ARMO is a Cloud Runtime Security company providing the first Open Source driven Behavioral Cloud Application Detection and Response Platform.
ARMO Platform is the only solution that continuously minimizes cloud attack surface based on runtime insights, while actively detecting and automatically responding to cyberattacks as they happen without flooding teams with alerts. It provides a fully explainable & traceable runtime security story spanning the entire cloud security stack.
Pulse 2.0 interviewed ARMO CEO and co-founder Shauli Rozen to learn more about the company.
Shauli Rozen’s Background
What is Shauli Rozen’s background? Rozen said:
“My background is in engineering, and then I transitioned into the DevOps and security space. We opened ARMO to create the next-generation cloud security technology, leveraging runtime information to enhance posture management, security, and threat detection based on real-time risk assessment.”
Formation Of ARMO
How did the idea for the company come together? Rozen shared:
“In 2021, we were getting feedback from CISOs and security teams highlighting the need for basic solutions around posture management during the initial phases of cloud & Kubernetes adoption. They prioritized risk identification and management due to the noise in the system.”
“In response, we developed Kubescape, an open-source technology tailored to the needs of DevOps. This technology gained rapid traction within the open-source community, amassing thousands of GitHub stars overnight, now totaling over 10,000 stars and over 100,000 users. As cloud adoption and technology maturity increased, we reintegrated runtime into our platform. Today, we offer a comprehensive solution that prioritizes cloud security issues and detects attacks in real-time.”
Favorite Memory
What has been Rozen’s favorite memory working for the company so far? Rozen reflected:
“My favorite memory at ARMO was launching our open-source project around Kubernetes and cloud-native security and witnessing its rapid growth and success. Collaborating with the CNCF and the community has been incredibly rewarding. The extensive user feedback we’ve received has been invaluable in helping us build a better product by pinpointing customer pain points and desired features.”
Core Products
What are the company’s core products and features? Rozen explained:
“ARMO offers a runtime-driven, open-source basedKubernetes-centered, Cloud Runtime Security Platform.”
“ARMO Platform, which is based on Kubescape, is the only platform that continuously minimizes cloud attack surface based on runtime insights, while actively detecting and responding to cyberattacks with real risk context.”
“ARMO uses an eBPF-based runtime sensor to record the application’s normal behavior and related activities and events. The recorded baseline is enriched with relevant context from Kubernetes events and cloud and container data to detect and respond to attacks in real time, reduce incident alert overload, and provide proactive cloud security posture and hardening.
ARMO Platform collects data from Cloud logs, Kubenerets APIs, and cluster-container-application runtime behavior to generate an Application Profile DNA (APDTM), which is the holistic baseline for applications’ normal behavior, configuration, and policies.
ARMO Platform uses an eBPF-based runtime sensor to record application behavior and related activities. The recorded baseline is then enriched with relevant context from Kubernetes events, CI/CD data, cloud data, and containers’ data. The result is an Application Profile DNA (APDTM), which is the holistic baseline for applications’ normal behavior, configuration, and policies.”
“Using APD, ARMO Platform enables automatic and continuous cloud security posture management to harden cloud-native infrastructure and workloads and to remediate security risks without breaking applications. By detecting and responding to anomalous behaviors, malicious activities, and malware, ARMO cloud detection & response (CDR) protects workloads from cyberattacks at runtime. It instantly detects and responds to them without flooding teams with alerts. “
“Using APD, ARMO Platform enables automatic and continuous cloud security posture management to harden cloud-native infrastructure and workloads and to remediate security risks without breaking applications. By detecting and responding to anomalous behaviors, malicious activities,s and malware, ARMO behavioral cloud application detection & response (CADR) protects workloads from cyberattacks at runtime. It instantly detects and responds to them without flooding teams with alerts and provides a full explainable & traceable runtime security story spanning the entire cloud security stack..”
“ARMO Platform protects any type of cloud and Kubernetes deployments: managed, on-premises, and air-gapped.”
Industry Challenges
Have there been any industry challenges in your line of work recently? Rozen acknowledged:
“There are gaps in the market that still need addressing. Companies often struggle to integrate runtime data with posture management, leading to an incomplete understanding of risks and necessary actions. This gap remains unsolved, and we believe it will only become more pronounced with how cyber will shift.”
Evolution Of ARMO’s Technology
How has the company’s technology evolved since launching? Rozen noted:
“ARMO’s technology has evolved significantly in the last few years because of the ability to bring together cloud data, Kubernetes data, and runtime data using eBPF and Kubescape and connect those together in a way that creates value. We started with a focus on runtime, as the market shifted to posture we saw the opportunity to bridge the gap between the two approaches with a comprehensive solution.”
“The crown jewel of our technology is our Application Behavioral DNA profile (APDTM), which basically takes that information and creates a very deterministic way to understand how applications behave vs when they aren’t behaving the way they should, what we call anomalies, creating alerts that reduce the alert fatigue and the false positives that one might get from other technologies.”
Customer Success Stories
When asking Rozen about customer success stories, he highlighted:
“Orange Business uses our platform to secure its cloud and its customers’ clouds effectively in an on-prem environment.”
“We have other customers who have seen a reduction of over 90% in issues and improved prioritization, achieving compliance capabilities like FedRAMP.”
“One customer quantified their savings at over $200,000 annually by using our platform to address cloud security issues.”
Differentiation From The Competition
What differentiates the company from its competition? Rozen affirmed:
“ARMO’s key differentiator is our ability to combine runtime information with cloud and Kubernetes context to prioritize and create runtime-driven security for the cloud. We alert on real-time risks rather than hypothetical ones, using runtime information to identify applicable risks accurately. Our runtime protection and threat detection are highly accurate, reducing false positives without limiting detection rates.”
Future Company Goals
What are some of the company’s future company goals? Rozen concluded:
“In the past few years, ARMO has secured multiple Fortune 500 customers with increasingly larger deals. Our goal is to maintain this momentum, secure more significant enterprise deals, and become a dominant force in the cloud security landscape.”
