
Traditional security tools were admittedly built for a different era of IT, one with static servers and predictable network traffic. These solutions struggle with the constant flux of containerized and cloud-native applications. These applications spin up and down quickly, constantly changing and communicating across vast networks. Traditional tools can't keep up with this dynamism. Gaps are left in security during runtime, the all-important stage when applications are actively processing data and are most susceptible to attacks. This creates a window of vulnerability that malicious actors exploit to steal information, disrupt operations or cause havoc.
ARMO, a provider of cloud security and workload protection solutions, announced a new offering that strengthens security for cloud workloads by addressing threats that may remain hidden during development and deployment stages: its ARMO Cloud Detection and Response, or CDR, solution.
ARMO CDR builds upon the existing threat detection capabilities of Kubescape, ARMO's open-source project. It achieves this by incorporating observed application behavior with contextual data from Kubernetes environments, cloud settings, security policies and workload characteristics. This combined information creates a unique Application Profile DNA that serves as a real-time baseline for identifying anomalies, malicious activities and malware.
ARMO's approach prioritizes actionable results while minimizing false positives and maintaining application performance. This makes certain that security teams focus on genuine threats, which reduces alert fatigue.
The integration of Kubescape with ARMO Platform bolsters workload protection within Kubernetes clusters. Kubescape utilizes an eBPF-based runtime sensor to learn expected application behavior. This establishes a baseline, allowing it to detect and flag deviations or suspicious activity, which enhances overall workload security. Notably, this technology minimizes false positives and maintains a low resource footprint, potentially reducing operational costs by up to 60% compared to traditional runtime agents.
“Legacy Endpoint Detection and Response solutions struggle to provide the visibility and context needed for modern containerized and cloud-native microservices architectures running on Kubernetes,” said Ben Hirschberg, CTO and co-founder of ARMO and core maintainer of Kubescape. “This necessitates the evolution to Cloud Detection and Response (CDR).”
ARMO CDR combines anomaly detection with behavioral inspection and addresses a wide range of threats and attacks targeting cloud workloads and Kubernetes clusters. This includes zero-day exploits, supply chain attacks, ransomware, cryptojacking, data breaches and file-based and fileless attacks. The platform's adaptive rules prioritize responding to malicious incidents, minimize alert fatigue and enable swift remediation.
“Runtime security is critical as it serves as the final line of defense against threats,” said Shauli Rozen, CEO and co-founder of ARMO. “While mitigating security risks within the development pipeline and cluster architecture is essential, runtime security is vital to alert and manage threats that bypass other defenses.”
ARMO CDR essentially allows security teams to proactively address threats targeting cloud workloads and will strengthen the overall security posture of cloud-native applications.
Edited by Alex Passett




