Podcasts about Twistlock

Technology has opened doors in so many industries and enabled us to do so many things we couldn't even imagine in the past. At the same time, we've made things more complicated for ourselves, creating systems that don't always talk to each other and languages we don't understand. On this edition of Out to Lunch, two lunch guests who are helping break through the clutter, with products and services that are enabling our tech systems to work for us more effectively - and helping businesses better communicate their messaging. John Morello, is Chief Technology Officer of Gutsy, a tech firm that has come up with a better way to help companies protect themselves against cyberthreat. More specifically, Gutsy uses process mining – and we'll get into that in a minute – to ensure that the various cybersecurity systems a complex organization has in place are talking to one another and doing what they're supposed to be doing. If John's name is familiar to you, it may be because he was a guest on Out to Lunch in 2019, when he was running Twistlock, a tech firm that developed cloud-based cybersecurity solutions. In the years since then, John and his partners in Twistlock have grown that company, attracted new investors, and created the spinoff, Gutsy, to address a need they identified running Twistolock. John is a 14-year veteran of Microsoft, who lives in Baton Rouge and is also a master diver and very active in coastal conservation.  Kenny Nguyencis founder and CEO of Three Sixty Eight, a Baton Rouge-based creative and strategic media agency that focuses on branding, marketing and advertising with a high tech, high energy super creative approach. The company's origins date back to 2011, when Kenny and his friend were still students at LSU and started Big Fish Presentations, which specialized in public speaking and presentation services. In 2016, it merged with another local firm to form 368. In the years since, it has grown to include clients that include CenturyLink, McGraw-Hill Education, GE and Pepsi.  Out to Lunch is recorded live over lunch at Mansurs On the Boulevard. You can find photos from this show by Brian Newton at itsbatonrouge.la.See omnystudio.com/listener for privacy information.

Episode SummaryOn this episode, Co-Founder and CTO of Gutsy, John Morello, joins Matt to talk about Process Mining in Cybersecurity. Before co-founding Gutsy, John served as the CTO of Twistlock and VP of Product for Prisma Cloud.John holds multiple cybersecurity patents and is an author of NIST SP 800-190, the Container Security Guide. Before Twistlock, he was the CISO of an S&P 500 global chemical company. Before that, he spent 14 years at Microsoft, working on security technologies in Windows and Azure and consulting on security projects across the DoD, intelligence community, and at the White House. John graduated summa cum laude from LSU and lives in Baton Rouge with his wife and two sons. A lifelong outdoorsman and NAUI Master Diver and Rescue Diver, he's the former board chair of the Coalition to Restore Coastal Louisiana and a current Coastal Conservation Association board member.Today, John talks about governance challenges in cybersecurity, the importance of security as a process, and how to apply process mining. How is process mining useful in cybersecurity? Hear about process mining human actions and unstructured sources, and how John manages to stay sharp. Timestamp Segments·       [02:20] John's cybersecurity journey.·       [07:43] Pivotal moments in John's career.·       [10:23] The most pressing governance challenges.·       [14:07] What is process mining?·       [19:03] How process mining can benefit certain functions.·       [21:09] Security as a process, not a product.·       [25:37] Why there's not more focus on process.·       [32:03] Applying process mining.·       [38:07] Filling in the gaps.·       [42:03] How John stays sharp. Notable Quotes·       “Security is a process, not a product.”·       “In security, inefficiency and inconsistency are highly correlated with risk.”·       “Almost everything in security is about process.” Relevant LinksWebsite:          gutsy.com.LinkedIn:         www.linkedin.com/in/john-morello.Secure applications from code to cloud. Prisma Cloud, the most complete cloud-native application protection platform (CNAPP).Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Michael Cortez is a Partner at YL Ventures. YL manages over $800m and focuses exclusively on cybersecurity investments. YL's invested in leading cyber companies like Orca, Hunters, Grip, Valence, Axonius, and Twistlock.

Have you ever pondered the awesome power of the Internet and wondered, “How can I use this tool to come up with something that will revolutionize a certain sector of the economy?” If you were born before the internet era, like a lot of us, you probably have. And you probably haven't been able to come up with anything. Which is what separates you, and the rest of us, from Stephanie's two guests on this edition of Out to Lunch Baton Rouge. Stephanie Hoskins created Debtle. It's a cloud-based platform that enables organizations and individuals to easily and efficiently negotiate and settle overdue invoices and bad debt accounts, in a transparent and frictionless manner. This may just be as significant an invention as the fountain of youth or a perpetual motion machine! How does Debtle do it? Essentially, it lets the cloud-based software do the negotiating in a transparent process that takes the uncomfortable personal stuff out of these situations. Stephanie Hoskins co-founded the company in 2019. Her career in corporate finance and strategy spans over a decade and she has three degrees in finance, including a Ph D from LSU. She is passionate about financial inclusion, volunteering, and her family – which includes her co-founder and husband, Houston. Barret Blondeau is founder and owner of Falaya. It's a DIY real estate listing platform that enables buyers and sellers to handle an entire transaction – from the listing to negotiating the contract on their own. Say goodbye to your real estate broker. Falaya automates the listing input, property disclosure, scheduling and contract negotiations processes – and it will even refer consumers to an expert if one is needed. Barret knows real estate from the perspective of a broker – he worked as one for several years before founding Falaya in 2018. In the years since, it has grown and also raised the ire of some competitors out there who were threatened enough to force Falaya – which used to be called something else – to change their name. Barret is a native of Baton Rouge who earned his business degree and MBA from LSU. Photos by Jill Lafleur. And here's more Baton Rouge tech talk with the creators of Twistlock and Vinformatix. See omnystudio.com/listener for privacy information.

