* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [Cloud Security](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/)
* [CDR](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/category/cdr/)
* Cloud Runtime Security Wi...

# Cloud Runtime Security Without Tradeoffs

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fruntime-security-without-tradeoffs%2F)  
[](https://twitter.com/share?text=Cloud+Runtime+Security+Without+Tradeoffs&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fruntime-security-without-tradeoffs%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fruntime-security-without-tradeoffs%2F&title=Cloud+Runtime+Security+Without+Tradeoffs&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/runtime-security-without-tradeoffs/&ts=markdown)  
\[\](mailto:?subject=Cloud Runtime Security Without Tradeoffs)  
Link copied  
By [Orion Cassetto](https://www.paloaltonetworks.com/blog/author/orion-cassetto/?ts=markdown "Posts by Orion Cassetto") and [Mohit Bhasin](https://www.paloaltonetworks.com/blog/author/mohit-bhasin/?ts=markdown "Posts by Mohit Bhasin")  
Mar 11, 2025  
5 minutes  
[CDR](https://www.paloaltonetworks.com/blog/cloud-security/category/cdr/?ts=markdown)  
[Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown)  
[Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)  
[Agent or Agentless](https://www.paloaltonetworks.com/blog/tag/agent-or-agentless/?ts=markdown)

Cloud applications and the infrastructure and workloads that power them are mission critical. Today's organizations need more than the "good enough" visibility offered by lightweight agents. Reliable cloud security leaves nothing to chance --- not when an attack can quickly turn into a breach. Organizations need cloud runtime protection that stops threats in real time.

## Challenges with Modern Cloud Attacks

As cloud adoption has skyrocketed, adversaries have followed. Up to [80% of security exposures](https://www.paloaltonetworks.com/resources/research/2023-unit-42-attack-surface-threat-report) start in the cloud, with 45% of risks changing every month, making them moving targets. Not only do misconfigurations give attackers a direct path to critical resources, but they also enable lateral movement --- and often without triggering alarms. Defending the cloud becomes more challenging by the day.

## Moving Beyond Basic Visibility

Traditionally, cloud security tools conduct point-in-time scans for vulnerabilities and misconfigurations in cloud environments. The problem? Attackers aren't waiting for your next agentless scan --- not when they can exploit vulnerabilities [within 15 minutes of public disclosure](https://www.paloaltonetworks.com/resources/research/2023-unit-42-attack-surface-threat-report). Yes, agentless scanning helps identify risks. But it fails to stop zero-day exploits, malware execution and privilege escalations, which require continuous monitoring and protection.

* **Periodic Scans Don't Cut It:** The time between security scans leaves organizations exposed, giving attackers a window of opportunity that can lead to undetected breaches. Instead, opt for real-time visibility to ensure attacks aren't missed.
* **Monitoring Doesn't Equal Blocking:** Gathering rich telemetry for forensics and incident response is critical, but it's not a replacement for stopping attacks.
* \*\*Lightweight sensors aren't enough:\*\*Only equipped to identify basic activity --- such as file integrity changes, image drift, log tampering, and network scanning --- lightweight sensors can't stop breaches. Sophisticated exploits and unknown threats require more robust protection.

Without cloud runtime security, organizations aren't safe from active cloud threats. Effective cloud runtime security requires real-time threat detection and advanced protection capabilities deployed on critical workloads, complementing lightweight sensors.

## Cortex Cloud Delivers the Best of Both Worlds

With [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud), you get agentless scanning unified with a best-in-class CDR agent for seamless visibility, real-time monitoring and cloud runtime protection. This approach secures modern cloud-native architectures without compromising on performance, operational efficiency or the ability to prevent sophisticated threats.

* \*\*Seamless Visibility:\*\*Agentless scanning provides visibility into cloud environments, while rapidly uncovering cloud security risks.
* **Advanced Threat Detection:** Machine learning models continuously analyze cloud workloads and user behavior to detect stealthy threats like credential theft, cryptomining and suspicious token usage.
* **Industry-Leading Runtime Protection** : Stop attacks with a natively integrated [cloud detection and response (CDR)](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-detection-and-response-cdr) agent, validated by industry-best results in [2025 MITRE ATT\&CK](https://www.paloaltonetworks.com/cortex/cortex-xdr/mitre) testing. The agent provides real-time protection across cloud workloads, preventing malware, exploits and behavioral threats, with minimal resource consumption.
* **Pioneering Detection and Response:** Rapidly gather rich forensic detail and instantly understand the root cause of a cloud attack for effective containment, from the leader in [XDR](https://www.paloaltonetworks.com/cyberpedia/what-is-extended-detection-response-XDR).

