Red Hat Acquisition of StackRox Highlights Importance of DevSecOps
Last week, Red Hat announced the acquisition of StackRox, a California-based Kubernetes security company founded in 2014.
This is one of the most strategic acquisitions for Red Hat, which focuses directly on increasing the market share of enterprise infrastructure. StackRox complements Red Hat’s current portfolio by bringing critical security capabilities missing from its infrastructure and platform offerings.
The founders of StackRox, Ali Goshan and Wei Lien Dang, have a solid background in security. Ali worked at Microsoft and PwC as a security researcher while Wei led secure product initiatives at CoreOS, AWS, Splunk and Bracket Computing. In 2018, StackRox appointed Kamal Shah, an industry veteran and investor, as President and CEO.
DevSecOps, the best in DevOps and security operations, becomes a top priority for business customers. StackRox, with its integration with existing DevOps and CI / CD tools, provides transparent DevSecOps for Kubernetes.
How is StackRox different?
Since its inception, StackRox has focused on securing the software supply chain. With the rise of containers and Kubernetes, the company doubled the rollout of Kubernetes’ native security platform.
StackRox says its unique differentiator is tight integration with Kubernetes. While the competition focuses on traditional security approaches, StackRox covers the full spectrum of the Kubernetes platform by leveraging native Kubernetes primitives and workflows. It provides contextual insight by leveraging Common Vulnerabilities and Exposures (CVEs), severity scores, and Kubernetes components such as pods, deployments, and namespaces.
StackRox integrates tightly with image registries to uncover vulnerabilities in container images on one side of the software supply chain. On the other end of the spectrum, it integrates with the Kubernetes control plane to take advantage of native capabilities like admission controllers to block improperly configured images, containers, and deployments. StackRox works natively with Istio to provide real-time security analysis and traffic visualization.
What’s in Red Hat?
Over the past decade, Red Hat has gradually focused on a modern infrastructure based on containers and Kubernetes. OpenShift, Red Hat’s flagship container platform, has grown from a developer-oriented PaaS to a mature enterprise platform.
The acquisition of CoreOS in 2018 allowed Red Hat to integrate Quay, a proven container registry, into OpenShift. But it still lacked a native container security and analysis tool to analyze the images stored in Quay. StackRox will be tightly integrated with Quay, bringing native image scanning to OpenShift.
With the integration of StackRox with the OpenShift API and web console, customers can automate the execution of CIS performance tests.
StackRox will bring end-to-end security and visibility to OpenShift through native integration with CRI-O (container execution), OpenShift SDN (CNI network), and Istio-based OpenShift Service Mesh.
The acquisition of StackRox is great news for Red Hat customers. It brings the most essential and critical capability to OpenShift – security.
StackRox fuels Red Hat’s multi-cloud ambitions
Red Hat knows it needs to tackle the cluster lifecycle and workload management of applications running on non-OpenShift environments such as Amazon EKS, Microsoft AKS, GKE, and IBM Kubernetes Service.
After acquiring IBM, Red Hat transformed IBM Multicloud Manager into an open source project and renamed it Red Hat Advanced Cluster Management for Kubernetes (ACS). This product competes with other meta-control aircraft offerings such as Anthos, Azure Arc, Rancher, and Tanzu Mission Control.
StackRox is designed to work with both managed Kubernetes offerings running in the cloud and with on-premises distributions. By integrating StackRox with ACS, Red Hat will become one of the first in the industry to secure the management of multi-cloud clusters. Any cluster registered with ACS would be able to take advantage of the security capabilities. This enhances the value proposition of Red Hat Advanced Cluster Management for Kubernetes.
Red Hat mentioned that StackRox will continue to support multiple Kubernetes platforms, including managed offerings based on the public cloud.
Red Hat commits to open StackRox sourcing
Continuing on its promise to open all of its products to open source, Red Hat mentioned that it is committed to opening up the StackRox security platform. It will be a victory for customers and the OSS community.
KubeLinter is one of the popular open source tools from StackRox for analyzing Kubernetes YAML files and preparing for production of Helm charts. Going forward, the KubeLinter project would be maintained by Red Hat.
The DevSecOps market is hot
Last year, VMware acquired Octarine and integrated it into Carbon Black, a security company it bought in 2019 for $ 2.1 billion. At KubeCon 2019, Palo Alto Networks announced the acquisition of Twistlock for $ 410 million.
While the price is not being disclosed, Red Hat’s acquisition of StackRox is expected to exceed $ 100 million.