Sign up for our newsletter!
Stay informed on the latest DevOps news

DevOps.com

DevOps Chat: Cloud-Native Security with Twistlock CEO Ben Bernstein

By: on 1 Comment

The rise of containers and microservices has given rise to a need for a different type of security. Ben Bernstein, CEO of Twistlock, believes cloud-native security is the answer. Fresh off another round of VC funding, Twistlock has big plans to advance cloud-native security in the container space.

In this DevOps Chat, we talk funding, serverless and cloud-native security with Ben. As usual, the streaming audio is immediately below, followed by the transcript of our conversation.

Alan Shimel: Hi everyone, it’s Alan Shimel, DevOps.com, and you’re listening to another DevOps Chat. I’ve got a really exciting chat guest and subject lined up today. I’m happy to be joined by none other than Ben Bernstein. Ben is the CEO founder of Twistlock. Ben, welcome to DevOps Chat.

Ben Bernstein: Thank you, Alan. I’m really excited to be here. Thanks for inviting me.

Shimel: Not as excited as I am to have you here. You know, as we were talking off camera, we’ve done other podcasts with Twistlock, but I don’t think we’ve had the pleasure of having you on. It’s a real pleasure. Ben, we’ve got some big news we’re going to break today. Twistlock has raised – is it a round C?

Bernstein: Absolutely. Yes, round C.

Shimel: Tell us a little bit about it.

Bernstein: We’re really excited about it. It’s a $33 million round, which bring us to about $63 million in total money raised. It’s led by Iconic Capital, which is pretty a unique family office that’s probably the largest family office in the world, headed by some of Silicon Valley’s top entrepreneurs, which is a very – something that really made us happy to see that we got the interest of such an awesome funds. So we’re pretty excited about this, and having them join our board. It’s also kind of unique because we sort of reached a growth stage, which is first for me, as a CEO, it’s kind of an interesting to see how the company evolves – sort of the level of maturity we’re starting to hit, which is just exciting. It’s just like seeing your kids go to college or something, I guess. [laughter]

Shimel: Well, look, my oldest son is leaving Friday for college. I know how that feels, Ben. So $33 million in this round, about $60-something million in total. As we were talking off-mic, I was telling you my experience with raising money. Raising money is never easy per se. When you have a good product, a good company, and the right space, it gets easier maybe, but it’s never totally easy. So congratulations on a sizable round here. It also coincides with a new release for Twistlock. Is that correct?

Bernstein: Yes, we actually recently released 2.5, which was a pretty interesting release for us, because it updated some of the – or reinforced our investment in Cloud-Native, which is not just container specific, but also augments our complete suite for Cloud-Native computing. So there were some pretty extensive serverless additions there, AWS Fargate addition there as well as some interesting capabilities around forensics, but overall it was a pretty extensive addition to our suite. So we’re very happy about that as well.

Shimel: So Ben, you mentioned an interesting thing and that is this concept of the whole Cloud-Native space is exploding. We have the Cloud-Native foundation, and all Cloud-Native tools and so forth. Originally, when I heard Cloud-Native, it was very cloud computing, AWS, Azure, that kind of cloud, but with the advent of containerization and Kuernetes and Docker and so forth, it’s really almost I don’t want to say dominated – or synonymous, but it’s so closely linked. From a security point of view though, Ben, where do you see the overlaps, and then where is the difference from Twistlock’s point of view?

Bernstein: You mean between specifically serverless and –?

Shimel: Yeah.

Bernstein: Yeah, so at the end of the day, I think there are two types of application security companies. There are box companies and there are cloud companies. When you think about cloud, it’s basically – it embeds in it the concept that you don’t own the infrastructure. It embeds in it the fact that the people that get the resources get everything in a box. They get the networking. They get the storage. They get everything with a click, whether it’s a public or a private cloud, and it embeds in it the fact that you’re using microsegmentation. It’s about code reuse. It’s about a lot of good things that we all are sort of learning in the past I’d say 8 to 10 years, unless you’ve been working in Google or some of the companies that probably invented this space in house.

Everything I just said is not about a very specific technology; it’s about specific concepts. These concepts are very disruptive to the way security is being built, and we at Twistlock, believed initially that _____ be the poster child of how existing security cannot protect containers, but when we’ve seen that, it’s not just about containers. It’s about other technologies that are being used by DevOps teams in modern organizations going through so to speak a digital transformation. We decided that we should really expand what we do to go beyond containers pretty early on, and go to really focus on Cloud-Native, which is a suite of technologies, that even includes VMs, but is all about giving or empowering these groups, DevOps groups, to be able to move fast and still secure their work loads.

