Twist lock Architecture

Twistlock is a rule-based access control policy system for Docker and Kubernetes containers.

It is a Layer 7 Application firewall for Containers. Best suited for container application F/W management

Twistlock handles image scanning. You can scan an entire container image, including any packaged Docker application or Node.js component. You can apply application scan and apply filters to monitor them.

Twistlock also deals with image scanning of containers within the registries themselves. In runtime environments, Twistlock features a Docker proxy running on the same server with an application’s other containers.

Management and Runtime Firewall

Three Mode of operation–Management of Twistlock and deployment: Manage and configure TL with deployment tools, implements deployment scenarios( Projects)–Monitor the K8 stack and monitor compliance: Monitors firewall and checks for compliance, learns during the runtime.–Runtime firewall capabilities( Defend): Always on alert( everything that is needed for L7 firewall at container level).Cloud Native Application Firewall (CNAF)–CNAF is web application firewall (WAF) designed for containers. WAFs secure web apps by inspecting and filtering layer 7 traffic to and from the app. CNAF enhances the traditional WAF for container environments by binding to containerized web apps, regardless of the cloud, orchestrator, node, IP address where it runs, and without the need to configure complicated routing.Cloud Native Network Firewall (CNNF)–This is a Layer 3 container-aware virtual firewall that utilizes machine learning to identify valid traffic flows between app components, and alert or block anomalous flows. Network segmentation and compartmentalization is an important part of a comprehensive defense in depth strategy.