Twistlock: Prisma Cloud Container Security Overview and Analysis

At the time it was acquired by Palo Alto Networks in late 2018, Twistlock was in use by 25% of the Fortune 100. Its automated and scalable container cybersecurity platform has now been incorporated into Palo Alto’s Prisma Cloud.

Since the acquisition, Palo Alto Prisma has added Twistlock’s functions to a larger suite of cloud-based functions known as Prisma Cloud. It is a cloud-native security platform with security and compliance coverage for users, applications, data, and the cloud technology stack.

Twistlock was featured on our list of the top container and Kubernetes security vendors, where Prisma Cloud now takes its place.

Container Security Products

The Twistlock Cloud Native Cybersecurity Platform provided full lifecycle security for containerized environments. From pipeline to perimeter, Twistlock helped customers deploy containers at scale and secure the entire cloud native stack, from the host OS to serverless functions.

As part of the Prisma Cloud, it helps organizations manage rules governing Docker configurations, containers, images, nodes, plugins, and services. They can take advantage of integration with secrets management tools like CyberArk and HashiCorp. They can also ingest Kubernetes audit data and surface rules to identify events to alert on.

Palo Alto integration efforts have resulted in a platform that provides full visibility into all dependencies from containers during the build, deploy, and run phases. Prisma Cloud aggregates and prioritizes vulnerabilities continuously in CI/CD pipelines and containers running on hosts or on containers as a service, in public and private clouds.

Key Features

The Twistlock Platform began as a vulnerability management and compliance tool across the container lifecycle, scanning images and serverless functions to prevent security and compliance issues from progressing through the development pipeline. It also offered continuous monitoring of all registries and environments, defense in depth, cloud-native firewalls, and access control for containers, as well as automated, machine-learning driven runtime defense.

Palo Alto’s Prisma Cloud includes all these features but goes well beyond them to provide protection for critical applications, whether they are in containers, in multi-cloud, or hybrid environments. Prisma Cloud’s capabilities include:

  • Securing deployments with Open Policy Agent and craft rules in Rego policy language
  • Surfacing all audit alerts and activities in a single pane of glass for analysis
  • Scanning container images and enforces policies as part of CI/CD workflows
  • Continuously monitoring code in repositories and registries
  • Securing managed and unmanaged runtime environments
  • Combining risk prioritization with runtime protection at scale
  • Full life cycle security for repositories, images, and containers
  • Establishing risk prioritization across all known CVEs, remediation guidance, and per-layer image analysis with vulnerability Top 10 lists
  • Controlling the alert and blocking severity level for individual and groups of services during build time and runtime
  • Minimizing false positives
  • Integrating vulnerability management to scan repositories, registries, CI/CD pipelines and runtime environments
Prisma Cloud container security dashboard
Prisma Cloud container security dashboard

Product Performance Metrics

Container scans by Prisma Cloud consume 10-15% of memory and 1% of CPU and take about one to five seconds per container. Prisma Cloud tested performance in a scaled-out environment that replicates a real-world workload and configuration. The test environment built on Kubernetes clusters consisted of 20,000 hosts, a console with 16 vCPUs and 50 GB memory, defenders with 2 vCPUs and 8 GB memory running in a container-optimized OS.

A total of 323 images and 192,087 containers were involved – with a density of 9.6 containers per host. The measured resource consumption came out at 1,474 MiB of RAM and 8% of the CPU for the console, and 83 MiB RAM and 1% CPU for the defender. According to Forrester Consulting’s 2021 study, Prisma Cloud helped organizations improve SecOps efficiency, improve DevOps productivity to enable DevSecOps, reduce material data breaches, and improve compliance productivity.


Prisma Cloud can serve the Kubernetes, Docker, VMware Tanzu, and Red Hat OpenShift container platforms. As the name implies, it is SaaS-delivered via the cloud.


No pricing data is available on Prima Cloud.

This article was originally written by Sean Michael Kerner on Dec. 26, 2018 and revised by Drew Robb on Feb. 10, 2023.

Twistlock Alternatives

1 Sysdig

Visit website

Sysdig Secure is a SaaS platform that provides unified security across containers and cloud and is part of the Sysdig Secure DevOps platform. DevOps and security teams can use it to reduce risk with visibility across containers, hosts, Kubernetes, and cloud. It can detect and respond to threats and validate cloud posture and compliance. Additionally, it can maximize performance and availability by monitoring and troubleshooting cloud infrastructure and services.

Learn more about Sysdig

2 NeuVector

Visit website

NeuVector takes a networking-focused approach to container security, providing automated segmentation capabilities and attack detection. It includes a container firewall that can filter application layer traffic to help identify anomalous behavior. Using process and file system monitoring with Layer 7 network inspection, unauthorized container activity or connections from containers can be blocked without disrupting normal container sessions.

Learn more about NeuVector

3 Alert Logic

Visit website

Alert Logic is a managed detection and response (MDR) provider that secures public clouds, SaaS, on-premises, and hybrid cloud environments. It provides a view of the security vulnerabilities within containerized environments by collecting and analyzing network traffic from the base host and the network traffic to, from, and between containers. Users know within minutes if exploits are actively targeting their container environment.

Learn more about Alert Logic

Drew Robb
Drew Robb
Drew Robb has been a full-time professional writer and editor for more than twenty years. He currently works freelance for a number of IT publications, including ServerWatch and CIO Insight. He is also the editor-in-chief of an international engineering magazine.

Latest articles

Top Cybersecurity Companies

Get the Free Newsletter!
Subscribe to Cybersecurity Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter!
Subscribe to Cybersecurity Insider for top news, trends & analysis
This email address is invalid.

Related articles