Press "Enter" to skip to content

Posts published in “serverless computing”

Auto Added by WPeMatico

Twistlock snares $33 million Series C investment to secure cloud native environments

As the world shifts to a cloud native approach, the way you secure applications as they get deployed is changing too. Twistlock, a company built from the ground up to secure cloud native environments, announced a $33 million Series C round today led by Iconiq Capital. Previous investors YL Ventures, TenEleven, Rally Ventures, Polaris Partners and Dell Technologies Capital also participated in the round. The company reports it has received a total of $63 million in venture investment to date. Twistlock is solving a hard problem around securing containers and serverless, which are by their nature ephemeral. They can live for fractions of seconds making it hard track problems when they happen. According to company CEO and co-founder Ben Bernstein, his company came out of the gate building a security product designed to protect a cloud-native environment with the understanding that while containers and serverless computing may be ephemeral, they are still exploitable. “It’s not about how long they live, but about the fact that the way they live is more predictable than a traditional computer, which could be running for a very long time and might have humans actually using it,” Bernstein said. Screenshot: Twistlock As companies move to a cloud native environment using Dockerized containers and managing them with Kubernetes and other tools, they create a highly automated system to deal with the deployment volume. While automation simplifies deployment, it can also leave companies vulnerable to host of issues. For example, if a malicious actor were to get control of the process via a code injection attack, they could cause a lot of problems without anyone knowing about it. Twistlock is built to help prevent that, while also helping customers recognize when an exploit happens and performing forensic analysis to figure out how it happened. It’s not a traditional Software as a Service as we’ve come to think of it. Instead, it is a service that gets installed on whatever public or private cloud that the customer is using. So far, they count just over 200 customers including Walgreens and Aetna and a slew of other companies you…

PureSec exits Beta to secure serverless code

PureSec, a startup out of Israel emerged from Beta today to provide a way to make serverless computing more secure. Serverless computing reduces programming to writing functions, so that when a certain event happens, it triggers an automated action. The cloud vendor takes care of the underlying infrastructure and developers just write the code. It may sound like Shangri La for tech, but in reality there are still security concerns. You might think that a process that lasts only milliseconds wouldn’t be subject to conventional kinds of attacks, but the fact is serverless functions are designed to take human checks and balances out of the equation, says company co-founder Ory Segal, and if you don’t set up the functions correctly you could be vulnerable. As with any type of cloud security, there is a shared security model with serverless computing. On the vendor side, they ensure their data centers and systems are secure, but at the application level, it’s up to the developer. Certainly we have seen many instances where applications have been left exposed and data has leaked. Segal says the function may be only a few lines of code triggering an action, but the action usually involves interacting with one or more external services. When that happens, there is an opportunity to manipulate the function and make it do something it wasn’t designed to do such as inject malicious code. The product looks at your serverless code and lets you know which vulnerabilities you may have left exposed. It can even fix those problems for you if you wish. It also allows you to configure a security profile for your code from a dashboard and see a log of activity to track problems when they occur. Screenshot: PureSec Segal says when the company launched in 2016, it was just a couple of years after AWS launched its Lambda serverless product. At the time, it was not widely used or understood. Serverless computing remains very early in its development, but in order to grow it needs a set of underlying tools like security to really take off. PureSec is…

Cookies help us deliver our services. By using our services, you agree to our use of cookies. More Info | Close