Originally published by Aaref Hilaly on LinkedIn: StackRox And The Reinvention Of Security For Microservices

At Sequoia, we have been very selective in our cyber security investments. Years ago, Palo Alto Networks and FireEye incubated in our offices. We’ve since partnered with a handful of companies, including Barracuda, Carbon Black, Okta, OpenDNS, and Skyhigh. But we have not accelerated our security investments in line with the market. According to CB Insights, in the last five years alone, $13.2 billion has been invested in security-related private companies, spread across 829 financings. There’s clearly a need, as shown by constant breaches and ransomware attacks. Our challenge is that it’s very hard to build an enduring security company -- it takes a unique combination of market, technology, and team.

We believe that rare blend exists in StackRox, which is today talking publicly about its product for the first time.

StackRox is capitalizing on a shift in application architecture. We have seen these kinds of shifts create large security companies in the past. It's virtualization that enables FireEye and the cloud that drives demand for Okta and Skyhigh. For StackRox, the change is that developers have moved en masse from closed, secure virtual machines to the more open, vulnerable world of containers. As a result, applications are built and deployed in a different way, which creates a new attack surface for hackers to exploit. For example, a bad actor might insert a rogue container which exfiltrates data.

StackRox helps CISOs (Chief Information Security Officers) protect against these kinds of threats, and that in itself has great value. But it also has the opportunity to do much more. That’s because, unlike other architectural shifts, this one also creates a massive opportunity to reinvent application security.

It’s a truism that developers will not change the way they write code to improve security. So security products create "control points”, where security policies can be applied. For Palo Alto, it’s network traffic; for Okta, it’s identity; for Skyhigh, it's cloud traffic.What’s different today is that applications are being written as “microservices", meaning small, loosely-coupled autonomous units which are wrapped in containers, rather than as large, monolithic bodies of code.

That means, for the first time, it’s possible to move that control point to the application itself. By collecting data upfront -- system calls from containers, Docker event data, etc. -- it’s now possible for security teams to get much greater visibility and control inside applications than was ever possible before. In a sense, security teams can now build security into the application environment by monitoring and regulating the flow of information between application components. If done right, it would take away the need for other control points — why have web application firewalls (WAFs) or intrusion detection systems (IDS), if you can layer security into the core of the application itself?