Jared Jost, VP of Marketing at PatientPop, joined me on the Modern Startup Marketing podcast. Prior to PatientPop, Jared was at Twistlock (cybersecurity startup that got acquired by Palo Alto Networks) and Smarsh (SaaS). PatientPop was founded in 2014, has ~450 people and is based out of Santa Monica, CA. They've raised Series C ($125M total). PatientPop makes it easy for healthcare providers to attract more patients, manage their online reputation, modernize the patient experience, and automate the front office. From searching for a provider online, to checking their website + reviews, to booking an appointment, to getting an alert, then getting an automated survey, and finally leaving a review online. Enhancing every digital touchpoint along the patient journey. Here's what we hit on: Jared was VP of Demand Gen at PatientPop for almost 2 years, then became VP of Marketing - so what does marketing mean to him; What Jared focused on with marketing efforts when he joined PatientPop 3.5 years ago (they were at Series A); How to thread marketing into the sales process to create pipeline, opportunities, and revenue; How the marketing team is structured now; Marketing channels that are working really well (HINT: PPC + organic but there are nuances); During COVID we learned that breaking up the content funnel makes us better marketers; How we used internal data and thought leadership to increase trust and propel the brand; Challenges related to staying relevant and scaling the company; Taking the company from Series B to Series C funding and what that means for marketing; Building a simple tool to use on your website that addresses the buyer's pain point (quickly) and propels growth faster; Some bad marketing recommendations that Jared can't stand (HINT: it's about leads); How Jared defies convention and tries to take a different approach. You can find Jared on LinkedIn: www.linkedin.com/in/jaredjost Find out more about PatientPop: www.patientpop.com For more content, subscribe to Modern Startup Marketing on Apple or Spotify (or wherever you like to listen). You can find Anna on LinkedIn: www.linkedin.com/in/annafurmanov or visit this website: www.furmanovmarketing.com Thanks for listening! --- Send in a voice message: https://anchor.fm/anna-furmanov/message

Have you ever pondered the awesome power of the Internet and wondered, "How can I use this tool to come up with something that will revolutionize a certain sector of the economy?" If you were born before the internet era, like a lot of us, you probably have. And you probably haven't been able to come up with anything. Which is what separates you, and the rest of us, from Stephanie's two guests on this edition of Out to Lunch Baton Rouge.  Stephanie Hoskins created Debtle. It's a cloud-based platform that enables organizations and individuals to easily and efficiently negotiate and settle overdue invoices and bad debt accounts, in a transparent and frictionless manner. This may just be as significant an invention as the fountain of youth or a perpetual motion machine! How does Debtle do it? Essentially, it lets the cloud-based software do the negotiating in a transparent process that takes the uncomfortable personal stuff out of these situations. Stephanie Hoskins co-founded the company in 2019. Her career in corporate finance and strategy spans over a decade and she has three degrees in finance, including a Ph D from LSU. She is passionate about financial inclusion, volunteering, and her family - which includes her co-founder and husband, Houston.   Barret Blondeau is founder and owner of Falaya. It's a DIY real estate listing platform that enables buyers and sellers to handle an entire transaction – from the listing to negotiating the contract on their own. Say goodbye to your real estate broker. Falaya automates the listing input, property disclosure, scheduling and contract negotiations processes - and it will even refer consumers to an expert if one is needed. Barret knows real estate from the perspective of a broker – he worked as one for several years before founding Falaya in 2018. In the years since, it has grown and also raised the ire of some competitors out there who were threatened enough to force Falaya - which used to be called something else - to change their name. Barret is a native of Baton Rouge who earned his business degree and MBA from LSU. See photos from this show by Jill Lafleur at our website. And here's more Baton Rouge tech talk with the creators of Twistlock and Vinformatix. See omnystudio.com/listener for privacy information.

Peter is back after a few weeks away from the show. Azure launches new Event Grid features, Palo Alto Networks picks up Twistlock and Puresec and Google has a really bad day. Plus the amazing lightning round with Peter. Sponsors: Foghorn Consulting – https://fogops.io/thecloudpod Topics: 25th Episode Blog Post Azure has simplified event-driven architectures with new updates to Event Grid Palo Alto Networks enters into definitive agreement to purchase Twistlock and Puresec Oracle Lays off hundreds from its Seattle office as its cloud strategy remains grounded Azure Adaptive network hardening in Azure Security Center is now GA Amazon EBS adds ability to take point-in-time, crash-consistent snapshots across multiple EBS volumes Announcing Tag-Based Access Control for AWS Cloudformation New Data API for Amazon Aurora Serverless Amazon Managed Streaming for Apache Kafka (MSK) – Now Generally Available Google Cloud has Major Outage on 6/2 Google Cloud Outage resolved, but it reveals holes in cloud computing atmosphere An update on Sunday’s service disruption Lightning Round (Jonathan 6, J