This is something that’s hard for them to do with seven different legacy products, where they’re trying to script their way somehow into putting something on the hardware firewall, plus virtual appliance, plus something that needs to – that has a concept of a server, or was built around a concept of a server, where in reality, it should have protected the app, not the server. But anyway, that’s – and so in this – when you think about it in these terms, serverless and containers, and even VMs, if you use them in a certain manner it’s pretty much similar. If it’s immutative, it’s declarative, it’s predictable, a lot of things that really change even the level of security you could wrap around it.

Shimel: You know, Ben, I also wanted to make the point that so much of this technology is wrapped around the – it’s intrinsically linked with DevOps and a new way culturally of how companies approach not just application development, but specifically application security. I’m wondering – some Twistlock guys, 2.5 guy, your new version out, how does the whole DevSecOps thing movement manifest itself into real features and functionality that we see in the Twistlock suite?

Bernstein: So when we created Twistlock, we realized that existing security was sold to say seven different people in the company. You take the storage person and sell him storage security. You take the network person and sell him network security. You take the server person and sell him server security where when in fact, everything you were trying to do is to protect your app. Maybe there were other people who you sold different security solutions. What we’ve seen is these five people are actually one person in the Dev Ops area. It’s one person that does a single click and – or several clicks and gets all these good things, but he’s in charge of that because he gets all these things from a single source – the cloud.

In our bet, which went beyond just specific technologies, and it is kind of counterintuitive to security in general, we said that security had to actually contain multiple layers of security from the same suite. So there’s no point anymore in getting vulnerability assessment from one vendor and east/west firewalls from a different vendor, and anomaly detection from a third vendor, and _____ from a fourth vendor, obviously unless you have a point in it. Most DevOps team, as long as you could – as long as the product is good, they would be happy to get a suite that allows them to get all of these things from a single source.

That’s one of the bets that we’re taking. It’s a pretty dangerous bet because security has not been that way so far. Luckily for us, it seems to – it seems to be paying off so far. We have hundreds of customers and are doing pretty well.

Shimel: To say the least. I think you’re being humble. $33 million dollars more in the bank. The usual thing is you’re going to use it for sales or marketing and engineering and support, but specifically what do you – with this kind of rocket fuel in the tank, what we can we look for from Twistlock?

Bernstein: Well, to be frank, if – I was at the last DockerCon and I saw that people are actually looking for real cloud-native. There’s a real need. If you look at the language, you see that people understand the need for cloud-native security, and what we really want to create is the – a complete solution that people would love and continue to use. So we need to continue to invest in the product. The product is the key. We don’t know how to play golf with executives. We haven’t been very successful at it generally. We really think that what really shines is a good product and a good support team to actually make sure the customers are happy and are using the product right, and that customers are smart, and that they can evaluate things and buy through the channels that they want to use.

But we’re going to keep doing that, keep trying to make sure that our product is really the most complete solution possible. It gets challenging over time as customers move more workloads into the cloud. They have more demand. We need to excel at doing that, but we’re going to be very focused on making sure our products are – really excels and from that, we believe that given intelligent customers and a supportive team that supports the customer will continue to succeed. So not a lot of huge news there, but just given the demand and given the sophistication of Fortune100 customers, we need to keep – even keeping a product as is requires you to continue and grow just because of the requirements coming from customers over time. We need to do more than just keep the existing product as is. We need to really grow and support new technologies. So anyway, it’s a complex task and we’ll continue at it.

Shimel: Absolutely. Congratulations, Ben. Over the years, I’ve had a chance to work with many entrepreneurs, VCs, successful business folks. Any one of them will tell you doing what you’ve done here with Twistlock, regardless of where the end game actually winds up playing out at some point, is really something to be proud of. So congratulations to you and John and the rest of the Twistlock team on both the new version as well as the significant new raise.

As I mentioned to you off-camera, Ben, the time goes so quick where we’re pretty much right on the edge of our time frame here. Wanted to just quickly end up, for people who maybe aren’t as familiar with Twistlock, want to get a little more information, where could they go?

Bernstein: We have tons of information on our site, Twistlock.com, about use cases, about customers, about cloud-native in general. I encourage people who’d like to learn more to go there.

Shimel: Fantastic. Well, Ben Bernstein, CEO and founder of Twistlock, thanks for being this episode’s guest on DevOps Chat. Congratulations on all of the good stuff, all of the good news coming out of Twistlock, and continued success.

Bernstein: Thank you, Alan, for having me. Thanks everyone for listening.

Shimel: All right, a pleasure. This is Alan Shimel for DevOps.com. you just heard another DevOps Chat. See you soon, everyone.

— Alan Shimel