Why real-time visibility is key to runtime security [Q&A]
Cloud threats are evolving faster than most security teams can respond, and traditional security tools are struggling to keep pace. According to IBM’s 2024 Cost of a Data Breach Report it now takes an average of 258 days to detect and contain a breach -- giving attackers more than enough time to access sensitive data and move laterally through cloud infrastructure undetected.
We spoke to CEO of Upwind, Amiram Schacha, to learn why organizations need real-time visibility and protection at the runtime layer -- where threats actually occur -- in order to close this growing security gap.
BN: What exactly is runtime cloud security, and how does it differ from traditional perimeter or pre-deployment security approaches?
AS: For a long time, security was about building strong walls. Firewalls, endpoint protection, and intrusion detection systems kept attackers out. Then came shift-left security, which helped teams catch vulnerabilities earlier in development. These approaches worked well in the past, but today’s cloud environments don't follow the same rules. Workloads are constantly spinning up and down, moving between environments, and connecting to third-party services. That means relying solely on static scans or pre-deployment testing just doesn't cut it anymore.
Runtime security gives teams the ability to detect and respond to threats as they’re happening. It provides real-time visibility into what’s going on in production, helping security teams spot suspicious activity and stop attacks before they can do serious damage. Unlike perimeter security, which only tries to block bad actors from entering, runtime security allows teams to actively monitor and respond to evolving threats in real time.
BN: How does runtime context change the way security teams detect, prioritize, and respond to threats in real time?
Security teams today are often overwhelmed by massive lists of vulnerabilities without a clear way to determine which ones actually matter. Without context, prioritizing threats becomes guesswork.
Runtime security changes this by showing which vulnerabilities are actively being exploited, which exposed assets are under attack, and whether sensitive data is at risk. Instead of reacting to theoretical risks, teams can focus on real threats that require immediate attention.
This level of clarity makes detection and response times faster. It also eliminates the disconnect between security and DevOps teams by creating a shared understanding of what truly matters. Instead of debating priorities, teams can align around real-time data and address the most critical risks first.
BN: Can you give us an example of how companies have reduced detection and response times using runtime security?
AS: The RealReal, a luxury consignment marketplace with over 34 million members, is a great example of how runtime security transforms security operations. Like most ecommerce providers, it manages vast amounts of sensitive customer data, making it a prime target for attackers. Before using runtime security, the security team struggled with long lists of vulnerabilities that lacked prioritization. The DevOps team spent too much time manually sorting through issues, often fixing non-critical problems while real risks remained unaddressed.
After implementing Upwind’s runtime security, The RealReal gained real-time visibility into active threats, enabling its teams to focus on the most critical risks and improve collaboration. Upwind automated much of the process, significantly reducing the time spent on manual tasks.
With its easy implementation, even a junior DevOps engineer was able to get Upwind up and running in half a day, replacing more expensive and cumbersome tools. This shift not only improved the company’s security posture by preventing breaches but also saved costs and increased operational efficiency. By leveraging Upwind’s real-time threat detection, The RealReal was able to better protect sensitive customer data, maintain trust, and support business growth in an increasingly competitive retail market.
BN: Why are so many data breaches still going undetected for months and what’s missing from most cloud security strategies?
AS: Many cloud security strategies are based on outdated models that don't take into account the speed and complexity of modern cloud environments. Traditional tools tend to capture snapshots of risk at a single moment in time, but attackers don’t wait for scheduled checks to strike.
Once a workload is deployed, configurations can drift, new vulnerabilities can emerge, and external dependencies can introduce new risks. If teams aren’t continuously monitoring live environments, they are left with blind spots that attackers can exploit.
That’s why many breaches go undetected for months. Security teams are often forced to rely on assumptions rather than real-time data. Without runtime visibility, they can’t see what’s actually happening in their cloud environments. Continuous monitoring and real-time response capabilities are key to closing this gap and ensuring threats are detected and dealt with before they escalate.
BN: What does a truly proactive cloud security strategy look like in 2025 and how should organizations be thinking differently?
AS: A proactive security strategy in 2025 is no longer just about preventing attacks before they happen. It is about building resilience, having continuous visibility into live environments, and being able to detect and mitigate threats in real time.
Organizations need to shift away from static security approaches and move toward continuous monitoring and automated response. Instead of asking if a vulnerability could be exploited, they need to ask if it is actively being exploited right now.
The companies that will succeed in the coming years will be those that treat security as a continuous process rather than a one-time checkpoint. Cloud environments are evolving too quickly for outdated approaches. Security must evolve just as fast to keep up.
Image credit: alphaspirit/depositphotos.com