Startup Spotlight: RAD Security Brings Behavioral Profiling to Cloud

Consider these two statistics: By 2025, 95% of new applications will be deployed on cloud-native platforms. And in 2023, 90% of teams working with containers and Kubernetes reported a breach.

RAD Security cites these two figures to illustrate the challenges enterprise defenders face in detecting supply chain and cloud-based attacks. The cybersecurity startup offers a behavioral cloud detection and response solution that generates a "consistent, predictable, behavioral baseline" of an organization's cloud environment in order to detect anomalous activity, according to the company, in response to emailed questions from Dark Reading.

RAD Security calls its approach "behavioral workload fingerprinting." Behavioral fingerprints are represented by the deduplicated hierarchy of programs, processes, and files that a container image exhibits at runtime. RAD Security creates "fingerprints that contain 'golden signals,' created by a proprietary algorithm, with key metrics and behaviors that indicate the health and security status of each container," the company says.

The company looks for "drift events," or those events that don't match the baseline, and adds posture and identity context so that defenders understand what is happening in the environment.

"Anomaly detection is not something you can verify in your environment, as it happens in a black box," the company says. "And there are simply not enough cloud attacks to be able to use machine learning to analyze millions of cloud attacks and find new ones."

This approach is appropriate for clouds because it is transparent and portable, the company says.

The team is currently working on making behavioral fingerprints a de facto standard for how behavioral detection and response is done in cloud security, "all the way from early on in the software supply chain to runtime," RAD Security says.

Startup Spotlight Finalist

RAD Security was a Kubernetes Security Operations Center (KSOC) until earlier this year. The name change reflects how the company's scope has evolved beyond being a "best-of-breed Kubernetes Security solution," according to the company. The RAD in RAD Security is not an acronym but references the fact that something radical is technically exciting and "an "irreverence to the status quo," the company says. The name RAD Security is "straightforward, just like the solution we provide."

The four finalists in this year's Black Hat Startup Spotlight competition — DryRun Security, Knostic, LeakSignal, and RAD Security — will present their business models to a panel of judges during the Black Hat USA Conference in Las Vegas on Tuesday, Aug. 6. The judges for this year’s competition are Ketaki Borade (senior analyst, Omdia), Coleen Coolidge (CISO adviser, SF Info Security), Trey Ford (CISO adviser), Hollie Hennessy (senior analyst, Omdia), Maria Markstedter (founder and CEO, Azeria Labs), Lucas Nelson (founding partner, Lytical Ventures), Robert J Stratton III (venture partner, NextGen Venture Partners), and Rik Turner (principal analyst, Omdia). The "Shark Tank"-style competition involves each finalist making a presentation and then answering questions from the panel.

Finalists have the opportunity to demonstrate their technology on the show floor at Black Hat. Visitors to RAD Security's booth will be able to see demonstrations of the platform. The company also announced new features to the platform to "change the way investigations are done in the cloud."

Startup Brief

If the company were a band, what would its band name be?

RAD, and our band would be a full experiential show (like the Sphere in Las Vegas) that engages all your senses.

If your company had a mascot, what would the mascot look like?

"Funny you should ask — we have unveiled our new mascot, their name is BRAD!" Brad is a bear that knows how to be rad when it comes to security.