Twistlock Closes $33 Million Funding Round

Twistlock, an early startup to tackle container security, said Wednesday it closed a $33 million funding round that will accelerate its evolution to a vendor of comprehensive security solutions for cloud-native applications.

The Israeli-American company's initial focus on locking down Docker containers has expanded toward a broader set of capabilities for securing apps built on the many containerization platforms on the market, as well as serverless environments and virtual machines.

The latest funding will primarily go to research and development to build out that product line, CEO Ben Bernstein told CRN.

The investment is less needed to bolster sales efforts, Bernstein said, primarily because an early decision to cultivate a channel has created a go-to-market operation that is already scaling effectively.

Sponsored post

[Related: 10 Hot New Cloud Security Products Announced At RSA 2018]

Iconiq Capital led Twistlock's C round, and all existing investors participated, bringing the startup's funding to date to more than $63 million.

While market demand for Twistlock's existing products is strong, "what it means to secure applications in the cloud has become more complex," Bernstein said.

Technologies like the Kubernetes cluster orchestrator, hosted orchestration services from cloud providers, hybrid clouds, micro-services architectures, even Fargate, a serverless container service from Amazon Web Services, are increasingly becoming "part of a single continuum," he said.

Twistlock needs to advance its offerings to span all platforms used for cloud-native development and deployment, Bernstein said. In so doing, the company will encounter greater overlap with legacy security vendors that are looking to move into the cloud space.

From its founding, Twistlock envisioned itself becoming a comprehensive security company, even as it initially tackled a specific problem.

"We needed to start where the pain was the biggest," Bernstein said. At the time, that was the security challenge arising from encapsulating apps in Docker containers.

"Now we’re big enough, we can evolve into more gray areas where legacy security can try to claim they do a decent job," he said.

Cloud-native methods and platforms have fundamentally changed assumptions about how security solutions should work, Bernstein said, and the legacy security companies have struggled to transform themselves to address new concerns.

"The world is changing and we’re changing with it. Not just about whether it’s containers or serverless or VMs, but the fact that you don’t own the network, you don’t own the infrastructure, because there’s a cloud provider," he told CRN.

Twistlock CMO Josh Thorngren told CRN the company wants to deliver even stronger security than could be achieved with legacy systems through solutions that are automated and scalable.

"Over the past three years, one thing that’s become clear is containerization is not an end point, it’s a step in this transformation to a cloud-native environment," Thorngren said. "Containers are one element of that."