Red Hat Advanced Cluster Security for Kubernetes
Cloud compliance software
Cloud workload protection platforms
Container security tools
Cloud security software
DevSecOps software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if Red Hat Advanced Cluster Security for Kubernetes and its alternatives fit your requirements.
Pay-as-you-go
Free Trial
Free version unavailable
Small
Medium
Large
- Construction
- Manufacturing
- Professional services (engineering, legal, consulting, etc.)
What is Red Hat Advanced Cluster Security for Kubernetes
Red Hat Advanced Cluster Security for Kubernetes is a Kubernetes-native security platform focused on securing containerized workloads across the build, deploy, and runtime phases. It is used by platform engineering, DevSecOps, and security teams to identify vulnerabilities, enforce Kubernetes policies, and detect suspicious activity in clusters. The product combines image and configuration scanning with admission controls and runtime detection, and it integrates with CI/CD and Kubernetes ecosystems. It is commonly deployed in environments running Red Hat OpenShift as well as upstream Kubernetes.
Kubernetes-focused policy enforcement
The product provides Kubernetes-aware controls such as admission-time policy checks and enforcement for deployments. It supports policy definitions aligned to cluster objects (namespaces, deployments, RBAC, network policies) rather than generic host controls. This helps teams standardize guardrails for multi-cluster environments and reduce misconfigurations that lead to exposure.
Build-to-runtime security coverage
It supports image vulnerability scanning and configuration checks earlier in the pipeline and continues with runtime detection in clusters. This enables teams to connect findings from build artifacts to what is actually running, which is important for prioritization and incident response. The approach fits DevSecOps workflows where security gates and runtime monitoring both matter.
Integrates with OpenShift ecosystem
The product aligns closely with Red Hat OpenShift and common Kubernetes tooling, which can simplify deployment and operations for organizations standardized on Red Hat platforms. It supports integrations for CI/CD and container registries to automate scanning and policy checks. For Red Hat customers, procurement and support can be consolidated under existing enterprise agreements.
Primarily Kubernetes scope
The product is designed for Kubernetes and containerized workloads, so it is not a complete solution for broader cloud security needs such as full CSPM across all cloud services or endpoint protection. Organizations typically need additional tools for non-Kubernetes assets and SaaS/IaaS configuration governance. This can increase overall tooling complexity in heterogeneous environments.
Operational overhead at scale
Running scanners, collectors, and policy enforcement across many clusters can require careful tuning and ongoing maintenance. Teams may need to manage policy exceptions, reduce alert noise, and coordinate changes with application owners to avoid deployment friction. Large environments often require dedicated ownership to keep policies and detections aligned with evolving workloads.
Best fit for Red Hat stacks
While it supports upstream Kubernetes, organizations not using OpenShift may find less value in Red Hat-specific operational alignment and packaging. Some buyers may prefer a single platform that unifies Kubernetes security with broader cloud posture and compliance workflows in one console. This can affect perceived ROI when Kubernetes is only one part of the environment.
Plan & Pricing
Pricing model (usage-based & included subscription):
- RHACS Cloud Service (SaaS) — Pay-as-you-go
- Billing: Charged hourly per secured core (vCPU) of a node belonging to a secured cluster.
- Purchase channel: Sold via the AWS Marketplace (per Red Hat documentation).
- Note: Red Hat documentation describes the billing unit (hourly per secured core) but does not list a public per-core price on the Red Hat site; the marketplace listing contains the actual per-hour rates.
- Self-managed Red Hat Advanced Cluster Security (software you install) — Included with Red Hat OpenShift Platform Plus
- RHACS is included in the OpenShift Platform Plus subscription (Platform Plus is a bundled, subscription-based edition of OpenShift).
- Note: OpenShift Platform Plus pricing is part of Red Hat subscription offerings; Red Hat site presents OpenShift pricing information (and reserved-instance examples for OpenShift cloud services) but does not publish a simple standalone per-node/unit price for RHACS itself on the product pages. Exact subscription pricing typically requires contacting Red Hat or buying OpenShift subscriptions through Red Hat sales/partners.
(Formatted from Red Hat official product pages and product documentation.)
Seller details
Red Hat, Inc. (IBM subsidiary) / Mandrel open source project
Raleigh, North Carolina, United States
1993
Subsidiary
https://github.com/graalvm/mandrel
https://www.linkedin.com/company/red-hat/
