The latest Twistlock 2.3 update bolsters the company’s long-standing work with containers. Twistlock CTO John Morello noted in an email that the new features build on past research into how registries were being targeted for cryptomining and malware implants. The company has since added resources tied to research on container escape attacks and other vulnerabilities in cloud-native components.
For serverless, Morello said Twistlock has baked in its previously beta security features. These include using the same data sources for identifying vulnerabilities in serverless functions that it uses for container image analysis.
The scanning process can be performed either automatically through a user-controlled interface or integrated into an organization’s continuous integration/continuous deployment (CI/CD) process. The serverless support is compatible with Amazon Web Service’s Lambda, Microsoft’s Azure Functions, and Google’s Cloud Functions.
Lean and Mean
Along with the updates, Morello said Twistlock continues to prioritize a low working overhead for its platform. This is so as to not impede with the agile nature of container and serverless deployments.
Specifically, Morello said the platform is focused on “secure by default design, requiring minimal system capabilities, and setting hard (and low) limits on our own resource consumption.”
“There’s no silver bullet to doing performance right; it’s the result of 1,000 small decisions across the product and throughout every release, but it’s something we prioritize,” Morello explained.
Morello noted that the rapid maturation of the container and serverless ecosystems have placed a greater strain on understanding the security needs of such deployments. This has led to organizations not fully understanding or adhering to best practices in their security processes.
“Complexity is the enemy of security, and the container and serverless space has required a lot of complexity thus far,” Morello said. “That’s a natural state of chaotic evolution when new generations of technology are getting bootstrapped and helps ensure that the best projects and products win.”
Despite the chaos, some degree of sanity has begun to seep into the container space. This has been led by support of Kubernetes as a “commonly accepted de facto standard” at the orchestration level. Morello noted this has made it “easier for customers to focus on how to operate it securely, versus spending all their energy just trying to figure out which tooling to pick.”
Looking ahead, Morello said the broader move by organizations in using public cloud providers to host more of their operations should increase overall security. He explained that most organizations lack the “time, money, and focus” of the larger cloud providers, which all have a vested interest in maintaining the highest levels of security.
“If organizations can move to the public cloud, they can redirect all the time and energy they have to spend on activities that add virtually no security value (like racking a firewall) and focus more on protecting against real threats,” Morello said. “Moving to a cloud provider doesn’t automatically make anyone more secure, but it provides the tooling and efficiency benefits to have a meaningful positive impact.”