We had a total of 304 funding rounds, $5.7 billion total funding, 129 acquisitions recorded, and a transaction of a total acquisition amount of $32.1 billion. Let’s dive right into the highlights now. Modern Fertility raises $15 million to sell its hormone tests — and gather more fertility data from its users A San Francisco-based company, modern fertility, sells fertility tests directly to consumers, but increasingly, those customers will be educating the company, too. Indeed, the two-year-old startup now plans to develop a database of anonymized data about its largely younger demographic. What do they do? They sell a kit from its website that’s sent to women’s doorsteps and allows them to gauge their levels of eight different reproductive hormones by using a finger prick. More specifically, the startup sends off its customers’ panels to CLIA-certified labs, where the tests are conducted, and most prominently, those tests are looking at the women’s level of AMH, or anti-mullerian hormone. Modern Fertility has now raised $22 million to date. Among its other backers are Maveron and Union Square Ventures as investors. That being said, Fertility startups have been on a fundraising gala recently. The global fertility services market is expected to exceed $21 billion by 2020. Colombian point-of-sale lender ADDI nabs $12.5 million from Andreessen Horowitz ADDI picked up $12.5 million in new financing in April of this year as the company looks to expand its lending services online. Like Affirm, ADDI lets its borrowers apply for credit at the moment of purchase. The company likens its service to the layaway and credit plans that already exist in Colombia — but involve pretty onerous requirements to use. Company co-founder and general partner both commented on how, in some cases, Colombian shoppers have to have three people vouch for a borrower before a store will issue credit or agree to a layaway plan. The difference between an ADDI loan — or any loan — and layaway is that an installment payment plan doesn’t charge interest (and even with the fees that installment plans do charge, they are often still cheaper than taking out a loan). Providing supplemental educational videos for healthcare online nets Osmosis $4 million With over one million YouTube subscribers and 500,000 registered users for its supplemental educational videos, Osmosis, which bills itself as the Khan Academy of healthcare, has raised $4 million in new funding. By reimagining medical education, Osmosis is addressing a critical impending global crisis: the need to develop and retrain tens of millions of healthcare professionals over the next decade to meet growing demand. Using a library of over 1,100 videos produced by the former Khan Academy Health and Medicine team — which were poached by Gaglani — students can get supplemental materials providing tutorials on subjects ranging from basic knowledge to the soft skills required on the job. Vectra lands $100M Series E investment for AI-driven network security Vectra, a seven-year-old company that helps customers detect intrusions at the network level, whether in the cloud or on premises, announced a $100 million Series E funding round led by TCV. Existing investors, including Khosla Ventures and Accel, also participated in the round, which brings the total raised to more than $200 million, according to the company. As company CEO Hitesh Sheth explained, there are two primary types of intrusion detection. The first is end point detection and the second is his company’s area of coverage, network detection and response, or NDR. He says that by adding a layer of artificial intelligence, it improves the overall results. Moving on to mergers and acquisitions, we have Google acquiring analytics startup Looker for $2.6 billion Google made a big splash when it announced it’s going to acquire Looker, a hot analytics startup that’s raised more than $280 million. It’s paying $2.6 billion for the privilege and adding the company to Google Cloud. Google Cloud has been mired in third place in the cloud infrastructure market, and grabbing Looker gives it an analytics company with a solid track record. The last time I spoke to Looker, it was announcing a hefty $103 million in funding on a $1.6 billion valuation. Today’s price is a nice even billion over that. What else caught our eyes last week? Based on data we know that this is the season of Healthcare, Cyber Security and Knowledge Sharing startups bagging fundings. Last week four security companies changed hands. Security stays hot as Imperva grabs Distil Networks. The shopping spree continued this week with CDN company Imperva announcing it was buying bot mitigation startup Distil Networks. The companies did not share the acquisition price. Last week was an incredible M&A whirlwind with four security companies getting acquired over just a three-day period On Tuesday, FireEye bought Verodin, a five-year-old startup that helps measure the effectiveness of your cybersecurity defenses for $250 million. On Wednesday, Palo Alto Networks entered the fray, buying not one, but two Israeli security startups. The big prize was container security company Twistlock for $410 million. It also snagged serveless security company PureSec. Reports in Israeli media pegged that deal at between $60 and $70 million. If that wasn’t enough for you, private equity firm Insight Partners bought 10-year old threat intelligence company, Recorded Future for $780 million. If you’re thinking about starting a technology company, you may want to consider focusing on cybersecurity. I’ll leave you with that thought!

In this episode, Nerya and Reut discuss the process of creating the Radar in Twistlock, which is the homebase for discovering and managing security across your cloud native assets.

This week, we come live from the the Monitorama conference, held this week in Portland, where we spoke with Liz Fong Jones, developer advocate at observability service provider Honeycomb.io and Quintessence Anx, developer advocate, at troubleshooting firm Logz.io. Then later we discuss some of the other news items and podcasts from the week. With Jones and Anx, we discussed the culture of burnout in the IT industry and how companies can better consider the humans who design and run their systems. We also discussed our takeaways from the conference itself. Then later in the show, show host Libby Clark, editorial and marketing director at The New Stack, discusses the top news from the site with Alex Williams, founder and publisher of The New Stack, and Joab Jackson, TNS managing editor. We discuss the update to Honeycomb.io's observability platform, and Palo Alto Networks intended purchase of container security provider Twistlock and serverless security provider PureSec. Oh, also we discuss Pivotal's new Spring-based OpenJDK distribution, and alarming new research on "deepfake" videos.

In this episode, Neil walks us through how to create custom audit rules to check if someone is tampering with the Twistlock daemonset.You can use this approach to create your own custom rules for almost anything using the right JSON properties and strings.

