Cloud Native Security Podcast

In this episode, Nerya and Reut discuss the process of creating the Radar in Twistlock, which is the homebase for discovering and managing security across your cloud native assets.

In this episode, Neil walks us through how to create custom audit rules to check if someone is tampering with the Twistlock daemonset.You can use this approach to create your own custom rules for almost anything using the right JSON properties and strings.

In this episode, Aviv dives into the vulnerability discovered in Sysdig Falco which allows someone to create a buffer overrun that completely bypasses all of Falco's normal functionality.

In this episode, Kevin demonstrates the new File Integrity Monitoring feature in Twistlock 19.03.

In this episode, Jeremy talks through and demonstrates how we've slipstreamed Twistlock Console installation and deployment into the Operator Hub mechanisms.

In this episode, Michael discusses how the Twistlock dev team built the ACI Virtual Node protection feature in Twistlock 19.03. We also discuss the differences in technology between Azure Container Instances and AWS Fargate.

In this episode, Michael walks through the new Native Helm support in Twistlock 19.03, detailing the configuration steps necessary to enable Helm Chart support in Twistlock.

In this episode, John Morello explains what we know about the DockerHub compromise, what potential impacts exist for DockerHub users, and what you can do to minimize impact to you and your apps. Twistlock customers are NOT affected.

In this episode, Michael dives into how we built the Lambda Layers security features to allow Twistlock to be embedded and to secure Lambda Layers.

In this episode, Ilana from the Twistlock dev team discusses the process that she went through to create the Istio visibility, vulnerability management, and prevention features in Twistlock.

In this episode, Ashley discusses and demonstrates the advantages of using Assigned Collections to provide granular visibility and security to your cloud native environments.0:51- Twistlock 2.4 - Projects1:30- Twistlock 1.8 - Collections2:24- Inside of Projects, team granular permissions2:38- Demo time11:03- Integrating granular control into DevOps lifecycle

In this episode, Paul demonstrates more host protection features, specifically host forensics, that are built into Twistlock 19.03. Paul demonstrates how anomalous activity can be tracked, alerted, and prevented through Twistlock on any host.

In this episode, Omri details how Twistlock built the Kubernetes Audit rules features that integrate with Kubernetes AuditSink, as well as audits for GKE. 0:35- What are Kubernetes audits?1:30- Kubernetes audit rules in Twistlock3:28- How we built this feature5:30- Integration with Kubernetes dynamic backend feature6:10- demo time12:58- GKE Audits

In this special episode, Ariel goes through the details of the latest Kubernetes CVE, CVE-2019-1002101, and explains how containers are vulnerable, what the vulnerability exposes, and how to get the latest kubectl update to mitigate the vulnerability.Link to Twistlock Labs detailed blog post:https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/Link to Twistlock Labs post on CVE-2017-1002101:https://www.twistlock.com/labs-blog/deep-dive-severe-kubernetes-vulnerability-date-cve-2017-1002101/Link to Kubernetes kubectl fix:https://github.com/kubernetes/kubernetes/issues/61297Contact info for Ariel and Twistlock Labs:Ariel - ariel@twistlock.comLabs - labs@twistlock.comTwitter - @twistlocklabs

In this episode, James demonstrates the new Twistlock 19.03 features around host visibility and protection, including cloud native network firewall and Radar for hosts.

In this episode, Jacob demonstrates the new Twistlock 19.03 features around integration with the Kubernetes AuditSink features.

In this episode, Andreas demonstrates the new Twistlock 19.03 features around the new Custom Runtime Rules Language, which integrates with the Kubernetes AuditSink. Twistlock 19.03 also comes with over 40 custom rules that query the AuditSink logs to get you started quickly with actions around the events in your environment.

In this episode, Neil demonstrates the new Twistlock 19.03 feature around RASP Defender, which allows the same level of visibility, automation, and protection in non-managed cloud native resources.

