IBM, Red Hat, and SUSE

IBM Corp.’s research division today announced the release of SysFlow, an open-source security toolkit for hunting breaches in cloud and container environments.

SysFlow is designed to tackle a common problem in network protection. Modern security monitoring tools capture system activity with a high degree of granularity, often down to individual events such file changes.

That’s useful to a point but also creates a large amount of noise that makes spotting threats harder. IBM researchers Frederico Araujo and Teryl Taylor described looking for breaches under such circumstances as “akin to searching for a needle in an extremely large haystack.”

Red Hat is moving toward putting the open source Quay container registry at the center of its DevSecOps strategy for securing containers.

The latest 3.2 version of Quay adds support for Container Security Operator, which integrates Quay’s image vulnerability scanning capabilities with Kubernetes. Dirk Herrmann, senior principal product manager for Red Hat, says that capability will make it possible to leverage the open source Clair vulnerability scanning tool developed by CoreOS. Red Hat acquired CoreOS in 2018.

[...]

The latest release of Quay also makes it easier to extend DevSecOps processes across multiple instances of the container registry. Version 3.2 of Quay includes a mirroring capability that makes it possible to replicate instances of Quay container registries across multiple locations. In fact, Herrmann says one of the things that differentiates Quay most from other container registries is its ability to scale.

Other capabilities added to Quay include support for OpenShift Container Storage 4, which is enabled via NooBaa Operator for data management, based on the S3 application programming interface (API) for cloud storage developed by Amazon Web Services (AWS).

Red Hat, Inc., the world's leading provider of open source solutions, today announced that it is accepting nominations for the 2020 Women in Open Source Award program. Now in its sixth year, the Women in Open Source Award program was created and is sponsored by Red Hat to honor women who make important contributions to open source projects and communities, or those making innovative use of open source methodology.

Nominations for this year's awards will be accepted for two categories: Academic, open to women who are enrolled full-time, earning 12 or more credit hours, in college or university; and Community, open to all other women contributing to projects related to open source.

When Melissa Di Donato joined SAP in 2017, having counted Salesforce, IBM and Oracle among her previous employers, she told this publication it was like ‘coming home.’ Now, as chief executive of Linux enterprise software provider SUSE, it is more a step into the unknown.

Yet it is not a complete step. Working with a proprietary software company means your experience is primarily in selling it, implementing it and aligning it to others’ business needs. With SUSE, Di Donato knows far more acutely what customers want.

[...]

Not unlike other organisations, SUSE’s customer base is split into various buckets. You have traditionalists, which comprise about 80% of customers, hybrid beginners, cloud adopters and cloud-native; the latter three all moving in ever decreasing circles. Regardless of where you are in your cloud journey, SUSE argues, the journey itself is the same. You have to simplify, before you modernise, and then accelerate.

Di Donato argues that cloud and containers are ‘very, very overused words’, and that getting to grips with the technology which holds the containers is key – but all journey paths are valid. “Whether cloud means modernising, or container means modernising, VMs, open source… [customers’] version of modernising is really important, and they want to simply and modernise to then get to a point where they can accelerate,” she says. “Regardless of what persona you are, what customer type you are, everyone wants to accelerate.”

These days, pretty much everyone is on one of the hyperscale cloud providers as well. SUSE has healthy relationships with all the major clouds – including AWS, which is a shot in the arm for its occasionally-criticised stance on open source – aiming to offer partnerships and value-adds aplenty.