1. Overview

Runtime defense is the set of features that provide predictive protection for containers and threat based active protection for running containers, hosts and serverless functions.

Predictive protection includes capabilities like determining when a container runs a process not included in the origin image or creates an unexpected network socket.

Threat based protection includes capabilities like detecting when malware is added to a workload or when a workload connects to a botnet.