Announcing Red Hat Advanced Cluster Security for Kubernetes 4.10

Kubernetes adoption continues to outpace native security controls, prompting vendors to embed protection deeper into the development pipeline. Red Hat’s Advanced Cluster Security 4.10 tackles this gap by moving vulnerability management from a separate dashboard into the OpenShift Console itself. Security teams can now view CVE details, remediation status, and risk scores without leaving their primary deployment view, cutting down on context‑switching and enabling faster response to emerging threats. This integration reflects a broader industry shift toward unified, platform‑native security solutions that align with DevSecOps practices.

The release also refines how organizations handle base images, introducing a "layer type" attribute that clearly distinguishes vendor‑provided base layers from custom application layers. This granularity improves accountability, allowing teams to track hygiene metrics for both foundational and derivative components. In parallel, Red Hat previews vulnerability scanning for virtual machines running on OpenShift Virtualization, extending the same policy engine to legacy workloads. File‑activity monitoring adds forensic visibility into changes on critical host files such as /etc/passwd and /etc/ssh/sshd_config, supporting PCI DSS, HIPAA, and NIST compliance. A new policy criterion based on CVE fix dates further automates remediation SLAs, ensuring patches are applied within defined windows.

For enterprises, these capabilities translate into measurable operational efficiencies and risk reduction. Consolidating container and VM security under a single console simplifies governance, while real‑time alerts and precise layer attribution accelerate patch cycles. Compliance officers gain audit‑ready logs of file changes, and security operators benefit from natural‑language queries via the StackRox MCP server for rapid zero‑day assessment. As OpenShift remains a cornerstone of many hybrid cloud strategies, Red Hat’s 4.10 enhancements position its security suite as a critical control layer for organizations seeking to protect complex, multi‑cloud Kubernetes environments.