ARMO launches behavioral-based cloud detection
and response to protect workloads from cyberattacks
before and during attempted exploits, without being overwhelmed by
alerts
TEL
AVIV, Israel, June 26,
2024 /PRNewswire/ -- ARMO, the cloud security and
workload protection innovator and creator of Kubescape, announced
today the launch of its new ARMO Cloud Detection & Response
solution, providing robust security for workloads.
This new offering addresses the residual threats that may
persist during runtime, even after thorough scanning during
development and deployment. The solution builds on Kubescape's
open-source threat detection capabilities by adding observed
application behavior with context from Kubernetes, cloud
environment, security policies, and workload characteristics. This
creates a unique Application Profile DNA (APD™) that serves as the
baseline for detecting anomalies, malicious activities, and malware
in real-time.
ARMO's approach focuses on providing actionable results while
reducing false positives, without impacting application
functionality. This approach leads to more secure applications
while mitigating alert fatigue for security teams.
By utilizing Kubescape, ARMO Platform boosts workload protection
within Kubernetes clusters by providing runtime threat detection
and response capabilities. Using an eBPF-based runtime sensor to
determine expected application behavior, Kubescape establishes a
baseline and will then detect and flag any deviations or suspicious
behavior, leading to enhanced workload protection. This technology
focuses on reducing false positives and maintaining a low resource
footprint, reducing operating costs by up to 60% compared to
traditional runtime agents.
"Legacy Endpoint Detection & Response solutions have
struggled to keep up with the visibility and context challenges
posed by modern containerized and cloud-native microservices
architectures running on Kubernetes, necessitating the evolution to
Cloud Detection Response," said Ben
Hirschberg, CTO and co-founder of ARMO, and core maintainer
of Kubescape.
ARMO combines anomaly detection with behavioral inspection,
addressing a broad spectrum of threats and malicious attacks
targeting cloud workloads and Kubernetes clusters - zero days,
supply chain attacks, ransomware, crypto miners, data
breaches, file-based or fileless attacks, and more. The platform's
adaptive rules focus on responding to malicious incidents,
minimizing alert fatigue, and ensuring quick remediation.
"Runtime security is crucial since it serves as the final layer
of defense against threats," said Shauli
Rozen, CEO and co-founder of ARMO. "While mitigating
security risks within the pipeline and cluster architecture is
essential, runtime security is necessary to alert you to and manage
threats that were not caught by other defenses."
About ARMO
ARMO is an open-source-driven company and the creator of
Kubescape as well as ARMO Platform, the end-to-end runtime-driven,
DevOps-first, cloud security platform. ARMO Platform is the only
platform that continuously minimizes cloud attack surface based on
runtime insights, while actively detecting and responding to
cyberattacks with real risk context.
ARMO Platform enables DevOps, security, and platform teams to
eliminate the security noise in their clusters from thousands of
irrelevant alerts and focus on the most important and exploitable
threats. This allows them to shift from managing hypothetical
security issues to mitigating actual risks and providing them with
the means to remediate them.
About Kubescape
Kubescape is an open-source Kubernetes security tool. It
includes risk analysis, security compliance, misconfiguration and
vulnerabilities scanning and runtime workload security. Targeted at
the DevSecOps practitioner or platform engineer, it offers an
easy-to-use CLI interface, flexible output formats, and automated
scanning capabilities. In addition, it easily integrates with CI/CD
tools and other popular tools in the open-source DevOps stack.
Kubescape is a CNCF sandbox project, created by ARMO in 2021 and
accepted by the CNCF in 2022. It will be applying to move to
incubation in 2024. For more information about Kubescape and KDR,
please visit kubescape.io and the Kubescape GitHub repository.
Contact:
Oshrat Nir, ARMO & Kubescape
Developer Advocate
Email: oshratn@armosec.io
View original
content:https://www.prnewswire.com/news-releases/armo-rolls-out-advanced-cloud-detection-and-response-protecting-cloud-workloads-at-runtime-302182951.html
SOURCE ARMO