You can now pay open source developers directly, well, those in the closed beta. Seems like a good idea, really. Also, the Commonwealth and Friends club doesn’t like Huawei, and thought lords can be bores. Hey! Want to get Coté’s book, a collection of writing on DevOps, agile, and THE DIGITAL? Go to leanpub.com/digitalwtf and use the code SDT to get $20 off (https://leanpub.com/digitalwtf/c/sdt) Digital WTF (https://leanpub.com/digitalwtf/c/sdt), so $5 total. And, if you want a free copy, contact Coté and tell him you’ll help market it (advertise it, put it in Twitter, by post to your uncle, whatever!) and he’ll send you a code for a free copy. Also: What kind of hippy were you, Coté? Any whistles? Low-tech rave. 3 slides in Guam. Thought-acting. New hire announcements need to be auto-deleted. Not for you. I can assure you conference organizers… I am not polished. YAML for good. No YAML for payment. It’s going to be more than $10,000 for LDAP. Can’t tell if I like American Gods, but I keep reading/watching it. German crossbow guys, aka, c (https://www.bbc.com/news/world-europe-48257713)rossbow bolt cult in Germany (https://www.bbc.com/news/world-europe-48257713). A crossbow only does d4 of damage. Every time I log into Skype there's an upgrade. British people totally into yelling at their kids. Relevant to your interests Announcing GitHub Sponsors: a new way to contribute to open source (https://github.blog/2019-05-23-announcing-github-sponsors-a-new-way-to-contribute-to-open-source/) “.github/FUNDING.yml” Never mind total committers/LoC, now you can boast on cash-money given. ARM cuts ties with Huawei, threatening future chip designs (https://www.theverge.com/2019/5/22/18635326/huawei-arm-chip-designs-business-suspension) The Tech Cold War Has Begun (https://www.bloomberg.com/opinion/articles/2019-05-20/huawei-supply-freeze-points-to-u-s-china-tech-cold-war) How to thought lead — Twitter Thread (https://twitter.com/jbeda/status/1132668343977070598) Shingy’s Wikipedia page is up for deletion (https://twitter.com/evanpro/status/1133489885891956737) David Shing (https://en.wikipedia.org/wiki/David_Shing) Adam Jacob at ChefConf (https://youtu.be/M87msqh-8b0?list=PL11cZfNdwNyPqCULNNN4YEyrMn3Vj6LGu&t=5839) Why no Docker (http://crunchtools.com/why-no-docker/) Splunk adds 400 enterprise customers in Q1, ups outlook (https://www.zdnet.com/article/splunk-adds-400-enterprise-customers-in-q1-ups-outlook/#ftag=RSSbaffb68) What’s the deal with Splunk (and, sort of, ServiceNow)? Are they just the new normal that everyone buys, the new “legacy” and/or “lock-in as too expensive?” Also, like, maybe they work really well…? Containers, microservices, and service meshes (http://jpetazzo.github.io/2019/05/17/containers-microservices-service-meshes/) “~jpetazzo/index” - the World Wide Web! Jesus - why the fuck isn’t this just built into how networking works? Was SDN too expensive, or something? “it made more sense to build a new proxy than to extend an existing one” - ladies and gentlemen: the story of open source. So. Basically, with a local proxy and distributed hashmap you can cloud? Am I reading this right? We should add another layer on-top of all of this in some kind of framework hand-slapping game? “One approach that has a lot of potential is to use a tool like SuperGloo. SuperGloo offers an abstraction layer to simplify and unify the APIs exposed by service meshes.” Elsewhere (https://www.oreilly.com/ideas/do-you-need-a-service-mesh): “The service mesh is a dedicated infrastructure layer for handling service-to-service communication in order to make it visible, manageable, and controlled.” Paging Dr. Alexa: Hospitals call on voice assistants, envisioning ‘massive’ impact on healthcare (https://www.geekwire.com/2019/paging-dr-alexa-hospitals-call-voice-assistants-envisioning-massive-impact-healthcare/) The usual AI/ML speech stuff. Also, getting Alexia to turn the TV on for you: “By the way, I don’t think nurses also like to come and turn on the TV for you,” Gholami said. “They want to care for you. They want the emotional connection part.” Coté: I was using the IVR for a rental car company recently. I mean, it was an IVR, really annoying. Voice is bullshit. Why so much “science” used in design is bullshit: Android, Losada and Frankfurt. (http://mjparnell.com/bullshit_science_ux_design/) Enterprise DevOps Company CloudBees Raises $10 Million (https://pulse2.com/cloudbees-raises-10-million/) Pivotal adds support for open Java in latest release (https://siliconangle.com/2019/05/28/pivotal-adds-support-openjdk-latest-spring-runtime-release/) Facebook plans to launch crypto-currency (https://www.bbc.com/news/business-48383460) Palo Alto Networks to acquire container security startup Twistlock for $410M (https://techcrunch.com/2019/05/29/palo-alto-networks-to-acquire-container-security-startup-twistlock-for-410m/) The World Health Organization officially recognizes ‘burnout’ (https://thehustle.co/WHO-recognizes-burnout/) Tech giant brings software to a gun fight (https://www.washingtonpost.com/technology/2019/05/30/tech-giant-brings-software-gun-fight/) Nonsense LaCroix faces a crippling 'free fall' as it turns 'from bad, to worse, to disastrous,' analyst says (https://www.businessinsider.com/la-croix-sales-decline-free-fall-2019-5). Sponsors This episode is sponsored by SolarWinds® and one of their DevOps tools, Papertrail™. To learn more or to try SolarWinds Papertrail free for 14 days, go to papertrailapp.com/sdt and make troubleshooting fun again. Conferences, et. al. ALERT! DevOpsDays Discount - DevOpsDays MSP (https://www.devopsdays.org/events/2019-minneapolis/welcome/), August 6th to 7th, $50 off with the code SDT2019 (https://www.eventbrite.com/e/devopsdays-minneapolis-2019-tickets-51444848928?discount=SDT2019). 2019, a city near you: The 2019 SpringOne Tours are posted (http://springonetour.io/). Coté will be speaking at many of these, hopefully all the ones in EMEA. They’re free and all about programming and DevOps things. Coming up in: San Francisco (June 4th & 5th), Atlanta (June 13th & 14th)…and back to a lot of US cities. ChefConf London 2019 (https://chefconflondon.eventbrite.com/) June 19-20 Monktoberfest, Oct 3rd and 4th - CFP now open (https://monktoberfest.com/). SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you free laptop stickers! Follow us on Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/) or LinkedIn (https://www.linkedin.com/company/software-defined-talk/) Listen to the Software Defined Interviews Podcast (https://www.softwaredefinedinterviews.com/). Check out the back catalog (http://cote.coffee/howtotech/). Brandon built the Quick Concall iPhone App (https://itunes.apple.com/us/app/quick-concall/id1399948033?mt=8) and he wants you to buy it for $0.99. Use the code SDT to get $20 off Coté’s book, (https://leanpub.com/digitalwtf/c/sdt) Digital WTF (https://leanpub.com/digitalwtf/c/sdt), so $5 total. Recommendations Matt: After Life (https://www.imdb.com/title/tt8398600/) & Dead to Me (https://www.imdb.com/title/tt8064302/). Brandon: Dead to Me (https://www.netflix.com/title/80219707) on Netflix. Coté: The Fine Art of Small Talk (https://www.goodreads.com/book/show/93409.The_Fine_Art_of_Small_Talk), excerpts in Coté’s Twitter (https://twitter.com/cote/status/1131453689338703872). Listener recommendation from Jordi: Humble Book Bundle: Hacking 2.0 (https://www.humblebundle.com/books/hacking-no-starch-press-books) Cover-art: "Third Beach Drum Circle," from Kyle Pearce (https://www.flickr.com/photos/keepitsurreal/9767175701). Outro: spitting out lyrics with Courtney Barnett’s “Nameless, Faceless.” (https://www.youtube.com/watch?v=HZZSYDhx0FI)

May 31, 2019 Plus, Palo Alto Networks buys Twistlock and PureSec, and Sprint launches 5G in four markets. Huawei wants a quick resolution; Palo Alto bolsters its container and serverless focus; and Sprint launches 5G. Huawei Revs Up Battle With US Government Palo Alto Networks Buys Twistlock, PureSec in $410M+ Deal Sprint's 5G Network Goes Live in 4 Cities Learn more about your ad choices. Visit megaphone.fm/adchoices

May 31, 2019 Plus, Palo Alto Networks buys Twistlock and PureSec, and Sprint launches 5G in four markets. Huawei wants a quick resolution; Palo Alto bolsters its container and serverless focus; and Sprint launches 5G. Huawei Revs Up Battle With US Government Palo Alto Networks Buys Twistlock, PureSec in $410M+ Deal Sprint’s 5G Network Goes Live in 4 Cities

In this episode, Kevin demonstrates the new File Integrity Monitoring feature in Twistlock 19.03.

