Anchore Raises $20M to Expand Kubernetes Security Reach
Anchore this week announced it has received an additional $20 million in funding as the battle for container security supremacy intensifies in 2020.
Startups such as Anchore are finding themselves competing with much larger rivals such as Palo Alto Networks and McAfee, which have extended their existing portfolios either organically or by acquiring startups such as Twistlock, in the case of Palo Alto Networks, or NanoSec, in the case of McAfee.
Anchore CEO Saïd Ziouani says as responsibility for DevSecOps continues to shift left toward developers, there is a need for a comprehensive container security platform designed to run natively on Kubernetes from the ground up. In contrast, offerings from rivals are designed to secure containers rather than the entire Kubernetes environment, says Ziouani.
The Anchore portfolio is based on Anchore Engine, an open source image inspection and scanning tool. Atop that foundation, Anchore makes available Anchore Enterprise, a set of commercial tools for defining policies and managing container security workflows in a way that can be integrated easily with continuous integration/continuous deployment (CI/CD) platforms.
IT organizations need a platform that ensures containers are secure long before they are loaded into a registry, Ziounai says.
Anchore has already been designated a required component of the U.S. Department of Defense DevSecOps Reference Architecture and Ziounai says the Anchore security tool has been adopted by many Fortune 500 companies. The goal now is to extend the platform’s capability to secure more stages of the container life cycle and to provide security teams with additional insight into their risks and vulnerabilities by, for example, incorporating machine learning algorithms and improving collaboration across DevSecOps teams, he notes.
As competition intensifies, it’s not clear to what degree an additional $20 million in financing will enable Anchore to realize its ambitions. On the plus side, however, larger rivals are focused on cybersecurity strategies that span both legacy applications and emerging classes of workloads based on containers. Anchore will benefit from its ability to focus on a specific platform, says Ziouani. That approach will make it possible for organizations to accelerate the development of secure containerized applications without compromising on the rate of speed at which those applications are being built and deployed using best DevOps processes, he notes.
Of course, Anchore is not the only startup focused solely on Kubernetes security. As more workloads are deployed on Kubernetes clusters running in production environments, more cybersecurity teams will at the very least be included in conversations about how best to secure those workloads, as the relationship between cybersecurity and DevOps teams continues to evolve. Many cybersecurity teams will have a natural inclination toward extending existing policies and platforms to Kubernetes environments whenever possible. However, Anchore is betting that developers in many cases will move to proactively embrace platforms such as its to address cybersecurity issues on their own versus waiting for cybersecurity teams to anoint a platform.
