
Implementing Open Source Container Security, Part 1: Runtime Security - mateobur
https://sysdig.com/blog/oss-container-security-runtime/
======
heroprotagonist
> Runtime security can be implemented through monitoring

Sometimes a response engine is good enough for your use cases, but in an ideal
scenario where there are predefined events that you know should not occur,
like some user-uploaded file being executed, there would be some form of
prevention instead of automated incident response. Even a quick response has
potential for impact during the delay.

EG, a write to a database that slips through in a sub-second gap can widen
exposure significantly if it is done tactically enough, such as adding new
admin rights to a login for a web application.

