Container security company Twistlock debuts with $2.5M

Twistlock provides an enterprise security suite for virtual containers

In recent years, there has been a rapid adoption of containers, and more specifically Docker, by enterprise software companies. A container is an isolated, virtual server, that doesn't require the overhead that virtual machines. Docker is a run time environment for containers, one that has been downloaded 200,000 times.

The idea is that containers are supposed to make software development easier and quicker by cutting down on the time it takes to test, while also making it. But there is a big problem: containers can also create security blind spots, as security teams have little visibility or control over what is happening within them.

That is where Twistlock comes in. The company, which is launching today with $2.5 million in venture funding from YL Ventures, is an enterprise security suite for virtual containers.  

"The problem that were aiming to solve is that containers are rapidly being adopted by organizations, and everyone is already becoming dependent on them," Ben Bernstein, CEO and co-founder of Twistlock, told me in an interview.

"The larger the organization the more it's important to look at security end to end before relying on containers for their production system. They don't realize that containers and the docker framework creates a security blind spot for enterprises as far as security goes because there is little visibility and control."

Much like SaaS adoption, which enterprises also adopted en mass, before realizing there were security concerns, "containers are creating the same pattern,"

"It's an amazing platform they want to use, but they need to make sure their bases are covered from a security standpoint."

Twistlock has found specific weaknesses that need to be addressed in container platforms. 

"If an application is being developed it used to be owned by developers, and before it was deployed there used to be a milestone where you would actually do a security review," Bernstein said. "Now you just are continuously pushing new build into production. We have figured out  how to create a security gate before pushing new software into production."

In addition, developers might do something wrong, and push untouched versions, which might make the system vulnerable. Twistlock also makes sure that different parts of integration on the host are correctly configured.

It enables enterprises to consistently enforce security policies, monitor and audit activity and identify and isolate threats in a container or cluster of containers. 

"The typical customers are the early adopter community of developers, which usually have an in-house team of developers. They can range from small investment institutions, like algo trading, to service providers," said Bernstein.

Depending on the enterprise customer, it can take as little as a matter of hours to roll out. 

Given that container security seems to be a big issue, are there others doing something similar? No yet, according to Bernstein, but he does expect others to start following son.

"We are the only enterprise container security solution. Others in this space are focusing on hardening containerized applications, like CoreOS and VMWare," he said. "But we are basically the only platform that is agnostic, that offers a cross platform security suite."

The reason that security has not yet been addresses is because "the rapid adoption of Docker was surprise."

"They were a  small company a year or so ago, now they've entered the $1 billion club. That took some of the big companies by surprise and its takes them a lot of time to turn around. They are right now just starting to look at SaaS security," said Bernstein.

Twistlock is currently being piloted and deployed by four customers. The company is planning to launch its official product in a few months.

Ultimately, it is Bernstein's belief that containers are here to stay and that will need a security platform.

"Platform as a service is a big challenge, as it involves not only the operations team but also a development team. I think that not only Docker, but other frameworks, would sort of need to have a Bible, or some way how to address these things," he said.

"How do you make sure software developed isn't rushed to the cloud? How do you make that secure? On the other hand, how do you make sure you don’t stop rapid development of software? This used to be less of a challenge for software developers, because they could stop every four months, but that world is changing. Now companies cant afford to have long cycles of producing software and that's a challenge from a security point of view."

Based in San Francisco and Tel-Aviv, Twistlock was founded in January 2015 by Bernstein and Dima Stopel, VP of R&D. The company currently has 10 employees, and this seed funding will be used to expand staffing to support growth. By the end of the year it plans to have 15 employees.