# ARMO **Source:** https://geo.sig.ai/brands/armo **Vertical:** Cybersecurity **Subcategory:** Cloud Security **Tier:** 2 **Website:** armosec.io **Last Updated:** 2026-04-22 ## Summary ARMO raised $34.5M ($30M Series A); creator of Kubescape, a CNCF open-source project; eBPF-based cloud-native runtime detection for Kubernetes workloads; Israeli startup. ## Company Overview ARMO is a cloud-native security company and the creator of Kubescape, one of the most widely adopted open-source Kubernetes security tools and an official CNCF (Cloud Native Computing Foundation) project. ARMO's commercial platform extends Kubescape into a comprehensive cloud application detection and response (CADR) solution, using eBPF technology to provide kernel-level visibility into container workloads without significant performance overhead. Founded in Israel and backed by $34.5 million in funding including a $30 million Series A, ARMO's platform combines posture management (CSPM), workload protection (CWPP), and runtime behavioral detection in a unified console. The platform's eBPF-based sensor monitors application behavior, network connections, and system calls to build an Application Profile DNA — a behavioral baseline that enables detection of anomalous activity, malware, and lateral movement with extremely low false positive rates. ARMO achieves this with just 1–2.5% CPU overhead, significantly lower than competing agent-based solutions. ARMO addresses the challenge enterprises face when securing Kubernetes and containerized workloads: traditional security tools were not built for ephemeral, dynamic cloud-native environments where containers start and stop in seconds. By combining open-source credibility through Kubescape with a commercial enterprise platform, ARMO has built a strong developer community and technical reputation in the cloud security market. ## Frequently Asked Questions ### What does ARMO do? ARMO builds cloud-native security software for Kubernetes and containerized workloads. Its platform combines posture management, runtime workload protection, and behavioral detection using eBPF technology to secure cloud-native applications without significant performance overhead. ### What is Kubescape? Kubescape is an open-source Kubernetes security tool created by ARMO and now an official CNCF project. It provides risk assessment, configuration scanning, and compliance checking for Kubernetes clusters, and is one of the most widely used Kubernetes security tools in the DevSecOps community. ### What is eBPF and why does ARMO use it? eBPF (extended Berkeley Packet Filter) is a Linux kernel technology that allows programs to run safely in the kernel without modifying kernel code. ARMO uses eBPF for its runtime sensor because it provides deep visibility into system calls, network activity, and process behavior with 1–2.5% CPU overhead — far less than traditional agent approaches. ### What is CADR? CADR (Cloud Application Detection and Response) is the security category ARMO operates in, combining real-time runtime threat detection with response capabilities across cloud workloads. It correlates signals across containers, Kubernetes clusters, and cloud infrastructure to show complete attack chains. ### How much has ARMO raised? ARMO has raised $34.5 million in total funding, including a $30 million Series A in April 2022, with investors including Hyperwise Ventures, Peled Ventures, Pitango Venture Capital, Tiger Global Management, and ICON. ### What is Application Profile DNA? Application Profile DNA is ARMO's behavioral baseline technology — a fingerprint of normal application behavior built from eBPF-captured data about system calls, network connections, and process activity. Deviations from this profile trigger alerts for potential malware or lateral movement. ### Who are ARMO's target customers? ARMO targets security and DevSecOps teams at companies running Kubernetes in production, particularly those in regulated industries needing runtime security and compliance. The open-source Kubescape project provides a strong top-of-funnel for developer-led adoption into enterprise deals. ### How does ARMO compare to other cloud security vendors? While many CNAPP vendors offer Kubernetes scanning, ARMO differentiates through its eBPF-native runtime detection, extremely low performance overhead, and the Kubescape open-source community. This gives ARMO technical credibility with platform engineers and a developer-first go-to-market motion. --- *Data from geo.sig.ai Brand Intelligence Database. Updated 2026-04-22.*