With the increasing efforts towards securing our supply chain, there have been a lot of measures to help protect our workloads against known vulnerabilities. But there will always be unknown vulnerabilities that may spawn up at any time and threat actors that can attack at runtime. It is not a matter of if but when. There's a need to enforce security at runtime to contain damages when it happens. This session will be about how (and why) KubeArmor abstracts away the complexity and helps "armoring up" your modern cloud native workloads at runtime. We will try to understand what's happening inside our containers and explore our kernel primitives like eBPF and LSMS which help us identify and quarantine breaches at runtime, minimizing our attack surface in the process.