VMware announces its intent to buy Kubernetes Security startup Octarine

VMware has been shopping again, this time they’ve put a deposit on a DevSecOps startup called Octarine to fill a monitoring gap in their Kubenetes platform.

VMware has been out shopping in the Silicon Valley Mall again.  They have given notice of their intent to purchase Octarine a small Venture-backed startup based out of Sunnyvale and Tel Aviv.

Octarine

So what to do know about Octarine?

Well to be fair, prior to the announcement the only thing I knew about Octarine was that is it part of Terry Pratchett’s  Discworld lore and is the Color of Magic and the founders may have been fans.

octarine

OK, let’s be serious.  Octarine is actually a small start-up with offices in Sunnyvale and Tel Aviv, that has during its time as an independent raised at least $9m from various Venture funds and other investors who backed their vision of DevSecOps and to provide a continuous security and compliance lifecycle for the protections of Kubernetes deployments from nasty black hat hackers and other nefarious folks of the criminal fraternity.

How do Optarine approach this?

Octarine Secret Sauce

Anyone who has attempted to deploy Kubernetes or even just containers in general know and understand that traditional monitoring and security products do not provide adequate protection for the types of applications deployed on the underlying container hosts, this is not a limitation of Containers or Kubernetes, but the fact that monitoring and compliance tools were not set up to deal with the complexities of containers. Therefore a new approach was needed,  this is not just a benefit of Octarine, other vendors like Amazic’s Sysdig have answered these questions too, and the answer is to bake in security and compliance from the initial build, all the way through to the final deployed runtime, and then to continually improve on the baselines.

Why is VMware interested in Octarine?

But the real question is, why are VMware interested in this particular startup?  This question is in actuality quite a simple one to answer.  The purchase of Octarine allowed VMware to very succinctly fill a glaring gap in their current security product portfolio,  Carbon Black and AppDefence protect VMs and Native containers but their Kubernetes coverage is woefully lacking and this is a massive gap. Actually, it was a glaring 6 lane freeway of a gap for potential vulnerabilities!

Freeway sized gaps

Especially considering their hype and bluster about Kubernetes at their vSphere 7 and Tanzu product launches coupled with their statement about Containers being first-class citizens on their platforms and Kubernetes being the deployment methodology of choice.

The financial figure for the purchase has not been released but in the grand scheme of how these things are counted, I cannot believe the purchase price was significant, not small by any means but not eye-watering painful to the pocket.

As already stated this acquisition neatly fills a gap in their growing security portfolio, and as such VMware intends for this to be combined with their Carbon Black Endpoint protection which they recently acquired for $1.2B and their more generic AppDefense products that protect Virtual machines and containers.  VMware also intends to bring the functionality of the Octarine platform to Tanzu Service Mesh to provide real-time alerts via their network-based IDS to prevent any attempts at breaching microservices.

Octarine’s ability to report on unencrypted connections, internal lateral movements, and many other types of malicious threats will enable Tanzu users to create finely grained and dynamic policies to automatically protect environments by restricting or isolating compromised micro-services thereby alleviating the risk of a cascading failure of your working clusters.

Obvious the ability of Octarine to protect both containers and Virtual machines is another feather in their cap as far as VMware is concerned.  This all ties into Pat Gelsinger’s (CEO VMware) vision which he elucidated on in March at the release of vSphere7 when he stated that [VMware] is “out to change the security Industry, [as] it’s broken and fragmented with too many vendors. We’re going to make it possible for applications to be born secure, live secure, and die secure”.

Summary

Summary

VMware has been very acquisitive in the last year or so. However, unlike the Maritz Period,  Gelsinger has been very focused on redefining VMware as a company.  Moving into new market sectors, taking the Nicira acquisition that could have been a big mistake, as it damaged what was at the time a very good relationship with Cisco, and turning the fledgling Network Services Business Unit into a $2B a year revenue generator from a standing start by FY 2019. To redefining their Cloud business Unit by off-loading vCloud Air to OVH, sell off other none core products, Zimbra anyone? and redefining the redefinition of the Cloud Business unit when he brought back Pivoal in-house.

But the Security division is his baby.  VMware has never been seen as poor on security like Microsoft, but they traditionally relied on Third-Party products to protect their environments and any security products they had brought, we badly integrated into VMware, remember vShield. Over the last 5 years or so they have been quietly building up quite a decent portfolio of products, they now cover a large proportion of infrastructure with services that can easily slot in and are integrated into a common framework.  Octarine is just the latest in a long line of security product acquisitions that is helping to secure VMware’s position as a vendor that cares about physical security.  Pat Gelsinger joined a company that many were writing off as past its best, and in its twilight years, however, during his time at the helm, it can be argued that VMware has never been more relevant.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.