Cloud runtime security company ARMO recently launched a Behavioral Cloud Application Detection and Response (CADR) solution to provide a complete, explainable, and traceable runtime security story spanning the entire cloud stack and responding to threats without flooding teams with alerts.
A holistic view of security threats
ARMO CADR is the “first runtime security solution to provide a holistic view of a threat, from the line of code being exploited, to the cloud API where the data resides.”
The solution links high-level cloud activity to suspicious application-level behaviors, providing detailed visibility into the compromised application function and APIs. It maps attacks from the cloud management layer to specific code execution to accelerate incident investigation and response. By giving SecOps teams the missing context for cloud alerts, the solution improves detection accuracy and forensic analysis of cloud-native threats.
ARMO CADR leverages Kubescape’s eBPF-based runtime sensor to establish baseline application behavior patterns. Contextual data from Kubernetes events, cloud infrastructure, and container metrics will continuously enrich the solution’s foundation and enable real-time attack detection and response with granular visibility across stack traces, APIs, network layers, and code functions.
Further, ARMO CADR addresses the tension between SecOps and DevOps teams, the company says. Because these two teams have competing objectives—SecOps focusing on threat prevention and DevOps on application uptime—ARMO’s open-source-based approach introduces transparency in the security layer, which can help build trust between them.
The solution aligns security practices with operational goals by having DevOps verify detection mechanisms rather than working with a black box.
ARMO CADR also offers advanced threat response, enabling security teams to define response policies that trigger automatic actions to contain or mitigate security threats without manual intervention while accounting for the accepted risk of workloads or containers.
Additionally, ARMO’s response options go beyond standard responses. One option is Soft Quarantine, which secures suspicious processes or containers while maintaining application uptime by using strict network policies and seccomp profiles.
The solution also offers Blast Radius Analysis to visualize the affected resources and interrelationships, substantially improving the time it takes to discover and resolve. Combining automated, context-aware responses contributes to overall system security and compliance while reducing response times.
ARMO enhances Kubernetes security
ARMO provides a runtime-based platform for various cloud security, remediation, and Kubernetes-focused tools. It also maintains the open-source Kubescape platform, which many organizations use to secure their environments.
ARMO CEO Shauli Rozen spoke to Channel Insider about the company’s recent partnership with Orange Business to provide security services for their managed Kubernetes services offering for European customers and the need for sophisticated security solutions in the containers, cloud, and Kubernetes channel.
Rozen says that the company’s focus on runtime differentiates it from others in the market and how many organizations still approach cloud security. ARMO’s full-service platform builds on Kubescape’s success and offers deeper technical components for enterprise customers who want more than the open-source platform can offer.
“Our platforms provide credibility through transparency,” said Rozen. “Everything you install in customers’ clusters and environments needs to be transparent. Kubescape and our focus on open-source development gave us a lot of feedback very quickly and taught us a lot about what businesses and users needed out of our platform.”
Rozen said that the partnership with Orange Business is one of several ARMO pursued in 2024 and part of a larger strategy for growth through relationships.
“You can’t succeed alone in this market,” Rozen said. “Through strategic partnerships, we can actually create an impact and also help providers build a service and provide expertise for customers who need a solution like ARMO.”
Cloud security has been a growing challenge for the IT sector, with data being a significant commodity in the space. Read more about Proofpoint’s acquisition of Normalyze to enhance its data security platform.