Behavioral Cloud Application Detection & Response (CADR)
Protect your cloud applications from cyberattacks before they happen and quickly respond to them from code-to-cloud, without being overwhelmed by alerts.
As opposed to other runtime security agents that require constant manual tuning of detection rules, generate lots of alerts without providing any context or flow and consume a lot of resources (CPU, Memory), ARMO Platform’s CADR is lean (60% less resource consumption), correlate data across the entire cloud-cluster-container-code, and is based on application behavior.
A whole new way to protect cloud applications in {runtime}
By combining Cloud logs & API, Kubernetes data, container processes and eBPF-based application runtime behavior data, ARMO Platform’s CADR creates a unique DNA profile of each application. Thus enabling effective detection and automatic response to anomalous behavior, malicious activities and malware with the complete context of the attack, the application and the cloud.
Prevent cyber attacks, stop breaches
Minimal false positives
Low footprint, Low TCO
Threat spotlight
Low touch configuration
Focus on security events, not on managing alerts
With ARMO Platform, you can be confident that every alert is a real malicious event requiring
your full attention.
ARMO Platform provides protection against a broad spectrum of threats and malicious attacks targeting your cloud applications - zero days, supply chain attacks, ransomware, crypto miners, data breaches, file-based or fileless attacks and more.
How it works
{Application Profile DNA - APD}
ARMO Platform uses an eBPF-based runtime sensor to record application behavior activities such as: process activities, file-based activities, API calls, network activities, system calls, actively executed libraries and functions and more.
The recorded baseline is then enriched with relevant context from Kubernetes events, CICD data, cloud data and containers data, resulting in a holistic baseline for applications’ normal behavior and their profile DNA.
Anomaly detection
ARMO Platform alerts on application behavior inconsistent with the baseline Application Profile DNA.
When an application deviates from the benchmark profile, a real-time alert is triggered to flag the anomaly.
Malicious behavioral detection
ARMO Platform detects activities that are consistent with malicious behavior (e.g. in-memory fileless attack, reverse shell, etc.).
If malicious behavior is detected, your application may become compromised. A real-time alert is triggered to flag the threat.
Malware detection
ARMO Platform detects malware based on known properties of malicious software.
If malware is detected it can compromise all instances of your application or workload.
Bringing it all {together}
ARMO Platform combines anomaly detection with behavioral inspection to establish an advanced level of cloud application security within Kubernetes clusters.
In this environment, every action undergoes analysis and review by ARMO Platform's runtime sensor.
Moreover, by integrating malicious behavior and malware detection, ARMO Platform addresses supply chain attacks as they happen.
These two components complement anomaly detection, ensuring that threats are identified even when they might not be apparent as standalone issues.
Threat Response
{Responding to a malicious incident, depends on the identified threat}
In the case of deviation from the expected behavior of the application, or the identification of other malicious behavior, ARMO Platform will flag them immediately and automatically follow the predetermined policy - kill / stop / pause / quarantine - of the processes or containers associated with them (automatically or manually depending on system configuration). Thus, neutralizing the immediate threat to the application and reducing the possible blast radius of an attack.
Continue as a guest