Container security firm Twistlock added $33 million to its coffers in a Series C funding round led by ICONIQ Capital. It also saw participation from past investors including Dell Technologies Capital. The investment continues the deluge of money into the container security space.
The latest funding round brings Twistlock’s total venture-capital haul to more than $63 million since its founding in 2015. It closed on a $17 million Series B in early 2017, a $10 million Series A in mid-2016, and scored just over $3 million in seed and angel funding in 2015.
Twistlock CEO Ben Bernstein noted in a blog post that the company will use the new funds to invest in its products and boost its sales and marketing teams. The vendor works with more than 25 percent of the Fortune 100 companies, including McKesson, Walgreens, Aetna, and USAA. That has helped the company grow its customer base more than 350 percent each year.
The security provider last week pushed out a 2.5 update of its platform that unified protection for containers, serverless functions, and container-as-a-service platforms like Amazon Web Services’ (AWS) Fargate. It also included the security provider’s forensics capability that inserts a “flight data recorder” into each protected node to allow for analysis of an attack.
Money Keeps Flowing
Twistlock’s latest funding echoes similar investment rounds closed by other vendors in the space.
All three of those security vendors were included in Google’s recently launched Cloud Security Command Center. That platform provides a single pane of glass to view security alerts for clusters running in Google’s Kubernetes Engine (GKE).
The rash of money flowing into the space is not without merit. A recent Cowen and Company survey of software developers found that 37 percent claimed security was one of the main barriers to further container adoption. That response led all other potential barriers and was an increase from the 26 percent that cited security in a similar survey last year.
“We note that container security concerns continue to be addressed by Docker itself (e.g. last year the company announced a secrets management solution integrated into higher tiers of its enterprise offering), ecosystem partners such as the PaaS vendors…and pure-play container security companies such as Aqua, Twistlock, and Layered Insight,” wrote Gregg Moskowitz, managing director and senior research analyst at Cowen and Company, in the report.
Container security concerns have also spawned a rash of new container platforms that promise greater security embedded into their architecture. Most container deployments today use the Linux-based Docker container architecture.
The Kata Containers project in May unveiled a 1.0 version of its open source platform. The platform provides greater isolation for containers by running a dedicated kernel within each container as opposed to the standard container practice of sharing a kernel between multiple containers. This cuts off the ability for a hacker to migrate an attack on a single container through a kernel to other running containers.
Sylabs earlier this year began offering an enterprise version of the high-performance computing (HPC) focused Singularity container platform. Singularity improves on Docker container security due to the ability to run a container without granting users control of a root-owned daemon process or kernel feature; easier mobility of content within a container through the use of a single-file format that includes the runtime environment; and support for high-performance hardware commonly used by research labs.
And just last month, IBM unveiled the Nabla container platform as a new avenue in using isolation to increase container security. Nabla limits the amount of interaction – or system calls – a container can have with other containers or the host. This reduces the potential attack surface.
Analysts have noted that isolation techniques are vital for boosting container security but remain sparsely used in production environments.
“Security is a particularly challenging issue for production container deployments,” Gartner noted in a recent report. “The integrity of the shared host OS kernel is critical to the integrity and isolation of the containers that run on top of it. A hardened, patched, minimalist OS should be used as the host OS, and containers should be monitored on an ongoing basis for vulnerabilities and malware to ensure a trusted service delivery.”