Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Unlike static environments, cloud workloads are constantly shifting, with containers and virtual machines spinning up and down, and crucial sensitive information flowing dynamically across multiple platforms. Recent incidents, such as the increase in container-based malware infections and cloud misconfigurations resulting in major data breaches, have highlighted the need for runtime security.

Exciting news for ARMO Platform users! We’re thrilled to announce the new version of container registry scanning to our suite of security features. This powerful enhanced capability improves your container security posture by allowing you to detect vulnerabilities earlier in the development process.

In today’s landscape of microservices, Kubernetes, and cloud environments, attacks can come from multiple vectors, with varying degrees of complexity. Understanding these vectors and how to detect them is crucial for securing your infrastructure and applications. This post will explore various attack scenarios including SQL Injection and Cluster Takeover, structured around the 4 Cs of cloud security: Cloud, Cluster (Kubernetes), Container (workload), and Code (application).

Imagine this situation: you recently updated one of your infrastructure software components. A few weeks later, you notice your AWS bill has gone up and you’re not sure why. After some digging, you find that the auto-scaler for this component is constantly scaled to the maximum. It takes days to realize that this change in behavior started right after the software update. You start asking around to see if anyone else is having the same issue with this new version.

The Digital Operational Resilience Act (DORA) is a disruptive policy that came into effect in January 2025 with the objective to boost the cyber resilience of financial institutions in the European Union. As digital transformation increases, it is crucial to ensure the availability, integrity, and confidentiality of critical IT systems to sustain financial market trustworthiness and stability.

It is becoming increasingly important for organizations to manage Kubernetes security costs as they deploy, scale, and manage containerized applications using Kubernetes. Organizations must ensure robust protection without overpaying, especially as 89% of enterprises experience at least one Kubernetes or container-related security incident annually (VentureBeat).

We are excited to announce the upcoming enhancement of ARMO Platform’s Threat Detection and Response feature, designed to provide more robust, real-time security protection for your cloud and Kubernetes environments. While the existing feature effectively detects anomalies, suspicious behavior, and active threats, we recognize the need for additional critical components: Policies, Response, and notifications.

In this blog post, we will introduce the concept of behavioral Cloud Application Detection & Response (CADR). In case this is the first time you have heard of CADR, we’ll start by explaining that concept and explain why it’s essential for protecting modern applications. Let’s go.

Kubernetes security is a critical part of the app lifecycle, through the build, deployment and runtime stages. Kubernetes runtime environments are dynamic and continuously changing. As clusters are replaced and permissions reassigned, security becomes an innate part of DevOps. It is important to ensure that malware and other malicious attacks do not access the cloud, as they might lead to system failures, servers going down, and more.

Kubernetes is a revolutionary technology for orchestrating containerized applications, enabling organizations to deploy and manage applications efficiently. Containers’ portability, scalability, and agility have transformed software development and deployment. However, these benefits come with significant security challenges, including risks associated with vulnerabilities in container images and potential misconfigurations.