Website - https://github.com/coreos/clairSaaS Vendors mentioned in this episode: Aqua Security NeuVector Twistlock Episode TranscriptionWelcome back to The Byte. In this episode, we're going to talk about Clair, a vulnerability Static Analysis tool for containers. Before we get started I want to see a raise of hands who runs containers in production? Now, keep your hand up if you scan your images that are running in production. Now, this is a question I ask in workshops to various banks, and big customers that you would think would be doing this, and it's shocking. If we were all sitting in one room, I would imagine only 20% of us would still have our hands up saying we run production containers, and we scan these containers... Scan the container images.Now, Clair is actually a brilliant tool. It's was developed by CoreOS, which was acquired by Red Hat, which Red Hat was acquired by IBM, but it's still going. I mean, it's still active, which is brilliant, because it's an awesome tool. Now, typically in the enterprise world, and the small-medium enterprise, I mean, different segments, you have different options, right? I mean, typically, if you are going to do container security, you're going to go with some sort of SAS solution, one of the big vendors, and we're talking about Aqua Security, NeuVector, Twistlock. I mean, just to name a couple of them.But, Clair is actually the open-source version, and obviously, it is open source. I mean, you're not getting any SLAs, or anything like that, but it does a great job, and what it does, I mean, it actually does Static Analysis and Vulnerability Scanning of your container images. How that works, it regularly downloads the metadata from various sources, stores them in a database, and then, compares the metadata versus your images that are running. This then provides you a notification, or lets you know, "Hey, this particular image has vulnerabilities, and I'll notify you, and I'll keep notifying you until you..." Like siren's notification.Additionally, we can also integrate Clair into your CICD pipeline, which allows us to, as we build container images we can actually, as it's pushed to a Registry, Clair then fires up, scans the image, and then, provides you like a report about them, if there are any vulnerabilities inside this image. It integrates into your CICD pipeline, it integrates into various container registries, it has configurable notifications, so we can then push notifications to slack, or email, or whatever notification system you want to use, Permit To Use, for example. You can go to the Alert Manager. It has a lot of different possibilities there. It does integrate quite well to a bunch of different type of platforms, so if you go into the documentation on Clair OS, GitHub page, you go to Integrations you can see it obviously integrates into the CoreOS Registry.It integrates into all sorts of different projects. You can look through it. As I said, it's an open-source project. If you're not doing container scanning now, I would highly, highly recommend you use Clair, that at least you have something, right? Because, many times people are not doing any scanning, and it's better to do something, so at least you know, hey, do I have a heart bleed running around in my production systems? Do I have any vulnerabilities that are like super, like red alert? It's good to know at least baseline where I'm sitting. I would recommend Clair if you're not running any security system. If you have the budget I would definitely go for an enterprise solution, Aqua, NeuVector, Twistlock, or just to name a couple of them, but there's a lot of options out there.Security starts sooner than later. I mean, the sooner you can integrate this into your CICD pipeline the better off you are. Give it a try, github.com/coreos/clair. It's a great tool. We've used it for a couple of projects. We're quite happy with it. I mean, obviously, for what you pay for, right? But, at least you're getting some sort of security put in place. This is step one. Obviously, there are a lot more best practices you can incorporate into your building of images, as well as the security in your container environment, but at least with Clair, we have some sort of reporting and availability... Ability to actually scan your images.Give it a try. Clair has great documentation. It's being used quite regularly. it's also being updated quite frequently as well. That's all I have for this episode. Have a great day. We'll see you next time.

In this episode, Michael discusses how the Twistlock dev team built the ACI Virtual Node protection feature in Twistlock 19.03. We also discuss the differences in technology between Azure Container Instances and AWS Fargate.

In this episode, Michael walks through the new Native Helm support in Twistlock 19.03, detailing the configuration steps necessary to enable Helm Chart support in Twistlock.

In this episode, John Morello explains what we know about the DockerHub compromise, what potential impacts exist for DockerHub users, and what you can do to minimize impact to you and your apps. Twistlock customers are NOT affected.

In this episode, Michael dives into how we built the Lambda Layers security features to allow Twistlock to be embedded and to secure Lambda Layers.

In this episode, Ilana from the Twistlock dev team discusses the process that she went through to create the Istio visibility, vulnerability management, and prevention features in Twistlock.

In this episode, Ashley discusses and demonstrates the advantages of using Assigned Collections to provide granular visibility and security to your cloud native environments.0:51- Twistlock 2.4 - Projects1:30- Twistlock 1.8 - Collections2:24- Inside of Projects, team granular permissions2:38- Demo time11:03- Integrating granular control into DevOps lifecycle

Padma Vatsavai is founder and CEO of Vinformatix. Vinformatix is a software development company that specializes in designing and maintaining web-based applications, websites, and portals for public and private sector clients. Vinformatix designed the web-based system that 90,000 victims of Hurricane Harvey in Texas used in 2017 to apply for disaster aid. The firm also designed two web-based portals for Louisiana Economic Development, including Louisiana Job Connection, which helps businesses find potential employees. John Morello is a 14-year veteran of Microsoft who is now Chief Technology Officer of Twistlock, a Portland, Oregon-based firm that is changing the face of cybersecurity. Twistlock opened a Baton Rouge location in the psring of 2018 at LSU's Innovation Park and is continuing to grow with clients nationwide that include GridSpace, Aetna and Workiva. What makes Twistlock unique in its approach to developing cybersecurity solutions is it's cloud-native approach that is much faster and more effective than what most of the competition is doing. Photos over lunch at Mansurs on the Boulevard by karry Hosford. See omnystudio.com/listener for privacy information.

