ARMO Survey Reveals Cloud Runtime Security Paradox: More Tools Lead to Worse Security Outcomes

The survey finds that security teams receive an average of 4,080 alerts per month from multiple cloud security tools, leading to major inefficiencies and serious delays that result in a weakening of overall cloud runtime security 

TEL AVIV, Israel, June 4, 2025 /PRNewswire/ -- ARMO, the leading Cloud Runtime Security company and the creator of Kubescape, today announced the results of its inaugural 'The State of Cloud Runtime Security' survey. The survey uncovers critical challenges enterprises face in managing cloud security effectively. 

The responses of over 300 SecOps stakeholders and cybersecurity leaders reveal that security teams face significant challenges due to an overwhelming volume of alerts, which results in a very low signal-to-noise ratio. In fact, the survey found that security teams must sift through roughly 7,000 alerts to find a single active threat. This is exacerbated by excessive tool sprawl which actively damages key performance indicators like mean time to detection (MTTD) and response (MTTR) by forcing security teams to manually piece together complete attack narratives across disconnected systems. This results in dangerous blind spots, inefficiencies and delays in identifying and responding to real threats.

"Over the past few years we've seen rapid growth in the adoption of cloud runtime security tools to detect and prevent active cloud attacks and yet, there's a staggering disparity between alerts and actual security incidents," said Shauli Rozen, CEO and Cofounder at ARMO. "Without the critical context about asset sensitivity and exploitability needed to make sense of what is happening at runtime, as well as friction between SOC and Cloud Security, teams experience major delays in incident detection and response that negatively impacts performance metrics." 

Key survey findings:

• 89% of respondents report that their current processes fail to detect active threats
• 46% of respondents grapple with alert fatigue
• 45% report consistent false positives
• Organizations receive an average of 4,080 monthly alerts about potential cloud-based incidents, yet experience only 7 true security events per year
• 63% of organizations deploy more than five cloud runtime security tools
• Only 13% of organizations successfully correlate alerts between tools
• It takes an average of 7.7 days, up to 30 days, to correlate alerts across tools and organizational silos
• 92% of respondents believe that unified cloud runtime security solutions would enhance incident response efficiency and contextualize alerts to further improve response times 

"The survey results underscore a consensus among cybersecurity professionals on the value of adopting cloud-native security models and purpose-built tools designed for cloud environments to create a more cohesive security operation that meets the demands of today's cloud-native environments," said Ben Hirschberg, CTO and Cofounder at ARMO. "As organizations adapt to address the unique challenges of cloud-native security, focusing on enhanced visibility and automated threat detection and response is essential for strengthening their overall security posture."

The survey also reveals a counterintuitive organizational challenge: dedicated cloud security teams often impede rather than improve security response. A striking 38% of SecOps professionals identify the Cloud Security team as their most difficult collaboration partner during incidents, followed by the Platform team (31%). This finding suggests that while establishing separate cloud security teams (a practice adopted by 63% of companies) may have been a reasonable approach when cloud technology was emerging, it now creates problematic silos as cloud has become mainstream. These artificial boundaries fragment visibility, complicate communication, and increase MTTD and MTTR. 

The full 'The State of Cloud Runtime Security' survey report can be found here.

About ARMO

ARMO is a Cloud Runtime Security company providing the first open source driven, runtime-powered, Behavioral Cloud Application Detection and Response Platform.

ARMO is the only solution that continuously minimizes the cloud attack surface based on runtime insights, while actively detecting and automatically responding to cyberattacks as they happen. It provides a fully explainable and traceable runtime security story spanning the entire cloud security stack, without flooding teams with alerts.

ARMO's open source project, Kubescape, is the fastest growing CNCF open source cloud  security solution used by over 25K companies and deployed in over 100K high scale cloud environments worldwide.

Media Contact:
Rachel Glaser
White City PR for ARMO
rachel@whitecitypr.com

View original content:https://www.prnewswire.com/news-releases/armo-survey-reveals-cloud-runtime-security-paradox-more-tools-lead-to-worse-security-outcomes-302472938.html

SOURCE ARMO