Cortex Cloud combines agentless scanning with a powerful agent that detects and blocks advanced threats in real time, you can ensure uncompromised cloud runtime security.

### Simplified Onboarding and Management

Cortex Cloud makes adopting cloud runtime security simple and effective, delivering:

* \*\*Effortless Onboarding:\*\*With flexible deployment options, you gain frictionless visibility into their cloud accounts with one-click agentless onboarding or autodeploy agents for real-time protection.
* \*\*Simplified management:\*\*Our single-agent framework for both endpoint and cloud reduces the overhead of deploying multiple agents. The agent includes auto-upgrades, so security teams don't have to worry about updates and patches.
* **Broad Compatibility Across Technologies and Operating Systems:** The [Cortex XDR^®^](https://www.paloaltonetworks.com/cortex/cortex-xdr) agent provides [flexible deployment options](https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Compatibility-Matrix/Where-can-I-install-the-Cortex-XDR-agent) to secure diverse cloud workloads, including VMs, containers, Kubernetes and serverless functions.
* **Flexible Operation:** Teams can choose between a user-space Linux agent that runs entirely in user space (removing kernel version dependencies) and a kernel-space Linux agent that blocks kernel exploits and offers kernel integrity monitoring.

## Complete Cloud Security from Code to Cloud to SOC

[Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud) brings together our best-of-breed [Cloud Detection and Response (CDR)](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response) with the industry's leading loud-native application protection platform ([CNAPP](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-application-protection-platform)) for real-time cloud security with complete code to cloud to SOC context. Built on unified data, AI and automation, Cortex Cloud teams to shut down threats faster and more efficiently than ever before.

### AI and Automation

Leverage AI and automation to detect and respond to threats faster with capabilities that include:

* **Smart Groupin**g: Automatically correlate related alerts from multiple data sources, including cloud posture, application security and runtime security, into single cases
* **AI-Based Prioritization:** Intelligently prioritize security issues by risk, severity and impact, to help teams focus their efforts where it matters most.
* **Automation-First Response:** Accelerate incident containment, risk remediation and isolate threats with over 1,000 prebuilt automation playbooks.

### Unified Data and Context

Unified data connects context from code to cloud to SOC, linking active cloud runtime threats back to underlying vulnerabilities and misconfigurations in code. Teams know what they need to fix and how to remediate risks --- and are no longer held up by the need to correlate fragmented insights.

* **For [AppSec](https://www.paloaltonetworks.com/cyberpedia/appsec-application-security)**: Securely build apps and prevent issues in development --- before they become production issues that attackers can target.
* **For CloudSec**: Stop attacks in real time and improve cloud posture with guided remediation to resolve multiple risks with a single action.
* **For SecOps**: Significantly reduce the mean time to respond (MTTR) and contain threats as well as understand how cloud and application context impact their work.

Have you seen the next version of Prisma^®^ Cloud? Come experience Cortex Cloud. [Schedule a demo](https://www.paloaltonetworks.com/cortex/cloud/demo) today.

*** ** * ** ***

## Related Blogs

### [CDR](https://www.paloaltonetworks.com/blog/cloud-security/category/cdr/?ts=markdown), [Cloud Detection and Response](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-detection-and-response/?ts=markdown), [Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)

[#### Lessons Ted Lasso Can Teach You About CDR](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/lessons-ted-lasso-can-teach-you-about-cdr/)

### [AppSec](https://www.paloaltonetworks.com/blog/cloud-security/category/appsec/?ts=markdown), [Cloud Detection and Response](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-detection-and-response/?ts=markdown), [Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Supply Chain Security](https://www.paloaltonetworks.com/blog/cloud-security/category/supply-chain-security/?ts=markdown)

[#### Shai-Hulud 2.0: How Cortex Helps Protect Against the Resurgent npm Worm](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/shai-hulud-2-0-npm-worm-detection-blocking/)

### [Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Cloud Workload Protection](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection/?ts=markdown), [CWPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cwpp/?ts=markdown)

[#### Agentless Vs. Agent-Based Scanning in Kubernetes: A Deep Dive](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/agentless-vs-agent-based-scanning-in-kubernetes-a-deep-dive/)

### [Cloud Detection and Response](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-detection-and-response/?ts=markdown), [Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Cloud Workload Protection](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown)

[#### Taking Cloud Security from Visibility to Prevention with eBPF](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/ebpf-cloud-security-real-time-protection/)

### [Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)

[#### Cloud Workload Protection, Now Operating at Full Context](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/beyond-cloud-workload-protection-cwp/)

### [Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)

[#### Is 'Peace-Time' Security Any Match for the Modern Threat Landscape?](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/real-time-cloud-security-threat-prevention/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language