RALEIGH – Red Hat is acquiring a California company demonstrating growing impact across the spectrum of cloud computing services: Security. And in these days of the massive SolarWinds hack, security is more important than ever.

The acquisition is StackRox, a 6-year-old startup which has a list of Fortune 500 clients as well as government clients. Financial terms of the deal announced Thursday after the markets closed were not disclosed. It’s the first acquisition made by the Hatters since being acquired by IBM in 2019.

Red Hat says it will incorporate StackRox products into its own cloud offerings – especially for hybrid cloud clients who want to mix their own private networks with public offerings such as Amazon Web Services, IBM, Microsoft and Google. Red Hat’s cloud offerings were crucial in IBM’s $32 billion purchase of Red Hat, both companies seeing the cloud as a trillion-dollar opportunity.

But even as the cloud market grows, concerns remain about security. How important the role of security is in this deal is reflected in an FAQ published by Red Hat about the deal.

IBM image

IBM Red Hat

First, a bit of background:

  • A key is Kubernetes, an open-source container-orchestration system for automating computer application deployment, scaling, and management originally designed by Google but maintained by the Cloud Native Computing Foundation.
  • Another is containers – defined by Amazon this way: “Containers let you standardize how code is deployed, making it easy to build workflows for applications that run between on-premises and cloud environments.”
  • “Cloud native” refers to “an approach in software development that utilizes cloud computing to “build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds.”

“Securing Kubernetes workloads and infrastructure cannot be done in a piecemeal manner; security must be an integrated part of every deployment, not an afterthough,” said Paul Cormier, CEO of Red Hat, about the deal. Red Hat adds StackRox’s Kubernetes-native capabilities to OpenShift’s layered security approach, furthering our mission to bring product-ready open innovation to every organization across the open hybrid cloud across IT footprints.”

Red Hat even included a quote from research firm Gartner referencing security concerns:

“Container usage for production deployments in enterprises is still constrained by concerns regarding security, monitoring, data management and networking.”

In explaining the deal, Red Hat emphasized multiple times “security:”

“With this acquisition, Red Hat will further expand its security leadership, adding StackRox’s complementary capabilities to strengthen integrated security across its open hybrid cloud portfolio with greater simplicity and consistency. With StackRox, Red Hat will focus on transforming how cloud-native workloads are secured by expanding and refining Kubernetes’ native controls, as well as shifting security left into the container build and CI/CD phase [A CI/CD pipeline introduces monitoring and automation to improve the process of application development, particularly at the integration and testing phases, Red Hat says] to provide a cohesive solution for enhanced security up and down the entire IT stack and throughout the lifecycle.”

The FAQ:

What can customers do with StackRox’s technology?

Customers can use StackRox to enhance their container and Kubernetes security posture across clusters with:

  • Comprehensive visibility, including views of:
    • deployments, including images, pods, and configurations;
    • network traffic, spanning namespaces, deployments, and pods;
    • critical system-level events in each container; and
    • asset and inventory information and tracking.
  • Vulnerability management, including:
    • scanning images for known vulnerabilities based on specific languages and packages and by image layer with vulnerabilities correlated to running deployments, not just images.
    • enforcing policy enforcement based on vulnerability details – at build time using CI/CD integrations, at deploy time using dynamic admission controls, and at runtime using native Kubernetes controls.
  • Configuration management by:
    • delivering pre-built DevOps and security policies to identify configuration violations related to network exposures, privileged containers, processes running as root, and compliance with industry standards;
    • analyzing Kubernetes role-based access control (RBAC) settings to determine user or service account privileges and misconfigurations;
    • tracking secrets and the deployments that use them to limit access;
    • analyzing Kubernetes YAML files and Helm charts with KubeLinter, the open source linter, for privileges, labes, root user, resource requirements; and
    • enforcing configuration policies at build time with CI/CD integration and at deploy time using dynamic admission control.
  • Compliance, enabling users to:
    • assess compliance across hundreds of controls for CIS Benchmarks, PCI, HIPAA, and NIST SP 800-190;
    • deliver at-a-glance dashboards of overall compliance across each standard’s controls with evidence export to meet auditors’ needs; and
    • drill down into compliance details to pinpoint clusters, nodes, or namespaces that don’t comply with specific standards and controls.
  • Network segmentation, by:
    • visualizing allowed vs. active traffic between namespaces, deployments, and pods, including showing external exposures;
    • simulating network policy changes before they’re implemented to minimize operational risk to the environment;
    • baselining network activity and recommend new Kubernetes network policies to remove unnecessary network connections; and
    • using network enforcement capabilities built into Kubernetes to enable consistent, portable, and scalable segmentation.
  • Threat detection, by:
    • monitoring system-level events within containers to detect anomalous activity indicative of a threat with automated response using Kubernetes-native controls;
    • baselining process activity in containers to automatically whitelist processes, eliminating the need to manually whitelist;
    • using pre-built policies to detect crypto mining, privilege escalation and various exploits; and
    • enabling flexible system-level data collection using either eBPF or a kernel module across every major Linux distribution;
  • Incidence response, by applying anomaly detection to pinpoint suspicious runtime behavior and supporting a range of responses with the ability to alert on such activity or kill the impacted pods or containers. When a pod has been impacted, before any actions are taken, forensics data is collected and sent to security information and event management (SIEM).
  • Risk profiling, by:
    • ranking running deployments according to their security risk, leveraging Kubernetes data to prioritize vulnerabilities using configuration or deployment details as well as runtime activity.
    • tracking improvements in the security posture of Kubernetes deployments to validate the impact of actions.
  • Integration with DevOps systems by providing a rich API and pre-built plugins to integrate with CI/CD tools, image scanners, registries, container runtimes, SIEMs, and notification tools.

The acquisition is expected to close in the first quarter.