Runtime encompasses the behavior of containers after their parent pods have been created in Kubernetes. Runtime security analysis is concerned with finding the indicators of compromise in this behavior.

A Kubernetes focused runtime security strategy should be a combination of what to look for and in what context; who to notify and how that information should be used; and how to identify root cause and use that information to build better policy for defense.