Security partners
Modernize your life cycle and reduce risk with DevSecOps
A comprehensive DevSecOps solution
The rapid pace of digital transformation has led to hastily glued-together DevSecOps tools and processes instead of a single, cohesive, and efficient system.
Red Hat works closely with our security ecosystem partners to weave together the technologies you need to build a comprehensive DevSecOps solution. A properly woven-together system will improve efficiency and performance of your application and container life cycle, while reducing risk and helping you make the most of your Red Hat® investments.
Solution overview
Address security challenges across the entire application life cycle
Red Hat platforms create a foundation for DevSecOps, while our partners integrate and automate security tools and methods into the entire application life cycle. Red Hat is uniquely positioned to bring you a comprehensive DevSecOps solution because of our open source mission, expertise in an open hybrid cloud, and extensive partner ecosystem. Red Hat OpenShift® and Red Hat Ansible® Automation Platform, together with partner technologies, help you address security challenges across your container application life cycle, including development, deployment, and runtime.
Red Hat’s view is that securing a container life cycle with DevSecOps methods requires change across three areas: culture, process, and technology.
- Culture means fostering a culture of collaboration between developers, operations, and security teams, along with helping all of them understand why and how security should be involved in the entire DevOps life cycle.
- Process refers to applying workflow standardization, documentation, and automation in agreed-upon processes to improve efficiency and security throughout the life cycle.
- Technology requires integrating the platforms, tools, and processes you're using for application development, deployment, and operations into a single cohesive system called DevSecOps.
Weaving these together to complement and support each other is critical. Security should be woven throughout, and made as transparent and automatic as possible.
Transform your business with DevSecOps
Security use cases
The Red Hat security framework and ecosystem
Red Hat works closely with our strategic partners to certify integrations with Red Hat OpenShift and Red Hat Ansible Automation Platform. This gives us a holistic view of the DevSecOps life cycle and helps us create a taxonomy of security capabilities so you can more easily consume DevSecOps solutions.
The Red Hat DevSecOps framework identifies nine security categories and 34 technologies that address the entire application life cycle. The framework places Red Hat built-in capabilities, DevOps toolchains, and security partner solutions at key integration points in the pipeline. You can implement some or all the methods and technologies within a category depending on the scope of your DevOps environment and your specific requirements.
Security use cases
Red Hat and our partners work together, giving you access to the expertise you need to weave security and automation throughout the entire application life cycle. Working together, we can help you craft a complete solution that makes security mostly automatic and nearly transparent to development and operations staff. Areas of expertise include:
Platform security
Address container security risks
Most Red Hat security features are enabled by default to help simplify deployment and minimize risk. These features help you protect containers at their boundaries and protect the host from container escapes. Platform security methods include:
- Host
- Container platform
- Namespace
- Isolation
- Kubernetes and container hardening
Vulnerability and configuration management
Find and fix security vulnerabilities
Improve, identify, classify, and resolve application, configuration, and container image security defects. These methods help incorporate security into the DevSecOps life cycle early, which saves time and money. Vulnerability and configuration management methods include:
- Static application security testing (SAST)
- Static code analysis (SCA)
- Interactive application security testing (IAST)
- Dynamic application security testing (DAST)
- Configuration management
- Image risk
Identity and access management
Control system access
Identity and access management (IAM) methods control access to on-premises and cloud assets, applications, and data based on user or application identity and administratively defined policies. IAM methods are found in every stage of the DevSecOps life cycle and can help protect against unauthorized system access and lateral movement. IAM methods include:
- Authentication
- Authorization
- Secrets vault
- Hardware security modules (HSM)
- Provenance
Compliance and governance
Maintain continuous compliance
