Cloud-native security company RAD Security has released the industry’s first behavioural detection and response solution for cloud-native environments at the RSA Conference in San Francisco this week.
RAD says to date, signature and anomaly-based methods are late and ineffective against cloud-native attacks like the recent XZ Backdoor. RAD’s detection and response platform is the first to baseline behaviour through workload fingerprints, detecting cloud-native attacks as they happen while tying in real-time infrastructure and identity context for response prioritisation. New features in this release include:
- Fingerprints and drift for unique containers: RAD can now create cloud-native behavioural workload fingerprints and detect drift for custom containers (versus just open source) at runtime;
- eBPF sensor: RAD is releasing a newly re-configured, custom eBPF sensor to get around the inflexibility and instability inherent in legacy agents. RAD’s agent requires the fewest and most precise permissions, has more flexibility for correlation of data across the environment, and a smaller footprint;
- Response actions: Customers can terminate pods, label pods, and quarantine pods (e.g. prevent network egress from pods) in response to drift detection;
- AI/LLM Categorization of Drift Events: Drift events get classified into different attacks (if known), based on LLM-driven analysis;
- Workflow manager: Set up automated workflows to choose how to respond to detections from RAD.
RAD says its behavioural fingerprints are due to most cloud-native workloads exhibiting a consistent set of core processes, programs and files at runtime. Any drift from this core set of behaviours is suspicious. RAD fingerprints get critical context from its ITDR and KSPM capabilities to help reduce noise and allow teams to understand the true impact of detections, compared to leading CSPM and CNAPP vendors that leave teams blind to the real-time changes between cloud native identity, infrastructure, and workloads.
“As the footprint of cloud-native environments continues growing, security teams can no longer rely on signature-based detection that only works after the attack, or false promises from AI and machine learning models based on insufficient samples of cloud attacks,” said RAD Security CTO and Co-Founder, Jimmy Mesta.