Following their January 2021 acquisition of StackRox, the GovDevSecOpsHub sat down with Red Hat’s Chief Architect and Security Strategist for Public Sector, Michael Epley, for an in-depth, three-part interview series about the security challenges that today’s more complicated applications create for government agencies and the importance of container security.
In the first part of the three-part series, we discuss the role of Kubernetes in modern application development and the unique security requirements of containers. In the second part of our discussion, we covered the increasingly sophisticated cyber threat landscape facing agencies and the impact of containers on security and compliance.
In this – the third and final article highlighting our conversation, we asked Michael about the acquisition, itself, and why Red Hat and StackRox users should be excited about the news.
Here is what Michael had to say:
GovDevSecOpsHub (GDSOH): StackRox was recently acquired by Red Hat. Why was StackRox – as a platform and as a company – a good acquisition target for Red Hat?
Michael Epley: At Red Hat, StackRox fills in the platform security picture for DevOps. And, to emphasize this, Red Hat is launching Red Hat Advanced Cluster Security for Kubernetes (RH ACS), based on StackRox’s technology. Red Hat has long promoted the ideas of layered security and defense in depth. To this end, the company has already been hard at work building robust Kubernetes -native security through advanced capabilities in its Openshift Container Platform (OCP).
These efforts led to the creation of the Kubernetes operator framework and powerful operator-based tools for security and compliance: the Cluster Version Operator (CVO) to automate patching and updating of OCP, the Quay Container Security Operator to perform scanning of images, and the Compliance Operator to assess and remediate OCP against compliance baseline. These more recent additions added to the already powerful abstractions and API objects for implementing DevOps and building trusted software supply chains for cloud-native applications. StackRox brings new, robust defensive layers to a holistic application security model.
“Most of Red Hat’s enterprise customers are in the early stages of technology modernization and cloud adoption. Approaches and tools that can ease the burdens of adopting new cloud-native application technologies are a critical aspect of making these efforts successful.” – Michael Epley
Red Hat has grown some of these capabilities organically as one of the largest contributors to the open source communities and projects that make up a full stack, Kubernetes platform. But acquiring some of the best technologies available is also an important part of Red Hat’s strategy; Red Hat CoreOS, derived from the 2018 acquisition of CoreOS, is a perfect example. This event helped Red Hat create and deliver a Kubernetes and container native operating system to help our users adopt container-native security best practices, enable zero-trust architectures, and simplify secure API-based management of infrastructure.
Acquisitions like StackRox enable customers to take advantage of some of the newest, best technologies with the assurances that Red Hat as the leader in enterprise open source can offer.
GDSOH: How do the StackRox applications fit into the Red Hat product portfolio, and what does the acquisition add to Red Hat’s capabilities?
Michael Epley: StackRox was the first Kubernetes native security platform and reinforces Red Hat’s commitment to security for our cloud portfolio and delivering business value to our customers. Because it was a Kubernetes native solution, there was already a lot of overlap between StackRox’s and Red Hat’s Openshift users — nearly 50 percent of StackRox’s users have Openshift already. This overlap demonstrates the compatibility of the platforms and real, measurable value-added security provided by StackRox.
Existing StackRox users will be able to continue to use the platform with other Kubernetes distributions, or quickly jump to OCP to use its DevOps capabilities. They will help continue to help shape the future of StackRox via Red Hat’s open source development model. Similarly, Red Hat’s existing OCP users will immediately be able to add StackRox to their systems to enhance security and remove bottlenecks from DevSecOps.
“StackRox brings new and significant capabilities to Red Hat’s portfolio…tools to help users better secure their workloads. Perhaps the most important capability of StackRox adds here is the monitoring of running application containers and collection of activity data.” – Michael Epley
StackRox will also join other compliance and governance tools already in the Red Hat portfolio, including Red Hat Insights and Red Hat Advanced Cluster Manager. Combined this will provide better coordination and consistency across the user’s entire enterprise.
In the government sphere, especially, StackRox has a long history focused on compliance-oriented capabilities, making it an especially compelling platform to enhance Red Hat’s capabilities in this area. Support for NIST SP 800-53 security controls, where Red Hat has made a significant investment in automating compliance frameworks through efforts like ComplianceAsCode, is a great example of this.
StackRox further extends this with support for newer and container-specific security controls from NIST SP 800-190. This is especially important since these compliance frameworks and guidance are new and unfamiliar to many security and compliance assessment professionals familiar with working in more traditional bare metal or virtualized environments and host-oriented operation systems and application deployments.
GDSOH: Why should Red Hat customers be excited about the addition of StackRox?
Michael Epley: For a long time Red Hat has been shipping products and technologies that are “secure by default” and equipping customers with tools and knowledge to tune their systems as needed. But many other facets of securing your enterprise were left to the customer — tailoring to agency-specific requirements, watching for threats, monitoring deployments, incident responses, just to name a few.
StackRox grows the portfolio of tools available to our customers in these important areas and in a way complementary to Red Hat’s existing portfolio. StackRox brings new and significant capabilities to Red Hat’s portfolio aimed at runtime security with tools to help users better secure their workloads. Perhaps the most important capability of StackRox adds here is the monitoring of running application containers and collection of activity data.
“Existing StackRox users will be able to continue to use the platform with other Kubernetes distributions, or quickly jump to OCP to use its DevOps capabilities. Similarly, Red Hat’s existing OCP users will immediately be able to add StackRox to their systems to enhance security and remove bottlenecks from DevSecOps.” – Michael Epley
Runtime data from the processes is captured via standard Kubernetes event and logging information, integration to external SIEM tools, or through eBPF or kernel modules. This data is compared to contextual from Kubernetes such as information across a deployment about what process will execute; whether any resource limits exist to prevent containers from impacting their neighbors; the privileges and capabilities granted to individual containers; whether the container’s root file system will be writable; and what block devices, configurations, or secrets are present; and metadata such as labels and annotations that describe the metadata.
This allows StackRox to develop normal behavior models for applications and detect anomalous activity that may indicate compromise. Specific models come out of the box to detect certain indicators of compromise such as crypto-mining. The behavioral analysis can drive StackRox’s automation for blacklisting and whitelisting workloads, reducing the annoyance and destruction of false positive alerts and allowing incident response to narrow to the most likely issues.
Most of Red Hat’s enterprise customers are in the early stages of technology modernization and cloud adoption. Approaches and tools that can ease the burdens of adopting new cloud-native application technologies are a critical aspect of making these efforts successful. They also are typically embarking on digital transformation initiatives, but that requires them to continue to maintain and operate hybrid and legacy applications. The entirety of the Red Hat ecosystem helps our customers and users do this, even as they leverage StackRox to dive into the future of cloud-native application development.