Compliance methods and technologies help you adhere to industry and government regulations and corporate policies. These capabilities support automated compliance validation and reporting throughout the DevSecOps pipeline, helping you simplify audits and avoid costly regulatory fines and lawsuits. Compliance methods include:
- Regulatory compliance auditing
- Compliance controls and remediation
Network controls
Fortify communication flows
Network controls and segmentation methods allow you to control, segregate, and visualize Kubernetes traffic. These methods help you isolate tenants and secure communications flows between containerized applications and microservices. Network controls and segmentation methods include:
- Container network interface (CNI) plug-ins
- Network policies
- Traffic control
- Service mesh
- Visualization
- Package analysis
- Application programming interface (API) management
Runtime analysis and protection
Address malicious activity in real time
Production runtime methods help maintain cluster hygiene by identifying and mitigating suspicious and malicious activity in real time. Runtime analysis and protection methods include:
- Admission controller
- Application behavior analysis
- Threat defense
Data controls
Protect data integrity and confidentiality
Data control methods and technologies help protect data integrity and prevent unauthorized data disclosure. These tools protect data at rest and data in motion, helping you safeguard intellectual property and confidential customer information. Data controls include:
- Data protection and encryption
Logging and monitoring
Improve visibility and response
Logging and monitoring methods provide information about security incidents in your production environment. These methods describe when the event occurred and provide probable cause and impact information, helping you improve visibility and accelerate incident response. Logging and monitoring methods include:
- Cluster monitoring
- Security information and event management (SIEM)
- Forensics
Remediation
Automate security response
Remediation methods automatically take corrective actions when security incidents occur in production. They help you improve uptime and avoid data loss. Remediation methods include:
- Security orchestration, automation, and response (SOAR) platforms
- Automatic resolution
Security partners
Reduce risk while improving efficiency and performance
Use the tabs below to explore Red Hat DevSecOps ISV partners, or visit the ISV partner page to find certified and supported partner solutions across a range of use cases.
Vulnerability
Red Hat and Palo Alto Networks help you protect your environment with cloud-native security and compliance throughout the entire development life cycle. Prisma Cloud by Palo Alto Networks works with Red Hat OpenShift to deliver comprehensive cloud security posture management (CSPM) and cloud workload protection (CWP) for your deployments.
Red Hat and Aqua Security help you manage and scale your cloud-native workloads while reducing risk across on-site, hybrid, and cloud infrastructure. The Aqua Cloud Native Security Platform integrates with Red Hat OpenShift to provide risk-based vulnerability management, detailed runtime protection, and comprehensive infrastructure assurance and compliance.
Red Hat and Sysdig help enterprises rapidly adopt cloud-native approaches. Sysdig Secure DevOps Platform, Sysdig Secure, and Sysdig Monitor work with Red Hat OpenShift and Red Hat Advanced Cluster Management for Kubernetes to deliver unified security, compliance, and monitoring for private, hybrid, and multicloud environments.
Empower developers to easily find and fix vulnerabilities in containers and Kubernetes applications, including Red Hat OpenShift. Snyk Open Source automatically finds, prioritizes, and fixes vulnerabilities in open source dependencies. Snyk Code is a Static Application Security Testing (SAST) tool re-imagined for the developer.
CrowdStrike's Falcon platform stops breaches on OpenShift by detecting and preventing patterns of malicious behavior derived from leading threat intelligence. Deep visibility into container images, runtime events, and deployment configurations, plus protection for endpoints, cloud accounts, and identity, bring organizations a consolidated solution to enterprise security.
Compliance
Red Hat and Aqua Security help you manage and scale your cloud-native workloads more securely across on-site, hybrid, and cloud infrastructure. The Aqua Cloud Native Security Platform integrates with Red Hat OpenShift to provide risk-based vulnerability management, detailed runtime protection, and comprehensive infrastructure assurance and compliance.
Red Hat and Sysdig help enterprises rapidly adopt cloud-native approaches. Sysdig Secure DevOps Platform, Sysdig Secure, and Sysdig Monitor work with Red Hat OpenShift and Red Hat Advanced Cluster Management for Kubernetes to deliver unified security, compliance, and monitoring for private, hybrid, and multicloud environments.