In this episode, Liron Levin, Chief Architect of Twistlock, explains the history behind the decision to use Go to build Twistlock, the criteria that was used to assess all the possible languages, some key findings and advantages of using Go, and, of course, some story time.1:52- Story time2:13- The architecture2:37- Language options3:45- Before Twistlock, and experience with Python4:22- Compiled languages + large teams + fast pace5:07- What does Docker use?5:48- Maybe I should try it? How quickly can I be productive?6:37- The benefits7:31- The first test: agent in Go, and console in node8:52- MongoDB for the data store9:36- New devs coming on board13:07- Simplicity and error handling14:34- Consistent formatting15:22- Coding standards17:33- Low level code and elements19:08- Anything unexpected?20:42- Places to optimize21:20- Rust25:00- Reducing complexity26:03- More story time30:28- Testing in Go

In this episode, Ian discusses how Twistlock is able to automate the creation and maintenance of the product documentation. He talks through the entire OSS-based system that is in place to manage documentation contributions, the tools used to build the docs, as well as a code deep dive through the search indexing and crawling to surface the docs to users.6:27- Documentation website9:34- Search mechanisms

In this episode, Michael talks through the history of monitoring software applications and the various approaches that were used in the past, some best practices and new ways of doing monitoring in the cloud native space.1:00 - Pull vs push approach to monitoring1:50 - The art of monitoring (book) - https://www.amazon.com/Art-Monitoring-James-Turnbull-ebook/dp/B01GU387MS/ref=sr_1_1?keywords=the+art+of+monitoring&qid=1552498890&s=gateway&sr=8-1Monitoring with Prometheus (book) - https://www.amazon.com/Monitoring-Prometheus-James-Turnbull-ebook/dp/B07DPH8MN9/ref=sr_1_1?crid=29VE3L9EO838D&keywords=monitoring+with+prometheus&qid=1552498936&s=gateway&sprefix=monitoring+with+prome%2Caps%2C194&sr=8-12:20 - What's the difference?5:25 - Prometheus6:15 - Graphite9:50 - Best Practices10:05 - #1 - make alerts actionable11:35 - #2 - Include more than Ops team in the discussion14:10 - #3 - Self-service interface17:00 - #4 - Automation is key18:35 - #5 - Internal monitoring vs. probes21:22 - #6 - Monitoring part of project plan from the beginning, and part of requirements

In this episode, Yuval from Twistlock Labs explains the details of the CVE discovered in RunC, two ways that it can be exploited, and what the fix looks like. Read this blog post for details and code links:https://www.twistlock.com/labs-blog/breaking-docker-via-runc-explaining-cve-2019-5736/

In this episode Neil Carpenter chats through the differences between containers and service meshes, how service meshes (and specifically Istio) can be used to create microsegmentation in your environments, and the inherent benefits.

In this episode, James Jones discusses some basic security considerations with Kubernetes, and how to start using it without exposing your application and environment.

In this special episode of the Cloud Native Security Podcast, we discuss the RunC and Docker vulnerability discovered yesterday: CVE-2019-5736.See our blog post that details the CVE, how it affects containers and potential risks if someone is able to exploit it, as well as way to mitigate the risk:https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/

In this episode of the Cloud Native Security Podcast, we dive in with Liron and Eran from our R&D team to go through the process of debugging a unique customer error, determine the origin of the problem, and ultimately help to resolve a bug in Runc.

This is an intro to the podcast and explains exactly what kinds of content people can expect to see/hear about on the show.We will cover general cloud native security topics like Docker security, Kubernetes security, RBAC, monitoring and alerting, serverless, and many more.We have also partnered with our Twistlock Labs team, the research arm of the organization, and will be bringing you the latest and greatest in cloud native security research, including topics like the 4 zero days that the team found, honey pots and how they lured cryptominers and hackers to open containers and how they exploited them.We’ll also be bringing on some of the partners that we work with and integrate with in the ecosystem to show you the how to utilize multiple tools to get the job done and some best practices that we’ve found along the way.Another type of content we’ll bring is detailed deep dives into some of the Twistlock products features and you’ll see these published around our major releases. These will help you dive into the deep features the Twistlock platform and how they can help you and your organization stay more secure in the Cloud Native world and throughout your journey.We’ll take a meta deep dive on some of these and show you exactly how we built some of these features with our development team. We’ll also cover off deep developer topics like debugging Go code, writing idiomatic test code, and forensics at scale, just to name a few.We’ll be available on most video and audio platforms, like YouTube, Twitch, SoundCloud, Apple and Google podcasts, as well as a dedicated area on our website to feature all of the episodes. All of the links to the various channels can be found below. You can expect us to publish weekly with new content coming out all the time.Subscribe and get notified every time we post a new episode. Finally, if you have feedback or content suggestions, please send them to CNS@twistlock.com (I’ll post the email address below as well) and we’d love to hear how you’re liking the show and also if you have any content that you’d like to see us cover. Thanks so much and we look forward to helping you learn all about Cloud Native Security.

We chat with Ashley Ward, Solution Architect at Twistlock, around Docker security and some initial security concerns for Docker images.