VMware To Acquire Kubernetes Security Startup Octarine

‘We believe this is a big leap forward for VMware’s security offerings and the industry at large ... We are excited about the deep container and security expertise that the Octarine team will bring,’ says VMware security leader Patrick Morley.

VMware plans to buy early-stage Kubernetes security vendor Octarine to simplify DevSecOps and enable cloud native environments to be intrinsically secure from development through runtime.

The Palo Alto, Calif.-based enterprise software vendor said its proposed purchase of Sunnyvale, Calif.-based Octarine will provide full visibility into cloud-native environments so customers can better identify and reduce the risks posed by vulnerabilities and attacks. Octarine will be embedded into the VMware Carbon Black Cloud to better secure containerized applications running in Kubernetes, VMware said.

“Acquiring Octarine will enable us to further expand VMware’s intrinsic security strategy to containers and Kubernetes environments,” Patrick Morley, general manager and senior vice president of VMware’s security business unit, said in a statement. “This … will create what we believe is a unique and compelling solution for intrinsically securing workloads.”

[Related: HPE Plunges Into Red Hot Kubernetes Market]

Terms of the acquisitions were not disclosed. Octarine was founded in 2017, employs 30 people, and has raised one round of outside funding, according to LinkedIn and Crunchbase.

“VMware’s commitment to cloud native computing and intrinsic security, which have been demonstrated by its product announcements and by recent acquisitions, makes it an ideal home for Octarine,” Octarine CEO Shemer Schwarz wrote in a blog post. “We are very excited to have the opportunity to be a part of VMware’s ‘best in class’ technology portfolio.”

The unique speed, agility and scale of the cloud has prompted developers to increasingly use Kubernetes and containers to modernize applications, which VMware said has in turn changed the nature of workloads that need to be secured. Attackers are looking to take advantage of new risk areas, and are not far behind, according to VMware.

Octarine allows customers to create and enforce content-based policies to protect the privacy and integrity of sensitive and regulated information, allowing organizations to move beyond static analysis and maintain compliance, VMware said. The Octarine technology integrates into the developer lifecycle to analyze and control application risks before they are deployed into production, according to VMware.

The technology can be run alongside frameworks such as Tanzu Service Mesh to provide native anomaly detection and threat monitoring for cloud and container-based workloads, according to VMware. Octarine also provides runtime monitoring and control of Kubernetes workloads across hybrid environments for threat detection and response, VMware said.

By enabling security capabilities as part of the existing IT and DevOps ecosystems, VMware said Octarine should further reduce the need for additional sensors in the stack. And Morley said merging VMware’s AppDefense capabilities into the platform will fundamentally transform how workloads are secured.

“We believe this is a big leap forward for VMware’s security offerings and the industry at large,” Morley wrote in a blog post. “Our focus has always been on shifting the balance of power from attackers to defenders, and we are excited about the deep container and security expertise that the Octarine team will bring to VMware.”

The Octarine acquisition comes just two months after Hewlett Packard Enterprise released Container Platform 5.0, a Kubernetes service that HPE said solves noisy neighbor and security concerns that typically force enterprises to pay for virtualization overhead. Octarine competes with the likes of StackRox, whose Kubernetes Security Platform can identify and visualize all of a firm's container assets.

Container security startups have been a popular acquisition target in recent years, with Palo Alto Networks buying Twistlock for $410 million in May 2019 to help secure modern applications throughout their entire lifecycle. Seven months before that, Qualys bought Layered Insight to better lock-down workloads running inside containerized and serverless environments.