Safeguard
Tag

runtime-security

Safeguard articles tagged "runtime-security" — guides, analysis, and best practices for software supply chain and application security.

56 articles

Supply Chain Security

eBPF Rootkits Go Mainstream: Inside IronWorm and the Kernel-Level Turn in Supply Chain Malware

IronWorm shipped a kernel-level eBPF rootkit inside dozens of npm packages, hiding the very processes your security tools rely on seeing. Here is what changed, and how to detect kernel-level supply chain malware before it blinds you.

Jun 16, 20267 min read
Container Security

Container escape attacks: how they happen and how to prev...

Container escapes rarely need a zero-day — privileged flags, mounted sockets, and excess capabilities do the job. Here's how they happen, real CVEs, and how to stop them.

Apr 26, 20269 min read
Application Security

Runtime Application Self-Protection (RASP)

RASP blocks attacks from inside a running app. Learn how it works, how it differs from a WAF, its limits, top vendors, and where it fits with SAST/SCA.

Apr 15, 20267 min read
Container Security

eBPF in Kubernetes

eBPF gives Kubernetes deep runtime visibility, but it only sees what a container does after it starts. Here's what Aqua's Tracee gets right, and where supply chain gaps remain.

Apr 15, 20267 min read
Cloud Security

Prisma Cloud Runtime Security Deep Review 2026

A working engineer's review of Prisma Cloud's runtime security capabilities in 2026, covering Defender architecture, detection efficacy, and operational realities.

Apr 12, 20265 min read
Container Security

What is Container Security

Container security protects images, runtimes, orchestration, and hosts. Here's what it covers, why 87% of images ship with critical CVEs, and how to fix it.

Mar 22, 20267 min read
Container Security

What is Container Monitoring

Container monitoring tracks metrics, logs, and runtime behavior across ephemeral containers—here's what it covers, why it matters, and how it differs from VM monitoring.

Mar 20, 20267 min read
Container Security

What is Docker Security

Docker security spans image scanning, SBOMs, and runtime controls — see the CVEs, misconfigurations, and real breaches that show why each layer matters.

Mar 20, 20268 min read
Tools

Falco 0.40: Modern eBPF Is Now Default

Falco's 0.40 release line makes modern eBPF (CO-RE) the default driver, deprecates the legacy probe and gVisor engine, and changes how operators ship Falco. Here's what changed and what to test.

Mar 19, 20266 min read
Container Security

Kubernetes Monitoring Guide

A practical Kubernetes monitoring guide: what to track across nodes, control plane, and workloads, the tools teams use, and where monitoring alone misses supply chain risk.

Mar 19, 20266 min read
Container Security

Deploying Cilium Tetragon for eBPF Runtime Security in 2026

A practical guide to rolling out Tetragon for kernel-level runtime visibility, covering policy authoring, performance overhead, and integration with existing detection pipelines.

Mar 4, 20266 min read
Cloud Security

Container Runtime Security in 2026: What's Changed and What Hasn't

Container security has matured significantly, but runtime protection remains a weak spot. Here's a practical guide to what works.

Mar 1, 20266 min read
runtime-security (Page 2) — Safeguard Blog