While the large vendors maneuver to gain as much coverage as possible, point solutions do their bit to make containerization enterprise-ready Credit: Thinkstock The open source Docker initiative has been nothing if not entertaining. Epic levels of intrigue, dastardly deeds and positioning seems to be the order of the day. Of particular interest is what the Docker ecosystem is doing, particularly how the third-party solution players deftly promise loyalty to Docker Inc. but also position themselves for survival in the increasingly likely eventuality that Docker (the company) will, in Silicon Valley parlance, eat their lunch. + Also on Network World: Finding and protecting the crown jewels + One interesting area is that of security as it relates to containerized applications. One vendor doing good work in the space is Twistlock. Twistlock describes itself as the industry’s first enterprise security suite for containers. Twistlock’s technology addresses risks on the host and within the application of the container. In doing so, it gives enterprises the ability to consistently enforce security policies, monitor and audit activity, and identify and isolate threats in a container or cluster of containers. Twistlock’s stated mission is to provide a full, enterprise-grade security stack for containers so organizations can confidently adopt and maximize the benefits of containers in their production environment. That all sounds good, but there are some questions that get raised from that position. In particular, how much will customers be happy abstracting responsibility for something as core as security to a third-party vendor as opposed to expecting it to be built into the core container operating platform. I put this to Twistlock’s CEO, Ben Bernstein, within the context of any threats he might feel from Docker. His response was both diplomatic and pragmatic: The level of sophistication of attackers today requires most enterprise companies to be secure as possible. This involves having a security strategy in place with state-of-the-art cybersecurity elements, including using a secure platform. Docker has taken great strides to ensure not only that its cloud-native platform is secure, but that its customers feel confident in the overall security of their container environment. The reality is, however, that a company’s container environment can only be as secure as the application the developer built on the platform. Twistlock, therefore, comes in to elevate the level of security in an environment, even when a developer builds a vulnerable application, which is almost always the case. Bernstein had this to add on the specific issue of Docker’s potential intentions: While Docker is doing a great job at making its platform more robust and allowing developers to have more options when it comes to writing secure applications, at the end of the day, it’s still selling a platform. Twistlock is still very much needed to check for any vulnerabilities or security flaws, and our usefulness will only increase with the amount of cloud-native applications. While I’m not 100 percent sure Twistlock is completely safe, Bernstein’s comment with regards to the deeper security opportunity does ring true. And something tells me that he’s managed to create a credibly secure investment story as well, since Twistlock is today announcing a $17 million Series B funding round led by Polaris Partners. This is a real stamp of approval and brings Twistlock’s venture capital investment to date to $30 million. In addition to new lead investor Polaris Partners, existing investors YL Ventures, TenEleven and Rally Ventures participated in the round. And those investors are pretty bullish about the opportunity available to Twistlock: As containers gain mainstream momentum and cloud-native applications surge, practices such as DevOps culture, continuous delivery, cloud development and containerization require a reinvention of security, said Brendan Hannigan, Twistlock chairman and venture partner at Polaris Partners. Twistlock has leapt to the leadership of container security by delivering rapid innovation and customer growth and is spearheading new ways to secure applications that address persistent flaws in old security solutions that have haunted customers for years. Time will tell how secure Twistlock is to platform-level threats. For the moment, however, that extra cash will allow them to develop and market a ring of protection around themselves. Application SecurityKubernetes and ContainersSecuritySoftware Development SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below.