VMware announced that its acquiring Octarine, a Kubernetes security startup offering continuous security and compliance for automated pipelines.
Intrinsic security
Reading the VMware blog post on the acquisition, Octarine is part of VMware’s intrinsic security strategy: protecting applications, regardless of where they’re running. Octarine, of course, delivers on this promise for containers in Kubernetes environments.
Security in Kubernetes environments, like security in any other type of environment, is hard. And because of the number of moving parts in Kubernetes, as well as the often shared custody of Kubernetes clusters between developers and operators, security management is a little more relevant in cloud-native environments.
Tanzu & Carbon Black
The obvious question is how Octarine will fit into the Tanzu brand, a VMware’s umbrella brand for Kubernetes and cloud-native offerings.
VMware’s intent is to roll Octarine’s technology into the Carbon Black Cloud, another security company it acquired recently and integrate Octarine with the Tanzu platform via ‘deep hooks’, according to Patrick Morley, general manager and senior vice president at VMware’s Security Business Unit (and ex-CEO of Carbon Black). Octarine did also publish a blog post on the matter, without saying much; indicating Octarine will not continue as a separate entity in the Security business unit.
DevSecOps
Octarine enables DevSecOps workflows, meaning they integrate into GitOps and automated (CI/CD) pipelines and try to catch security issues before they make their way into production.
Octarine GuardRails scans Kubernetes configuration and workload (pod) YAML files to evaluate risk and policy compliance of the platform and applications. Built on kube-scan and KCCSS, Guardrails helps developers and security professionals understand the risks and compliance violations in their applications and clusters.
KCCSS is the underlying vulnerability model based on the industry-standard Common Vulnerability Scoring System (CVSS); kube-scan takes these policies and actively scans clusters and application pods for vulnerabilities and assigning a vulnerability score. In addition to helping teams prioritize what to fix first, it also prevents non-compliant apps from being introduced to production.
Octarine Runtime takes a step further, giving runtime protection by analyzing traffic flows with an intrusion detection system, identifying threats, and enforcing security policies in production. It build traffic baselines to detect anomalies automatically, automating an otherwise incredibly and time-consuming process and increasing the effectiveness of traffic monitoring.
Topology visualizations help security professionals make sense of the emergent and ever-changing behaviors of microservice landscapes in productions.