ARMO CADR minimizes the cloud attack surface, detects and responds to unknown and known cyberattacks while ensuring business continuity, combining the power of CDR and ADR solutions
TEL AVIV, Israel – ARMO, the leading Cloud Runtime Security company and the creator of Kubescape, announced today the launch of its Behavioral Cloud Application Detection and Response (CADR) solution. ARMO CADR provides a full explainable and traceable runtime security story spanning the entire cloud stack and responds to threats without flooding teams with alerts.
The transition to cloud-native applications has introduced new cybersecurity challenges. Traditional application architectures have been replaced by distributed containerized services deployed across numerous environments and vendors. This transformation creates a tightly bound relationship between applications and their underlying infrastructure, resulting in a more convoluted attack surface. Security operations teams find themselves grappling with fragmented alerts from multiple tools, each providing only a partial view of potential threats.
ARMO CADR is the first runtime security solution to provide a holistic view of a threat, from the line of code being exploited, to the cloud API where the data resides. It links high-level cloud activity to suspicious application level behaviors providing detailed visibility into the compromised application function and APIs. By mapping attacks from the cloud management layer to specific code execution, it accelerates incident investigation and response by giving SecOps teams the missing context for cloud alerts. This approach improves detection accuracy and forensic analysis of cloud-native threats.
“Threat actors don’t respect organizational silos in cybersecurity and security solutions shouldn’t either,” said Shauli Rozen, CEO and cofounder of ARMO. “ARMO CADR connects all of the data points across the cloud into a single attack story and provides the means to stop attacks in a way that poses minimal to no effect on business operations, thereby alleviating much of the friction and inefficiencies that occur among siloed stakeholders.”
ARMO CADR leverages the company’s open source Kubescape’s eBPF-based runtime sensor to establish baseline application behavior patterns. This foundation is continuously enriched with contextual data from Kubernetes events, cloud infrastructure, and container metrics, enabling real-time attack detection and response with granular visibility across stack traces, APIs, network layers, and code functions.
The solution also addresses the fundamental tension between SecOps and DevOps teams. SecOps focuses on threat prevention and DevOps prioritizes application uptime. These competing objectives often create friction. ARMO’s open source-based approach introduces transparency into the security layer, fostering mutual trust between teams. By allowing DevOps to verify detection mechanisms rather than working with a “black box,” the solution aligns security practices with operational goals.
Additionally, ARMO CADR offers advanced threat response. Security teams can define response policies that trigger automatic actions to contain or mitigate security threats, without manual intervention, while accounting for accepted risk of workloads or containers. ARMO’s response options go beyond standard responses with the option of Soft Quarantine, which secures suspicious processes or containers while maintaining application uptime by using strict network policies and seccomp profiles. The system also offers Blast Radius Analysis, visualizing the affected resources and interrelationships and substantially improves mean-time-to-discover and mean-time-to-resolve. This combination of automated, context-aware responses contributes to overall system security and compliance while reducing response times.
