Twistlock
Last updated: Apr 28, 2026
Twistlock was an Israeli container and cloud-native security startup founded in 2015 that became a category leader in runtime vulnerability management and policy enforcement for containerized workloads before acquisition by Palo Alto Networks in May 2019 for $410 million.
Visit WebsiteCompany Overview
Twistlock pioneered container security at a critical inflection point in enterprise software development. Founded in 2015 by Israeli entrepreneur Ben Bernstein, the company recognized that traditional VM and endpoint-focused security models were fundamentally mismatched to the ephemeral, highly automated nature of container orchestration. Twistlock built an integrated platform addressing three layers: static vulnerability scanning of container images in CI/CD pipelines, policy enforcement preventing deployment of non-compliant configurations, and runtime threat detection and response within Kubernetes and Docker environments.
The company's technical approach was distinctive in combining vulnerability management with runtime behavioral controls. Rather than treating containers as immutable once deployed, Twistlock implemented real-time policy enforcement based on 500+ configuration checks aligned with CIS (Center for Internet Security) benchmarks for Linux, Docker, and Kubernetes. This hybrid approach—preventative policy enforcement combined with reactive threat response—addressed a genuine market gap in the 2015-2019 period when container adoption was accelerating while security tooling remained nascent.
Twistlock achieved notable traction before acquisition: by August 2018 (Series C), the company had secured 200+ enterprise customers including Walgreens and Aetna, 120 employees (grown to ~120 by acquisition in 2019), and had raised $63 million across multiple rounds (Series A through C led by YL Ventures, TenEleven, Rally Ventures, Polaris Partners, Dell Technologies Capital, and Iconiq Capital). The $33 million Series C in summer 2018, led by Iconiq Capital, reflected strong investor confidence and justified a $410 million acquisition price less than one year later—a 6.5x multiple on total raised capital and an exit signal that Palo Alto Networks valued the team, customer base, and intellectual property significantly.
Strategically, Palo Alto's acquisition fit a systematic build-out of its Prisma Cloud platform, which consolidated RedLock (cloud infrastructure security, $173M), Evident.io (cloud security, $300M), and Twistlock ($410M) into a unified CNAPP (Cloud-Native Application Protection Platform). The consolidation reflected the market's recognition that container security required deep expertise in API security, policy, and runtime defense—not just incident response or network segmentation. Twistlock's founders and core team brought cloud-native security expertise that had been developed ground-up and validated against hundreds of production Kubernetes clusters.
Dual-Use Assessment
Container and Kubernetes security controls have direct applicability across civilian and defense-sector software supply chains. Container hardening, CI/CD pipeline security, and runtime threat prevention are core to federal software modernization initiatives, defense contractor DevOps environments, and any security-critical infrastructure relying on containerized workloads. The technology addresses supply-chain risk in highly automated environments where malicious code injection or misconfiguration could propagate undetected at scale.
Strategic Fit Assessment
Twistlock was successfully exited via acquisition by a major platform vendor (Palo Alto Networks) in May 2019. As a historical reference, it demonstrates the strong market fit for cloud-native security technologies, but is not an independent company for direct diligence as it is now a product line within a large public company. The company would be of interest as a case study for evaluating current or future CNAPP and container security startups, but not for direct company-level diligence.
Strategic Value to U.S.-Israel Alliance
Twistlock was a category-defining startup in container security that shaped industry approaches to runtime security and policy enforcement in cloud-native environments. The May 2019 acquisition by Palo Alto for $410 million validated the market value of container security expertise and customer traction. The company's technical approach (combining static scanning, policy enforcement, and runtime detection) became the industry standard for CNAPP solutions. For strategic investment purposes, Twistlock serves as a high-value precedent demonstrating investor appetite for Israeli-founded cybersecurity companies with specialized cloud-native expertise.
Key Technologies
- Container image vulnerability scanning
- Kubernetes runtime policy enforcement
- Docker image provenance and compliance
- CI/CD security integration
- Behavioral threat detection in containers
- CIS benchmark compliance automation
- Secrets detection in container images
Use Cases & Applications
- Secure CI/CD pipelines in defense contractor environments
- Container image scanning for federal software supply chains
- Kubernetes cluster hardening for mission-critical applications
- Runtime threat prevention in cloud-native financial services
- Secrets and configuration compliance in automated DevOps
- Zero-trust policy enforcement for containerized government systems
- Container forensics and breach investigation in critical infrastructure
Sources and verification
This profile is based on public-source research, Claw & Talon curation, and editorial judgment. Inclusion does not imply endorsement, partnership, investment, or a recommendation to transact. Readers should still confirm current status, customers, funding, and product claims before relying on this profile.
Public sources
The links below are visible public references used for source discipline around company identity, status, funding, customer, acquisition, public-company, or other material claims where available.
- Official website Primary public reference for company identity, positioning, and current web presence.
- Profile update timestamp Last updated in the Claw & Talon database on Apr 28, 2026.
Investor Lens
What this entry is
Acquired asset
Why it may matter
Twistlock may matter as a Cybersecurity entry with not currently an investable standalone company for Israeli technology research.
How an independent investor should read this
Not currently an investable standalone company. Read this profile as a starting point for independent verification, not as a recommendation or suitability assessment.
Evidence to verify
- Verify current status
- Verify technical claims
- Verify regulatory/export-control issues
Main investor questions
- Is this entry a benchmark, buyer, ecosystem node, acquired asset, or strategic reference rather than a live startup opportunity?
- What does this reference clarify about buyers, sector structure, public-market context, or strategic demand?
- Does the dual-use claim map to actual commercial and government/defense/resilience buyer evidence?
- What evidence would change the thesis or show that the profile is stale?
What not to infer
- Inclusion does not imply endorsement.
- Inclusion does not imply allocation availability or current fundraising.
- Scores do not indicate investment suitability or expected returns.
- Strategic importance does not automatically imply venture return potential.
Diligence questions
- What evidence verifies Twistlock's current customer traction, deployment status, and revenue concentration?
- Which technical claims are independently demonstrable today, and which remain roadmap or pilot-stage assertions?
- Where does the product create real defense, intelligence, critical-infrastructure, or emergency-response value beyond ordinary commercial adoption?
- How does the platform integrate into existing SOC, cloud, identity, or compliance workflows without adding operational burden?
- Is the company a live venture opportunity, a mature strategic reference, an acquired asset, or primarily a market-mapping entry?
Related sector
See the Cybersecurity sector page for market context, related subcategories, and other Israeli companies in this part of the database.
Related companies
Need a diligence readout?
Use the profile and related checklists as a starting point. If the decision needs more context, request a company screen, founder-call prep, diligence memo, or sector readout.