In today’s technology landscape, security leaders often find themselves under immense pressure: their resource-constrained teams are expected to mitigate growing risks, navigate complex infrastructures, and implement best practices, all while justifying their value to executive leadership.

Runtime security is all about real-time protection, actively monitoring and responding to threats as they happen, not just hardening, setting up barriers or reacting to attacks after the fact. Think of it this way: traditional security measures prevent most intruders, but what about the ones that manage to get in? Runtime security alerts you to any suspicious activity and takes immediate action to stop it. Why is this so important for containers?

Vulnerability management has always been a challenge, but today’s security teams are feeling the pressure more than ever. With thousands of new CVEs reported every month, the sheer volume makes it difficult to know where to focus. In-use vulnerability prioritization is one of the most effective ways to cut through the noise, focusing only on vulnerabilities that are actively loaded in runtime. To focus on what really matters, security teams need better ways to prioritize risk.

Threat response is a cornerstone of cloud security, but its roots lie in the early days of antivirus software. Back then, responding to threats was fairly linear and straightforward — stop the malicious process, quarantine it, remove or delete if necessary, and move on. However, modern cloud environments have revolutionized how threats operate, making it clear just how much the game has changed.

Cloud security teams are often faced with an onslaught of noise from their detection tooling, making it nearly impossible to distinguish truly malicious threats from benign behaviors. Many threats will go uninvestigated simply because there aren’t enough analysts for the sheer amount of alerts, leaving organizations exposed to potential breaches.

We’re excited to announce that Kubescape has officially entered the CNCF Incubating stage! This achievement marks a huge step for the project. The 2021 idea, devised by Ben Hirschberg, ARMO CTO and Co-founder, to create a simple tool for scanning Kubernetes clusters against NSA-CISA hardening guidelines, has since developed, expanded, improved and matured. Kubescape is now a robust, full-fledged security platform, all thanks to the amazing support from the Kubescape community and CNCF.

Plugins are shared libraries that conform to a documented API, hooking into the core functionalities of Falco to allow things such as adding new event sources that can be evaluated using filtering expressions/Falco rules. Since Falco is open source, users can build plugins for just about any arbitrary 3rd party event source. In recent blog posts, we discussed how Falco can be extended to event stream sources such as Gitlab, Salesforce and Box via the Falco Plugin architecture.

Kubernetes security is an evolving challenge, and staying compliant with industry best practices is crucial. That’s why we’re excited to announce that ARMO now supports the latest CIS Kubernetes Benchmark v1.10! Get your Kubernetes Security Checklist now.

Vulnerability management in the cloud is more challenging than ever. Security teams are drowning in vulnerability alerts, asked to deal with them quickly even as the list continues to expand. What they lack is a clear path to remediation. Legacy tools flood teams with critical alerts, while offering little guidance on which fixes will be most impactful. Vulnerability management isn’t just about identifying the biggest risks — it’s about taking decisive action.