Containers have become a favorite option for organizations either delivering on their application-modernization efforts or building cloud-native applications
The 451 Take
The company has recently announced a $33m series C funding round, bringing its total to $63m over five rounds since its inception. This latest round was led by ICONIQ Capital and included existing investors YL Ventures, TenEleven, Polaris Partners, Rally Ventures and Dell Technology Capital. 451 Research estimates that Twistlock has revenue of $7-10m.
StrategyTwistlock has been pursuing growth across geographies and sectors, usually focusing on larger enterprises and pursuing deals through channel partners. While most of its presence and customers are in North America, the company has been making inroads in EMEA and announced it recently acquired its first customers in the Japanese market. From a sector perspective, Twistlock is seeing traction in financial, healthcare, government, technology
The company has been looking to build on its early work in container security in two distinct ways. First, it is working across the security industry forging partnerships; it recently announced the 'Twistlock Advantage Program,' a tiered partnership program, to build relationships with other vendors in the modern software stack. Second, the company is looking to remain aligned with broader design pattern changes, such as the accelerating adoption of Kubernetes, managed container services such as Fargate, and serverless compute options.
While the major PaaS platforms – Docker Enterprise Edition, Red Hat OpenShift
At a high level, Twistlock provides a security platform for managing several aspects of security during a typical container lifecycle, from build through
Twistlock indicated that it maintains its container security platform on a well-defined product update cycle. The company said it issues new releases roughly once every 10-12 weeks and has done so consistently for 14 iterations so far. The latest release – version 2.5 – was just released in the summer, and an updated version is expected in the November time frame.
Earlier this year, the company announced updates around scalability, support for VM-based workloads, integration with multiple registries, improvements to Windows firewalling and, notably, support for additional container runtimes. This is an interesting development because it suggests that Twistlock is anticipating
The company indicated it updated its 'radar' view to better depict information from Kubernetes namespaces, thereby making it easier for operators and architects to visualize the relationships between components, as well as the potential blast radius of security incidents. Other visualization enhancements included better information overlays for more efficient usage.
The new forensics functionality centers on performing
The compliance upgrades to the latest version include providing better information on pass/fail state in relation to target benchmarks such as Center for Internet Security benchmarks. It also added support for
Version 2.5 also builds on Twistlock's approach to supporting two new key deployment patterns: 'managed' container execution via AWS Fargate, and security for event-driven functions-as-a-service offerings such as AWS Lambda. For the latter, the approach the company took is to embed security functionality that prevents execution of unauthorized binaries. For AWS Fargate, the approach is to load the agent at runtime from a sidecar container. In both cases, security functionality is controlled by policy from the Twistlock console and can be inserted into the containers or function packages with minimal intervention to existing CI/CD pipelines or disruption to developer workflows.
Many existing vendors in each of the areas/use cases that Twistlock covers have also added container support. Vulnerability management stalwarts such as Qualys, Tenable and Rapid7 all have container security offerings. For runtime protection, the list of vendors also includes CloudPassage, Tripwire, Symantec and Trend Micro, to name a few. Software composition vendors such as jFrog (with XRay) and Synopsys (Black Duck) also come up as offering some competing functionality.
Finally, the cloud providers are increasingly adding security functionality to their own environments. Google's Binary Authorization, Azure Container Registry support for content trust, and AWS's strong IAM support for ECS are all examples of providers adding layers of security to their container-based offerings.
Fernando is a Senior Analyst on the Information Security team, based in Toronto. He has broad experience in security architecture, particularly network security for enterprise environments. He currently focuses on covering vendors and industry events in the endpoint security and cloud security spaces.
Jeremy Korn is a Research Associate at 451 Research. He graduated from Brown University with a BA in Biology and East Asian Studies and received
Aaron Sherrill is a Senior Analyst for 451 Research covering emerging trends, innovation