Infrastructure vs. Runtime — Where Are Your Priorities?

COMMENTARY

Each year, while attending the Black Hat conference, I gain fresh insights into the cybersecurity landscape, particularly from my interactions with new companies and passionate startup founders. My role as an executive adviser to various cybersecurity startups provides me with a unique perspective, allowing me to observe companies at different stages — from stealth startups validating their ideas to later-stage companies striving to secure a Series B round of funding and expand their market presence.

However, the emergence of new threat vectors and exposures in cloud security often results in significant overlap in solutions, leading to confusion and making it challenging for practitioners to determine the best investment. This is especially true when evaluating cloud security solutions like CNAPP (cloud-native application protection platform) and CSPM (cloud security posture management).

The cybersecurity industry is constantly evolving, inundated with new acronyms, buzzwords, and purportedly revolutionary solutions, all vying for attention. Yet many of these solutions fail to deliver on their promises, leaving organizations questioning their security priorities. Should the focus be on securing infrastructure, or is runtime security the key to safeguarding operations?

The Impact of Cloud Technology on Security Strategies

The rapid expansion of cloud technology has fundamentally altered the security landscape. Traditional network engineers are being replaced by cloud-focused engineers, driven by the cloud's promise of scalability and flexibility. However, this shift has introduced new security challenges that many businesses are still grappling with.

Drawing from my experiences, I've tried to gain a deeper understanding of the challenges large enterprises face in securing their cloud platforms. While the cloud offers significant advantages, it also necessitates a new approach to security — one that many organizations find difficult to maintain in the face of a dynamic and ever-evolving threat landscape.

CSPM solutions are now central to cloud security strategies, ensuring secure configurations and compliance with industry standards. However, as the market has matured, it has become saturated with new acronyms and marketing terms, adding layers of complexity and confusion for customers.

Securing infrastructure is fundamental. It involves ensuring that your cloud environment is securely configured, vulnerabilities are effectively managed, and compliance requirements are consistently met. Without this foundation, other security efforts are compromised. However, as cyber threats become more sophisticated, runtime security — which addresses threats as applications and services are actively running — has become equally critical.

The Rising Importance of Runtime Security

Effective runtime security goes beyond reactive measures. It requires deep integration with the customer's business logic to offer informed security recommendations, such as adopting a least-privilege model. This involves comparing the runtime state against the desired state, detecting traffic patterns for managed cloud services like S3 or RDS, and controlling provisions or restrictions for modern agents like eBPF (extended Berkeley Packet Filter). These capabilities are essential for anticipating and mitigating threats before they cause significant harm.

An effective runtime solution allows two opposing teams to work more effectively to achieve shared goals, which makes me want to understand whether new vendors hyperfocused on solving runtime security have these challenges in their solutions. To succeed in offering runtime security, solution providers must demonstrate, with unquestionable evidence, that their solutions are superior to existing cloud-native offerings like AWS GuardDuty, Azure Sentinel, or GCP Security Command Center. If these leading platforms, backed by top-class engineers, can't fully secure the runtime environment, why should customers believe an external solution could do better? This credibility challenge is significant, and solution providers must bring more than promises — they need proven, demonstrable superiority.

Data normalization also remains a critical obstacle. Effective comparative analysis requires all data to be normalized, yet the industry lacks a public standard for this process — one that even the Cloud Security Alliance (CSA) hasn't published. This absence makes it exceedingly difficult to create a reliable comparative model that can be trusted across the industry.

Enterprises with concentrated engineering resources often develop homegrown strategies, frequently leveraging open source tools like OpenQuery. These custom approaches add another layer of complexity, making it harder for external solutions to prove their worth.

Identifying the Right Focus

So, where should your focus lie? Securing your infrastructure and implementing runtime security are vital components of a comprehensive cloud security strategy. Organizations must invest in building a secure infrastructure while also developing robust runtime security measures that can detect and respond to threats in real-time.

To navigate this complex security landscape effectively, it's crucial to understand your organization's specific needs and craft a security strategy that addresses all aspects of cloud security. Whether transitioning from a legacy system to the cloud or operating within a cloud-native environment, the ultimate goal remains the same: protecting your operations against the myriad threats of today's digital world.