We are thrilled to announce that Cloud Compliance is now available in ARMO platform, providing security and compliance teams with a powerful way to assess and maintain compliance across their AWS environments. With this new capability, ARMO automatically scans your cloud assets against industry-leading frameworks, ensuring that your cloud security posture aligns with best practices and regulatory requirements.

While Cloud Security Posture Management (CSPM) and hardening are crucial security processes for maintaining a strong security posture, applications are most vulnerable during runtime, where unexpected threats can emerge. CSPM tools continuously scan cloud environments to detect misconfigurations, enforce compliance, and prioritize risks based on potential impact. However, runtime security becomes essential for addressing dynamic threats.

Unlike static environments, cloud workloads are constantly shifting, with containers and virtual machines spinning up and down, and crucial sensitive information flowing dynamically across multiple platforms. Recent incidents, such as the increase in container-based malware infections and cloud misconfigurations resulting in major data breaches, have highlighted the need for runtime security.

Exciting news for ARMO Platform users! We’re thrilled to announce the new version of container registry scanning to our suite of security features. This powerful enhanced capability improves your container security posture by allowing you to detect vulnerabilities earlier in the development process.

In today’s landscape of microservices, Kubernetes, and cloud environments, attacks can come from multiple vectors, with varying degrees of complexity. Understanding these vectors and how to detect them is crucial for securing your infrastructure and applications. This post will explore various attack scenarios including SQL Injection and Cluster Takeover, structured around the 4 Cs of cloud security: Cloud, Cluster (Kubernetes), Container (workload), and Code (application).

Imagine this situation: you recently updated one of your infrastructure software components. A few weeks later, you notice your AWS bill has gone up and you’re not sure why. After some digging, you find that the auto-scaler for this component is constantly scaled to the maximum. It takes days to realize that this change in behavior started right after the software update. You start asking around to see if anyone else is having the same issue with this new version.

The Digital Operational Resilience Act (DORA) is a disruptive policy that came into effect in January 2025 with the objective to boost the cyber resilience of financial institutions in the European Union. As digital transformation increases, it is crucial to ensure the availability, integrity, and confidentiality of critical IT systems to sustain financial market trustworthiness and stability.

It is becoming increasingly important for organizations to manage Kubernetes security costs as they deploy, scale, and manage containerized applications using Kubernetes. Organizations must ensure robust protection without overpaying, especially as 89% of enterprises experience at least one Kubernetes or container-related security incident annually (VentureBeat).

We are excited to announce the upcoming enhancement of ARMO Platform’s Threat Detection and Response feature, designed to provide more robust, real-time security protection for your cloud and Kubernetes environments. While the existing feature effectively detects anomalies, suspicious behavior, and active threats, we recognize the need for additional critical components: Policies, Response, and notifications.

In this blog post, we will introduce the concept of behavioral Cloud Application Detection & Response (CADR). In case this is the first time you have heard of CADR, we’ll start by explaining that concept and explain why it’s essential for protecting modern applications. Let’s go.