in a user-friendly format that visualizes an attacker's kill chain.
"For example, if your containerized app is compromised, the attacker is unlikely to just run a single unexpected process and move on. Instead, they may modify configuration files so their compromise persists, establish a new listener to shovel data out of the environment, begin port scanning to map the rest of the environment, and maybe download a rootkit to bond the victim to a command and control node," wrote Morello.
"Each of these actions would trigger a separate sensor in our runtime platform but Incident Explorer brings together the full set of actions into a clear flow, elevating them beyond simple data into actionable security intelligence," continued the Twistlock executive.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
Building on the Cloud Native App Firewall technology introduced in Twistlock 2.1, the company has added a Cloud Native Network Firewall feature that uses a similar machine learning modeling approach to erect layer 3 firewalls for the parts of a containerized app automatically.
Also new are AI-enabled runtime defense capabilities for container hosts and support for all the settings in the Kubernetes CIS (Center for Internet Security) Benchmark, enabling customers to assess their environments against the compliance-enhancing recommendations and block setups that run afoul of an organization's policies.
Twistlock now runs natively on the Docker Swarm container orchestrator, in addition to existing support for Kubernetes. Finally, the product features integrations with the Slack and Jira that allow for push alerts on the collaboration platforms.
And if history is any guide, the company is already working on many more features.
According to Morello, version 2.2 is the 11th major release Twistlock has shipped in the past two-and-a-half years. Citing statistics from GitHub, he added that his team has "worked on more than 5,400 issues, built Twistlock more than 600 times, and shipped 223 customer requested features for our [over] 80 paying enterprise customers over that time."