Preemptive and Proactive: An enhanced CNAPP available with Exposure Command

Earlier this year, we made a significant announcement: Rapid7 partnered with ARMO to add AI-powered cloud application detection and response (CADR) – or cloud runtime security – to our cloud security portfolio. At the time, I published a blog highlighting this two-part approach for modern cloud security that combines preemptive exposure management (understanding the threats that could exist) with proactive runtime security (detecting the threats that are happening). Today, we are thrilled to announce that this vision is fully realized and integrated with Rapid7 Exposure Command . For our customers, this milestone represents our ability to deliver on the promise of a complete Cloud-Native Application Protection Platform (CNAPP) that helps security teams preemptively identify and proactively thwart attacks. Exploring the possibilities of this unified CNAPP At Rapid7, we believe that a CNAPP is unified if it operates from a single, objective source of truth. By integrating cloud runtime security directly into Exposure Command, we are seamlessly merging the preemptive (posture, configurations, identities, and vulnerabilities) with the proactive (runtime behavior and active threats). The table below summarizes this enhancement: ⠀ Today’s Rapid7 Cloud Security solution What cloud runtime adds Primary Focus Prevention, risk reduction, and preemptive response Real-time exposure detection and proactive response Core Question "What is vulnerable and could be attacked?" "Is an attacker exploiting our environment now?" Lifecycle Stage Pre-deployment, continuous scanning, or periodic intervals Continuous monitoring of live (in-production) workloads What It Finds Misconfigurations, exposed secrets, software CVEs, missing patches Active exploits, lateral movement, unauthorized process execution, SQL injection ⠀ The true power of this unified architecture is best understood through the lens of a security practitioner’s daily battle against cloud threats. The previous blog post discussed this in theory; let’s use this blog to talk about the reality. The baseline Exposure Command continuously scans and assesses your cloud posture to identify whether a container exposure exists in a production cluster. Traditional scanners would stop here, leaving you to prioritize this vulnerability against others. In Exposure Command, this detection is not just part of a static score, but instead it is part of an attack path. Our preemptive security platform tells you, for instance, whether this specific container has internet access and an over-privileged IAM role, making it highly reachable and exploitable. This means that you are not just looking at a CVE; you are looking at the potential blueprint behind a major breach. The proactive validation This is where cloud runtime security turns theory into reality. Instead of treating the vulnerability as just a potential risk, the platform utilizes eBPF sensors to provide continuous, direct kernel-level observability and application