Red Hat and Palo Alto Networks help you protect your environment with cloud-native security and compliance throughout the entire development life cycle. Prisma Cloud by Palo Alto Networks works with Red Hat OpenShift to deliver comprehensive cloud security posture management (CSPM) and cloud workload protection (CWP) for your deployments.
Tigera and Red Hat have partnered to deliver an integrated security and observability solution for Kubernetes networking and microservices. The solution empowers developers to innovate and ship faster with the leading hybrid and multicloud container platform, while providing fine-grained security and compliance controls to protect Kubernetes workloads.
CrowdStrike's Falcon platform stops breaches on OpenShift by detecting and preventing patterns of malicious behavior derived from leading threat intelligence. Deep visibility into container images, runtime events, and deployment configurations, plus protection for endpoints, cloud accounts, and identity, bring organizations a consolidated solution to enterprise security.
Identity
Red Hat and CyberArk help you improve the security of your container environments and automation scripts. Enterprise-wide privileged access security policies provide visibility, auditing, enforcement, and secrets management to mitigate business risks. CyberArk DevSecOps products—including Conjur Secrets Manager and Credential Providers—integrate with Red Hat OpenShift and Red Hat Ansible Automation Platform to protect, rotate, monitor, and manage privileged credentials for people, applications, scripts, and other non-human identities using a centralized platform.
Uncover hidden threats, make more informed risk-based decisions, and respond faster to cyber threats with an open, integrated cybersecurity platform built on Red Hat OpenShift for hybrid, multicloud deployment. Connect to your existing data sources to generate deeper insights into threats. Securely access IBM and third-party tools to search for threats across any cloud or on-premises location. Quickly orchestrate actions and responses to those threats—all while leaving your data where it is.
The OpenShift integration with Thales Luna HSMs ensures containerized applications can benefit from HSM protection of the entire key life cycle, accelerate cryptographic operations, and benefit from FIPS 140-2 Level 3 security in accordance with industry and government regulations.
Data
Uncover hidden threats, make more informed risk-based decisions, and respond faster to cyber threats with an open, integrated cybersecurity platform built on Red Hat OpenShift for hybrid, multicloud deployment. Connect to your existing data sources to generate deeper insights into threats. Securely access IBM and third-party tools to search for threats across any cloud or on-premises location. Quickly orchestrate actions and responses to those threats—all while leaving your data where it is.
Red Hat and Zettaset help you protect data across any on-premises, cloud, or hybrid deployment to prevent data theft without slowing down your DevSecOps process. XCrypt Kubernetes Encryption for OpenShift and Zettaset Encryption Management Console provide unified encryption management for multiple clusters.
The OpenShift integration with Thales Luna HSMs ensures containerized applications can benefit from HSM protection of the entire key life cycle, accelerate cryptographic operations, and benefit from FIPS 140-2 Level 3 security in accordance with industry and government regulations.
Runtime
Red Hat and Aqua Security help you manage and scale your cloud-native workloads more securely across on-site, hybrid, and cloud infrastructure. The Aqua Cloud Native Security Platform integrates with Red Hat OpenShift to provide risk-based vulnerability management, detailed runtime protection, and comprehensive infrastructure assurance and compliance.
Red Hat and Sysdig help enterprises rapidly adopt cloud-native approaches. Sysdig Secure DevOps Platform, Sysdig Secure, and Sysdig Monitor work with Red Hat OpenShift and Red Hat Advanced Cluster Management for Kubernetes to deliver unified security, compliance, and monitoring for private, hybrid, and multicloud environments.
Red Hat and Palo Alto Networks help you protect your environment with cloud-native security and compliance throughout the entire development life cycle. Prisma Cloud by Palo Alto Networks works with Red Hat OpenShift to deliver comprehensive cloud security posture management (CSPM) and cloud workload protection (CWP) for your deployments.
CrowdStrike's Falcon platform stops breaches on OpenShift by detecting and preventing patterns of malicious behavior derived from leading threat intelligence. Deep visibility into container images, runtime events, and deployment configurations, plus protection for endpoints, cloud accounts, and identity, bring organizations a consolidated solution to enterprise security.