In this episode, Paul demonstrates more host protection features, specifically host forensics, that are built into Twistlock 19.03. Paul demonstrates how anomalous activity can be tracked, alerted, and prevented through Twistlock on any host.

In this episode, Omri details how Twistlock built the Kubernetes Audit rules features that integrate with Kubernetes AuditSink, as well as audits for GKE. 0:35- What are Kubernetes audits?1:30- Kubernetes audit rules in Twistlock3:28- How we built this feature5:30- Integration with Kubernetes dynamic backend feature6:10- demo time12:58- GKE Audits

In this episode, James demonstrates the new Twistlock 19.03 features around host visibility and protection, including cloud native network firewall and Radar for hosts.

In this episode, Jacob demonstrates the new Twistlock 19.03 features around integration with the Kubernetes AuditSink features.

In this episode, Andreas demonstrates the new Twistlock 19.03 features around the new Custom Runtime Rules Language, which integrates with the Kubernetes AuditSink. Twistlock 19.03 also comes with over 40 custom rules that query the AuditSink logs to get you started quickly with actions around the events in your environment.

In this episode, Neil demonstrates the new Twistlock 19.03 feature around RASP Defender, which allows the same level of visibility, automation, and protection in non-managed cloud native resources.

In this episode, Liron Levin, Chief Architect of Twistlock, explains the history behind the decision to use Go to build Twistlock, the criteria that was used to assess all the possible languages, some key findings and advantages of using Go, and, of course, some story time.1:52- Story time2:13- The architecture2:37- Language options3:45- Before Twistlock, and experience with Python4:22- Compiled languages + large teams + fast pace5:07- What does Docker use?5:48- Maybe I should try it? How quickly can I be productive?6:37- The benefits7:31- The first test: agent in Go, and console in node8:52- MongoDB for the data store9:36- New devs coming on board13:07- Simplicity and error handling14:34- Consistent formatting15:22- Coding standards17:33- Low level code and elements19:08- Anything unexpected?20:42- Places to optimize21:20- Rust25:00- Reducing complexity26:03- More story time30:28- Testing in Go

In this episode, Ian discusses how Twistlock is able to automate the creation and maintenance of the product documentation. He talks through the entire OSS-based system that is in place to manage documentation contributions, the tools used to build the docs, as well as a code deep dive through the search indexing and crawling to surface the docs to users.6:27- Documentation website9:34- Search mechanisms

This week, in a nod to the RSA Conference that was held this week, we spoke to Jim Bugwadia, CEO of Nirmata, about what your Kubernetes security checklist is probably missing. Bugwadia wrote a post for The New Stack in which he shares the security model Nirmata uses to guide its enterprise customers with Kubernetes adoption. Nirmata is a DevOps platform for containerized application deployments and is a sponsor of The New Stack. In the second half of the show, we review our other podcast and stories for the week, including some of the news coming out of RSA, such as Twistlock's new release that promises container native security for VMs as well as Scytale's new SPIFFE-based Service Identity Management tool.

We chat with Ashley Ward, Solution Architect at Twistlock, around Docker security and some initial security concerns for Docker images.

This is an intro to the podcast and explains exactly what kinds of content people can expect to see/hear about on the show.We will cover general cloud native security topics like Docker security, Kubernetes security, RBAC, monitoring and alerting, serverless, and many more.We have also partnered with our Twistlock Labs team, the research arm of the organization, and will be bringing you the latest and greatest in cloud native security research, including topics like the 4 zero days that the team found, honey pots and how they lured cryptominers and hackers to open containers and how they exploited them.We’ll also be bringing on some of the partners that we work with and integrate with in the ecosystem to show you the how to utilize multiple tools to get the job done and some best practices that we’ve found along the way.Another type of content we’ll bring is detailed deep dives into some of the Twistlock products features and you’ll see these published around our major releases. These will help you dive into the deep features the Twistlock platform and how they can help you and your organization stay more secure in the Cloud Native world and throughout your journey.We’ll take a meta deep dive on some of these and show you exactly how we built some of these features with our development team. We’ll also cover off deep developer topics like debugging Go code, writing idiomatic test code, and forensics at scale, just to name a few.We’ll be available on most video and audio platforms, like YouTube, Twitch, SoundCloud, Apple and Google podcasts, as well as a dedicated area on our website to feature all of the episodes. All of the links to the various channels can be found below. You can expect us to publish weekly with new content coming out all the time.Subscribe and get notified every time we post a new episode. Finally, if you have feedback or content suggestions, please send them to CNS@twistlock.com (I’ll post the email address below as well) and we’d love to hear how you’re liking the show and also if you have any content that you’d like to see us cover. Thanks so much and we look forward to helping you learn all about Cloud Native Security.

For this week's episode, we speak with Sonya Koptyev, who is the director of evangelism for cloud native security provider Twistlock, which is holding a webinar/conference, Cloud Native Live this Monday, on Jan. 29. There are a lot of great speakers on this day-long event. In the main keynote, Pivotal's Dormain Drewitz will share secrets of enterprises who have successfully adopted the best principles of digital transformation. CI/CD expert Brice Fernandes will explain the GitOps model, identifying best practices and tools to use on this emerging practice. Other speakers include Priyanka Sharma, director of cloud native alliances at GitLab and Dan Kohn, executive director of the Cloud Native Computing Foundation.

