Runtime Analysis in the Red Hat DevSecOps framework

This post: ​

• Defines and explains the concept of Runtime Analysis. 

• Shows how Runtime Analysis integrates into the DevOps life cycle. 

• Provides pointers to Red Hat partners that can help with Runtime Analysis

September is “runtime analysis” month in Red Hat’s monthly Security series! Since March 2021, the Red Hat Security Ecosystem team has published monthly articles and videos on DevOps Security topics to help you learn how Red Hat can help you master the practice called DevSecOps. 

By explaining how to assemble Red Hat products and introducing our security ecosystem partners, we aim to aid in your journey to deploying a comprehensive DevSecOps solution.

Runtime Analysis defined

Runtime analysis methods are only found in a running Kubernetes cluster, and the goal is to provide a defense-in-depth approach to protecting a running Kubernetes cluster. The following security methods make up the runtime analysis category:

• Admission control: functions as a Kubernetes workload gatekeeper that governs and enforces security policies on what is allowed to run on the cluster or not.

• Runtime application behavioral analysis: examines system activity and intelligently detects suspicious or malicious actions in real time.

• Threat defense, Runtime application self-protection (RASP): responds to detected threats, like blocking cyberattacks in real time. Threat defense shouldn’t be confused with threat detection, which is part of behavioral analysis. While most vendors in the runtime analysis category have capabilities in both, we’ve broken these two terms up to highlight their distinct functions. 

While the runtime analysis security category may seem a bit light in security functions, it serves as a centerpiece in DevSecOps by consuming or integrating with other security category methods.  For example, admission controllers and behavioral analysis typically assess data from vulnerability or compliance scans. 

With this in mind, it’s important to note that Red Hat security partners in this category typically also play in several other categories, like vulnerability and configuration management and compliance.

Runtime Analysis integrated in DevSecOps

As pictured in the DevSecOps framework figure here, Runtime Analysis integrations are found on the right side of the DevSecOps life cycle in a running cluster. The table details some, but not all, of the common integrations to consider for Runtime Analysis. 

Enhance and extend Runtime Analysis with Red Hat partners

As Red Hat Advanced Cluster Security for Kubernetes does strengthen the layered approach to container and Kubernetes security for Red Hat OpenShift Container Platform, Red Hat continues to work closely with its certified ecosystem of partners to enhance and extend Runtime Analysis capabilities for our customers. 

Ultimately, Red Hat remains committed to a broad and deep ecosystem that provides customer choice and facilitates innovation in order to help your organization's DevSecOps practice.  

If you are looking to enhance and extend Red Hat’s security capabilities in Runtime Analysis, take a look at the following Red Hat Partners:

• Aqua Security free trial and Operator.

• NeuVector Full Lifecycle Container Security and webinar on egress.

• Palo Alto Prisma Cloud Compute Edition and webinar.

• Sysdig free trial and webinar.

For more information, visit "Modernize and secure applications with DevSecOps," or begin your discussion with us on enhancing container security and adopting DevSecOps. 

For similar blog posts on Red Hat’s DevSecOps Framework, search for previous months’ categories (Network Controls, Data Controls, Compliance, Identity and Access, and Vulnerability and Configuration Management) and stay tuned for upcoming posts.