Monitoring
Security event detection and correlation back to the DevSecOps life cycle and tools. Security events are happening in production on an application, Splunk can correlate that event back to the application, developer, team, and tools used to build that application to provide quicker time to remediate that security event.
Red Hat and Sysdig help enterprises rapidly adopt cloud-native approaches. Sysdig Secure DevOps Platform, Sysdig Secure, and Sysdig Monitor work with Red Hat OpenShift and Red Hat Advanced Cluster Management for Kubernetes to deliver unified security, compliance, and monitoring for private, hybrid, and multicloud environments.
Red Hat and Aqua Security help you manage and scale your cloud-native workloads more securely across on-site, hybrid, and cloud infrastructure. The Aqua Cloud Native Security Platform integrates with Red Hat OpenShift to provide risk-based vulnerability management, detailed runtime protection, and comprehensive infrastructure assurance and compliance.
Red Hat and Palo Alto Networks help you protect your environment with cloud-native security and compliance throughout the entire development life cycle. Prisma Cloud by Palo Alto Networks works with Red Hat OpenShift to deliver comprehensive cloud security posture management (CSPM) and cloud workload protection (CWP) for your deployments.
CrowdStrike's Falcon platform stops breaches on OpenShift by detecting and preventing patterns of malicious behavior derived from leading threat intelligence. Deep visibility into container images, runtime events, and deployment configurations, plus protection for endpoints, cloud accounts, and identity, bring organizations a consolidated solution to enterprise security.
Remediation
Empower developers to easily find and fix vulnerabilities in containers and Kubernetes applications, including Red Hat OpenShift. Snyk Open Source automatically finds, prioritizes, and fixes vulnerabilities in open source dependencies. Snyk Code is a Static Application Security Testing (SAST) tool re-imagined for the developer.
Red Hat and Palo Alto Networks help you protect your environment with cloud-native security and compliance throughout the entire development life cycle. Prisma Cloud by Palo Alto Networks works with Red Hat OpenShift to deliver comprehensive cloud security posture management (CSPM) and cloud workload protection (CWP) for your deployments.
Uncover hidden threats, make more informed risk-based decisions, and respond faster to cyber threats with an open, integrated cybersecurity platform built on Red Hat OpenShift for hybrid, multicloud deployment. Connect to your existing data sources to generate deeper insights into threats. Securely access IBM and third-party tools to search for threats across any cloud or on-premises location. Quickly orchestrate actions and responses to those threats—all while leaving your data where it is.
CrowdStrike's Falcon platform stops breaches on OpenShift by detecting and preventing patterns of malicious behavior derived from leading threat intelligence. Deep visibility into container images, runtime events, and deployment configurations, plus protection for endpoints, cloud accounts, and identity, bring organizations a consolidated solution to enterprise security.
Network
Red Hat and Tigera help organizations build security into their container and Kubernetes environments by monitoring, analyzing, and controlling network traffic. Certified with Red Hat OpenShift, Calico Enterprise helps you successfully operate, optimize, and protect critical containerized applications across cloud environments.
Red Hat and Palo Alto Networks help you block threats and prevent lateral movement on your Red Hat OpenShift cloud network. Prisma Cloud, combined with VM-Series or CN-Series next-generation firewalls (NGFWs), delivers cloud network security that provides high-fidelity network visibility and controls.
Red Hat and Aqua help reduce the impact of attacks. The Aqua Cloud Native Application Protection Platform integrates with Red Hat OpenShift to automatically discover network connections and get suggested contextual firewall rules that allow legitimate connections based on service identity, URLs or IPs, and block or alert on unauthorized network activity.
Red Hat and Sysdig help you implement a zero-trust approach to container security by allowing only required network communication. Visualize all network communication between pods, services, and applications inside Kubernetes. Shorten time to implement network security from weeks to hours by automating Kubernetes network policies. Identify anomalous network activity quickly by auditing every connection to or from any process.