Red Hat announces purchase of StackRox, a leader in native Kubernetes security.

Red Hat, Inc., the world's leading provider of open source solutions, announced its intention to acquire StackRox, a leader and innovator in native container security and Kubernetes.

By incorporating StackRox's powerful native Kubernetes security capabilities into Red Hat OpenShift, Red Hat will further its vision of deliver a single, comprehensive platform that allows users to securely build, deploy, and run almost any application across the hybrid cloud.

Kubernetes (the container orchestration solution that was born under the umbrella of Google and is currently powered by the Cloud Native Computing Foundation, a project of The Linux Foundation) isone of the fastest growing open source projects. one of the fastest growing open source projects, is the foundation for cloud-native applications, which are critical to the digital transformation taking place across industries. As the adoption of containers and Kubernetes in production environments grows, challenges remain. According to Gartner, "the use of containers for production deployments in enterprises is still limited by concerns related to security, monitoring, data management and networking."

To help mitigate these concerns, organizations need solutions that establish a secure foundation for modern workloads. 

Container security is Linux security. Red Hat has long been a leader in security for open source enterprise solutions, starting with Red Hat Enterprise Linux and continually evolving to set new standards for securing cloud-native environments. Building on this foundation, Red Hat® OpenShift® takes a layered approach to securing containers, integrating security throughout the container lifecycle, from building to deploying to running containers in mission-critical environments .

With this acquisition, Red Hat will further extend its security leadership by adding the complementary capabilities of StackRox to strengthen integrated security across its open hybrid cloud portfolio with greater simplicity and consistency. With StackRox, Red Hat will focus on transforming the way cloud-native workloads are secured by extending and refining native Kubernetes controls, as well as moving security into the container and CI/CD build phase, to provide a cohesive solution to improve security across the IT stack and throughout the lifecycle.

StackRox software provides visibility across all Kubernetes clusters, directly deploying components for application and data collection deep into the Kubernetes cluster infrastructure, reducing the time and effort required to implement security, and streamlining security analysis, investigation, and remediation. The StackRox policy engine includes hundreds of built-in controls to enforce security best practices, industry standards such as CIS Benchmarks and NIST, and configuration management for both containers and Kubernetes, and runtime security. 

In addition to Red Hat OpenShift, StackRox will continue to support multiple Kubernetes platforms, including Amazon Elastic Kubernetes Service (EKS), Microsoft Azure Kubernetes Service (AKS) and Google Kubernetes Engine (GKE).

StackRox also helps simplify DevSecOps and enable cloud-native environments to be more intrinsically secure by integrating directly into customers' existing CI/CD, image scanning, and logging tools and application pipelines. In October 2020, StackRox launched KubeLinter, an open source project that parses Kubernetes YAML files and Helm graphs for correct configurations, with an approach that enables production readiness and security earlier in the development process. 

In keeping with Red Hat's open source heritage, Red Hat plans to open source StackRox technology after the acquisition. Red Hat will continue to support the KubeLinter community, as well as new communities, as Red Hat works to open source the StackRox offering.

The transaction is expected to close in the first quarter of 2021, subject to customary closing conditions.

"Securing Kubernetes workloads and infrastructure can't be done piecemeal; security must be an integrated part of every deployment, not an afterthought. Red Hat adds StackRox's native Kubernetes capabilities to OpenShift's layered security approach, furthering our mission to bring open, product-ready innovation to every organization through open hybrid cloud across all IT footprints."

PAUL CORMIER CHAIRMAN AND CHIEF EXECUTIVE OFFICER, RED HAT

Containers are and will be an essential part of the service infrastructure of many companies, reinforcing their security is an important point to develop.