stdout.fm 11번째 로그에서는 아웃사이더 님을 모시고, Node.js event-stream 악성 코드 주입 사건, 컨텐츠 보존 주의, 정적 웹사이트 생성기에 대해서 이야기를 나눴습니다. 게스트: @outsideris 참가자: @seapy, @raccoonyy, @nacyo_t Seocho.rb 첫 번째 모임: 서버리스 루비 | Festa! 나 몰래 컴퓨터 자원을 사용하는 블로그(사이트) | 오늘부터 seapy는 랜섬웨어 감염 웹호스팅업체 인터넷나야나, 결국 해커에 굴복 : IT : 경제 : 뉴스 : 한겨레 Adblock Plus and (a little) more: Kicking out Cryptojack How to Use the Google Chrome Task Manager Tree Style Tab – Get this Extension for

In a joint show between The Cloudcast and PodCTL, Brian and Tyler Britten talk with John Morello (@morellonet, CTO at @TwistlockTeam) about how Service Mesh technologies, such as Istio, can be used for more advanced security of containerized applications and Kubernetes environments. Show Links: Twistlock Website Securing Istio and Kubernetes Making Istio Security Layer Easier to Monitor Service Mesh Tutorials [PODCAST] @PodCTL - Containers | Kubernetes | OpenShift - RSS Feed, iTunes, Google Play, Stitcher, TuneIn and all your favorite podcast players [A CLOUD GURU] Get The Cloudcast Alexa Skill [A CLOUD GURU] A Cloud Guru Membership - Start your free trial. Unlimited access to the best cloud training and new series to keep you up-to-date on all things AWS. [A CLOUD GURU] FREE access to AWS Certification Exam Prep Guide - At A Cloud Guru, the #1 question received from students is "I want to pass the AWS cert exam, so where do I start?" This course is your answer. Show Notes Topic 1 - Welcome to the show. Tell us about your background, and introduce us to Twistlock for anyone that isn’t familiar with the company. Topic 2 - One of the most popular concepts in the world of containers and Kubernetes is “Service Mesh” (projects like Istio). Let’s talk about the basics of what a service mesh does. Topic 3 - Service mesh provides routing capabilities, so let’s talk about where security comes into the picture. Topic 4 - Service mesh introduces a concept in Kubernetes where you deploy multiple containers in a pod, one the application and one the service-mesh proxy. Does security introduce yet another container/agent into a pod? Topic 5 - What sort of tools are available today for security professionals are service meshes are introduced into a container environment? Feedback? Email: show at thecloudcast dot net Twitter: @thecloudcastnet and @ServerlessCast

Show: 49Show Overview: In a joint show between The Cloudcast and PodCTL, Brian and Tyler talk with John Morello (@morellonet, CTO at @TwistlockTeam) about how Service Mesh technologies, such as Istio, can be used for more advanced security of containerized applications and Kubernetes environments. Show Notes:Twistlock WebsiteSecuring Istio and KubernetesMaking Istio Security Layer Easier to MonitorService Mesh TutorialsTopic 1 - Welcome to the show. Tell us about your background, and introduce us to Twistlock for anyone that isn’t familiar with the company. Topic 2 - One of the most popular concepts in the world of containers and Kubernetes is “Service Mesh” (projects like Istio). Let’s talk about the basics of what a service mesh does. Topic 3 - Service mesh provides routing capabilities, so let’s talk about where security comes into the picture. Topic 4 - Service mesh introduces a concept in Kubernetes where you deploy multiple containers in a pod, one the application and one the service-mesh proxy. Does security introduce yet another container/agent into a pod? Topic 5 - What sort of tools are available today for security professionals are service meshes are introduced into a container environment? Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com

In this chat we sat down with Ben Bernstein, CEO of Twistlock. Twistlock just announced another round of venture capital funding, as well as continued progress in customer adoption and new features. Bernstein also shared with us his views on container security and what the market is looking for.

In the news, Infoblox research finds explosion of personal and IoT devices, Qualys announces letter of intent to acquire second front systems, Fortinet acquires Bradford Networks, Tenable extends cloud application security scanning capabilities, and more on this episode of Enterprise Security Weekly! Full Show Notes: https://wiki.securityweekly.com/ES_Episode94 Visit http://securityweekly.com/esw for all the latest episodes!

In the news, Infoblox research finds explosion of personal and IoT devices, Qualys announces letter of intent to acquire second front systems, Fortinet acquires Bradford Networks, Tenable extends cloud application security scanning capabilities, and more on this episode of Enterprise Security Weekly! Full Show Notes: https://wiki.securityweekly.com/ES_Episode94 Visit http://securityweekly.com/esw for all the latest episodes!

This week, on a Special Edition of Enterprise Security Weekly, Paul and John welcome Adrian Sanabria, Director of Research for Savage Security; Dave Kennedy, Founder of TrustedSec, Binary Defense, and DerbyCon; and Security Weekly's very own Jeff Man, for a group discussion on Penetration Testing! In the Enterprise News, we have updates from Qualys, Twistlock, Fortinet, Tenable, and more on this episode of Enterprise Security Weekly!   Full Show Notes: https://wiki.securityweekly.com/ES_Episode94   Visit https://www.securityweekly.com/esw for all the latest episodes!   →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

This week, on a Special Edition of Enterprise Security Weekly, Paul and John welcome Adrian Sanabria, Director of Research for Savage Security; Dave Kennedy, Founder of TrustedSec, Binary Defense, and DerbyCon; and Security Weekly's very own Jeff Man, for a group discussion on Penetration Testing! In the Enterprise News, we have updates from Qualys, Twistlock, Fortinet, Tenable, and more on this episode of Enterprise Security Weekly!   Full Show Notes: https://wiki.securityweekly.com/ES_Episode94   Visit https://www.securityweekly.com/esw for all the latest episodes!   →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

Containers like Docker offer new automation awesomeness, portability and predictability. But traditional security tools and ops are only the start of reducing your risks. John Morello from Twistlock, Alfredo Hickman from Rackspace and Kellman Meghu from Sycomp pull the container stack apart to reveal security gaps.Please read NIST Application Container Security Guide co-authored by John Morellohttps://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-190.pdfAnd read Container Intrusions: Assessing the Efficacy of Intrusion Detection and Analysis Methods for Linux by Alfredo Hickmanhttps://www.sans.org/reading-room/whitepapers/detection/container-intrusions-assessing-efficacy-intrusion-detection-analysis-methods-linux-container-environments-38245

This week, Paul and John interview Brendan O'Connor, Security CTO at ServiceNow, and John Moran, Senior Project Manager of DFLabs! In the news, we have updates from Twistlock, Microsoft, BeyondTrust, and more on this episode of Enterprise Security Weekly!   Full Show Notes: https://wiki.securityweekly.com/ES_Episode78   Visit https://www.securityweekly.com/esw for all the latest episodes!

