Red Hat Acquisition of StackRox Highlights Importance of DevSecOps

Last week, Red Hat announced it has acquired StackRox, a California-based Kubernetes security company founded in 2014.

This is one of the most strategic acquisitions for Red Hat, which focuses squarely on increasing the market share of enterprise infrastructure. StackRox complements Red Hat’s current portfolio by bringing critical security capabilities missing from its infrastructure and platform offerings.

The founders of StackRox, Ali Goshan and Wei Lien Dang, have a solid background in security. Ali worked at Microsoft and PwC as a security researcher while Wei led secure product initiatives at CoreOS, AWS, Splunk and Bracket Computing. In 2018, StackRox appointed Kamal Shah, an industry veteran and investor, as President and CEO.

DevSecOps, the best in DevOps and security operations, becomes a top priority for business customers. StackRox, with its integration with existing DevOps and CI / CD tools, provides transparent DevSecOps for Kubernetes.

How is StackRox different?

Since its inception, StackRox has focused on securing the software supply chain. With the rise of containers and Kubernetes, the company has doubled its native Kubernetes security platform.

StackRox says its unique differentiator is tight integration with Kubernetes. While the competition focuses on traditional security approaches, StackRox covers the full spectrum of the Kubernetes platform by leveraging native Kubernetes primitives and workflows. It provides contextual insight by leveraging Common Vulnerabilities and Exposures (CVEs), severity scores, and Kubernetes components such as pods, deployments, and namespaces.

StackRox integrates tightly with image registries to discover vulnerabilities in container images on one side of the software supply chain. On the other end of the spectrum, it integrates with the Kubernetes control plane to take advantage of native capabilities such as admission controllers to block improperly configured images, containers, and deployments. StackRox works natively with Istio to provide real-time security analysis and traffic visualization.

What are the advantages of Red Hat?

Over the past decade, Red Hat has gradually focused on a modern infrastructure based on containers and Kubernetes. OpenShift, Red Hat’s flagship container platform, has gone from being a developer-oriented PaaS to a mature enterprise platform.

The acquisition of CoreOS in 2018 allowed Red Hat to integrate Quay, a proven container registry, into OpenShift. But it still lacked a native container security and analysis tool to analyze images stored in Quay. StackRox will be tightly integrated with Quay, bringing native image scanning to OpenShift.

Through the integration of StackRox with the OpenShift API and the web console, customers can automate the execution of CIS benchmarks.

StackRox will bring end-to-end security and visibility to OpenShift through native integration with CRI-O (container runtime), OpenShift SDN (CNI network), and Istio-based OpenShift Service Mesh.

The acquisition of StackRox is great news for Red Hat customers. It brings the most essential and critical capability to OpenShift – security.

StackRox fuels Red Hat’s multi-cloud ambitions

Red Hat knows it needs to tackle the cluster lifecycle and workload management of applications running on non-OpenShift environments like Amazon EKS, Microsoft AKS, GKE, and IBM Kubernetes Service.

After acquiring IBM, Red Hat transformed IBM Multicloud Manager into an open source project and renamed it Red Hat Advanced Cluster Management for Kubernetes (ACS). This product competes with other meta-control aircraft offerings such as Anthos, Azure Arc, Rancher, and Tanzu Mission Control.

StackRox is designed to work with managed Kubernetes offerings running in the cloud and distributions intended for on-premises. By integrating StackRox with ACS, Red Hat will become one of the first in the industry to bring security to the management of multi-cloud clusters. Any cluster registered with ACS would be able to take advantage of the security capabilities. This enhances the value proposition of Red Hat Advanced Cluster Management for Kubernetes.

Red Hat mentioned that StackRox will continue to support multiple Kubernetes platforms, including managed offerings based on the public cloud.

Red Hat commits to open sourcing StackRox

Pursuing its promise of open sourcing for all of its products, Red Hat has indicated that it is committed to opening the StackRox security platform. It will be a victory for customers and the OSS community.

KubeLinter is one of StackRox’s popular open source tools for analyzing Kubernetes YAML files and preparing Helm charts for production. Going forward, the KubeLinter project would be maintained by Red Hat.

The DevSecOps market is hot

Last year, VMware acquired Octarine and integrated it into Carbon Black, a security company it bought in 2019 for $ 2.1 billion. At KubeCon 2019, Palo Alto Networks announced the acquisition of Twistlock for $ 410 million.

While the price is not being disclosed, Red Hat’s acquisition of StackRox is expected to exceed $ 100 million.