ARMO Ltd., the cloud runtime security company behind the open-source Kubernetes security platform Kubescape, today announced the launch of Behavioral Cloud Application Detection and Response, a new solution that unifies runtime security from code to cloud.

CADR provides a full, explainable and traceable runtime security story spanning the entire cloud stack and responds to threats without flooding teams with alerts.

The new solution seeks to address cybersecurity issues in transitions to cloud-native applications. ARMO argues that traditional application architectures have been replaced by distributed containerized services deployed across numerous environments and vendors, creating a tightly bound relationship between applications and their underlying infrastructure, resulting in a more convoluted attack surface.

CADR offers runtime security with a holistic view of threats from the line of code being exploited to the cloud application programming interface where the data resides. The service links high-level cloud activity to suspicious application-level behaviors to provide detailed visibility into the compromised application function and APIs.

The service also maps attacks from the cloud management layer to specific code execution to accelerate incident investigation and response. Doing so gives SecOps teams the missing context for cloud alerts, improving detection accuracy and forensic analysis of cloud-native threats.

“Threat actors don’t respect organizational silos in cybersecurity and security solutions shouldn’t either,” said co-founder and Chief Executive Shauli Rozen. “ARMO CADR connects all of the data points across the cloud into a single attack story and provides the means to stop attacks in a way that poses minimal to no effect on business operations, thereby alleviating much of the friction and inefficiencies that occur among siloed stakeholders.”

CADR taps into the ARMO’s open-source Kubescape’s eBPF-based runtime sensor to establish baseline application behavior patterns. The foundation is then continuously enriched with contextual data from Kubernetes events, cloud infrastructure and container metrics for real-time attack detection and response with granular visibility across stack traces, APIs, network layers and code functions.

The new solution also offers advanced threat response that allows security teams to define response policies that trigger automatic actions to contain or mitigate security threats without manual intervention while accounting for the accepted risk of workloads or containers. ARMO’s response options additionally go beyond standard responses with the option of “Soft Quarantine,” which secures suspicious processes or containers while maintaining application uptime by using strict network policies and security computing mode profiles.

ARMO is a venture capital-backed startup that has raised $34.5 million over two rounds, including a round of $30 million in April 2022. Investors in the company include Tiger Global Management, Hyperwise Ventures Ltd., Pitango First General Partner Ltd. and Peled Ventures Ltd.

Image: ARMO