New runtime security tool scans ongoing attacks in cloud workloads

Cloud cybersecurity provider Sweet Security has launched a new runtime security platform, dubbed Sweet, to enable security teams to detect and respond to cloud-based attacks in runtime.

The platform deploys sensors in the runtime environment to provide CISOs and security teams with cloud-native cluster visibility.

“Like legacy detection and responses solutions, we have sensors deployed in the target environment,” said Eyal Fisher, chief product officer at Sweet Security. “But our sensor is built specifically for cloud workloads, native apps running on clouds. The sensors send us telemetry from the runtime environments and help us identify behavior deviation.”

Sweet runs a SaaS model and will be offered as a tiered subscription, with the price depending on the number of features a customer opts for.

Sweet deploys runtime sensors

Sweet deploys runtime sensors that screen application data and business logic, and process them through an in-house framework to profile workload behavior anomalies and contextualize them with traditional tactics, techniques, and procedures (TTPs).

“Our runtime sensors bring back to us the telemetry from the target environment including workloads, logs, and APIs, and help us build a baseline behavior for the applications running on the cloud,” Fisher said. “So now, when there is a deviation, we know that might be an attack and conduct further investigation.”

Sweet will be delivered as a modular platform with a different suite of features or capabilities available at each licensed tier. With the announcement, the company also revealed $12 million in seed funding from a clutch of investment funds and angel investors.

Sensors use eBPF technology

Sweet’s runtime sensors use the extended Berkley Packet Filter (eBPF) technology, which lets programs run on Linux-based system kernels without needing to add additional modules or modify the kernel source code.

“The technology used in our sensors is eBPF technology which enables us to have visibility to the kernel level of each node of each computer, without the need to be installed on the host,” said Fisher. “So, the sensor is super light, super lean, consumes very few resources from one hand, but due to the eBPF technology, we have insights down to granular levels.”

The eBPF technology can be thought of as deploying a lightweight, sandboxed virtual machine (VM) within the Linux kernel. It is popularly considered for delivering third-party services including observability, security, and networking.

Cloud Security, Security Software

Go to Source