This week, Paul and John interview Brendan O'Connor, Security CTO at ServiceNow, and John Moran, Senior Project Manager of DFLabs! In the news, we have updates from Twistlock, Microsoft, BeyondTrust, and more on this episode of Enterprise Security Weekly!   Full Show Notes: https://wiki.securityweekly.com/ES_Episode78   Visit https://www.securityweekly.com/esw for all the latest episodes!

In the news, CASB Bitglass announces zero-day cloud app indexing with machine learning, WhiteHat combats code vulnerabilities with Sentinel Source for Microservices, Twistlock 2.3 advances container security with serverless support, and more enterprise security news! Full Show Notes: https://wiki.securityweekly.com/ES_Episode75 Visit http://securityweekly.com/esw for all the latest episodes!

CASB Bitglass, WhiteHat, and Twistlock - Enterprise Security Weekly #75 In the news, CASB Bitglass announces zero-day cloud app indexing with machine learning, WhiteHat combats code vulnerabilities with Sentinel Source for Microservices, Twistlock 2.3 advances container security with serverless support, and more enterprise security news! Full Show Notes: https://wiki.securityweekly.com/ES_Episode75 Visit http://securityweekly.com/esw for all the latest episodes!

This week, Matt Alderman joins Paul to interview Marci McCarthy, CEO and President of T.E.N. & CEO and Chairman of ISE®! Marci has over 20 years of business management and entrepreneurial experience! In the news, we have updates from Bitglass, WhiteHat, and Twistlock! Matt Alderman talks container security with Paul, and more on this episode of Enterprise Security Weekly!   Full Show Notes: https://wiki.securityweekly.com/ES_Episode75   Visit https://www.securityweekly.com/esw for all the latest episodes!

This week, Matt Alderman joins Paul to interview Marci McCarthy, CEO and President of T.E.N. & CEO and Chairman of ISE®! Marci has over 20 years of business management and entrepreneurial experience! In the news, we have updates from Bitglass, WhiteHat, and Twistlock! Matt Alderman talks container security with Paul, and more on this episode of Enterprise Security Weekly!   Full Show Notes: https://wiki.securityweekly.com/ES_Episode75   Visit https://www.securityweekly.com/esw for all the latest episodes!

Doctors make the best rappers, 3 innovative security companies, DevOps will be a thing, integrate products swimmingly, AI and Machine Learning in the hands of bad actors, and serverless security capabilities. Full Show Notes: https://wiki.securityweekly.com/ES_Episode74 Visit http://securityweekly.com/esw for all the latest episodes!

Doctors make the best rappers, 3 innovative security companies, DevOps will be a thing, integrate products swimmingly, AI and Machine Learning in the hands of bad actors, and serverless security capabilities. Full Show Notes: https://wiki.securityweekly.com/ES_Episode74 Visit http://securityweekly.com/esw for all the latest episodes!

Our guest on the podcast this week is Ben Bernstein, CEO and Co-founder of Twistlock. We discuss the myths surrounding the security of applications in containers in the cloud and advice for people just starting a container initiative.

Virtualization-based security, the road to Twistlock 2.0, Trend Micro embraces machine learning, and more enterprise news! Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode40 Visit http://securityweekly.com/esw for all the latest episodes!

Virtualization-based security, the road to Twistlock 2.0, Trend Micro embraces machine learning, and more enterprise news! Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode40 Visit http://securityweekly.com/esw for all the latest episodes!

Gabriel Gumbs of STEALTHbits joins us for an interview. In the news, virtualization-based security, the road to Twistlock 2.0, Trend Micro embraces machine learning, and more in this episode of Enterprise Security Weekly!Full show notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode40 Visit http://www.securityweekly.com for all the latest episodes!

Gabriel Gumbs of STEALTHbits joins us for an interview. In the news, virtualization-based security, the road to Twistlock 2.0, Trend Micro embraces machine learning, and more in this episode of Enterprise Security Weekly!Full show notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode40 Visit http://www.securityweekly.com for all the latest episodes!

In this episode of The Secure Developer, Ben Bernstein from Twistlock joins Guy to discuss container security. Are you currently using containers, or thinking about moving to containers in your stack? You won't want to miss this episode. With containers, developers control the entire stack. While empowering to developers, this can also open up new security vulnerabilities. Ben and Guy discuss the tools and processes you'll need to put in place to ensure your containers are compliant and secure. The post Ep. #7, Understanding Container Security appeared first on Heavybit.

In this discussion with John Morello of Twistlock, we talk about how containers can actually be a better medium for automating and securing applications. Containers being immutable and lightweight makes it easier to follow images from early in the development life cycle all the way to the registry and compute environments. Twistlock collects data from this life cycle and creates a predictive model for a container's behavior. This model looks for inconsistent behaviors, and depending on what you want, it can set off an alert or even block the activity entirely. Later in the discussion, we talk about Twistlock's focus on four distinct use cases, recent changes to its core features, the value of partner integration and more. Learn more at: https://thenewstack.io/creating-automated-model-container-security/ Watch on YouTube: https://youtu.be/9xcCjcEi-FY

Chenxi Wang has had a diverse career in the technology industry, Before her current position as Chief Strategy Officer at Twistlock, she was Vice President, Cloud Security & Strategy at CipherCloud, Vice President, Strategy and Market Intelligence at Intel Security, and Vice President at Forrester Research. Along the way, she has worked on technology education initiatives and is currently at work on Equal Respect, a movement to stop the objectification of women in technology. In this interview, I spoke with Chenxi about her upcoming sessions at RSA Conference 2016, her work on the Equal Respect initiative, and her passion for software security education.