The News: SUSE announced last week the release of NeuVector 5.0, the first edition of its container security platform since SUSE open-sourced NeuVector in January. Timed to coincide with the latest update of SUSE Rancher, the announcement furthers SUSE’s vision to deliver a fully integrated cloud-native platform that enables users to build, deploy, and easily secure their Kubernetes applications and accelerate their digital transformation. Read the full Press Release here.
Is SUSE becoming the Container Company?
Analyst Take: KUBECON Europe was last week and as you can imagine, the usual suspects in the space took the opportunity to launch new functionality and updates to their cloud-native solutions. A prime example was SUSE, who took the opportunity to announce an update to Rancher and the NeuVector container security solution. I wrote about SUSEs acquisition of NeuVector back in November last year and have been keen to find out what the company had in store for the solution. I don’t have to wait any longer.
Security is rapidly becoming increasingly vital to the container orchestration and management space as enterprises look to move Kubernetes deployments into the mainstream. As Kubernetes deployments transition from small test and development instances to full-scale production instances, the need to ensure that these cloud native deployments have security baked in is a given. SUSE’s acquisition of NeuVector and the other Kubernetes players making similar moves only reinforces the requirements as vendors respond to the demands of their customers.
SUSE’s NeuVector 5.0
SUSE is positioning NeuVector as a “Full Lifecycle Container Security Platform.” The fact that the 5.0 release coincided with the latest update to Rancher was no coincidence to this observer.
We are not at the point yet where it is clear whether security and IT operations will be centralized in Kubernetes environments, but as IT organizations shift toward deploying cloud native microservices, an opportunity to improve application security becomes apparent. Previously, securing legacy monolithic applications has been a challenge because it is no simple task to identify all the services and processes within the application. A microservices-based application may inherently be more complex to build and manage, however, it is easier to secure the individual services components and layers that make up that application.
The key challenge organizations must deal with is that developers struggle to master the nuances of application security. In the absence of a container security platform, malware can easily spread within a container, and then laterally, as the container is reused or, worse yet, take over an entire host.
As a result, responsibility for container security is shifting left toward developers and the DevOps teams that support them. In the wake of a series of high-profile supply chain style breaches, there is increased focus on CI/CD pipeline security than ever. When you couple the shift left of security with the fact that few cybersecurity professionals understand the complexities of container platforms, issues abound.
As applications are being developed, it is not practical for cybersecurity teams to monitor how every application is being developed. Organizations typically adopt an approach of deploying a series of scans applied to discover vulnerabilities close to when an application is deployed. As the speed of development accelerates, this approach of scanning close to deployment is quickly becoming impractical.
The NeuVector container security platform looks to deliver a multi-vector container firewall approach that protects container networks from Layer 3 through Layer 7. NeuVector detects real-time connection information for container traffic and automatically segments traffic based on application layer behavior, regardless of network settings. Those packets can also be analyzed to help debug applications and also discover the root cause of a breach.
I believe that NeuVector is significant for SUSE’s fortunes, not only for its Rancher platform, but more widely for the fortunes of the company. For Kubernetes to jump from test and development workloads to true mission-critical applications, security will need to become more inherent and foundational. Approaches such as NeuVector will enable enterprises to strengthen their security against growing cyber threats without a corresponding reduction in developer agility and velocity. Only if we see this same speed of innovation as the K8S crowd has grown used to and the robust security that CISOs demand will Kubernetes, and the fortunes of SUSE, deliver on their promise.
SUSE also announced that it has made the NeuVector container security platform available as an open source product. That platform has also been submitted to the Cloud Native Computing Foundation (CNCF) in the form of a project dubbed Open Zero Trust (OZT), which is awaiting approval. This is encouraging to see and completely aligns with the ethos and corporate positioning of SUSE as an open-source, community-focused organization
Rancher goes from Strength to Strength
Unsurprisingly, SUSE took the opportunity presented by the increased attention from KUBECON to provide details of the latest version of Rancher — this time V2.6.5. The new release of the Kubernetes management platform features the GA of RKE2 (SUSE’s in-house Kubernetes distribution), as well as increased functionality enabling the isolation of Prometheus metrics between projects. A graduated project at CNCF, Prometheus is a handy monitoring system and time series database.
RKE2 adds support for Windows, including Server 2022, and a vSphere driver to provision directly into a virtualized environment. The experimental GMSA (Group Managed Service Accounts) tooling, .NET applications is interesting to me, as apparently customers can now maintain security best practices in container environments. What stood out for me was comments from SUSE that with their Windows containers customers can do stuff on active directory that is not supported .NET Core on Linux. I need to dig in here and get a more in-depth briefing but the fusion of Windows, .NET and K*S is interesting and provides a path to simplicity that I believe many DevOps teams will be willing to explore in the coming months.
The cadence of Rancher releases indicates that the technology is maturing as SUSE has obviously put the technology at the front of its charge to take on Red Hat and VMware.
The KUBECON announcements made by SUSE are certainly not revolutionary, but they do continue to demonstrate the critical nature of both Rancher and NeuVector to the new SUSE. Melissa DiDonato is looking to transform SUSE on two vectors, the first being to transition the company from an engineering focus to an enterprise sales powerhouse, while also harnessing the company’s engineering prowess to accelerate innovation in the cloud native space. Executing either one of these strategies would be hard enough to pull off but executing both is a tough ask. DiDonato seems to be making both work, which is impressive.
We are still in the early innings of the new SUSE, so it’s too early to say whether the company has delivered on its promise. But thus far, I am impressed with the execution on the engineering side based on the these latest announcements and I will be watching the next earnings call to see whether the company can continue on it trajectory of posting solid growth number. Exciting times ahead for SUSE.
Disclosure: Futurum Research is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum Research as a whole.
Other insights from Futurum Research:
Image Credit: SUSE
Steven Dickens is Vice President of Sales and Business Development and Senior Analyst at Futurum Research. Operating at the crossroads of technology and disruption, Steven engages with the world’s largest technology brands exploring new operating models and how they drive innovation and competitive edge for the enterprise. Read Full Bio.