runtime-security
Safeguard articles tagged "runtime-security" — guides, analysis, and best practices for software supply chain and application security.
56 articles
eBPF Rootkits Go Mainstream: Inside IronWorm and the Kernel-Level Turn in Supply Chain Malware
IronWorm shipped a kernel-level eBPF rootkit inside dozens of npm packages, hiding the very processes your security tools rely on seeing. Here is what changed, and how to detect kernel-level supply chain malware before it blinds you.
Container escape attacks: how they happen and how to prev...
Container escapes rarely need a zero-day — privileged flags, mounted sockets, and excess capabilities do the job. Here's how they happen, real CVEs, and how to stop them.
Runtime Application Self-Protection (RASP)
RASP blocks attacks from inside a running app. Learn how it works, how it differs from a WAF, its limits, top vendors, and where it fits with SAST/SCA.
eBPF in Kubernetes
eBPF gives Kubernetes deep runtime visibility, but it only sees what a container does after it starts. Here's what Aqua's Tracee gets right, and where supply chain gaps remain.
Prisma Cloud Runtime Security Deep Review 2026
A working engineer's review of Prisma Cloud's runtime security capabilities in 2026, covering Defender architecture, detection efficacy, and operational realities.
What is Container Security
Container security protects images, runtimes, orchestration, and hosts. Here's what it covers, why 87% of images ship with critical CVEs, and how to fix it.
What is Container Monitoring
Container monitoring tracks metrics, logs, and runtime behavior across ephemeral containers—here's what it covers, why it matters, and how it differs from VM monitoring.
What is Docker Security
Docker security spans image scanning, SBOMs, and runtime controls — see the CVEs, misconfigurations, and real breaches that show why each layer matters.
Falco 0.40: Modern eBPF Is Now Default
Falco's 0.40 release line makes modern eBPF (CO-RE) the default driver, deprecates the legacy probe and gVisor engine, and changes how operators ship Falco. Here's what changed and what to test.
Kubernetes Monitoring Guide
A practical Kubernetes monitoring guide: what to track across nodes, control plane, and workloads, the tools teams use, and where monitoring alone misses supply chain risk.
Deploying Cilium Tetragon for eBPF Runtime Security in 2026
A practical guide to rolling out Tetragon for kernel-level runtime visibility, covering policy authoring, performance overhead, and integration with existing detection pipelines.
Container Runtime Security in 2026: What's Changed and What Hasn't
Container security has matured significantly, but runtime protection remains a weak spot. Here's a practical guide to what works.