Kubernetes / Security

VMware to Acquire Octarine to Boost Kubernetes Runtime Security

13 May 2020 2:02pm, by

VMware plans to acquire DevSecOps security provider Octarine, the two companies announced Wednesday, during VMware’s virtual partner conference, Connect 2020.

VMware plans to fold Octarine’s Kubernetes security platform into its own VMware Carbon Black Cloud cloud native endpoint protection platform. The capabilities would provide VMware customers with the ability to establish content-based policies to protect sensitive information and monitor Kubernetes workloads, to integrate security checks into the development lifecycle, and to provide native anomaly detection and threat monitoring.

The company will also integrate Octarine capabilities into the VMware Tanzu developer tools portfolio, notably the Service Mesh software and Open Policy Agent. The company plans to potentially reduce the total number of additional sensors customers must apply to their endpoints, workloads, networks, user access points, and applications.

“DevSecOps is now becoming a mantra in many organizations — and for a good reason. These paradigm shifts fueled our imagination and innovation — lighting our path and defining our roadmap,” wrote Octarine CEO Shemer Schwarz, in a blog post announcing the pending acquisition. “VMware’s commitment to cloud native computing and intrinsic security, which have been demonstrated by its product announcements and by recent acquisitions, makes it an ideal home for Octarine.”

Octarine offers a number of Kubernetes-specific security technologies. For instance, Octarine Guardrails provides an admission controller that runs in the cluster and enforces policies. This software could ensure, for instance, that a container with no authentication meant for testing doesn’t actually get pushed into production.

In January, the company released as open source the Kubernetes Common Configuration Scoring System (KCCSS) a framework for rating security risks associated with not configuring Kubernetes correctly. It is used by Octarine’s associated kube-scan a runtime tool that scans Kubernetes configurations and settings, identifying and ranking potential vulnerabilities in running deployments.

Clearly cloud native security is important for VMware. Last August, the company purchased cloud native security company, Carbon Black, for $2.1 billion.

VMware is a sponsor of The New Stack.

Feature image via Pixabay.