Runtime security for cloud workloads involves continuously monitoring workload behavior and preventing deviations from normal activity.

The ideal approach is to enforce application-specific zero-trust policies that establish a baseline and prevent unexpected behavior. While, implementing zero trust requires ongoing tuning and is more of a Day 2 operation. In addition, Hardening policies can be established by translating compliance frameworks' prescriptive guidance into enforceable runtime security policies. By adopting a layered runtime security approach, the attack surface can be significantly reduced.

In this talk, we’ll demonstrate how to enhance runtime security using policies influenced by compliance frameworks like CIS and MITRE, etc. We’ll showcase real-world examples and enforce these policies using KubeArmor.