ARMO Rolls Out Advanced Cloud Detection and Response, Protecting Cloud Workloads at Runtime

ARMO launches behavioral-based cloud detection and response to protect workloads from cyberattacks before and during attempted exploits, without being overwhelmed by alerts

TEL AVIV, Israel, June 26, 2024 /PRNewswire/ -- ARMO, the cloud security and workload protection innovator and creator of Kubescape, announced today the launch of its new ARMO Cloud Detection & Response solution, providing robust security for workloads.

This new offering addresses the residual threats that may persist during runtime, even after thorough scanning during development and deployment. The solution builds on Kubescape's open-source threat detection capabilities by adding observed application behavior with context from Kubernetes, cloud environment, security policies, and workload characteristics. This creates a unique Application Profile DNA (APD™) that serves as the baseline for detecting anomalies, malicious activities, and malware in real-time.

ARMO's approach focuses on providing actionable results while reducing false positives, without impacting application functionality. This approach leads to more secure applications while mitigating alert fatigue for security teams.

By utilizing Kubescape, ARMO Platform boosts workload protection within Kubernetes clusters by providing runtime threat detection and response capabilities. Using an eBPF-based runtime sensor to determine expected application behavior, Kubescape establishes a baseline and will then detect and flag any deviations or suspicious behavior, leading to enhanced workload protection. This technology focuses on reducing false positives and maintaining a low resource footprint, reducing operating costs by up to 60% compared to traditional runtime agents.

"Legacy Endpoint Detection & Response solutions have struggled to keep up with the visibility and context challenges posed by modern containerized and cloud-native microservices architectures running on Kubernetes, necessitating the evolution to Cloud Detection Response," said Ben Hirschberg, CTO and co-founder of ARMO, and core maintainer of Kubescape.

ARMO combines anomaly detection with behavioral inspection, addressing a broad spectrum of threats and malicious attacks targeting cloud workloads and Kubernetes clusters - zero days, supply chain attacks, ransomware, crypto miners, data breaches, file-based or fileless attacks, and more. The platform's adaptive rules focus on responding to malicious incidents, minimizing alert fatigue, and ensuring quick remediation.

"Runtime security is crucial since it serves as the final layer of defense against threats," said Shauli Rozen, CEO and co-founder of ARMO. "While mitigating security risks within the pipeline and cluster architecture is essential, runtime security is necessary to alert you to and manage threats that were not caught by  other defenses."

About ARMO

ARMO is an open-source-driven company and the creator of Kubescape as well as ARMO Platform, the end-to-end runtime-driven, DevOps-first, cloud security platform. ARMO Platform is the only platform that continuously minimizes cloud attack surface based on runtime insights, while actively detecting and responding to cyberattacks with real risk context.

ARMO Platform enables DevOps, security, and platform teams to eliminate the security noise in their clusters from thousands of irrelevant alerts and focus on the most important and exploitable threats. This allows them to shift from managing hypothetical security issues to mitigating actual risks and providing them with the means to remediate them.

About Kubescape

Kubescape is an open-source Kubernetes security tool. It includes risk analysis, security compliance, misconfiguration and vulnerabilities scanning and runtime workload security. Targeted at the DevSecOps practitioner or platform engineer, it offers an easy-to-use CLI interface, flexible output formats, and automated scanning capabilities. In addition, it easily integrates with CI/CD tools and other popular tools in the open-source DevOps stack.

Kubescape is a CNCF sandbox project, created by ARMO in 2021 and accepted by the CNCF in 2022. It will be applying to move to incubation in 2024. For more information about Kubescape and KDR, please visit kubescape.io and the Kubescape GitHub repository.

Contact:
Oshrat Nir, ARMO & Kubescape Developer Advocate
Email: [email protected]  

SOURCE ARMO