Monday, 14 September 2020

Prisma Cloud (Twistlock)

 

Prisma Cloud


Used by 25 percent of the Fortune 100, Prisma Cloud which was earlier known as Twistlock provides an automated and scalable container cybersecurity platform. Founded in 2015 by CEO Ben Bernstein. 


Key Features


The Prisma Cloud Platform provides vulnerability management and compliance across the application lifecycle by scanning images and serverless functions to prevent security and compliance issues from progressing through the development pipeline, and continuously monitoring all registries and environments.

Additionally, Prisma Cloud provides defense in depth, with access control; automated, machine-learning driven runtime defense; and cloud native firewalls to protect modern applications from threats.


Ques : What Is Prisma Cloud(Twistlock)?

 

Prisma Cloud is a rule-based access control policy system for Docker and Kubernetes containers. 

Prisma Cloud is able to be fully integrated within Docker and able to verify security policies.


Security policies can set the conditions for users to, say, create new containers but not delete them; or, they can launch containers but aren’t allowed to push code to them. Prisma Cloud features the same policy management rules as those on Kubernetes, wherein a user can modify management policies but cannot delete them.


Prisma Cloud also handles image scanning. Users can scan an entire container image, including any packaged Docker application or Node.js component. Prisma Cloud has done its due-diligence in this area, correlating with RedHat and Mirantis to ensure no container is left vulnerable while a scan is running. 


Prisma Cloud also deals with image scanning of containers within the registries themselves. 

Prisma Cloud has the proficiency to articulate a policy on a user-by-user basis, working with customers to customize container security solutions that work for their particular use cases.


Docker is Prisma Cloud’s current focus. In fact,  Prisma Cloud was written in Go, primarily because of the focus the company has within the Go-driven Docker ecosystem. 


Product Performance Metrics


Prisma Cloud is automatically deployed, and relies on behavioral learning to automatically create and enforce security profiles/models. Prisma Cloud has helped customers identify vulnerabilities in thousands of images, blocked thousands of builds of vulnerable images, enforced compliance with security standards for thousands of deployments, and identified compromised containers and hosts at hundreds of customers.


Delivery


Prisma Cloud runs entirely within customer environments with no required connectivity.


Install the Prisma Cloud (Twistlock) App and view the Dashboards


https://help.sumologic.com/01Start-Here/Quick-Start-Tutorials/Hands-on_Labs%3A_Advanced_Metrics_with_Kubernetes/Lab-4-Install_the_Twistlock_App_and_view_the_Dashboards


Vulnerability Information


Scan your Docker image and dependencies for vulnerabilities known to Prisma Cloud.  Expose vulnerabilities to your developers and information on fixes in CI.


Set VULNERABILTY_THRESHOLD [ low, medium, high, critical ] in your source-code pipeline and prevent vulnerabilities from being introduced into your application.  Keep your Docker image secure and fail your pipelines before you merge vulnerabilities into your protected branches.


Prisma Cloud is—in simple terms—a full stack security suite. It handles everything from A to Z, including automated forensics, securing your host, scanning for pods vulnerabilities, and providing additional layers of protection in the form of firewalls and compliance checks. The six tools that stand out among the many that Prisma Cloud now provides are:



Runtime Defense: 


Through automation, routine evaluations, and machine learning, Prisma Cloud can identify potential issues with your container runtime. It can even recommend solutions and changes to make, all in an automated way.

Cloud-Native Firewalls: 

Firewalls are still necessary no matter how secure your system is; you can never be too careful with services running in the cloud. Adding network security that is designed from the ground up for cloud applications is indeed a huge plus.


CI/CD Integration: 

Since Prisma Cloud has its own evaluation and automation tools, it can be used as part of an agile CI/CD Workflow. While new services and updates are deployed, Prisma Cloud will do its job of securing the entire cloud environment all over again. Prisma Cloud also provides a Jenkins plugin to incorporate vulnerability and compliance scanning into the build phase. 

Advanced Access Control:  

Prisma Cloud can even scan your images and make sure that the minimum required privileges are the only ones assigned. This is a tedious process when done manually, but the security suite makes it look very easy.


Vulnerability Testing: 

In addition, we have Prisma Cloud’s ability to mount prevention tactics by reporting vulnerabilities for host, images, and containers. The tool goes well beyond container scanning for vulnerabilities by also providing segmentation, IPS, and cloud-native capabilities. It provides nice dashboards, and list filtering capabilities. It’s also possible to export the findings to CSV which can then be imported to other platforms if needed. Rather than being on the defensive all the time, you can use Prisma Cloud to do vulnerability testing and reinforce your cloud with security measures that will prevent attacks.

Setting Email alerts for Prisma Cloud


Go to left pane -> Manage-> Alerts->Click on Add Profile




Note: We could also configure Jira/slack integration with Prisma to get notification in slack in case of CVE found.


Setting Slack alerts for Prisma Cloud


Go to left pane -> Manage-> Alerts->Click on Add Profile




Leverage Compliance:  

Prisma Cloud compliance management system helps to enforce standard configurations and security best practices so it’s possible to achieve container compliance for any of these standards.

Cloud security management isn’t easy, but Prisma Cloud offers a set of tools that make the whole process more manageable. This is one of the reasons why users love this security suite so much.


Reference Guide:

https://cdn.twistlock.com/docs/downloads/Twistlock-Reference-Architecture.pdf

https://github.com/twistlock/docker

https://www.linuxjournal.com/sites/default/files/2018-11/GeekGuide-Twistlock-ContainerSecurityDocker.pdf

https://docs.paloaltonetworks.com/prisma/prisma-cloud/19-11/prisma-cloud-compute-edition-admin/tools/twistcli_scan_images

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)