Welcome to the security buyers club: Red Hat voices plan to acquire StackRox

Red Hat StackRox acquisition

After Palo Alto Networks, Veeam, Cisco and VMware secured themselves some cloud-native peace of mind, Red Hat has said it plans to buy into Kubernetes-centric security as well and unveiled its intent to acquire StackRox. The move reflects customers’ growing interest in security offerings as adoption of container technology becomes more and more common and businesses start getting their setups production ready.

Red Hat, which itself became part of IBM in 2019, is apparently looking to integrate StackRox’s security features into its container platform OpenShift. Those include vulnerability management with image scanning and policy enforcement capabilities, threat detection, configuration management, risk profiling, network segmentation, and compliance assesment.

“With StackRox, Red Hat will focus on transforming how cloud-native workloads are secured by expanding and refining Kubernetes’ native controls, as well as shifting security left into the container build and CI/CD phase,” wrote the company in a statement covering the news. A specific timeline for next steps will be outlined “once the transaction closes”.

While StackRox mirrors excitement about bringing its security platform to OpenShift, company CEO Kamal Shah took to the blog to reassure customers that they will “remain our top priority”. Additional resources acquired through the takeover are meant to accelerate StackRox product development process, so that features already planned in collaboration with customers should land faster.

If the new home might mean customers will need to shift to the Red Hat platform in the long-run isn’t clear yet. Red Hat however writes that StackRox will continue to support platforms such as EKS, AKS, and GKE.

StackRox has been around since November 2014, shifting its focus from container runtime security to Kubernetes security in the meantime. The company counts Unity and Reddit to it’s customer base, but isn’t especially known as an open source purveyor. StackRox’s products are mostly commercial and it’s first open source project, static analysis tool KubeLinter, was only launched in October 2020. 

This is meant to change post-acquisition, as Red Hat plans to open source StackRox technology, which will automatically increase the company’s open source involvement.

Financial details of the deal haven’t been disclosed yet.