Cybersecurity software provider Qualys Inc. has gotten its checkbook out in order to add new container-focused security features to its platform.

The company said Tuesday it’s acquiring a startup called Layered Insight Inc., which offers a “SecurityOps” platform that combines DevOps capabilities with container security and compliance tools.

Qualys said in an earnings call October 30 it was paying $12 million to acquire the company, plus another $8 million subject to certain conditions. Layered Insight’s co-founders will join Qualys’ staff once the deal closes in 2019. Asif Awan will become chief technology officer of container security at Qualys, while John Kinsella takes on the role of vice president of engineering for container security.

Qualys is one of several cloud security companies that have been turning their attention to container protection, due to the rising popularity of cloud-native software applications. Software containers are typically used to package these apps and distribute them across multiple computing platforms without the need to rewrite code each time.

By buying Layered Insight, Qualys gains a new runtime security capability that protects containerized apps when they’re at their most vulnerable. It also gains automated security policy enforcement controls, which are another staple of Layered Insight’s offering.

Runtime security is seen as one of the best ways of securing applications as it involves identifying and blocking threats in real-time, while the apps are up and running. With it, apps are able to “self-protect” by reconfiguring themselves automatically when threats are detected without human intervention.

This kind of capability is in demand because when it comes to securing container technology, one of the main tasks enterprises need to think about is ensuring that both the code and the operational mechanisms of their applications are secure, analyst Holger Mueller of Constellation Research Inc. told SiliconANGLE.

“The race [among security companies] is on to have the most complete offering so they can help enterprises run container management applications in the safest way,” he said. “That’s what Qualys’ acquisition of Layered Insights is all about.”

Qualys is, therefore, betting that the combination of runtime security with policy enforcement will go down well with its enterprise customers. The company reckons it will now be able to correlate “deep runtime behavioral analysis” with its current capabilities, which are focused on visibility and compliance.

With this, the company said, developers will gain the ability to “detect and prevent security breaches during runtime.” The system will provide alerts when runtime anomalies are detected and apply automated polices to enforce security rules should a breach occur.

Qualys said its new capabilities can also extend to serverless container deployments on public cloud platforms such as Amazon Web Services and Microsoft Azure. The company said it expects to have Layered Insight’s container security features fully integrated into its platform by the second half of 2019.

Photo: Wolfgang59b/pixabay